esw218

Enterprise Security Weekly Episode #218 – March 03, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Traditional IDS is Dead – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

Many security teams have accepted their Intrusion Detection Systems (IDS) as little more than a compliance check-off. IDS reliance on bi-modal signatures is brittle, easily evaded by attackers, and often referred to as an alert canon. In this talk, we’ll be discussing what is missing from traditional IDS and how to easily fill the security gaps with NG-IDS capabilities with modern network detection and response (NDR).

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

Matt Cauthorn

Matt Cauthorn –

VP Sales Engineering at ExtraHop

Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.

Sri Sundaralingam

Sri Sundaralingam –

ExtraHop at ExtraHop

Sri is the VP of Security and Cloud Solutions at ExtraHop. An accomplished and dedicated product and marketing executive, he brings years of experience in information security, cloud security, data networking, and enterprise software markets.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne

2. The New Cybercrime Landscape – 01:30 PM-02:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

Description

LexisNexis Risk Solutions recently released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money. The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021. The report also provides a full year review which highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated.

Press release: https://risk.lexisnexis.com/about-us/press-room/press-release/20200223-biannual-cybercrime-report

The LexisNexis Risk Solutions Cybercrime Report: https://risk.lexisnexis.com/insights-resources/research/cybercrime-report

Guest(s)

Kimberly Sutherland

Kimberly Sutherland –

Vice President of Fraud and Identity Strategy at LexisNexis Risk Solutions

Kimberly Sutherland, Vice President of Fraud and Identity Strategy at LexisNexis® Risk Solutions, leads the Americas commercial market strategy for consumer fraud analytics, identity verification, authentication and fraud investigations.

With more than 20 years of experience leading business strategy and product management, Kim’s responsibilities have spanned from building global professional services practices to developing cross-industry best practices and technical standards.

Kim is vice chair of the Open Identity Exchange and serves on the board of Women in Identity. She is a graduate of Vanderbilt University and Otterbein University.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerShields

Tyler Shields –

CMO at JupiterOne

3. Thycotic & Centrify, Geography, YubiKey, & K7 Antivirus – 02:00 PM-02:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next live webcast will be on March 18th at 11am ET where you will learn how to Prepare Linux Hosts for Unexpected Threats! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week, In the Enterprise Security News Thycotic and Centrify join forces, Netwrix acquires Strongpoint, SentinelOne plans for IPO, Qomplx plans to go public, and funding announcements from Axonius, HYAS, Armorblox and platform9. Attivo Networks Announces Continuous Assessment and Enforcement for AD, cPacket Networks announces cCloud, and more!

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

  1. TPG-Led Investor Group Announces Combination of Thycotic and Centrify to Create a Leading Cloud Identity Security Vendor – Thycotic – This is a big one! Thycotic and Centrify are both large mainstays in the identity security space and the merger seems to make a lot of sense. We’ll see if TPG plans to sell off the combo in a few years or take them public. TPG is probably best known for rebooting post-Intel McAfee in 2017 and taking them public last year (though their stock price is a tenth of Crowdstrike’s and their market cap a fifth the size).
  2. Cybersecurity Firm SentinelOne Plans for IPO at Possible $10 Billion Value – Crowdstrike’s stock has quadrupled in the last year. They raised $612m in their 2019 IPO, at a valuation of $6.8bn. The SentinelOne valuation is reportedly more than $10bn. Is SentinelOne worth 50% more than Crowdstrike? I feel like the opposite is true, that the correct valuation is a fraction of Crowdstrike, who has expanded its product offering more than SentinelOne and has always seemed to have more market traction. If and when the S-1 is filed, we’ll have a lot more to discuss!
  3. Risk Analytics Firm Qomplx to Go Public Via Casper CEO SPAC – Some serial SPAC folks have engineered a plan for a Qomplx IPO that involves Qomplex acquiring two other companies in the process: Sentar (a risk analytics company) and Tyche (an insurance modeling platform). The deal value is around $1.4bn.
  4. Exclusive: Cybersecurity firm Axonius raises $100 million at $1.2 billion valuation – Axonius’s $100m Series D more than doubles their funding to date and puts them solidly into unicorn territory with a $1.2bn valuation! Turns out there’s some serious value in tackling what we lovingly refer to as “the basics” in this industry. I really, really hope this is an indication that organizations are taking recommendations to focus on fundamentals to heart.
  5. HYAS Closes $16 Million Series B Funding Round Led by S3 Ventures for Cyberattack Intercept Technology – Lower than most Series B rounds we’ve seen, a $16m round is still nothing to sneeze at. I hadn’t heard of Canadian-based Hyas before now, but I was immediately more interested in the origin and meaning of the company’s name than in what they actually do. The Greek pantheon is always a solid choice for company names, but Hyas was new to me. Apparently, Hyas was the son of Atlas and died so horribly that his sisters died of grief. Hyas then became associated with bringing rain (his sisters’ tears). From what I can tell, Hyas has an XDR/threat hunting-focused platform. I have no idea how tears and rain fit into what they do. Perhaps I’ve overthought this and Hyas is just an acronym that means “How You Approach Security”? Maybe we’ll have them on ESW some day and they can tell the story behind their name! UPDATE: Hyas is a First Nation word meaning “great and powerful”! A very cool name indeed.
  6. Armorblox Raises Series B Funding to Restore Trust in Email Communications – Raised $30m – pretty big for a Series B! But then, $15-20m Series As and $30m+ Series Bs are becoming the norm for cybersecurity VC funding rounds. Email security is a Big Deal, with BEC still being a problem and a sizable chunk of breaches kicking off with an email-related attack. Armorblox was one of the first to go after BEC attacks, which appeared to be a solid investment.
PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

  1. Attivo Networks Announces Continuous Assessment and Enforcement of Privileged Access – “The new ADAssessor Active Directory protection benefits include: Visibility to AD security hygiene issues and actionable alerting for key exposures at the domain, computer, and user levels, Real-time detection of AD privilege escalation, domain compromise and granular restrictions for access to AD information without impacting business operations, Continuous visibility into identities and privileged account risks related to credentials, service accounts, delegated accounts, stale accounts and shared credentials, Unprecedented levels of visibility for security teams since they can run the solution from a single endpoint without needing privileged access to Active Directory”
  2. K7 Computing launches Lifetime Valid Antivirus
  3. TPG-Led Investor Group Announces Combination of Thycotic and Centrify – “TPG Capital, the private equity platform of alternative asset firm TPG, announced today that it has signed a definitive agreement to combine Thycotic, a next-generation, cloud-first company with innovative identity security solutions, and Centrify, a trusted PAM market leader.”
  4. Tequity’s SaaS Client, Strongpoint, Has Been Acquired by TA Associates-backed, Netwrix Corporation – “Tequity, an M&A advisory firm with an exclusive focus on global enterprise B2B Cloud, SaaS, and IT companies, acted as the exclusive financial advisor to Toronto-based Strongpoint in their acquisition by Netwrix, a cyber security software company headquartered in Irvine. Strongpoint has become a wholly owned subsidiary of Netwrix. The combined entity is majority-owned by growth private equity firm TA Associates.”
  5. cPacket Networks Showcases Market-Leading Intelligent Observability Platform at Microsoft Ignite – “cPacket’s cCloud intelligent observability platform provides a range of services including virtual tapping, packet replication, filtering, slicing, deduplication, load-balancing, packet capture, forensics, replay, RTP analysis, TCP application analysis, and financial services data analysis. The platform eliminates or reduces the number of monitoring sessions – optimizing the data rate and storage consumption”
  6. Platform9 raises $12.5M following accelerated business momentum in fiscal year 202 – “The company’s Managed Kubernetes deployments have become a critical part of many large-scale and complex 5G infrastructure roll outs, hybrid cloud containers-as-a-service, and Edge use cases in the retail, media, and entertainment market segments.”
  7. Cavirin speeds up the process of keeping customers’ hybrid clouds safe
  8. Elastic Stack alerting framework gives users the power to build notifications – “The alerting framework in Kibana integrates with popular third-party platforms, including PagerDuty, Jira, ServiceNow and Microsoft Teams, enabling customers to spot, react to and resolve issues in real time.”
  9. Bridgecrew announces automated cloud security in VS Code
  10. Go Passwordless with YubiKey and Microsoft Azure Active Directory – “We are excited to report that YubiKey passwordless authentication is now generally available to Microsoft’s Azure Active Directory (Azure AD) users, a critical step toward achieving better security without compromising usability. Nearly three years ago, Yubico started on this journey with Microsoft and brought the first FIDO2-enabled security key to the market. Today’s announcement highlights our commitment to continue delivering trust at scale.”
  11. The Free ImmuniWeb Community Edition to Offer Continuous Security Monitoring – “With over 100,000 daily tests, our ImmuniWeb Community Edition enables anyone to ensure a foundational level of application security, privacy and compliance for free. It also allows checking for ongoing phishing campaigns, domain squatting or Dark Web exposure with the following four online security tests”
  12. GreatHorn vs Proofpoint: A 3rd Party Comparison
  13. CyberArk : Delivers New Identity Security Offerings to Drive Customer Success
  14. PerimeterX Winter Release Extends Digital Storefront Protection to Help Retailers Secure and Enhance Their Users’ Journey from Home Page to Checkout
  15. Parasoft Showcases Integrated Automated Testing Solution for CI/CD Workflow at Embedded World 2021
  16. New capabilities for delivering the enhanced cyber protection MSP clients need
TylerShields

Tyler Shields –

CMO at JupiterOne