Name: RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup – ESW #231
Uploaded: 2021-06-16T00:00:00.000-04:00
Description: RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup – ESW #231

This week, In the Enterprise News Paul and the crew talk: Zero trust networking startup Elisity raises $26M , Contrast Security Launches Contrast Scan, Vectra Launches Detect for AWS, SOAR Is an Architecture, Not a Product, & Deloitte Acquires Cloud Security Posture Management, & more!

Featured image for RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup – ESW #231 segment from PPWorks

Don't forget to check out our library of on-demand webcasts &amp; technical trainings at securityweekly.com/ondemand.

Webcasts/Trainings/OnDemand

Axonius is prepping for an IPO! NYSE or NASDAQ? What does JuniperOne think? Discuss.

IPO: Axonius Announces Addition of Jerry Raphael to its Executive Team

"Deloitte announced its acquisition of substantially all the assets of CloudQuest, Inc. (CloudQuest), a cloud security posture management (CSPM) provider based in Cupertino, Calif.  The deal will bolster Deloitte’s existing cloud cybersecurity offerings with CloudQuest’s cloud-native security capabilities to more seamlessly manage security workflows, reduce risk and improve data security."

Deloitte Acquires Cloud Security Posture Management

Interactive labs as a service for training! Also hiring assistance (practical testing).

FUNDING: Investment News: Immersive Labs raises $75m

They are taking on a lot of functionality: "1) WEB APP PROTECTION - Application and attack profiling combined with IP fingerprinting are continuously correlated to identify, track and block threat actors. 2) NATIVE API PROTECTION- API-native and has robust features to address API-centric attacks such as support for WebSockets, detection of host enumeration, and customer rules to identify expensive application calls. 3) BOT MANAGEMENT - To block or not to block. That is the question and the answer. Know when to let the good Bots in and keep the bad Bots out. 4) DDOS MITIGATION - Based on attacker profiling, detect and neutralize layer 7 attacks, OWASP Top 10, bots, DDoS, and zero-day threats with high precision"

ThreatX raises $10M to strengthen its position in the web application security market – Help Net Security

Recorded Future is now an investor! It's hoping to fund some early-stage startups focused on using AI to create valuable intelligence that RF could plug into its own platform in the future.

FUNDING: Recorded Future launches its new $20M Intelligence Fund for early-stage startups – TechCrunch

Sounds like Edgewise (who was acquired by ZScaler): "It combines the paradigm of zero trust access, meaning no user is trusted by default from inside or outside the network, and a software-defined perimeter to authorize users, devices, and apps based on policies before they can communicate with critical resources. Access is monitored by AI algorithms that track, monitor, and analyze flows and user behavior to make recommendations and discover all of an organization’s assets to build an encrypted mesh overlay between a cloud services panel and network probes."

Zero trust networking startup Elisity raises $26M

The first big news to come out of RSA since it was acquired by STG, they're spinning out some of their products & services as a rebranded subsidiary! RSA Adaptive Authentication becomes Outseer Fraud Manager, RSA Adaptive Authentication for eCommerce becomes Outseer 3-D Secure, and RSA FraudAction becomes Outseer FraudAction.

RSA Introduces Outseer, a Spinout of its Fraud & Risk Intelligence Unit, to Transform Customer Authentication and Accelerate Revenue for the Digital Economy

How is this different or better than the other SASTs on the market alread? "Contrast Security announced the release of Contrast Scan that revolutionizes static application security testing (SAST) with pipeline-native static analysis to analyze code and detect vulnerabilities early on in the software development life cycle (SDLC). The release of Contrast Scan extends the DevSecOps capabilities of the Contrast Application Security Platform to the entire SDLC, empowering security teams to run scans up to 10x faster and remediate vulnerabilities up to 45x faster while meeting compliance requirements of an organization's security policy."

Contrast Security Launches Contrast Scan

"today unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries."

Sonatype Launches Novel Deep Code Analysis Platform Designed for Developers

Curious how it does all this, through logs and events, packet monitoring, both? Clearly not via an agent: "1) Reduce risk of cloud services being exploited with agentless runtime monitoring of applications, users, roles, serverless compute, and storage that allows for rapid and scalable deployment of applications. 2) Rapidly detect threats against your systems and data on AWS using one of the first behavioral AI that detects and prioritizes threats without relying on signatures, agents, or static policy while protecting against attacks looking to exploit misconfigured services. 3) Automate response to attacks on applications running on AWS using native capabilities in AWS, or deep integrations with other security solutions allowing teams to mitigate threats without relying on agents."

Vectra Launches Detect for AWS

"But as SOAR use cases evolve to real-world situations and industry analysts adjust their definition of the market, it's becoming increasingly clear that SOAR is less of a singular platform and more of a comprehensive architecture for tying a lot of threads in the security stack together in a meaningful fashion, including threat intelligence platform (TIP) capabilities." - So SOAR is more about how you make the soup than the ingredients?

SOAR Is an Architecture, Not a Product

Buzzword winner of the week: "As the COVID-19 pandemic forced enterprises to transition to the new ‘work from anywhere’ environment, cloud became a natural progression for organizations looking to enable their remote workers quickly. As more organizations are still migrating to the cloud in parallel to undergoing the “shift-left” organizational change, security teams find themselves with multiple platforms to manage. These platforms provide neither the visibility nor the ability to protect the rapidly growing cloud workload deployments."

Check Point Software Technologies Launches Automated Unified Cloud Workload Protection

"hales today announced that its CipherTrust Manager and SafeNet Trusted Access have been integrated with Google Workspace Client-side encryption (beta coming soon), a new privacy and confidentiality offering for Google Workspace users. Providing enhanced key management capabilities and identity protection, customers can benefit from improved regulatory compliance and data ownership by allowing them to maintain ownership of keys used to encrypt Google Workspace documents."

Google taps Thales to power Google Workspace client-side encryption

"Forcepoint, a global leader in data-first cybersecurity solutions that protect critical information and networks for thousands of customers throughout the world, today announced the company has signed a definitive agreement to acquire U.K. based Deep Secure. Deep Secure’s cybersecurity products and services protect organizations from cyberattacks delivered via malware and help prevent unwanted data loss."

Forcepoint to acquire UK-based cybersecurity firm Deep Secure

"With Auth0 WebAuthn Passwordless, users can authenticate with Web Authentication-powered (WebAuthn) biometrics, the official web standard for passwordless authentication as published by W3C and used by FIDO, for first-factor authentication. This form of authentication eliminates security weaknesses based on password reuse, since passwords are not required. Additionally, Auth0 WebAuthn Passwordless is an ideal option for companies looking to build and provide an authentication experience supporting conversion and retention of users who want more choice and less friction in their login experience."

Auth0 WebAuthn Passwordless Offers New Levels of Ease and Security for Modern Authentication

Enterprise Security Weekly

If you’re looking for advice and information on enterprise security solutions, look no further than Enterprise Security Weekly! We give you an “insider” perspective into security vendors, including coverage on new product announcements, integrations, funding, M&amp;A, and more! Adrian, Tyler, Katie, and Sean have unique perspectives on the enterprise security landscape. All four hosts are former analysts. Adrian has been a consultant, practitioner, founder, and runs Security Weekly Labs. Tyler has spent many years as a marketing executive for security vendors. Katie has also recently moved to a vendor marketing role. Sean is founder and CTO at Trimarc Security, a professional services company which focuses on improving enterprise security. Together they provide valuable resources for protecting the enterprise and following the market each week!

RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup – ESW #231

Announcements

Hosts

Related

Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods – SWN #346

Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More – SWN #345

Vulnerability Reporting, Zyxel, GPS Spoofing – PSW #808