esw233

Enterprise Security Weekly Episode #233 – June 30, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Why DAST – from Project Management Perspective – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/netsparker for more information!

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 5th at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing.

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Guest(s)

Suha Akyuz

Suha Akyuz – Application Security Manager at Invicti Security

A Security / Networking Consultant with more than 25 years of experience
in IT Security, Network and VoIP, leading and directing information
technology operations across broad disciplines, including security,
network technologies and project management. Experience has been
in a variety of sectors including, but not limited to, IT Security /
Networking Services and VoIP consultancy in several countries.
Resourceful and creative problem-solving skills with proven ability to
gain customers’ confidence and trust have resulted in repeat business
and client satisfaction. Ability to proactively acquire quick new skills,
a wealth of experience of working within a collaborative team
environments as well as with minimum supervision have ensured timely
issue resolution and appropriate escalation when needed.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. Noname Security, JFrog Acquires Vdoo, Micro Segmentation, & AWS Buys Wickr – 01:30 PM-02:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • In our July 14th democast at 11 AM ET, learn how to reveal and protect your entire attack surface. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Finally, in our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Noname Security closes $60M Series B to eliminate API flaws – Along with HUMAN and [redacted], this is another startup that’s getting perhaps too clever with branding…
  2. FUNDING: Symmetry Systems Pushes Data Security After $15M Series A – The company makes DataGuard, a product that aims to provide a holistic view of data for compliance and security use cases
  3. FUNDING: Drata raises $25M Series A to expand its security compliance platform – TechCrunch
  4. FUNDING: Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo – TechCrunch – Is microsegmentation a thing yet? If it was, I think we’d be talking about Illumio’s S-1, not a Series F from a private equity firm. IMO, any efforts that might be spent on microsegmentation has likely now been redirected to Zero Trust projects.
  5. FUNDING: Deduce raises $10M to protect accounts from takeover – Startup focused on account takeover fraud, using the most common product name in InfoSec: “Insight”
  6. FUNDING: Phylum Closes $4.5M in Seed Funding and Comes Out of Stealth Mode
  7. FUNDING: Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum – Bit Discovery Blog – Wasn’t expecting to see a record size for a Series B on the lower end, but knowing the Bit Discovery team and their approach, it’s a positive thing and totally makes sense.
  8. FUNDING: Symmetry Systems nabs $15M to block data breaches
  9. IPO: SentinelOne aiming to raise over $1 billion at more than $8 billion valuation after hiking IPO price range – That’s a heck of a valuation…
  10. ACQUISITION: AWS is buying encrypted messaging service Wickr – TechCrunch
  11. TRENDS: Investors Eye Emerging Cybersecurity Space As APIs Explode
  12. TOOLS: Tines: Automate any repetitive process
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. 42Crunch integrates with Postman to provide enterprises with continuous API protection – Okay, so nothing other than this on the integration: “42Crunch has announced an integration of its API security services with Postman, the API collaboration platform for developers.” Would love to hear more about how this helps…
  2. EclecticIQ Platform delivers threat intelligence, hunting, and response capabilities – “This intelligence focuses on attackers’ tools, techniques, and procedures (TTPs) – not just indicators of compromise (IOCs) – to reduce alerts and reveal asymptomatic threats that may lurk in the environment. Collaboration is another vital aspect of intelligence. To reduce isolation and encourage sharing of insights and findings, the platform provides tools that promote collaboration internally – within security operations, across teams – and externally across organizations and industries.”
  3. U.S. DoD approves two (ISC)² certifications as requirements for cybersecurity staff – “Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee, the HealthCare Information Security and Privacy Practitioner (HCISPP) and the Certified Cloud Security Professional (CCSP) certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website.”
  4. JFrog to acquire Vdoo to expand its end-to-end DevOps platform offering – “As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices. Vdoo’s security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers.”
  5. Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo – Best description ever: “Illumio, a self-styled zero trust unicorn, has closed a $225 million Series F funding round at a $2.75 billion valuation. The round was led by Thoma Bravo, which recently bought cybersecurity vendor Proofpoint for $12.3 billion, and supported by Franklin Templeton, Hamilton Lane and Blue Owl Capital. The round lands more than two years after Illumio’s Series E funding round in which it raised $65 million and fueled speculation of an impending IPO.” – I really want a self-styled, zero-trust unicorn, where can I buy one?
  6. AWS welcomes Wickr to the team – We’ve always needed to communicate securely: “With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations”
  7. eSentire Acquires CyFIR; Launches Cyber Investigation Services – MSSP Alert – “CyFIR, founded in 2018, has 16 employees listed on LinkedIn, and was backed by debt funding of under $1 million, according to PitchBook. The company’s headquarters in Washington, D.C., will become eSentire’s second U.S.-based Technical Center of Excellence.”
  8. Untangle Addresses Need For Threat Prevention at the Network Edge with Launch of SD-WAN Router 3.1 – “New security package that prevents malware, viruses, and other malicious traffic with minimal visibility into network traffic. Threat Prevention will assess and block dangerous types of network traffic even when the traffic is encrypted. Other types of protective features often require SSL Inspection which adds undesired CPU overheads.”
  9. SonicWall launches three enterprise-grade firewalls
  10. Atos launches ThinkAI to power artificial intelligence applications – “ThinkAI is for organizations using traditional high-performance computing that want to run more accurate and faster simulations thanks to AI applications, and also for those developing AI applications that need more computing power.”
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. MalWare Labs and Why You Should Challenge Shift-Left Testing – 02:00 PM-02:30 PM

Description

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.

This segment is sponsored by Reversing Labs.

Visit https://securityweekly.com/ReversingLabs to learn more about them!

The development life cycle as we know it is rapidly changing, and today’s AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets – you need much more dynamic tools and ways of working.

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them!

Guest(s)

Mario Vuksan

Mario Vuksan – CEO & Co-Founder at ReversingLabs

Mario founded ReversingLabs in 2009 and currently serves as CEO. In this role he drives all aspects of the company’s strategy, operations and implementation. Prior to ReversingLabs Mario has held senior technical positions at Bit9 (now Carbon-Black), Microsoft, Groove Networks, and PictureTel (now Polycom). He is the author of numerous research studies, speaking regularly at FS-ISAC, RSA, Black Hat and other leading security conferences.

Rickard Carlsson

Rickard Carlsson – Co-founder & CEO at Detectify

Entrepreneurial tech nerd Rickard Carlsson has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger of 140+ people. Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.

Hosts

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly