esw231

Enterprise Security Weekly Episode #231 – June 16, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Open Source Enterprise Communication Security – 01:00 PM-01:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

Description

Data security is more important than ever for enterprise organizations — but in a time where data breaches have become common, it’s also more challenging than ever. Mattermost co-founder and CEO Ian Tien shares how leveraging open source software can help enterprises work more securely by allowing organizations to maintain data sovereignty, inspect and evaluate source code, and adapt solutions to meet their security needs.

Guest(s)

Ian Tien

Ian Tien – CEO and Co Founder at Mattermost

@iantien

Ian Tien is CEO and co-founder of Mattermost, Inc., a high trust, open source Slack-alternative empowering enterprise DevOps and InfoSec teams to increase safety, efficiency, and innovation. He was previously an engineering leader in Microsoft Office, where he earned over a dozen patents. Ian is an alumnus of Waterloo, Cornell and Stanford Business School, where he served as a teaching assistant for Andy Grove and Myron Scholes.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Tanium for Incidents. How the Best Defense Gets Better: Part 1 – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/tanium for more information!

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Russ From, Enterprise Services Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same.

For folks interested in a trial of Tanium, check out: https://try.tanium.com/

To stay connected with Tanium’s Endpoint Security Specialist team, join our community site:
https://community.tanium.com/s/ues-discussion-group

or find us on Slack:
https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link

This segment is sponsored by Tanium.

Visit https://securityweekly.com/tanium to learn more about them!

Presenter(s)

Russell From

Russell From – Enterprise Services Integration Engineer Lead at Tanium

Russell From is currently an Enterprise Services Systems Integration Engineering Lead for Tanium where he leads Tanium’s Enterprise Services Security Specialists to enable public and private organizations utilize Tanium’s real-time endpoint management and visibility technology for threat investigation and remediation, SOC automation, software deployment, compliance, network discovery, patching, vulnerability scanning, integrity monitoring, and sensitive data discovery.

Previously, Russ was a Senior Network Security Engineer for US Cellular where he defended customers and business partners by focusing on proactive network behavior analysis, network forensics, mobile malware identification and remediation, DDoS defense, and threat intelligence automation. Russ also defended the largest electronic medical records vendor in the US as the Network Security lead on IPS, IDS, Network Decryption, Traffic Analysis, and Network Security Response on fully Micro-Segmented & Multi-Tenant infrastructure.

Before moving to the defensive side of cyber security, Russ had 8 years of experience including being a Principal Network Engineer where he worked to build the first public cloud infrastructure for North America’s largest wireless telecommunications carrier. Russ currently holds the CISSP, GPEN, GMON, GCIA, GCIH, and GSEC Gold certifications. Russ also has a bachelor’s from UW-Madison in Computer Engineering, an MBA from Marquette University, and is working to complete the SANS master’s in information security engineering program.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. RSA Outseer, Elisity Zero Trust, Contrast Scan, & SOAR Soup – 02:00 PM-02:30 PM

Announcements

  • Join us June 24 at 11 AM ET to learn how web application firewalls can help mitigate exposure in a complex threat landscape. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week, In the Enterprise News Paul and the crew talk: Zero trust networking startup Elisity raises $26M , Contrast Security Launches Contrast Scan, Vectra Launches Detect for AWS, SOAR Is an Architecture, Not a Product, & Deloitte Acquires Cloud Security Posture Management, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. IPO: Axonius Announces Addition of Jerry Raphael to its Executive Team – Axonius is prepping for an IPO! NYSE or NASDAQ? What does JuniperOne think? Discuss.
  2. FUNDING: Investment News: Immersive Labs raises $75m – Interactive labs as a service for training! Also hiring assistance (practical testing).
  3. FUNDING: Recorded Future launches its new $20M Intelligence Fund for early-stage startups – TechCrunch – Recorded Future is now an investor! It’s hoping to fund some early-stage startups focused on using AI to create valuable intelligence that RF could plug into its own platform in the future.
  4. RSA Introduces Outseer, a Spinout of its Fraud & Risk Intelligence Unit, to Transform Customer Authentication and Accelerate Revenue for the Digital Economy – The first big news to come out of RSA since it was acquired by STG, they’re spinning out some of their products & services as a rebranded subsidiary! RSA Adaptive Authentication becomes Outseer Fraud Manager, RSA Adaptive Authentication for eCommerce becomes Outseer 3-D Secure, and RSA FraudAction becomes Outseer FraudAction.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Deloitte Acquires Cloud Security Posture Management – “Deloitte announced its acquisition of substantially all the assets of CloudQuest, Inc. (CloudQuest), a cloud security posture management (CSPM) provider based in Cupertino, Calif. The deal will bolster Deloitte’s existing cloud cybersecurity offerings with CloudQuest’s cloud-native security capabilities to more seamlessly manage security workflows, reduce risk and improve data security.”
  2. ThreatX raises $10M to strengthen its position in the web application security market – Help Net Security – They are taking on a lot of functionality: “1) WEB APP PROTECTION – Application and attack profiling combined with IP fingerprinting are continuously correlated to identify, track and block threat actors. 2) NATIVE API PROTECTION- API-native and has robust features to address API-centric attacks such as support for WebSockets, detection of host enumeration, and customer rules to identify expensive application calls. 3) BOT MANAGEMENT – To block or not to block. That is the question and the answer. Know when to let the good Bots in and keep the bad Bots out. 4) DDOS MITIGATION – Based on attacker profiling, detect and neutralize layer 7 attacks, OWASP Top 10, bots, DDoS, and zero-day threats with high precision”
  3. Zero trust networking startup Elisity raises $26M – Sounds like Edgewise (who was acquired by ZScaler): “It combines the paradigm of zero trust access, meaning no user is trusted by default from inside or outside the network, and a software-defined perimeter to authorize users, devices, and apps based on policies before they can communicate with critical resources. Access is monitored by AI algorithms that track, monitor, and analyze flows and user behavior to make recommendations and discover all of an organization’s assets to build an encrypted mesh overlay between a cloud services panel and network probes.”
  4. Contrast Security Launches Contrast Scan – How is this different or better than the other SASTs on the market alread? “Contrast Security announced the release of Contrast Scan that revolutionizes static application security testing (SAST) with pipeline-native static analysis to analyze code and detect vulnerabilities early on in the software development life cycle (SDLC). The release of Contrast Scan extends the DevSecOps capabilities of the Contrast Application Security Platform to the entire SDLC, empowering security teams to run scans up to 10x faster and remediate vulnerabilities up to 45x faster while meeting compliance requirements of an organization’s security policy.”
  5. Sonatype Launches Novel Deep Code Analysis Platform Designed for Developers – “today unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.”
  6. Vectra Launches Detect for AWS – Curious how it does all this, through logs and events, packet monitoring, both? Clearly not via an agent: “1) Reduce risk of cloud services being exploited with agentless runtime monitoring of applications, users, roles, serverless compute, and storage that allows for rapid and scalable deployment of applications. 2) Rapidly detect threats against your systems and data on AWS using one of the first behavioral AI that detects and prioritizes threats without relying on signatures, agents, or static policy while protecting against attacks looking to exploit misconfigured services. 3) Automate response to attacks on applications running on AWS using native capabilities in AWS, or deep integrations with other security solutions allowing teams to mitigate threats without relying on agents.”
  7. SOAR Is an Architecture, Not a Product – “But as SOAR use cases evolve to real-world situations and industry analysts adjust their definition of the market, it’s becoming increasingly clear that SOAR is less of a singular platform and more of a comprehensive architecture for tying a lot of threads in the security stack together in a meaningful fashion, including threat intelligence platform (TIP) capabilities.” – So SOAR is more about how you make the soup than the ingredients?
  8. Check Point Software Technologies Launches Automated Unified Cloud Workload Protection – Buzzword winner of the week: “As the COVID-19 pandemic forced enterprises to transition to the new ‘work from anywhere’ environment, cloud became a natural progression for organizations looking to enable their remote workers quickly. As more organizations are still migrating to the cloud in parallel to undergoing the “shift-left” organizational change, security teams find themselves with multiple platforms to manage. These platforms provide neither the visibility nor the ability to protect the rapidly growing cloud workload deployments.”
  9. Google taps Thales to power Google Workspace client-side encryption – “hales today announced that its CipherTrust Manager and SafeNet Trusted Access have been integrated with Google Workspace Client-side encryption (beta coming soon), a new privacy and confidentiality offering for Google Workspace users. Providing enhanced key management capabilities and identity protection, customers can benefit from improved regulatory compliance and data ownership by allowing them to maintain ownership of keys used to encrypt Google Workspace documents.”
  10. Forcepoint to acquire UK-based cybersecurity firm Deep Secure – “Forcepoint, a global leader in data-first cybersecurity solutions that protect critical information and networks for thousands of customers throughout the world, today announced the company has signed a definitive agreement to acquire U.K. based Deep Secure. Deep Secure’s cybersecurity products and services protect organizations from cyberattacks delivered via malware and help prevent unwanted data loss.”
  11. Auth0 WebAuthn Passwordless Offers New Levels of Ease and Security for Modern Authentication – “With Auth0 WebAuthn Passwordless, users can authenticate with Web Authentication-powered (WebAuthn) biometrics, the official web standard for passwordless authentication as published by W3C and used by FIDO, for first-factor authentication. This form of authentication eliminates security weaknesses based on password reuse, since passwords are not required. Additionally, Auth0 WebAuthn Passwordless is an ideal option for companies looking to build and provide an authentication experience supporting conversion and retention of users who want more choice and less friction in their login experience.”
TylerShields

Tyler Shields

@txs

CMO at JupiterOne