esw223

Enterprise Security Weekly Episode #223 – April 07, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Inbox: Zero Trust – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/materialsecurity for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

Ryan Noon joins ESW team this week to chat through the significance of recent hacks (namely: SolarWinds and Hafnium), unpack growing enterprise demand for a “digital seatbelt,” and illuminate why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes.

Segment Resources:
https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint

https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html

This segment is sponsored by Material Security.

Visit https://securityweekly.com/materialsecurity to learn more about them!

Guest(s)

Ryan Noon

Ryan Noon – Co-Founder and CEO at Material Security

@internet_meme

Ryan Noon is a serial entrepreneur and an expert on cloud security. He is the founder and CEO of Material Security, a company that protects the email of high-risk VIPs and top global organizations. Previously he ran infrastructure teams at Dropbox after it acquired his last company, Parastructure. Before that he helped build a company spun out of Stanford by the Department of Defense. He holds bachelors and masters degrees from Stanford in Computer Science and Computer Security.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Hackers Are Targeting Your Firmware. Are You Ready? – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

Announcements

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for & prevent modern ransomware attacks! Our next technical training will be on May 6th at 11am ET. This technical training webcast will explore common misconfigurations of NGINX, the damage they could do, and how to avoid them. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

83% of businesses have experienced at least one firmware attack in the past two years – and yet most organizations lack visibility into this attack surface. We’ll discuss why hackers are increasingly targeting firmware and what enterprises need to do to detect and prevent these attacks.

Segment Resources:
Assessing Enterprise Firmware Security Risk in 2021 – https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/

https://github.com/chipsec/chipsec

The Top 5 Firmware Attack Vectors – https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/

Request a demo of the Eclypsium platform – https://eclypsium.com/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!

Guest(s)

John Loucaides

John Loucaides – VP Federal Technology at Eclypsium

@JohnLoucaides

John Loucaides is the VP of Research and Development at Eclypsium, the comprehensive cloud-based device security platform that protects enterprise devices all the way down to the firmware and hardware level. Headquartered in Portland, Oregon, the company was named to Fast Company’s annual list of the World’s Most innovative Security Companies for 2020, the CNBC Upstart 100 list, and Gartner’s Cool Vendor list for Security Operations and Threat Intelligence. John has extensive history in hardware and firmware threats from experience at Intel Corporation and the United States government. At Intel he served as the Director of Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Cybersecurity Unicorns, LogRhythm Version 7.7, Rapid7 Kubernetes Beta, & Cisco SASE – 02:00 PM-02:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What’s Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. VENDOR ANGER – Ubiquiti adds ads to their consoles following major breach – “Hey @Ubiquiti, why are you pushing ads on the management interface for hardware I bought outright?” <-- Ubiquiti starts pushing ads in their console just after trying to downplay a breach! Customers are not best pleased.
  2. NEW PRODUCT – Duo goes passwordless – TechCrunch – We’ve seen a lot of passwordless moves in recent months, but Duo has the momentum and gravity to REALLY move the needle here.
  3. HOT TAKES – “Honestly, a lot of free software is free as in *piano.*” – “Honestly, a lot of free software is free as in *piano.* It’s right there. Nobody is stopping you. You could totally spend hours of painstaking labor getting it carried up your front steps or built from a clusterfuck of diffs and patches or whatever. Everyone knows you won’t.” <-- this is the metaphor I've been needing for years for describing why FOSS isn't a panacea and is often more expensive than using commercial products.
  4. HOT TAKES – Jason Chan: Thoughts on Selling to Security Leaders – Jason Chan and a lot of other security leaders are fed up with what they see as increasingly obnoxious attempts to slip a sales meeting onto their calendars.
  5. HOT TAKES: Signal Adds Payments—With a Privacy-Focused Cryptocurrency – Signal beta tests cryptocurrency-enabled payments and many Signal fans are not happy about this new direction for the messaging app.
  6. FUNDING – Aporia raises $5M for its AI observability platform – TechCrunch – With all the AI/ML in enterprise security products, I felt like a company that tells you whether your ML is working or broken was both interesting and relevant.
  7. Threat intelligence platform ThreatQuotient secures $22.5M
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. FUNDING – Cyble raises $4M to provide early warning intelligence on cyber threats – “Dark web monitoring and mitigation capabilities are front of mind for modern organizations and the market is growing rapidly.”
  2. ACQUISITION – OneTrust acquires Convercent to bring ethics and compliance capabilities into the OneTrust platform – “The acquisition will build on OneTrust’s longstanding investments in creating the technology fabric of trust within an organization, bringing together privacy, security, data governance, ethics and compliance, GRC, third-party risk, and ESG into a single operational workflow.”
  3. Digital Shadows announces new threat intelligence capabilities mapping to MITRE ATT&CK framework – I think when a vendor can mention MITRE ATT&CK in a press release, they are excited, but are we? “The new features draw on this collective global security ‘brain’ but provide security professionals with visualizations relevant to their specific organization so they can quickly determine the relevance or danger of a particular threat actor or incident to them. This insight is further enhanced by Digital Shadows own analysis of threat actors and updates within the same library. Combined, it means Digital Shadows customers gain actionable remediation advice against specific threat actors before they may pose a risk.”
  4. Rapid7 : Announces Kubernetes Open Beta in InsightVM – Interesting play: “Integrating your Kubernetes environment with InsightVM can be accomplished by pulling the Rapid7 Kubernetes Monitor from DockerHub, deploy this to each cluster, and performing a few configuration steps. Once configured, data will appear in the Container Security section of InsightVM.”
  5. FUNDING – ThreatQuotient raises $22.5M to accelerate execution of new innovations – “ThreatQuotient gives SOC analysts, incident responders and threat analysts unmatched flexibility, visibility and control over their company’s alerts and unique threats that they can’t get from other security operations solutions.” – Sounds like they are way more than just threat intel…
  6. PRODUCT – LogRhythm Releases Version 7.7 of NextGen SIEM Platform – “Easier integration with third-party platforms: Version 7.7’s Alarm REST API provides a simpler integration with third-party ticketing systems, SOAR platforms, and other LogRhythm partner solutions…Seamless log configuration in the cloud: Cloud-to-cloud collection enables LogRhythm Cloud users to configure log sources regardless of origin through a Graphical User Interface (GUI)…Built-in support for more popular cloud-based services: LogRhythm has added new out-of-the-box Beats to help analysts onboard many popular cloud-based services, including Okta and Carbon Black Cloud, which further help customers secure the identities and endpoints within their environments. “
  7. Imperva unveils new data security platform built for cloud – “By supporting all databases regardless of where they are hosted, including database as a service (DBaaS), infrastructure as a service (IaaS) and multi and hybrid cloud environments, Imperva enables companies to maintain their security posture while rapidly embracing the cloud. The platform natively integrates with any database on Amazon Web Services, Google Cloud, Microsoft Azure, MongoDB Atlas and Snowflake, as well as many others.”
  8. Security Innovation launches monthly Web Application Security Bootcamp
  9. Kaspersky launches ML-driven MDR for SMB, and splits B2B offering into frameworks based on customers’ IT security maturity – “The new Kaspersky Managed Detection and Response (MDR) service ensures continuous machine learning-driven 24/7 protection while saving IT security teams’ resources for threat analysis, investigation and response. Thanks to two product tiers, Kaspersky MDR is now available not only for large enterprises, but for medium-sized businesses with different levels of IT security maturity and needs. “
  10. Acronis releases new version of Acronis Cyber Protect Cloud
  11. Minerva Labs : Launches Cloud Version of its Endpoint Threat Prevention Platform – Looks like they’ve added some features: “The multi-layered engines combine advanced prevention-oriented cyber warfare approaches, such as deterrence-based & active deception, active camouflage, browser isolation, virtual patching, vaccination and other anti-evasion capabilities.”
  12. What’s Behind the Surge in Cybersecurity Unicorns? – “SecurityWeek has identified more than 30 cybersecurity unicorns, with 13 of them announced in the past four months alone. The 13 companies to achieve billion-dollar valuation since December 2020 are Aqua, Axonius, BigID, Coalition, Feedzai, Forter, ID.me, Lacework, Orca, OwnBackup, Socure, Venafi and Wiz.”
  13. Cisco Umbrella unlocks the power of SASE with new security capabilities – “Remote browser isolation (RBI), Data loss prevention (DLP), Cloud malware prevention” – Not sure how it all fits together, but interesting that Umbrella has all of these features now.
TylerShields

Tyler Shields

@txs

CMO at JupiterOne