Careers, Cloud security, Leadership

CrowdStrike Falcon, Gigamon Hawk, Awake’s NDR, & Acquisitions – ESW #219

This Week, In the Enterprise Security News:

Okta acquires Auth0, KnowBe4 Acquires MediaPRO, PayPal to acquire Curv, and Dropbox to acquire DocSend

Aqua Security raises $135M, Privacera Secures a Series B, YL Ventures sells its stake in Axonius, Snyk Secures a Series E, and McAfee sells its Enterprise business

AWS Announces New Lower Cost Storage, Radware's New Integrated Application Delivery & Protection, Bitdefender launches new Cloud-based EDR Solution, Awake's NDR platform, CrowdStrike Falcon enhancements improve SOC efficiency, Tufin releases Vulnerability-Based Change Automation App, Gigamon launches Hawk, Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains, & more!

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. AWS Announces New Lower Cost Storage Classes for Amazon Elastic File System - "One Zone storage classes provide single Availability Zone (AZ) storage at a 47% lower cost than existing multi-AZ storage classes"
  2. 2. Radware’s New Integrated Application Delivery & Protection - "Alteon’s new Integrated Application Protection includes a Web Application Firewall (WAF) to protect from web-based attacks, Bot Manager to block malicious automated threats, and Application Programming Interface (API) protection to secure APIs and provide full visibility on API targeted threats."
  3. 3. Bitdefender launches new Cloud-based EDR Solution - "The new EDR package is resource-light and fully cloud-delivered for easy deployment and management and runs alongside third-party prevention technologies. Unique in the EDR space, it combines endpoint telemetry and human risk analytics with advanced threat detection capabilities. "
  4. 4. Control web applications with two-clicks in Cloudflare Gateway - "We built Gateway to help customers replace the pain of backhauling user traffic through centralized firewalls. With Gateway, users instead connect to one of Cloudflare's data centers in 200 cities around the world where our network can apply consistent security policies for all of their Internet traffic."
  5. 5. Blumira and Cerium Networks simplify threat detection and response - "Blumira’s modern, cloud-based SIEM (security information and event management) platform enables businesses, often with limited security resources or expertise, to seamlessly detect, investigate and respond to ransomware, misconfigurations and unknown security threats faster and earlier."
  6. 6. Unbound Security CORE enables enterprises to reimagine cryptographic infrastructure security - "Unbound Security unveiled Unbound Security CORE (Cryptographic Orchestration Reimagined for Enterprise), a new all-encompassing platform that enables businesses to manage all cryptographic keys from multiple environments in one single place."
  7. 7. Attivo offers solution for preventing the misuse of Active Directory - We covered this last week, it's still getting some attention...
  8. 8. Awake’s NDR platform strengthens cybersecurity across cloud, hybrid and IoT environments - Lots of words, still I can't seem to understand the announcement or the value: "Awake’s NDR platform is a key pillar of Arista’s vision for zero trust security. With a new network-based multi-domain macro-segmentation service, situational awareness for all network resources and Awake’s NDR, Arista is transforming network security from an afterthought to networks that are inherently secure."
  9. 9. CrowdStrike Falcon platform enhancements improve SOC efficiency - Workflow stuff: "Customers can streamline their SOC operations with the new CrowdStrike Falcon notification workflows that provide automated real-time notifications tailored to specific types of events, conditions and cloud security posture findings and then be seamlessly delivered via email, generic webhooks or through Slack and PagerDuty integrations."
  10. 10. Strata Maverics Identity Orchestrator extends Azure AD control to on-premise applications - "Strata announced at Microsoft Ignite that its Maverics Identity Orchestrator platform for Microsoft Azure Active Directory (Azure AD) enables organizations to migrate applications to the Cloud without rewriting them so identity can be centrally managed by Azure AD."
  11. 11. Tufin releases Vulnerability-Based Change Automation App - This sounds cool though: "The VCA addresses this problem by automatically retrieving data from an organization’s vulnerability scanner and reflecting the results in the risk assessment step of an access request workflow."
  12. 12. McAfee sells its Enterprise business for $4 billion - "McAfee announced it has entered into a definitive agreement to sell its Enterprise business to a consortium led by Symphony Technology Group (STG) in an all-cash transaction for $4.0 billion."
