Vulnerability management, Malware

Enterprise Browsers, Netskope, Ping Identity, Ghost Security, & Winamp Returns! – ESW #283

In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity

TLP 2.0, Thought Leadering, And Winamp is back!

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: BlackRock-Backed Round Values Cyber Firm Acronis at $3.5 Billion - $250M round from Blackrock that raises Acronis's valuation from $2.5B to 3.5B.
  2. 2. FUNDING: Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work - I covered the secure browser space when I was at 451. Once of the nice things about them is they were easy to try out and test, so I got to have hands-on experience with all of them: Spikes, Light Point, Ntrepid, Fireglass, Authentic8, Menlo, Invincea, Bromium, etc. They all violated an unwritten rule: don't screw up the browser experience. The browser is too important from a productivity standpoint to add friction to or risk breaking workflows. My prediction is that these browsers will also break this rule, relegating them to niche use cases, just like v1.0 of AppControl offerings and v1.0 of secure browsers. Browser use cases, especially in the enterprise tend to get very messy. With the primary use cases being "prevent the employee from doing X, Y, or Z", I think it's inevitable that it will follow the same path: 1. Let's try this out, sounds sexy 2. Employees can't get work done and are requesting exceptions to use other browsers for these 24 edge cases 3. "Maybe we could just use this for contractors" And it is relegated to niche hell. It will still exist, but will never come close to the currently promised TAM/SAM/SOM.
  3. 3. FUNDING: Cybrary Lands $25 Million in New Funding Round
  4. 4. FUNDING: RegScale Announces $20 Million Series A Funding Round
  5. 5. FUNDING: Ghost Security defends APIs and apps from attackers – TechCrunch - $15M round from DNX Ventures, 468 Capital, and Munich Re Ventures at a $50M valuation. Not a lot of details available, but it looks like this is likely a Series A. Ghost takes a "data science" approach to addressing API security. Appears to be competing with noname, Salt Security, and the other 1-2 dozen API security startups we've seen emerge over the last year or two.
  6. 6. FUNDING: Cybersecurity Protocol Naoris Raises $11.5M to Build Decentralized Proof-of-Security Consensus Mechanism
  7. 7. FUNDING: Island Adds Cisco Investments as Strategic Investor - $10M Series B2? Ba? B+? It's a Series B add-on round.
  8. 8. FUNDING: API security startup Impart Security closes seed round on $6m
  9. 9. ACQUISITIONS: Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
  10. 10. ACQUISITIONS: Thoma Bravo picks up Ping Identity for $2.8B – TechCrunch
  11. 11. REBRAND: Microsoft Intros New Attack Surface Management, Threat Intel Tools (RiskIQ, rebranded)
  12. 12. ATTACKS: 35k cases of infected code on GitHub (Tweet from Stephen Lacy) - We saw this happen on NPM a while back - instead of hacking repos, they're cloning them, adding the back door and using a typo-squatting-style strategy.
  13. 13. VULNERABILITIES: Vulns in 27 Jenkins plugins (Tweet from Catalin Cimpanu) - https://twitter.com/campuscodi/status/1554567966200434688?t=6Pwi9WjfPR0a5bOAMANycg&s=09
  14. 14. TRENDS: 1,000s of Phishing Attacks Blast Off From InterPlanetary File System - Web3 technologies continue to fail to account for abuse cases. It seems the Web3/crypto/NFT community is doomed to make all their own mistakes, rather than learn from the same ones we've made. Maybe some of these Web3-focused security startups can help?
  15. 15. NEW HIRE: Shiftleft appoints Stuart McClure as CEO – Help Net Security
  16. 16. REPORTS: RTF Report: Combating Ransomware
  17. 17. REGULATION: Cryptocurrency 2022 Legislation
  18. 18. REGULATION: Here come the Crypto Cops
  19. 19. STANDARDS: Traffic Light Protocol (TLP) 2.0 Released - Introduces TLP:AMBER+STRICT and changes TLP:WHITE to TLP:CLEAR. Much more specific about how TLP should be used by the source and recipient. Defines Community, Organization, and Clients to help explain how to TLP should be applied to recipient groups.
  20. 20. LEGAL: Uber Admits Covering Up 2016 Data Breach, Avoids Prosecution - Uber evades any punishment for the 2016 Breach, because they agreed to team up with Uncle Sam to go after former CISO Joe Sullivan. Discuss.
  21. 21. THOUGHT LEADERING: Google Cloud will never be profitable (Zack Kanter on Twitter) - Google Cloud will never be profitable. It is borderline impossible for a company whose core product is high margin to build cost discipline in a low-margin secondary product. AWS’s biggest advantage is being borne from (and run like) a low margin core business. If you run a medium margin business like a low margin business, you’ll have a culture that’s oddly frugal. If you run a medium margin business like a high margin business, you’ll have a business that loses money forever.
  22. 22. SQUIRREL: Enabling remote operations with Remote Desktop Protocol - https://3389rocks.com/
  23. 23. SQUIRREL: Winamp releases new version after four years in development - Alright, there's a lot to unpack here. Winamp has been updated to run smoothly on more modern versions of Windows, includes podcast support, and includes cloud streaming support. But that's not all! What's that you say? You wish there was some kind of Winamp-skin-related NFT art competition? You're in luck! THERE IS. https://www.winamp.com/winamp-nft-initiative/ Also, Winamp is *hiring*, if you can believe that. Seven positions are currently open, and if I went for one, it would be the Product Owner position. "Knowledge of the inner workings of the industry is a plus" "Good taste in music is optional" https://audiovalley.bamboohr.com/jobs/view.php?id=232&source=bamboohr
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad