esw214

Enterprise Security Weekly Episode #214 – January 27, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Platform9, Swimlane, SonicWall 0-Days, & Fortinet – 12:30 PM-01:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Next Thurs, Feb 4th @ 11am ET, in our first technical training of 2021, you’ll Learn How to Manage Insider Risks in the Work-from-Anywhere World! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand

Description

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

  1. Platform9 unburdens users from the complexities of Kubernetes while ensuring fast adoption – “Platform9 now allows all DevOps teams complete freedom to run multiple versions of managed Kubernetes across staging, production, and development environments. Users can also decide which upgrades and patches to perform and time them at their convenience.”
  2. Swimlane Raises $40 Million to Expand SOAR Business – “According to the company, the additional cash injection will be used to accelerate partnerships and alliances, expand research and development, and fuel global expansion. The total amount raised by the company is now $75 million.”
  3. SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products? – “There is still no news about the potential zero-day in the SMA 100 Series, but SonicWall let us know that the guidance to disable Virtual Office and the HTTPS administrative interface no longer applies.”
  4. Deloitte Buys Cybersecurity Firm Root9B; Deborah Golden Quoted – Root9B has a very weird history, e.g. https://krebsonsecurity.com/2017/11/r-i-p-root9b-we-hardly-knew-ya/ “In mid-June 2015, an anonymous researcher who’d apparently done a rather detailed investigation into root9B’s finances said the company was “a worthless reverse-merger created by insiders with [a] long history of penny-stock wipeouts, fraud allegations, and disaster.””
  5. Cygilant and SentinelOne Partnership Offers Businesses Automated Cybersecurity for the Endpoint and Cloud
  6. Fortinet announces AI-powered XDR for threat detection, investigation, and response – “FortiXDR is the only solution of its kind to leverage artificial intelligence (AI) for the investigation effort critical to incident response.” – Okay, that’s a stretch (maybe even a flat out lie). Dear marketing teams, don’t do this! “Fortinet says that FortiXDR is AI-powered by a patent-pending Dynamic Control Flow Engine and continually trained by the threat data and research of FortiGuard Labs as well as the frontline expertise of its incident responders. The solution starts by leveraging the diverse security information shared across the Fortinet Security Fabric for correlation and analysis, converting them into high fidelity security incidents.”
  7. New A32 launched by AlgoSec – “Enable secure deployment of micro-segmentation in complex hybrid networks A32 automates identifying and mapping of the attributes, flows and rules that support business-critical applications across hybrid networks with the built-in AutoDiscovery capability. This accelerates organizations’ ability to make changes to their applications across the enterprise’s heterogeneous on-premise and cloud platforms, and to troubleshoot network or change management issues – ensuring continuous security and compliance.”
  8. ESET Launches Enhanced Cloud-based Endpoint Security Management Solution For Businesses Of All Sizes
  9. Entrust acquires HyTrust to offer identity, encryption and security policy control for cloud environments – “By acquiring HyTrust, Entrust adds a critical management layer for encryption, cryptographic keys, and cloud security policy to its digital security solutions, serving the data protection and compliance needs of organizations accelerating their digital transformations.”
  10. LogRhythm acquires MistNet to expand reach in the threat detection space – “The acquisition will allow LogRhythm to deliver intelligent, machine-learning based detection and response capabilities that incorporate network detection, user and entity behavior analytics (UEBA), endpoint detection and response data (EDR), and additional MITRE ATT&CK detections to solve current and emerging security and risk problems.”
  11. Huntress Acquires EDR Technology From Level Effect – “As part of the acquisition, Level Effect co-founders Greg Ake and Robert Noeth will join the Huntress team to support the initial integration and ongoing development of the Recon software. Like the founding team at Huntress, both Ake and Noeth have strong backgrounds in the U.S. intelligence community, having worked within the National Security Agency, Air Force and other institutions.”
TylerShields

Tyler Shields –

CMO at JupiterOne

2. DNS Hijacking – 01:00 PM-01:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

Description

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country – the Congo (DRC), .cd – before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.

Technical description of the .cd hack: https://blog.detectify.com/2021/01/19/dns-hijacking-taking-over-top-level-domains-and-subdomains/

A run-through of the basics of DNS hijacking: https://blog.detectify.com/2021/01/19/dns-hijacking-taking-over-top-level-domains-and-subdomains/

Guest(s)

Fredrik Nordberg Almroth

Fredrik Nordberg Almroth –

Co-Founder & Head of Engineering at Detectify

Fredrik Nordberg Almroth is Co-Founder and Head of Engineering at Detectify, the web security company that automates knowledge from some of the world’s best ethical hackers and brings it into the hands of web application teams. Fredrik has helped organizations like Google, the UN and the US Air Force uncover web vulnerabilities, and he is a staunch security defender committed to making the internet safer for everyone. He is featured on Google Security Hall of Fame and has previously been elected Security Expert of the Future by Symantec.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

TylerShields

Tyler Shields –

CMO at JupiterOne

3. Supply Chain Security in the Face of Solarwinds – 01:30 PM-02:00 PM

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?

Guest(s)

Allan Alford

Allan Alford –

CISO at The Cyber Ranch Podcast

With 20+ years in information security, Allan Alford has served as CISO four times in three industries. Alford parlayed an IT career into a product security career and then ultimately fused the two disciplines. Allan has worked in companies from 5 employees to 50,000 and executes a risk-based approach to security, as well as compliance with NIST CSF, CIS CSC 20, GDPR, ISO 27001, DFARS and others.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

TylerShields

Tyler Shields –

CMO at JupiterOne