esw197

Enterprise Security Weekly Episode #197 – September 02, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Anchore Enterprise 2.4, Auth0 Bot Detection, & Bitdefender MDR – 12:30 PM-01:00 PM

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

Proofpoint’s $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0’s new bot detection!

Hosts

JohnStrand

John Strand –

MattAlderman

Matt Alderman –

  1. LA gets a big SaaS exit as Fastly nabs the Culver City-based Signal Sciences for $775M – LA’s enterprise tech scene can claim a really big winner with Signal Sciences, the security monitoring and management company that is getting bought by Fastly, a provider of content delivery networking services, for $775 million.
  2. Proofpoint announces $300M buyback program – Proofpoint (NASDAQ:PFPT) plans to repurchase up to $300M that is around 5% of the company’s current market capitalisation of $6.41B.
  3. InfoSum Raises $15 Million And Adds Brian Lesser As Executive Chairman – InfoSum, a UK-based data platform that allows companies to match data in a privacy compliant-way, has raised $15 million and appointed Brian Lesser as executive chairman, the company said Tuesday.
PaulAssadorian

Paul Assadorian –

  1. LogRhythm Power Users Share their Use Cases – “We created custom dashboards to track metrics for testing new alarms in our SIEM, show how much time our team saved using automation, display the current status of our LogRhythm deployment, monitor Case Management metrics, and present the number of alarms triggered vs. triaged in a given period. These visualizations have empowered our operations and management teams — helping them achieve their goals and making it easier for our team to prove our effectiveness, show ROI, and demonstrate the need for investment in our program.”
  2. Palo Alto Networks To Acquire The Crypsis Group For $265M
  3. Centrify Releases Privileged Access Service 20.4 – “Centrify Privileged Access Service 20.4 has extended SSH key vaulting capabilities beyond key storage and log in to now support SSH key management (inclusive of key rotation), setting policies for SSH key rotation, and leveraging an account that has an SSH key for system and account discovery operations.”
  4. Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection – “The enhanced MDR service combines Bitdefender’s award-winning security technologies for endpoint protection, network traffic analysis and security analytics with the threat-hunting expertise of highly skilled analysts from global intelligence agencies. The service delivers leading incident detection with rapid response using automated pre-approved playbooks allowing analysts to take swift action to mitigate and remediate most threats. Expert tuning and detailed enterprise environment analyses are used to understand customers’ unique threat profiles and their main risks, and to create customer-specific action plans. This results in broad threat identification and mitigation that minimizes the impact of advanced attacks.”
  5. Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities – “Security reports have been expanded to allow users to compare two different container images, enabling developers to more easily spot issues in their applications from issues in the base operating system. Vulnerability detection has been improved with support for a “hint” file which can prompt for detection of security issues in explicitly declared libraries, useful for language types like Go which don’t support a formal package management system.”
  6. FireMon Secures $40 Million Debt Financing
  7. Auth0 launched Bot Detection – Monitoring sessions vs. IP addresses? “At a high level, Bot Detection monitors IP addresses for non-suspicious events, such as successful logins; suspicious events, such as numerous failed login attempts across multiple accounts; and IP reputation data, which is used to identify known threat actors. When suspicious traffic is detected, a CAPTCHA step is required to complete a login request — the system is designed to mitigate the majority of bot attacks targeting the login or registration flow. “
  8. Auth0 Announces $120M in Series F Funding

2. SWVHSC Micro Interviews: deepwatch & ExtraHop – 01:00 PM-01:30 PM

Description

deepwatch Lens Score – The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next? This segment is sponsored by deepwatch. Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!

Every organization gets compromised – it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh

Guest(s)

Corey Bodzin

Corey Budzin –

CTO at deepwatch

At deepwatch Corey Bodzin is accountable for driving the company’s product vision and strategy from a services organization based around commercial solutions to a product driven organization with services built around its own intellectual property. Before joining deepwatch, Corey spent the last 15 years creating products at cybersecurity companies like ExtraHop, Tenable, RSA, and Qualys. Prior to that he was a user of the products as leader of security teams at Wells Fargo, Charles Schwab, and Lucent. He is a cybersecurity veteran with 25+ years’ experience in driving thoughtful cybersecurity, risk management, and regulatory compliance for industries as diverse as energy, pharmaceuticals and financial services.

Michael Sanders

Michael Sanders –

Senior Engineer at ExtraHop

Michael is responsible for architecting security implementations across hyper-converged networks and is part of ExtraHop’s team of cloud security engineers who work directly with customers and prospects. A passionate technologist and evangelist, he brings fresh thinking to security threat detection. Prior to ExtraHop, Michael was a consultant working with multiple technologies across the security landscape. He holds a Masters Degree from the University of Arizona and a BBA from the University of Georgia. Michael speaks at industry events, supports security research organizations, and has been quoted in industry coverage.

Hosts

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

3. SWVHSC Micro Interviews: CrowdStrike & Synopsys – 01:30 PM-02:00 PM

Description

This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial!

CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/

All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively? We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure. Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software. This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them!

Guest(s)

Ian McShane

Ian McShane –

VP, Product Marketing at CrowdStrike

With almost twenty years in information security including practitioner, product manager, and a shift as the lead Gartner analyst for endpoint security and EDR, CrowdStrike’s VP of Product Marketing Ian McShane has seen a lot of crazy things in his time.

Michael Borohovski

Michael Borohovski –

Director of Software Engineering at Synopsys

Michael “Borski” Borohovski is Director of Software Engineering within the Synopsys Software Integrity Group. He co-founded and was CTO of Tinfoil Security, a SaaS company providing security tooling to DevOps teams, prior to the company’s acquisition by Synopsys in January 2020. With over thirteen years of experience in cybersecurity, Borski has made it his mission to empower developers and protect their work from those seeking to cause mischief. He is also a co-inventor on four patents—with an additional four pending. He holds a BS in Computer Science and Engineering from MIT.

Hosts

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance