esw216

Enterprise Security Weekly Episode #216 – February 10, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. ‘Selfie Biometrics’, NetWitness, Okta, & Jetstack Secure – 12:30 PM-01:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr, & more!

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

  1. Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files – “The result of their research was dishearthening – they found some 2.5 million records and files that included personally identifiable information (PII), 2,300 files related to individuals’ health status, 2,000 files containing financial information, one million invoice files, half a million log files, as well as files containing encryption and firmware keys, SSH, SSL VPN, SMTP and MySQL usernames and passwords, and more.”
  2. Customer Demand Drives New Eclypsium Integration with Kenna.VM – “The integration enables Eclypsium firmware security data to be imported into Kenna.VM, where it is combined with real-world threat and exploit intelligence and advanced data science to determine which vulnerabilities pose the highest risk and which can be deprioritized.”
  3. Cybersecurity Company Armis Raises $125 Million At A $2 Billion Valuation – “Israeli cybersecurity company Armis has announced the closing of a $125 million financing round led by Brookfield Asset Management at a company valuation of $2 billion. This latest financing round comes a year after US venture capital firm Insight Partners acquired control of Armis for almost half the current valuation – $1.1 billion.”
  4. Okta launches its new open-source design system with a focus on accessibility – “Identity and access management service Okta today launched its new design system, both for its own corporate and brand use, but also as an open-source project under the Apache 2.0 license. The Odyssey Design System, as the company calls it, is similar to the likes of Google’s Material Design or Microsoft’s Fluent Design. It may not have quite the same number of features, but what makes it stand out is a focus on accessibility, with every element of the design system being compliant with the W3’s Web Content Accessibility Guidelines.”
  5. Enterprise selfie biometrics solutions from Ping Identity, Ipsidy-LoginID partnership launched – “The new PingOne Verify cloud service validates a government-issued ID and matches it to a selfie with facial recognition and biometric liveness detection to strengthen fraud prevention without adding unnecessary friction into the process.”
  6. Bitglass announces technical integrations between SD-WAN providers and its SASE offering – “This enables any organization to integrate its existing SD-WAN fabric with the leading SASE platform from Bitglass. Traffic destined for the web, the cloud, and even on-premises resources can automatically be routed to Bitglass for real-time security enforcement. This stands in stark contrast to competing SASE offerings which integrate with a limited set of SD-WAN solutions. These alternatives then require security teams to build and maintain complex, resource-intensive integrations.”
  7. Cisco AppDynamics strengthens security posture while achieving peak app performance – I want to believe, I really do: “Built natively into the AppDynamics platform, users benefit from reduced alert fatigue, real-time threat detection, and automatic breach prevention. “
  8. RSA NetWitness Detect AI provides advanced analytics for actionable threat detection – I really want to believe this too: “RSA NetWitness Detect AI applies cloud-scale processing for behavior analytics and uses unsupervised machine-learning to detect and respond to threats without manual oversight. The all-new SaaS solution provides high-fidelity, actionable insights on data captured by the RSA NetWitness Platform that empowers security teams to find, prioritize, and resolve threats faster and more efficiently.” But, like, I really don’t believe it until I see it…
  9. Jetstack Secure delivers protection and visibility of machine identities to cloud native platforms – Sounds hot: “Jetstack Secure delivers comprehensive protection and full visibility of machine identities to cloud-native platform and security teams, including public trusted certificates for ingress TLS, as well as private certificates for internal workloads using mTLS across a service mesh.”
  10. Obsidian SaaS security solution now available on AWS Marketplace – This team is great, I hope they are doing this and kicking butt in the market: “Obsidian protects against account compromise, insider threats, access misuse, data leaks, excessive privileges and weak posture in SaaS applications with its cloud detection and response platform.”
  11. SentinelOne Acquires Scalyr to Revolutionize XDR and Security Analytics – Bold claims: “the autonomous cybersecurity platform company, today announced the acquisition of Scalyr, a leading cloud-native, cloud-scale data analytics platform. With this acquisition, SentinelOne will be able to ingest, correlate, search, and action data from any source, delivering the industry’s most advanced integrated XDR platform for realtime threat mitigation across the enterprise and cloud.”
TylerShields

Tyler Shields –

CMO at JupiterOne

2. Network Discovery & IT Asset Inventory – 01:00 PM-01:30 PM

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping that show enterprise networks in an entirely new light. He will walk through some visualizations of public IP networks (all of Greece, Iceland, etc.) and highlight the weird and unexpected stuff you can find through clever unauthenticated scans.

Guest(s)

HD Moore

HD Moore –

CEO at Rumble, Inc

HD is the Co-Founder and CEO of Rumble, Inc. Best known as the creator of Metasploit, HD has been building security companies since 1999 with a mix of services, research, and product development roles that focus on applying research to real-world security challenges. In addition to his work at Rumble, HD advises and invests in startups, contributes to open source projects, and continues to present new research at security conferences.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne

3. Work-Bench Ventures – 01:30 PM-02:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward.

Guest(s)

Kelley Mak

Kelley Mak –

Principal at Work-Bench

Kelley is a Principal at Work-Bench, where he focuses on early stage enterprise technology investments in areas including security, cloud and developer tools. Investments that Kelley works closely with include Appland, Arthur, Algorithmia, FireHydrant, Tilt, and VISO Trust.

Kelley also leads corporate engagement at Work-Bench, where he is the key point for the firm’s relationship with forward-thinking technology executives across the Fortune 1000 and web-scale organizations.

Prior to Work-Bench, Kelley covered the security market as an industry analyst at Forrester Research.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne