Incident response, Vulnerability management

Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk – ESW #254

This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!

Full episode and show notes

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. TRENDS: The ‘art’ of VC startup valuations is a forgery – TechCrunch - https://techcrunch.com/2021/12/10/the-art-of-vc-startup-valuations-is-a-forgery/
  2. 2. FUNDING: Noname Security achieves unicorn status, one year after exiting stealth, with $135 million Series C
  3. 3. FUNDING: Ermetic raises $70M for ‘identity-first’ cloud security
  4. 4. FUNDING: Dazz, from ex-Microsoft team, gets $60M to automate cloud security - $50m Series A + $10m Seed. Sounds like a CSPM play, and who can blame them with all the money getting raised there? Founding team includes former general manager of Microsoft's cloud business and a few other ex-Microsoft folks with backgrounds in IoT security (Armis and Claroty). Founding crew looks to be mostly Israeli and funding comes from Insight Partners, Greylock Partners, Index Ventures, and Cyberstarts.
  5. 5. SPIN-OUT: LogMeIn spins LastPass out as an independent company once more - https://blog.lastpass.com/2021/12/lastpass-investing-even-more-in-your-password-security-in-2022/
  6. 6. VULNS: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
  7. 7. POST-MORTEM: Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region
  8. 8. REPORTS: Cisco Secure Outcomes Study Report 2021 - Part 2 of an excellent series funded by Cisco and put together by the excellent Cyentia Labs. It studies security outcomes - I highly recommend reading both!
  9. 9. TRENDS: Report: 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees
  10. 10. STANDARDS: SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach - Even NIST is ready to admit the security team can't do all the lifting.
  11. 11. REGULATIONS: Democrats accuse GOP of scuttling incident reporting in massive defense bill - https://therecord.media/democrats-accused-gop-of-scuttling-incident-reporting-in-massive-defense-bill/
  12. 12. REGULATIONS: Senate approves cyber-loaded defense bill loaded - https://therecord.media/senate-approves-cyber-loaded-defense-bill-loaded/
  13. 13. SQUIRREL: What’s the jankiest piece of tech you’ve seen a company depend on? - Brandon Rohrer asks on Twitter: War stories please. What’s the jankiest piece of tech you’ve seen a company depend on?
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad