esw222

Enterprise Security Weekly Episode #222 – March 31, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Rise of Insider Threat Post-C19 – 01:00 PM-01:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

Is there an emerging threat to your data post-C19 with disgruntled employees having to come back to an office? How do we protect our data and keep employees happy that have access to data from where they’ve been hiding over the past year?

Guest(s)

Zack Moody

Zack Moody – Head of Global Cybersecurity & Privacy at AVX Corporation

Zachary L. Moody, CISSP currently serves as the Head of Global Cybersecurity & Privacy at AVX Corporation. He has spent over 18 years in information security related positions, and over the past several years his focus has been immersed in establishing global cybersecurity & privacy programs. With an active security clearance, Mr. Moody has worked in numerous capacities in the public, private and government sector environments. His responsibilities have primarily included but not limited to network security, threat intelligence, identity & access, and incident response.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Why User Adoption in Enterprise Security is Low – 01:30 PM-02:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Security technology roll-outs often fail because of the following:
1) Weak Security Culture – users don’t see value or understand the importance of taking action.
2) Security teams often fail to consider user experience in purchase, configuration, set-up and training of security technology, like endpoint security
3) End User communication about new technology is not communicated to the right users, at the right time, during the right stage of the project.

Guest(s)

Juliet Okafor

Juliet Okafor – CEO & Founder at RevolutionCyber

@julesmgmt

Juliet Okafor, J.D., is a cybersecurity professional who has combined her knowledge of the legal system
and cybersecurity solution models into success stories across fortune 500
industries throughout the USA. Her ability to scope, plan and design the creation of an OT Cybersecurity
Management System framework for one of the largest cruise lines in the world is testament of
her commitment and leadership regardless of the challenge.

She is a passionate security solutions visionary and strategist who builds the Fortune 500 enterprise’s
overarching security strategy that governs all other smaller strategies within. She is the person who
determines how to solve the company’s problem, be it vulnerability management, incident response or
reducing the risk associated with technology or vendors, and then puts a plan into action or roadmap to
remediate the risks in place – using a combination of people, transforming operations and an array of
emerging security technology.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Tyler’s “Deathpool”, Astadia, Gigamon, & GRIMM – 02:00 PM-02:30 PM

Announcements

Description

This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Morphisec snags $31M for moving target defense that protects mid-sized companies
  2. FUNDING: Living Security raises $14M for predictive human risk management – TechCrunch
  3. FUNDING: Polymer Solutions closes $1MM Seed Round to secure SaaS platforms
  4. LEGAL: Palo Alto Networks latest security giant accused of patent infringement – Centripetal doesn’t fit the classic profile of a patent troll, but most of the patents they’re suing Palo Alto and Cisco over seem overly frivolous. One describes the basic function of a firewall. Another describes the basic function of an IDS. The root of these lawsuits seems anchored in attempts to partner or license patent tech that went sour, however. NOTE: I’m not a lawyer and this goes deeper and is more nuanced than we’ll have time to discuss.
  5. STAFF: F5 appoints two senior executives to boost business transformation and cybersecurity – Help Net Security – Wasn’t F5 just in the news for something else?
  6. REGS: Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft – In general, I’m in favor of any regulation that helps us learn from breaches. Currently, understanding root causes and contributors is difficult, if not impossible with the lack of information shared with the public in most cases. Maddeningly, we see companies fall for the same scams and get hacked through the same TTPs – over and over and over. My hope is that regulations like these can help defenders better prioritize security improvements.
  7. REGS: Understanding DFARS 252.204-7012 and NIST SP 800-171 – CyberSheath – A lot of folks have been commenting on the previous article regarding the EO that would require software vendors to disclose breaches, saying that existing regulation, DFARS, already addresses this issue, requiring government contractors to report breaches in 72 hours. The primary counterargument is that the EO would apply more broadly, so it’s still needed.
  8. TRENDS: Google starts trialing its FLoC cookie alternative in Chrome – TechCrunch
  9. TRENDS – VC Firms Have Long Backed AI. Now, They Are Using It. – This trend is going to surprise no one, but I think it’s an interesting move from an industry long known for investing based more on “gut checks” than due diligence. I suspect AI will likely be just another factor that goes into the overall calculus, not the sole deciding factor.
  10. TRENDS: The Complete List Of Unicorn Companies – CBInsights has a handy list of all 630 unicorns currently in existence. Together, they’re collectively valued at more than $2T! There are 25 cybersecurity companies on the list.
  11. TRENDS: WWII codebreaker Turing honored on UK’s new 50-pound note – Many consider Turing an OG hacker, so it’s a notable non-sequitur that he’s getting some deserved recognition.
  12. TRENDS: The Turing Challenge – And of course, what better way to kick off Turing’s new banknote than with a series of puzzles? Someone alert Jeff Man.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. PRODUCT – AttackIQ platform automates the validation of AI and ML-based security technologies – “AttackIQ’s Network Control Validation Module combines a new comprehensive network topology map with adversarial attack replays. This helps organizations rapidly exercise the end-to-end validation of network-deployed security controls and gives technology-specific remediation guidance, ensuring that customers get the most out of their cyberdefense investments.”
  2. PRODUCT – Sonrai Security integrates with AWS to accelerate cloud security transformation – “In addition to achieving the AWS Security Competency status in identity and data protection, the Sonrai Dig platform provides out-of-the-box integration with AWS Control Tower and provides visibility into more than 150 AWS services.”
  3. PRODUCT – Elastic Observability updates accelerate root cause analysis and enables unified monitoring – “Additionally, support for ARM processor-based infrastructure is now available in Elastic Observability. Customers with servers or devices running ARM can now use Beats or the Elastic Agent to collect health and performance data to enable unified monitoring across their endpoints and infrastructure.”
  4. ACQUISITION – AutoRABIT acquires CodeScan to ensure code quality and security
  5. FUNDING – Clearsense raises $30M to expand its data platform-as-a-service technology and advisory services
  6. ACQUISITION – Accenture acquires Cygni to accelerate cloud first strategies with software engineering services
  7. PRODUCT – WALLIX provides enhanced data monitoring and secure remote access for healthcare orgs – “WALLIX Bastion includes a comprehensive range of access security features such as Session Manager and Password Manager, enabling complete data protection and business continuity.”
  8. COMMUNITY – GRIMM launches Private Vulnerability Disclosure program to allow defenders to get ahead of the unknown
  9. PRODUCT – CircleCI offers cloud-based CI/CD services for the Arm architecture – “With CircleCI’s Arm build fleet running on AWS Graviton2, developers can build and run Arm-based applications with virtually no spin-up time and deliver significant improvements without sacrificing power or cost efficiency.”
  10. PRODUCT – Red Hat OpenShift Service Available on AWS (ROSA) – “With ROSA, customers can enjoy more simplified Kubernetes cluster creation using the familiar Red Hat OpenShift console, features and tooling without the burden of manually scaling and managing the underlying infrastructure. ROSA streamlines moving on-premises Red Hat OpenShift workloads to AWS and offers a tighter integration with other AWS services. ROSA also enables customers to access Red Hat OpenShift with billing and support directly through AWS, delivering the simplicity of a single-vendor experience to customers running Red Hat OpenShift on AWS.”
  11. PRODUCT – Threat Stack Cloud Security Platform now offers real-time threat and anomaly detection in the cloud – “The sheer volume of cloud security data makes it challenging for businesses to find meaningful insights into risky user behaviors and anomalies. Threat Stack’s enhanced platform with security analytics solves this problem by delivering transparency into behavior associated with the cloud management console, user identities, sensitive data, and anomalous activities directly within the platform.”
  12. PRODUCT – McAfee unveils MVision cloud-native app protection – Huh? “To accelerate their digital transformation journey, enterprises are leveraging the agility and innovation velocity offered by cloud-native applications hosted across private, public and hybrid clouds.”
  13. PRODUCT – Zscaler and CrowdStrike release integrations for end-to-end security – Whoa: “ZPA incorporates CrowdStrike’s real-time ZTA to enforce access policy to private apps to reduce organisational risks
    Zscaler Internet AccessTM (ZIATM) deployed inline stops malware propagation by triggering device quarantine through the CrowdStrike Falcon Platform, CrowdStrike’s Falcon X threat intelligence and Falcon Endpoint Protection device telemetry data can be shared with Zscaler Zero Trust Exchange for usage when integrations are activated to provide stronger protection and increased visibility, Cross-platform workflow shortens response time and helps combat increasing volumes and sophistication of attacks”
  14. PRODUCT – Gigamon, FireEye collaborate on integration of Gigamon Hawk – “Gigamon says its Hawk solution is now integrated with FireEye Network Security, closing this critical gap and radically simplifying hybrid cloud adoption – with the integration providing a unified view across hybrid infrastructure through a single, simple interface with built-in management and reporting.”
  15. PRODUCT – Sysdig Adds Unified Threat Detection Across Containers and Cloud to Combat Lateral Movement Attacks – “Using different cloud and container security tools requires a manual correlation of logs to catch the breach and uncover the systems impacted. By unifying the incident timeline and adding risk-based insights, Sysdig reduces the time to detect threats across clouds and containers from weeks to hours. Cloud development teams can see exactly where the attacker started and each step they took as they moved through the environment.”
  16. PRODUCT – Zimperium Collaborates with Oracle to Provide Mission Critical Mobile Security to Customers
  17. FUNDING – Socure’s $100 Million Series D Financing Round
  18. FUNDING – Productiv raises $45 million in new funding round
  19. ACQUISITION – Kroll Acquires Redscan to Expand Cyber-Risk Offering
  20. FUNDING – Ketch raises $23M to automate privacy and data compliance
  21. FUNDING – Feedzai raises $200M at a $1B+ valuation for AI tools to fight financial fraud
  22. FUNDING – Living Security raises $14M for predictive human risk management
  23. ACQUISITION – ServiceNow takes RPA plunge by acquiring India-based startup Intellibot
  24. FUNDING – Cybersecurity Firm Morphisec Raises $31M Funding Round
  25. FUNDING – Jumio raises $150M to fuel innovation and automation
  26. ACQUISITION – Astadia acquires Anubex to offer a complete mainframe migration RoadMap
TylerShields

Tyler Shields

@txs

CMO at JupiterOne