Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Email security and phishing protection has many gaps that are exploited by attackers. Learn how computer vision can help prevent malicious URLs and websites from doing bad things to your users.
Chris is the Founder and CEO of Pixm, a company that makes AI software to stop phishing breaches and make the web more trustworthy. He started Pixm while a graduate student at Columbia studying machine learning, after he won a pitch contest and a ticket to Blackhat. He started his career getting his thesis published and working in Princeton’s physics department, where he earned his bachelors. He likes travel, audiobooks, and movie soundtracks.
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Jeff Foley’s industry experience has been focused on information security research & development in order to build and assess next generation solutions. He is the Project Leader for Amass, an OWASP (Open Web Application Security Project) Foundation flagship project that performs in-depth attack surface mapping and asset discovery. Jeff is an Adjunct Professor teaching Penetration Testing at the SUNY (State University of New York) Polytechnic Institute and a Principal Consultant at ClaritySec, Inc. Previously, he was the US Manager for Penetration Testing & Red Teaming at National Grid, a multinational electricity and gas utility company. Prior to this, Jeff served as a Principal Investigator of offensive cyber warfare research & development at Northrop Grumman Corporation, an American global aerospace and defense technology company. In his spare time, Jeff enjoys experimenting with new blends of coffee, automating security tasks, and giving back to the information security community.
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
This Week, In the Enterprise Security News:
Okta acquires Auth0, KnowBe4 Acquires MediaPRO, PayPal to acquire Curv, and Dropbox to acquire DocSend
Aqua Security raises $135M, Privacera Secures a Series B, YL Ventures sells its stake in Axonius, Snyk Secures a Series E, and McAfee sells its Enterprise business
AWS Announces New Lower Cost Storage, Radware’s New Integrated Application Delivery & Protection, Bitdefender launches new Cloud-based EDR Solution, Awake’s NDR platform, CrowdStrike Falcon enhancements improve SOC efficiency, Tufin releases Vulnerability-Based Change Automation App, Gigamon launches Hawk, Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains, & more!
Senior Research Engineer at CyberRisk Alliance
Address cybersecurity challenges before rolling out robotic process automation – TechCrunch – RPA is a huge growing market and it has nothing to do with robotics. Imagine if Amazon’s returns processes were 100% automated (they might be, I’m not sure). Now imagine someone modifies that process to give everyone double their money back. I’m not sure if that’s a realistic scenario, but the prediction here is that we’ll be seeing a lot of RPA-related breaches before folks get the security right.
EXIT – YL Ventures sells its stake in cybersecurity unicorn Axonius for $270M – TechCrunch – YL has been consistently killing it. The original VC idea was to bet on at least one massive startup win for every 10-20 failures or mediocre returns. Very much a gamble. YL, a totally cybersecurity-focused, early stage VC has mastered the art of solid and steady returns for nearly every one of their investments. $270m is HUGE though, considering this is just one of their portfolio companies from their third fund, which was only a $75m fund. And there are six more portfolio companies from that fund that haven’t exited yet! I could definitely see Orca, Vulcan and Hunters bringing in respectable exits as well.
ACQUISITION – PayPal to acquire cryptocurrency security startup Curv – TechCrunch – Curv is an interesting one. It’s like a cryptocurrency wallet for organizations that manage large amounts of the stuff. They allow users to create policies around when crypto funds can be transferred, how and how much. Very niche and specific, but very much needed in a market where so much cryptocurrency has been stolen from both individuals and exchanges, it’s a bit embarrassing.
MERGER – Okta + Auth0: Powering Identity for the Internet – $6.5bn is a lot for a company that has nearly 100% product/feature overlap. Tyler says it’s not a logo buy, but I think that might be part of it. The other part, I think, is that although there’s a lot of overlap, Okta is strong where Auth0 is weak and vice versa. Still seems a lot like a T-Mobile + Sprint merger to me though.
Radware’s New Integrated Application Delivery & Protection – “Alteon’s new Integrated Application Protection includes a Web Application Firewall (WAF) to protect from web-based attacks, Bot Manager to block malicious automated threats, and Application Programming Interface (API) protection to secure APIs and provide full visibility on API targeted threats.”
Bitdefender launches new Cloud-based EDR Solution – “The new EDR package is resource-light and fully cloud-delivered for easy deployment and management and runs alongside third-party prevention technologies. Unique in the EDR space, it combines endpoint telemetry and human risk analytics with advanced threat detection capabilities. “
Control web applications with two-clicks in Cloudflare Gateway – “We built Gateway to help customers replace the pain of backhauling user traffic through centralized firewalls. With Gateway, users instead connect to one of Cloudflare’s data centers in 200 cities around the world where our network can apply consistent security policies for all of their Internet traffic.”
Blumira and Cerium Networks simplify threat detection and response – “Blumira’s modern, cloud-based SIEM (security information and event management) platform enables businesses, often with limited security resources or expertise, to seamlessly detect, investigate and respond to ransomware, misconfigurations and unknown security threats faster and earlier.”
Awake’s NDR platform strengthens cybersecurity across cloud, hybrid and IoT environments – Lots of words, still I can’t seem to understand the announcement or the value: “Awake’s NDR platform is a key pillar of Arista’s vision for zero trust security. With a new network-based multi-domain macro-segmentation service, situational awareness for all network resources and Awake’s NDR, Arista is transforming network security from an afterthought to networks that are inherently secure.”
CrowdStrike Falcon platform enhancements improve SOC efficiency – Workflow stuff: “Customers can streamline their SOC operations with the new CrowdStrike Falcon notification workflows that provide automated real-time notifications tailored to specific types of events, conditions and cloud security posture findings and then be seamlessly delivered via email, generic webhooks or through Slack and PagerDuty integrations.”
Tufin releases Vulnerability-Based Change Automation App – This sounds cool though: “The VCA addresses this problem by automatically retrieving data from an organization’s vulnerability scanner and reflecting the results in the risk assessment step of an access request workflow.”
LastPass Now Offers the Flexibility to Authenticate With SMS Passcode, Voice Call or YubiKey – “For business users, SMS passcodes and voice call authentication will offer flexibility for employees who may not be able to utilize their cell phones during the day. With these authentication methods, employees can set up a landline or desk phone as their secondary authentication method to ensure secure access. In the circumstance that a mobile phone is lost, employees can set up an alternative phone to provide authentication, so they are never locked out of their account. In addition to supporting these methods for the LastPass vault, LastPass now also supports voice call, SMS passcodes and YubiKey when authenticating into single sign-on applications. “