Enterprise Security Weekly Episode #234 – July 14, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Gas South and ExtraHop- A Journey of Security Partnership – 01:00 PM-01:30 PM

Announcements

• Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

• In our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Gas South and Extrahop have partnered to give Gas South visibility in areas of the network that are normally invisible or dark to the regular network team.

To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

Gas South and Extrahop have partnered to give Gas South visibility in areas of the network that are normally invisible or dark to the regular network team.

Guest(s)

Rajiv Thomas – Sr Systems Engineer at Gas South LLC Rajiv has more than 20 years of IT infrastructure and security experience. He has worked in various parts of the world for huge multinationals before settling down in Atlanta. He is currently works in the security operations and network operations teams of Gas South LLC

Hosts

Adrian Sanabria @sawaba Senior Research Engineer at CyberRisk Alliance

Paul Asadoorian @securityweekly Founder at Security Weekly

Tyler Shields @txs CMO at JupiterOne

2. Microsoft Acquires RiskIQ, Rapid7 InsightCloudSec, & Bitdefender eXtended EDR – 01:30 PM-02:00 PM

Announcements

• Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

• Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin’s VC fund, and Arctic Wolf triples valuation and raises an additional $150m!

Hosts

Adrian Sanabria @sawaba Senior Research Engineer at CyberRisk Alliance

TOOLS: Release Ransomware Readiness Assessment CSET v10.3 · cisagov/cset – Sounds great, but I actually installed it. It was a 1GB download. Windows smartscreen tried to block it. The installer looks like it was designed for Windows XP. It installs MSSQL Server 2012 and IIS 11. Seems the first thing this tool does is extend your attack surface… I thought it was going to be a BAS-like tool, like Guardicore’s Infection Monkey, but it seems like more of a questionnaire/self-assessment tool. I don’t understand why it had to be so heavy-handed??? TOOLS: Ransomwhere – Show me the money! A neat tool that makes it easy to track ransomware actors and how much they’re getting paid. TOOLS: Deciduous: A Security Decision Tree Generator – Inspired by examples in Kelly Shortridge’s book on Security Chaos Engineering, Ryan Petrich created this amazing attack tree mapping tool. It’s a basic, but beautiful tool that you can use to create attack maps in minutes! FUNDING: IoT/OT Device Security Firm NanoLock Raises $11 Million – FUNDING: Netskope Attracts $300 Million in Additional Investment, Elevating Valuation to $7.5 Billion – Inside-led round, CEO says this will be the last private funding they’ll raise, they didn’t really need it, and not in a rush to IPO. FUNDING: Sevco Security Launches with $15 Million in Funding to Scale Adoption of Industry’s First Cloud-Native Security Asset Intelligence Platform – FUNDING: Ex-Trump Treasury Secretary Steven Mnuchin’s firm leads $275 million investment in Cybereason – This Series E brings Cybereason’s total funding to $664m! That’s a LOT of funding. The company’s valuation in 2019 was $1bn after a $200m raise led by Softbank. This round is PE-led, so maybe IPO is next? Or some strategic acquisitions? FUNDING: Virsec Lands $100M As Cyberattacks Ramp Up – ACQUISITION: Microsoft reportedly to acquire cybersecurity startup RiskIQ for more than $500M – Rumor is that the deal could be for as much as $1bn. I’m guessing this will be sold adjacent to Azure Sentinel, or maybe as part of it? The tagline is “attack surface management”, but RiskIQ only very recently started doing that – they’re better known for their massive database of Internet asset data. ACQUISITION: Sophos acquires Capsule8 – Bit of a surprise? I might have thought a more pure-play EDR vendor would go after Capsule8, but Sophos has a history of doing some solid deals to not only acquire good technology, but good teams as well. Invincea was a big one for them and Capsule8 will help round out their offerings in the enterprise/devops spaces. REGULATION: Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order –

Paul Asadoorian @securityweekly Founder at Security Weekly

Contrast Security partners with Secure Code Warrior to deliver security training for developers – Bandura Cyber Intelligence Marketplace deploys cyber intelligence data across network in real-time – Outpost24 acquires threat intelligence solution Blueliv – ThreatQuotient Advances Industry Threat Intelligence Sharing With Stronger Data Curation Capabilities – Enterprise IT World – Cybersecurity firm Arctic Wolf triples valuation to $4.3bn after Viking Global Investors-led $150m round – Cybereason raises $275 million led by Steven Mnuchin’s VC fund – Illumio beefs up zero-trust security with automated policy enforcement – SiliconANGLE – Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance for Complex Cloud Environments – Leaked email shows $9 billion cybersecurity startup Tanium just lost its fourth chief marketing officer in five years – Bitdefender launches eXtended EDR platform – ThycoticCentrify Modernizes Just-in-Time Privilege Elevation with Newest Release of Server Suite –

Tyler Shields @txs CMO at JupiterOne

3. All Our Devices and Privacy on the Web – 02:00 PM-02:30 PM

Description

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of “Verify, then trust”. Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.

This segment is sponsored by Eclypsuim.

Visit https://securityweekly.com/eclypsium to learn more about them!

Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview.

At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place.

This segment is sponsored by Tala Security.

Visit https://securityweekly.com/talasecurity to learn more about them!

Guest(s)

Deepika Gajaria – VP of Product at Tala Security Deepika is responsible for product strategy and delivery at Tala. Working closely with our customers, she drives product direction and shapes the product roadmap to address their core needs. Prior to Tala, Deepika was part of Cisco Jasper where she led the launch of IoT smart city applications. Her career in Product Management began at EMC, in the New Product Introduction team, working on key initiatives across the Storage and the Data Protection divisions. Deepika has held diverse roles in her career: her first job out of school was in Research and Development of high voltage particle accelerator technology used in cancer therapy machines.

Scott Scheferman – Principal Strategist at Eclypsium @transhackerism Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

Matt Alderman @maldermania Executive Director at CyberRisk Alliance

Paul Asadoorian @securityweekly Founder at Security Weekly