esw215

Enterprise Security Weekly Episode #215 – February 03, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Imperva Updates WAAP, SonicWall Confirms 0-Day, & Arista Zero Trust – 12:30 PM-01:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Enterprise News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse, for Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCALES improves the ability to detect phishing attacks, Imperva updates its WAAP and Data Security offerings, SonicWall Confirms A Zero-Day Vulnerability with NO other details, Arista intros Multi-Domain Macro-Segmentation Service (I don’t know what it means, but its provocative), & more!

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

  1. Mission Secure Announces Series B Venture Funding to Further Advance Its Patented OT Cybersecurity Protection Platform – This is a surprisingly low number for a Series B, unless you consider that the OT security market is also relatively small when compared to the IT security market.
  2. TPG Agrees to Acquire a Majority Stake in Centrify from Thoma Bravo – Thoma Bravo, well known for turning around some handy 2-3 year profits on many well-known security brands is handing off Centrify to TPG, who is probably best known in recent years for helping Intel divest McAfee and take it public.
  3. Akamai Technologies Acquires Inverse Inc., Adds to Zero Trust Security Platform – Zero Trust? That could mean 50 different things! First off, it’s great to see good exits for Montreal-based companies – last year, Montreal-based vuln mgmt startup Delve Labs got picked up by SecureWorks. Interestingly, it looks like Inverse is basically an acqui-hire, but not your typical acqui-hire. It looks like, instead of developing a commercial product, they specialize in creating and maintaining open source products (specifically, Akamai is likely interested in Packetfence here). Instead of making money on commercial software licensing, they get paid to handle all the integration work. This is interesting, because this is likely one of the most common places where product deployments fail and purchases become shelfware. The average customer doesn’t have 5 python experts sitting around, waiting to work on the latest SIEM, threat intel or, in this case, NAC.
  4. Israeli security startup Bridgecrew in negotiations for sale to Palo Alto Networks for over $100m – Another CSPM getting acquired here – I guess CSPM wasn’t part of one of the four acquisitions that went into Prisma Cloud already? Aporeto was microsegmentation, CloudGenix was SD-WAN, Twistlock was container security and PureSec was serverless security, so yeah, I guess they needed a CSPM acquisition. Also, in researching this story, I discovered that Lacework has an absolutely BRUTAL anti Prisma marketing campaign. It’s so aggressive, it’s kinda funny.
  5. Gartner Forecasts Worldwide Security and Risk Management Spending Growth to Slow but Remain Positive in 2020 – This story is here just as context for the news that Microsoft’s security revenue is $10bn annually. With the industry product revenue TAM at ~$60bn, that means Microsoft accounts for one sixth of ALL security product revenue!
  6. For Microsoft, Security is a $10 Billion Business – Huge, if true.

    If Microsoft’s security business is $10bn… that could put them in the number one spot as the largest security company in terms of product revenue, and ignoring the fact that Microsoft Security isn’t a separate pure play company. By comparison, Cisco’s security business is only doing ~$3bn annually and they’ve done a TON of security acquisitions in the past decade – SourceFire, OpenDNS, Duo, CloudLock, Threatgrid…

  7. U.S. based Rapid7 acquires Israeli cyber startup Alcide.io for $50M – Another container/Kubernetes-inspired acquisition! They picked up DivvyCloud less than 10 months ago, but from what I can tell, that was more of a broad CSPM play, whereas Alcide seems to be more specifically focused on Kubernetes. We’ll probably continue to see Kubes-related acquisitions for a while.
  8. Amazon, Alphabet and Salesforce are all investing in a $28 billion company (DataBricks) that crunches big data – While not a security company, I think we should always have an eye out for big data/data-related companies, as they tend to have an impact on the data-hungry (and alert-fatigued) security space.
  9. HelpSystems Acquires Digital Defense to Enhance Cybersecurity Portfolio – Security Boulevard – HelpSystems, the parent company that also acquired Core Security and Cobalt Strike, picked up Digital Defense. It makes a lot of sense as an acquisition, as (unless I’ve missed something), Core never had its own scan engine and depended on customers owning other tools to do the actual vulnerability scanning. While many might not know Digital Defense’s name, they’re a longtime IBM partner, providing the vulnerability scanning engine for QRadar.
PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

  1. Sontiq acquires Cyberscout to expand its cyber products and services to the insurance industry – “This acquisition unites three best-of-breed products focused on delivering world-class services, as shown in the excellent customer ratings we all have collectively earned.” Except, there is no mention (or even a hint) at what all these products ACTUALLY do!
  2. IRONSCALES further improves ability to detect advanced and highly targeted phishing attacks – Okay, but like what does it do? Also important: What does it do that my existing solutions don’t do? “Using a democratized approach to threat hunting, IRONSCALES makes anti-phishing effortless and seamless for both security professionals and end users.”
  3. Arista launches a zero trust security framework for the digital enterprise – I have no idea what this means, what problem it solves, or why it may be better than anything else: ” Arista Multi-Domain Macro-Segmentation Service is a suite of capabilities for integrating security policy with the network through an open and consistent network segmentation approach across network domains.”
  4. Cymulate Integrates with Microsoft Defender for Endpoint – I like the honest marketing: “Cymulate, one of the only SaaS-based Continuous Security Validation platform to operationalize the entire MITRE ATT&CK® framework” I’m also a huge fan of testing this way: “Cymulate correlates EDR findings with hacking techniques, behavior-based attacks and malware launched from the Cymulate platform to validate endpoint protection efficacy against new threats and accurate detection and alerts of possible attacks.”
  5. Tenable Empowers MSSPs to Launch Cloud-Based Vulnerability Management Services within Minutes – “Tenable®, Inc. announced an enhanced Managed Security Service Provider (MSSP) portal to supercharge partners’ cloud-based vulnerability management offerings with Tenable.io®. The updated portal will enable MSSPs to self-provision and self-service their own Tenable.io instances, up to 1,000 assets, empowering partners to build and launch vulnerability management services in the cloud within minutes.”
  6. Ping Identity Launches Face-Based Onboarding Solution
  7. StackPath Launches Direct Connect – “StackPath Direct Connect for StackPath content delivery network (CDN), providing dedicated network connections from customers’ private networks to the StackPath edge platform. Traffic from customers’ on-premises origin servers can travel to and from the StackPath CDN without using the public internet.” Also, not so sure it does this: “decrease exposure to malicious activity and threats”
  8. Barracuda launches high-speed expandable backup platform for Microsoft Office 365 – “Barracuda announced the latest version of Barracuda Cloud-to-Cloud Backup with a new platform that delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Compared to traditional backup and recovery solutions, a cloud-native solution provides scale and resiliency, fast performance, and wide global coverage to protect Office 365 data born in the cloud.”
  9. Rapid7 acquires Alcide.IO to extend cloud security – “these acquisitions will enhance Rapid7’s ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments…Alcide’s industry leading cloud workload protection platform (CWPP) provides broad, real-time visibility and governance, container runtime and network monitoring, as well as the ability to detect, audit and investigate known and unknown security threats.”
  10. Imperva updates WAAP and Data Security offerings with emphasis on simplicity – Sounds like some re-packaging of existing products.
  11. SonicWall Confirms Zero-Day Vulnerability – “SonicWall has confirmed a zero-day vulnerability affecting its SMA 100 Series. Its disclosure arrives as NCC Group researchers report an observation of attacks exploiting a SonicWall flaw.” – No details have been published, other than “watch for IPs connecting to the management interface”.
  12. Arista intros Multi-Domain Macro-Segmentation Service – “Available on EOS-based switches, MSS-Group implements security policy enforcement based on logical groups rather than traditional approaches based on interfaces, subnets or physical ports. “
TylerShields

Tyler Shields –

CMO at JupiterOne

2. Attack Surface Management – 01:00 PM-01:30 PM

Announcements

Description

Attack Surface Management is an important and growing field within Information Security. In this segment, we discuss how security teams can frame the problem and what can be done to get a handle on the ever-growing attack surface of enterprises!

Guest(s)

Jonathan Cran

Jonathan Cran –

Founder & CEO at Intrigue.io

Having provided penetration testing and security assessment services for the world’s largest organizations and government agencies, Jonathan’s extensive background includes experience as an executive, consultant, engineer, developer, investor, and researcher.

While working in foundational leadership roles at at Rapid7, Bugcrowd, and Kenna Security, Jonathan, also known as “Jcran” was the driving force behind the success of multiple industry-leading security technologies, standards and frameworks. Jonathan is also the inventor and owner of multiple security assessment patents, and is the originator of the Intrigue Core open source collection engine.

He is a member of a number of technology and security groups, including Exploit Prediction Scoring System (EPSS) Working Group , Cyber Policy Working Group (CFAA) and Austin Hackers (AHA). A frequent speaker at industry conferences, including Black Hat, RSA, Derbycon, Security BSides and DEFCON, Jonathan has also been quoted, and publicly recognized in numerous publications and is recognized as an information security trailblazer.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne

3. The Cyber Defense Matrix, the DIE Triad, and Cybersecurity Startups – 01:30 PM-02:00 PM

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

The Cyber Defense Matrix is a framework to help systematically organize they many things that we buy and do in cybersecurity. The DIE Triad offers a new way of thinking about resiliency, how we secure the future, and what startups should focus on to help us get there.

Guest(s)

Sounil Yu

Sounil Yu –

CISO-in-Residence at YL Ventures

Sounil Yu is the CISO-in-Residence at YL Ventures, leveraging 30+ years of experience to support due diligence, vet entrepreneurs, and evaluate startup ideas. Sounil proactively supports the ideation processes of aspiring entrepreneurs and advises them on greenfield opportunities in cybersecurity. Previously, Sounil was the Chief Security Scientist at Bank of America. He created the Cyber Defense Matrix and the D.I.E. Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute and SCVX; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School’s National Security Institute; and advises many startups.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne