This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
"The acquisition will build on OneTrust’s longstanding investments in creating the technology fabric of trust within an organization, bringing together privacy, security, data governance, ethics and compliance, GRC, third-party risk, and ESG into a single operational workflow."
I think when a vendor can mention MITRE ATT&CK in a press release, they are excited, but are we? "The new features draw on this collective global security ‘brain’ but provide security professionals with visualizations relevant to their specific organization so they can quickly determine the relevance or danger of a particular threat actor or incident to them. This insight is further enhanced by Digital Shadows own analysis of threat actors and updates within the same library. Combined, it means Digital Shadows customers gain actionable remediation advice against specific threat actors before they may pose a risk."
Interesting play: "Integrating your Kubernetes environment with InsightVM can be accomplished by pulling the Rapid7 Kubernetes Monitor from DockerHub, deploy this to each cluster, and performing a few configuration steps. Once configured, data will appear in the Container Security section of InsightVM."
"ThreatQuotient gives SOC analysts, incident responders and threat analysts unmatched flexibility, visibility and control over their company’s alerts and unique threats that they can’t get from other security operations solutions." - Sounds like they are way more than just threat intel...
"Easier integration with third-party platforms: Version 7.7’s Alarm REST API provides a simpler integration with third-party ticketing systems, SOAR platforms, and other LogRhythm partner solutions...Seamless log configuration in the cloud: Cloud-to-cloud collection enables LogRhythm Cloud users to configure log sources regardless of origin through a Graphical User Interface (GUI)...Built-in support for more popular cloud-based services: LogRhythm has added new out-of-the-box Beats to help analysts onboard many popular cloud-based services, including Okta and Carbon Black Cloud, which further help customers secure the identities and endpoints within their environments. "
"By supporting all databases regardless of where they are hosted, including database as a service (DBaaS), infrastructure as a service (IaaS) and multi and hybrid cloud environments, Imperva enables companies to maintain their security posture while rapidly embracing the cloud. The platform natively integrates with any database on Amazon Web Services, Google Cloud, Microsoft Azure, MongoDB Atlas and Snowflake, as well as many others."
"The new Kaspersky Managed Detection and Response (MDR) service ensures continuous machine learning-driven 24/7 protection while saving IT security teams’ resources for threat analysis, investigation and response. Thanks to two product tiers, Kaspersky MDR is now available not only for large enterprises, but for medium-sized businesses with different levels of IT security maturity and needs. "
Looks like they've added some features: "The multi-layered engines combine advanced prevention-oriented cyber warfare approaches, such as deterrence-based & active deception, active camouflage, browser isolation, virtual patching, vaccination and other anti-evasion capabilities."
"SecurityWeek has identified more than 30 cybersecurity unicorns, with 13 of them announced in the past four months alone. The 13 companies to achieve billion-dollar valuation since December 2020 are Aqua, Axonius, BigID, Coalition, Feedzai, Forter, ID.me, Lacework, Orca, OwnBackup, Socure, Venafi and Wiz."
"Hey @Ubiquiti, why are you pushing ads on the management interface for hardware I bought outright?" <-- Ubiquiti starts pushing ads in their console just after trying to downplay a breach! Customers are not best pleased.
"Honestly, a lot of free software is free as in *piano.* It's right there. Nobody is stopping you. You could totally spend hours of painstaking labor getting it carried up your front steps or built from a clusterfuck of diffs and patches or whatever. Everyone knows you won't." <-- this is the metaphor I've been needing for years for describing why FOSS isn't a panacea and is often more expensive than using commercial products.
Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code...
Information Security is often seen as a cost center and drain on the revenue of a company. It may be seen as necessary to protect the company, but the value is not always understood by leadership and peers to the CISO. Taken from personal experience, in this talk, we will explore some suggestions on how CISOs can bring and show value to their compa...
In the leadership and communications section, Is Your Board Prepared for New Cybersecurity Regulations?, 32% of cybersecurity leaders considering quitting their jobs, 40 Jargon Words to Eliminate from Your Workplace Today, and more!