Cloud security, Email security, Vulnerability management

McAfee MVISION XDR, Microsoft Acquires Activision Blizzard, & Tom Brady NFTs – ESW #257

In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • We had an absolute blast putting together this year's SW Unlocked virtual event! All presentations are now available on-demand for your viewing pleasure. Please visit https://securityweekly.com/unlocked to register and watch now!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: Remote work and cloud adoption lands 1Password with $620M Series C, now valued at $6.8B – TechCrunch - This is a MASSIVE series C with a valuation to match. It makes me wonder what Dominik Reichl, the author of KeePass, might think about it. As both a B2C as well as B2B company, it seems more justified than some of the B2C-only unicorns we've seen. They intend to do some more acquisitions with this money. Any guesses? Do they get into Zero Trust? Deeper into MFA? API Security?
  2. 2. FUNDING: Devo Announces $250 Million Funding Round Led by TCV – Devo.com
  3. 3. FUNDING: Germany’s SoSafe raises $73M Series B led by Highland to address human error in cyber – TechCrunch
  4. 4. FUNDING: Banyan Security Raises $30M in Growth Financing to Support Increased Demand for Innovative Zero Trust Network Access Platform - https://www.banyansecurity.io/news/banyan-security-raises-30m-in-growth-financing-to-support-increased-demand-for-innovative-zero-trust-network-access-platform/
  5. 5. FUNDING: Continuous verification company Verica raises $12M to make systems more resilient - https://venturebeat.com/2022/01/18/continuous-verification-company-verica-raises-12m-to-make-systems-more-resilient/
  6. 6. FUNDING: Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response – Permiso Security - I spy with my analyst eye... our very own Tyler Shields participating in this funding round! Sounds like anomaly detection for authorization-related events?
  7. 7. FUNDING: Tromzo Raises $3.1M From Innovation Endeavors and Over 25 Leading CISOs to Eliminate the Friction Between Developers and Security Teams - https://www.globenewswire.com/news-release/2021/10/21/2318623/0/en/Tromzo-Raises-3-1M-From-Innovation-Endeavors-and-Over-25-Leading-CISOs-to-Eliminate-the-Friction-Between-Developers-and-Security-Teams.html
  8. 8. ACQUISITION: Netrix Acquires BTB Security, a Provider of Cybersecurity and Digital Forensics Solutions – Netrix LLC
  9. 9. SPINOUT: Symphony Technology Group Announces the Launch of Extended Detection and Response Provider, Trellix - In what sounds like the first of many spinouts, the first child of the McAfee FireEye union has surfaced! Trellix appears to be centered around the McAfee MVISION XDR product. It's an interesting approach. Instead of simply smashing together the products and services of McAfee and FireEye under new branding, it looks like the most successful products will each spin out as separate subsidiaries under STG for now. SASE will be the next product to spin out as a separate company, comprised of McAfee's Enterprise Secure Service Edge offering, which includes CASB, SWG, and ZTNA functionality.
  10. 10. WHATEVER, MONEY ISN’T REAL ANYWAY: Microsoft will buy Activision Blizzard, a bet on the next generation of the internet. - Obviously not security-related, but a market event too huge to not talk about. This is especially true when you consider Microsoft as one of the biggest cybersecurity companies and acquirers. The numbers seem insane until you start to dig into some context, like: - MSFT's $2T+ market cap - MSFT is already a leader in gaming - Scandal discount? - 18% YoY growth - 7.5x ($9.053B revenue in 2021) - Still, this accounts for only 5% of the entire gaming industry - CoD alone makes $5M a DAY. That's over $1.8B annually.
  11. 11. SUPPLY CHAIN: The customer has nuclear weapons. They do not do “bounty” - This Bugzilla thread is a stark reminder that: a) OSS projects still use Bugzilla (whaaaat) b) Fortran is still alive and well c) open source is thankless, fragile, underfunded, and not free as in 'beer', but free as in 'piano'
  12. 12. LEARNING: 10 real-world stories of how we’ve compromised CI/CD pipelines - In an editorial I published on scmagazine.com at the end of 2021, I urged defenders in 2022 to focus on three things: 1. Sharing data on how breaches occur 2. Studying that data 3. Using these scenarios as training exercises NCC has always been generous, sharing their tools and knowledge, and this is no exception. Incident responders, AppSec folks, and detection engineers should all take some time to read over these detailed accounts of how consultants were able to compromise CI/CD pipelines.
  13. 13. TRENDS: Forecasting in-the-wild 0days: 2022 - Ryan McGeehan uses the power of math and the data of Google's Project Zero to determine the number of 0day exploits we'll see in the wild in 2022. The answer is more than 28, but less than 75. Anything over 25 was almost unheard of until last year when we saw 57. You shouldn't worry about the number though. Best to focus on fundamentals and practice, practice, practice! Most breaches happen because processes fail.
  14. 14. VULNS: 2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud – Orca Security
  15. 15. REPORT: Wearing Many Hats: The Rise of the Professional Security Hacker - This paper tracks the history of the hacker. Though I haven't read all of it, I doubt there will be too many revelations for those of us that have at least one shelf in our homes dedicated to books on hacking and its history. Still, it seems like a great primer for anyone jumping into the industry that wants the Cliff Notes on the hacker industry and culture.
  16. 16. LEGAL: Former Uber CSO Faces New Charge for Alleged Breach Cover-Up - Joe Sullivan is facing Theranos-level charges here, which seem a bit extreme. Perhaps the government wants to set a precedence in this case, to ensure bug bounty platforms don't become the new ransomware payment gateways. I doubt this will have a chilling effect on CISOs being willing to take on the role, but I have noticed that it quickly became commonplace for CISOs to have their own independent insurance for situations where they could be personally liable for work-related actions.
  17. 17. SQUIRREL: kube-chaos
  18. 18. SQUIRREL: Tom Brady’s buzzy celebrity NFT startup Autograph banks $170M from Silicon Valley’s top crypto investors – TechCrunch
  19. 19. SQUIRREL: Tom Brady Ruby Signed Immortal Statue
  20. 20. SQUIRREL: Former SpaceX engineer says his pizza-making robot, located across the road from Elon Musk’s HQ, sprayed cheese everywhere during testing - https://news.yahoo.com/former-spacex-engineer-says-pizza-100000687.html
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad