esw229

Enterprise Security Weekly Episode #229 – May 26, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Down With SIEM, Long Live SOAR! – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/code42 for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

SIEM tools have been the bedrock of Security Operation Centers, or SOCs, for much of the history of modern security. That does not mean that they are loved: most SIEM tools are overwrought, complex, and hard to manage. In the past few years a new category of tool has emerged: SOAR. While many teams that invest in SOAR platforms are first leveraging them for automation, Code42 Principal Security Engineer & Researcher Nathan Hunstad believes that SOAR tools are also poised to finally displace SIEM at the top of the blue team tool pyramid, and rightly so.

Segment Resources:

https://www.code42.com/blog/is-soar-the-new-siem/

This segment is sponsored by Code42.

Visit https://securityweekly.com/code42 to learn more about them!

Guest(s)

Nathan Hunstad

Nathan Hunstad – Principal Security Engineer & Researcher at Code42

@nathanhunstad

Nathan Hunstad is the Principal Security Research and Engineer at Code42 and focuses on automation, logging infrastructure, and threat analysis. He has over 10 years of security experience in numerous roles in both the public and private sector, including Security Operations, Threat and Vulnerability Management, Risk Assessment and Management, Cyber Intelligence, and Threat Hunting. He has a Masters of Science in Security Technologies from the University of Minnesota.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. AWS Lambda New Features, ServiceNow Integration, & Zscaler Acquires Smokescreen – 01:30 PM-02:00 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

This week in the Enterprise News, Paul and the Crew talk: Secure and monitor AWS Lamba with new, not related, features from Datadog and Imperva, ServiceNow integrates with Microsoft solutions, SentinelOne wins two awards, Reducing risk with IAM, Kemp lanches Zero Trust, AWS launches another contianer product, Zscaler acquires Smokescreen, Sumo Logic acquires DF Labs, Uptycs, Salt Security and Spec Trust secure funding… & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Security startup Tessian, which uses AI to fight social engineering, trousers $65M – TechCrunch – Trousers is a verb now?!?
  2. FUNDING: Cynerio Raises $30 Million in Series B Funding to Secure Mission-Critical Medical and IoT Devices in Hospitals and Health Systems
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Datadog’s AWS Lambda extension allows customers to collect telemetry from serverless applications – Help Net Security – “Datadog’s AWS Lambda extension allows customers to collect telemetry from serverless applications. Developers can quickly add custom business metrics, distributed tracing, and collect logs from serverless applications to identify and diagnose errors before they impact customer experience. Datadog Serverless Monitoring supports all official AWS Lambda runtimes, ensuring that every team has visibility into their services.”
  2. Imperva introduces Serverless Protection to secure serverless computing functions – Help Net Security – “Protection against malicious activity: Purpose-built for serverless computing, Imperva uniquely enables a positive security model that provides protection against malicious changes, like zero-day exploits, within the function. Deployed as an AWS Lambda layer, it can be deployed once and applied to multiple AWS Lambda functions. Visibility and protection from internal and external code vulnerabilities: Imperva Serverless Protection secures serverless functions from vulnerabilities embedded in first and third-party code — the underlying risk factor that can trigger a software supply chain attack. It effectively monitors and blocks vulnerabilities without elaborate or manual steps involved. OWASP Serverless Top 10 coverage: Imperva Serverless Protection offers protections from misconfigurations, code-level risks, injections and weaknesses. It stops HTTP response splitting and method tampering, code injection, and other complex threats. It also monitors for insecure cookies and transport, logging of sensitive information, unauthorized network activity, weak authentication, and other potential vulnerabilities. Deep visibility into security incidents at the application layer: Imperva Serverless Protection runtime monitoring gathers log-level information to provide forensic detail so security teams can fully understand the context of every attack with virtually no impact on latency. It also identifies and maps third-party dependencies used during runtime.”
  3. Jay Chaudhry: Zscaler Aims to Extend Zero Trust Architecture Through Smokescreen Acquisition – GovCon Wire – “Smokescreen designed its platform to help customers protect networks, applications and endpoints with deception decoys.”
  4. Sumo Logic Completes Acquisition of DFLabs to Further Expand Cloud SIEM and Automation for Hybrid Cloud Customers and Managed Service Providers – “With the combined expertise and technology of Sumo Logic and DFLabs, we are well-positioned to continue to drive our momentum and leadership as the cloud-native SIEM of choice, which will now include a leading SOAR for customers and managed service providers of all sizes and maturities.”
  5. ServiceNow backs $50M round for cybersecurity startup Uptycs – SiliconANGLE – “Uptycs’ provides what it describes as the first product in the cloud-native security analytics category that detects hacking attempts across both cloud workloads and endpoints such as employee devices. Normally, companies must use separate security tools to protect cloud workloads and endpoints. Consolidating a workflow normally spread across multiple applications into a single platform can improve administrators’ productivity by removing the need to switch back and forth among different interfaces.”
  6. Salt Security Raises $70 million in Series C Funding – “Salt Security offers a unique approach to API security with its flagship solution, the Salt Security API Protection Platform. The big data engine and AI and ML at the heart of the Salt C-3A Context-based API Analysis Architecture automates the continuous discovery of APIs and exposed sensitive data, stops API attackers during their reconnaissance activities, and delivers remediation insights. Needing no agents, software changes, or inline code, the patented Salt platform deploys quickly, with no impact on application performance.”
  7. SpecTrust raises $4.3M to unify people and data in the fight against cybercrime – Help Net Security – “SpecTrust’s no-code platform allows risk teams to deploy, optimize, and enforce layered cybercrime defenses with zero engineering required. Advanced capabilities are normally only accessible to the largest companies in the world; SpecTrust allows businesses of any size to rapidly mature fraud detection and prevention capabilities, optimize onboarding compliance processes and vet user identity with continuous risk and trust assessments.”
  8. ServiceNow delivers new security integrations with Microsoft to automate security workflows – Help Net Security – “New integrations with the ServiceNow Security Operations Solution Suite include Microsoft Azure Sentinel, Microsoft Threat & Vulnerability Management, Microsoft Teams, and Microsoft SharePoint. These integrations will help security operations teams make smarter decisions across security planning, management, and incident response.”
  9. Double Bullseye for SentinelOne in Recent Prestigious Global Accolades – “SentinelOne’s endpoint security solutions came out on top among endpoint vendors in the latest ATT&CK Evaluation performed by MITRE Engenuity. Having recently released its results from the 2020 evaluation, SentinelOne was proud to report that it was the only vendor to achieve complete visibility, with zero missed detections, across both Windows and Linux environments. In addition, SentinelOne was also proud to announce that it has recently been positioned by Gartner as a Leader in the 2021 Magic Quadrant for Endpoint Protection Platforms. SentinelOne believes the placement is a testament to the company’s innovative Singularity XDR platform and scaled go-to-market execution in record time. “
  10. Rapid7 : Reducing Risk With Identity Access Management (IAM) – “DivvyCloud by Rapid7 contains an IAM Governance Module that essentially destroys and rebuilds an IAM policy stack by implementing a boundary view. When security teams are tasked with governing cloud environments at scale, this is when compliance might become a problem – without anyone realizing it. Even with what might be considered a sustainable boundary view, that perimeter will likely be more fluid than anyone can predict. DivvyCloud helps create a rational approach for managing that ever-changing identity-access perimeter.”
  11. Kemp Launches Zero Trust Architecture to Simplify Secure Application Access – “Kemp, the always-on application experience (AX) company, today announces the launch of its Zero Trust Access Gateway (ZTAG) architecture to simplify the introduction of a zero-trust model for securing published workloads and services. The Kemp ZTAG solution is comprised of a suite of proxy, authentication, access logic, and automation capabilities that helps customers apply zero trust logic to load balanced web-based applications.”
  12. AWS launches containerized web application solution App Runner – SD Times – “AWS App Runner is designed to help developers easily and rapidly develop, deploy and run containerized web applications and APIs by handling all the operational aspects such as provisioning, scaling and managing container orchestration, load balancing and CI/CD pipelines”
TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Metrics, Training, Culture & Cloud Security Resilience – 02:00 PM-02:30 PM