  13. 13. LastPass Now Offers the Flexibility to Authenticate With SMS Passcode, Voice Call or YubiKey - "For business users, SMS passcodes and voice call authentication will offer flexibility for employees who may not be able to utilize their cell phones during the day. With these authentication methods, employees can set up a landline or desk phone as their secondary authentication method to ensure secure access. In the circumstance that a mobile phone is lost, employees can set up an alternative phone to provide authentication, so they are never locked out of their account. In addition to supporting these methods for the LastPass vault, LastPass now also supports voice call, SMS passcodes and YubiKey when authenticating into single sign-on applications. "
  14. 14. Gigamon launches Hawk, partners with AWS to simplify and secure cloud adoption - "To close this critical cloud visibility gap, Gigamon is launching Hawk, the industry’s first elastic visibility and analytics fabric for all data-in-motion across any cloud network."
  15. 15. Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks - "Development pipelines confusing your own proprietary software components with public components in open source registries, having the same name but a completely different author, is extremely dangerous. Considering malicious code from counterfeit public components can be executed upon installation, it becomes clear the need to block such components as early as possible."
  16. 16. ACQUISITION – Okta acquires Auth0 for $6.5 billion
  17. 17. ACQUISITION – KnowBe4 Acquires MediaPRO, Expanding its Presence in the Security Awareness Training Market
  18. 18. FUNDING – Aqua Security protects containerized apps and infrastructure, raises $135M
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. Address cybersecurity challenges before rolling out robotic process automation – TechCrunch - RPA is a huge growing market and it has nothing to do with robotics. Imagine if Amazon's returns processes were 100% automated (they might be, I'm not sure). Now imagine someone modifies that process to give everyone double their money back. I'm not sure if that's a realistic scenario, but the prediction here is that we'll be seeing a lot of RPA-related breaches before folks get the security right.
  2. 2. ACQUISITION – Dropbox to acquire secure document sharing startup DocSend for $165M – TechCrunch - Looks like an attempt for Dropbox to compete more closely with Box? And also to maybe convince some Accellion customers to come into the 21st century?
  3. 3. Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… - Whether the SOC is evidence of product failure or a necessary investment is a favorite rant of mine. And Anton is one of my favorite people to have the debate with :)
  4. 4. FUNDING – Privacera Secures $50 Million Series B – Advances Cloud-First Data Governance and Security Across Global Organizations - "Single pane of glass for multi-cloud data security". That's a huge Series B though.
  5. 5. EXIT – YL Ventures sells its stake in cybersecurity unicorn Axonius for $270M – TechCrunch - YL has been consistently killing it. The original VC idea was to bet on at least one massive startup win for every 10-20 failures or mediocre returns. Very much a gamble. YL, a totally cybersecurity-focused, early stage VC has mastered the art of solid and steady returns for nearly every one of their investments. $270m is HUGE though, considering this is just one of their portfolio companies from their third fund, which was only a $75m fund. And there are six more portfolio companies from that fund that haven't exited yet! I could definitely see Orca, Vulcan and Hunters bringing in respectable exits as well.
  6. 6. ACQUISITION – PayPal to acquire cryptocurrency security startup Curv – TechCrunch - Curv is an interesting one. It's like a cryptocurrency wallet for organizations that manage large amounts of the stuff. They allow users to create policies around when crypto funds can be transferred, how and how much. Very niche and specific, but very much needed in a market where so much cryptocurrency has been stolen from both individuals and exchanges, it's a bit embarrassing.
  7. 7. MERGER – Okta + Auth0: Powering Identity for the Internet - $6.5bn is a lot for a company that has nearly 100% product/feature overlap. Tyler says it's not a logo buy, but I think that might be part of it. The other part, I think, is that although there's a lot of overlap, Okta is strong where Auth0 is weak and vice versa. Still seems a lot like a T-Mobile + Sprint merger to me though.
prestitial ad