Cybersecurity Unicorns, LogRhythm Version 7.7, Rapid7 Kubernetes Beta, & Cisco SASE – ESW #223

"Dark web monitoring and mitigation capabilities are front of mind for modern organizations and the market is growing rapidly."

"The acquisition will build on OneTrust’s longstanding investments in creating the technology fabric of trust within an organization, bringing together privacy, security, data governance, ethics and compliance, GRC, third-party risk, and ESG into a single operational workflow."

I think when a vendor can mention MITRE ATT&CK in a press release, they are excited, but are we? "The new features draw on this collective global security ‘brain’ but provide security professionals with visualizations relevant to their specific organization so they can quickly determine the relevance or danger of a particular threat actor or incident to them. This insight is further enhanced by Digital Shadows own analysis of threat actors and updates within the same library. Combined, it means Digital Shadows customers gain actionable remediation advice against specific threat actors before they may pose a risk."

Interesting play: "Integrating your Kubernetes environment with InsightVM can be accomplished by pulling the Rapid7 Kubernetes Monitor from DockerHub, deploy this to each cluster, and performing a few configuration steps. Once configured, data will appear in the Container Security section of InsightVM."

"ThreatQuotient gives SOC analysts, incident responders and threat analysts unmatched flexibility, visibility and control over their company’s alerts and unique threats that they can’t get from other security operations solutions." - Sounds like they are way more than just threat intel...

"Easier integration with third-party platforms: Version 7.7’s Alarm REST API provides a simpler integration with third-party ticketing systems, SOAR platforms, and other LogRhythm partner solutions...Seamless log configuration in the cloud: Cloud-to-cloud collection enables LogRhythm Cloud users to configure log sources regardless of origin through a Graphical User Interface (GUI)...Built-in support for more popular cloud-based services: LogRhythm has added new out-of-the-box Beats to help analysts onboard many popular cloud-based services, including Okta and Carbon Black Cloud, which further help customers secure the identities and endpoints within their environments. "

"By supporting all databases regardless of where they are hosted, including database as a service (DBaaS), infrastructure as a service (IaaS) and multi and hybrid cloud environments, Imperva enables companies to maintain their security posture while rapidly embracing the cloud. The platform natively integrates with any database on Amazon Web Services, Google Cloud, Microsoft Azure, MongoDB Atlas and Snowflake, as well as many others."

"The new Kaspersky Managed Detection and Response (MDR) service ensures continuous machine learning-driven 24/7 protection while saving IT security teams’ resources for threat analysis, investigation and response. Thanks to two product tiers, Kaspersky MDR is now available not only for large enterprises, but for medium-sized businesses with different levels of IT security maturity and needs. "

Looks like they've added some features: "The multi-layered engines combine advanced prevention-oriented cyber warfare approaches, such as deterrence-based & active deception, active camouflage, browser isolation, virtual patching, vaccination and other anti-evasion capabilities."

"SecurityWeek has identified more than 30 cybersecurity unicorns, with 13 of them announced in the past four months alone. The 13 companies to achieve billion-dollar valuation since December 2020 are Aqua, Axonius, BigID, Coalition, Feedzai, Forter, ID.me, Lacework, Orca, OwnBackup, Socure, Venafi and Wiz."

"Remote browser isolation (RBI), Data loss prevention (DLP), Cloud malware prevention" - Not sure how it all fits together, but interesting that Umbrella has all of these features now.

"Hey @Ubiquiti, why are you pushing ads on the management interface for hardware I bought outright?" <-- Ubiquiti starts pushing ads in their console just after trying to downplay a breach! Customers are not best pleased.

We've seen a lot of passwordless moves in recent months, but Duo has the momentum and gravity to REALLY move the needle here.

"Honestly, a lot of free software is free as in *piano.* It's right there. Nobody is stopping you. You could totally spend hours of painstaking labor getting it carried up your front steps or built from a clusterfuck of diffs and patches or whatever. Everyone knows you won't." <-- this is the metaphor I've been needing for years for describing why FOSS isn't a panacea and is often more expensive than using commercial products.

Jason Chan and a lot of other security leaders are fed up with what they see as increasingly obnoxious attempts to slip a sales meeting onto their calendars.

Signal beta tests cryptocurrency-enabled payments and many Signal fans are not happy about this new direction for the messaging app.

With all the AI/ML in enterprise security products, I felt like a company that tells you whether your ML is working or broken was both interesting and relevant.