Announcements

  • Join us for our June 3 webcast at 11am ET, where you will learn about pen testing tools and why every organization should be using them regularly. Then join us on June 10 at 11am ET for our technical training on insider risk to learn how to quickly mitigate data exposure risks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Metrics, Training, Culture – Why Your Phishing Program Isn’t Working – Drew Rose, Living Security

Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks.

This segment is sponsored by Living Security.

Visit https://securityweekly.com/livingsecurity to learn more about them!

A New Perspective on Cloud Security Resilience – Ganesh Pai, Uptycs

Cloud security, the next frontier. How do we build resilient services in the cloud and secure them. Ganesh Pai, CEO at Uptycs, joins us to discuss a new perspective on cloud security resilience.

This segment is sponsored by Uptycs.

Visit https://securityweekly.com/uptycs to learn more about them!

Guest(s)

Drew Rose

Drew Rose – CSO – Founder at Living Security

@LiveSecAware

As Living Security’s creative mastermind, Drew Rose combines his experience developing security programs and his love of game design to expertly craft immersive products. He seeks to engage end users and create excitement with his educational experiences and measurable outcomes. Drew is a CISSP with a Bachelors of Science in Cybersecurity who has spent years building and optimizing security programs in the public and private sectors. While serving in the military, Drew learned effective strategies for fighting cybercrime and earned a top-level security rating in the U.S. government. At Living Security, Drew applies his in-depth knowledge to reducing enterprise and personal risk by designing science-based, collaborative security awareness programs.

Ganesh Pai

Ganesh Pai – CEO & Founder at Uptycs

Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist (formerly Akamai, Verivue, NetDevices) and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Hosts

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly