esw226

Enterprise Security Weekly Episode #226 – May 05, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Rise of the SBOM – 01:00 PM-01:30 PM

Announcements

  • In our next technical training webcast on May 13th at 11am ET, see how attackers gain access to endpoints, and learn how to use defensive strategies to protect against those attacks! In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Software Bill of Materials (SBOM) are used to describe the list of ingredients for the software that organizations create or acquire. There’s a rapidly expanding community of adopters, implementers, and producers that are creating, consuming, and analyzing them en mass. What are the benefits of SBOMs and what types of risk that can be identified through their use?

Segment Resources:

https://cyclonedx.org/ https://www.ntia.gov/sbom https://owasp.org/scvs https://dependencytrack.org/

Guest(s)

Steve Springett

Steve Springett – Chair at CycloneDX SBOM Standard, Core Working Group

@stevespringett

Steve educates teams on the strategy and specifics of developing secure software.

He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.

Steve’s passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill of material standard, and participates in several related projects and working groups.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Applications Are Your Lifeblood – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/neustar for more information!

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Web applications have never been more critical to your business. Yet, the everchanging threat landscape, from the move towards the cloud, to the explosion of devices on the internet, to the effects of the pandemic, keeps shifting the playing field. Join Carlos Morales, CTO Security Services, Neustar, to hear about how cyber criminals are taking advantage of these changes and considerations for how best to de-risk your application environment, no matter where your apps are hosted.

Segment Resources:
Learn more about [Security Solutions at Neustar] https://www.home.neustar/security-solutions

See our [Video]
https://www.home.neustar/resources/videos/security-you-can-trust

Read our new white paper: [The Changing Face of Web Application Security] https://www.home.neustar/resources/whitepapers/web-application-security-threats

This segment is sponsored by Neustar.

Visit https://securityweekly.com/neustar to learn more about them!

Guest(s)

Carlos Morales

Carlos Morales – CTO Security Services at Neustar

Carlos Morales is the CTO for Neustar’s Security Services business unit responsible for driving technology innovation across Neustar’s portfolio of application security, DNS, IP intelligence, and threat data services. He is tasked with the development and evangelization of the technology vision for security services and increasing Neustar’s thought leadership internally and externally. His role includes helping to define strategy for security acquisitions and execution of strategic partnerships.
Carlos was previously the general manager for the Arbor Cloud service at Netscout leading product strategy, sales, operations, and driving the service P&L. He was also a member of Netscout’s executive cybersecurity committee advising the enterprise on security strategy. Prior to the Netscout acquisition and integration of Arbor Networks, he was on the executive management team of Arbor, leading the global pre-sales team for over a decade, and was responsible for the Arbor Security Engineering and Response Team (ASERT), an elite security research organization. He brings more than two decades of experience in deploying security, networking and access solutions for service provider and enterprise networks. Before joining us in 2004, Carlos held management positions at Nortel Networks and Tiburon Networks, where he served as director of sales engineering. He also held sales engineering roles at Shiva Corporation, Crescent Networks and Hayes Microcomputer.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. JupiterOne, Signal Ad Banned, Series F Funding, & Imperva Acquires CloudVector – 02:00 PM-02:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

This week in the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites, Imperva acquires CloudVector to provide visibility and security for API traffic, ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response, KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature, and some funding and acquisition updates from Thoma Bravo, Proofpoint, Darktrace, JupiterOne, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. ACQUISITION: Imperva acquires API security company CloudVector – We’re starting to see a lot more focus on API security, as traditional DAST and WAF-focused vendors seek to fill this gap in their product portfolios. Also, I almost forgot Thoma Bravo owns Imperva now (one of 11, sorry 12 now with Proofpoint, cybersecurity companies it has a majority stake in right now!)
  2. FUNDING: Cigent gets $7.6 million to reimagine data protection at the file level – Protecting data and preventing data leaks is hard. The moment you start putting controls around data, it becomes difficult to use and tends to break workflows, kill productivity, and frustrate users. As the In-Q-Tel investment suggests, Cigent’s technology is designed more for environments where secrecy and confidentiality is paramount – this isn’t stuff you’re likely to see in the average home or enterprise.
  3. FUNDING: Viso Trust assesses third-party cybersecurity risk with AI, raises $3M – Third-party risk management is insanely time-consuming and it boggles my mind when I try to imagine handling it at a Fortune 100 where there are thousands of third parties to monitor and perform due diligence on. It’s a boring, unsexy problem, but the more we can automate the more mundane footwork, the more time security staff will have to focus on the parts of the process that matter the most.
  4. FUNDING: Sysdig raises $189M to monitor containers and apps in the cloud – Sysdig raises a Series F here, which leaves me wondering what their exit might be. They partially compete with a lot of other cloud security vendors (especially the CSPM folks), but 450 customers doesn’t seem like a lot for a unicorn. As if to justify the valuation, they do offer up that the average ARR for their top 50 customers is $500k. A little napkin math has my revenue estimates at $35-50m for Sysdig, suggesting a 30x-22x multiple, which should make investors happy if they have an exit anywhere in that neighborhood. Only time will tell, as the CSPM market and larger cloud security market seem quite saturated.
  5. FUNDING: Persona lands $50M for identity verification after seeing 10x YoY revenue growth – TechCrunch
  6. FUNDING: JupiterOne Raises $30 Million Series-B Led by Sapphire Ventures
  7. FUNDING: Announcing Vanta’s $50 Million Series A from Sequoia Capital – A $50m Series A?!? Honestly though, I can’t imagine them not making a killing. Finding the pain points in businesses and alleviating them is an excellent approach for a business plan. And obtaining a SOC2 (or FedRamp, or ISO27k, or HITRUST, etc) can be very painful.
  8. IPO: Darktrace shares soar by 40% on London stock market debut
  9. PRIVACY (also hilarious): Signal Tries to Run the Most Honest Facebook Ad Campaign Ever, Immediately Gets Banned
  10. TRENDS: Is It Ethical To Buy Breached Data? – Security Boulevard
  11. NEW PRODUCT: Tenable.ad
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Appgate SDP enables clientless, browser-based access to protected resources – “Appgate SDP creates one-to-one connections between users and resource locations and dynamically enforces identity-centric access policies at the network level.”
  2. StackPulse helps enterprises deliver reliable production-grade Kubernetes applications – “The 15-month old company that exited stealth mode in January, with $28 million in funding” and “When an error is detected in a Kubernetes environment, StackPulse automatically executes diagnostic steps to gather information from the clusters, and assists engineers in performing the root-cause analysis. This automation helps them quickly identify how to mitigate and resolve an issue. Additionally, StackPulse has released more than a dozen playbooks built by SRE experts that remediate common Kubernetes problems.”
  3. Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites – “Incydr Browser Upload Detection is built to detect and alert security teams to unsanctioned browser upload activity, such as employees uploading business documents to personal cloud, email or social media accounts or source code repositories, regardless of the network or internet browser being used.” and “The Incydr browser upload detection capability is more efficient for security teams to manage as there is no need to maintain browser plug-ins or proxies, and makes investigation and response quicker and more accurate.” – But without a browser plugin or proxy, so via an agent?
  4. Imperva acquires CloudVector to provide visibility and security for API traffic – “Imperva announced it has entered into an agreement to acquire CloudVector. CloudVector enables customers to discover, monitor, and protect all API traffic in any environment from exploits and breaches.”
  5. Sysdig adds detailed audit logs for runtime detection and response for AWS Fargate – “Runtime detection for AWS Fargate on Amazon ECS based on Falco, Audit trails, rapid response, and capture files for AWS Fargate workloads (Sysdig captures and records all AWS Fargate activity — including commands, network connections, and file activity — and correlates the information with rich context from the cloud and Kubernetes.), Unified view across AWS Fargate security posture, vulnerabilities, and threats” – I love this.
  6. ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response – “ThreatQuotient announced ThreatQ TDR Orchestrator, a new data-driven automation capability for more efficient and effective threat detection and response. This capability enables users to control what actions are to be taken, when, and why through the use of data.”
  7. Palo Alto Prisma Cloud targets unprotected VMs and container security – “Auto-Detection and Auto-Protection for Hosts: Prisma Cloud now automatically detects unprotected virtual machines (VMs) running on AWS, Microsoft Azure and Google Cloud Platform (GCP). It seamlessly deploys the Prisma Cloud Defender agent to help ensure that VMs are not left unprotected….Anti-Malware Capabilities at Runtime and During Continuous Integration and Delivery (CI/CD) Scenarios, Simplified Compliance for Hosts, Containers and Serverless Applications, Open Source License Analysis and Expanded Software Composition Analysis” Sounds like they are integrating acquisitions: Bridgecrew, Aporeto. PureSec, Twistlock, RedLock
  8. SecureAuth expands identity-as-a-service options – “SecureAuth’s new support for PIN protection for all FIDO2 WebAuthn-compliant portable authenticators such as the YubiKey 5 hardware key is intended to reduce the risk of lost or stolen authenticators being abused. The new SecureAuth Endpoint client enables multifactor authentication at login for Windows, Mac and Linux devices, including support for passwordless login by using – for example – a biometric WebAuthn authenticator and a PIN. Finally, the new SecureAuth Mobile SDK allows organisations to quickly integrate multifactor authentication into their own apps, avoiding the need to use a third-party authenticator.”
  9. IPO values Darktrace at £2.2 billion
  10. KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature – “The KnowBe4 phishing platform now leverages machine learning to recommend and deliver informed and personalized phishing campaigns based on users’ training and phishing history. Using data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA), a new recommendation engine enables admins to automate the selection of unique phishing security test templates for their users. It analyzes user data such as the number of failed phishing security tests, the types of attack vectors in those failures, how often suspicious emails are reported through the Phish Alert Button, the frequency and recency of training completions and more.”
  11. Influencing Future of Cloud Security with MITRE ATT&CK® for Containers – https://attack.mitre.org/matrices/enterprise/containers/
  12. Rapid7 : Kubernetes Security Is Not Container Security – “To complete this analogy, you can think of image scanning as the cloud equivalent of source code scanning, which checks if you have known vulnerabilities in your code. Image scanning is important, but it isn’t a replacement for a firewall, antivirus, or proper operating system configuration. In the old days, when containers ran only on top of Docker, container security was enough. Nowadays, make sure you don’t overlook the operating system (Kubernetes) and focus only on the apps (containers), because doing so will leave large gaps in your security and compliance.”
  13. Sonatype Helps Organizations Manage Open Source License Obligations and Speed up Legal Compliance with New Tool – “Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times. “
  14. Sectigo Acquires SiteLock, Solidifying Its Market-Leading Position in Web Security – “Sectigo, a global provider of automated digital certificate management and web security solutions, announced the acquisition of SiteLock, a leading provider of website security protection and monitoring; the transaction also included Patchman, a Netherlands-based provider of automated Content Management System (CMS) vulnerability scanning and patching solutions.”
  15. Thoma Bravo’s $12.3 Billion of Proofpoint
  16. Cybersecurity firm Acronis pulls in $250m in CVC-led funding
  17. Cymulate nabs $45M to test and improve cybersecurity defenses via attack simulations
TylerShields

Tyler Shields

@txs

CMO at JupiterOne