esw238

Enterprise Security Weekly Episode #238 – August 11, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Different Approaches To Vulnerability Management – 01:00 PM-01:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to prioritize and execute remediation. There are many new approaches to solving these problems, from ad-hoc scanning to automation of all the things. Get our take on vulnerability management in this segment!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Zombie APIs, Morphisec IR Service, “New Product Jeopardy”, & Risk Scoring – 01:30 PM-02:00 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!

Description

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: ReversingLabs raises $56M to combat software supply chain attacks – This is a $56m series B led by Crosspoint, with Prelude and ForgePoint participating. The total raised is $81m. The aim is to spend this on sales and marketing to expand global reach (a pretty typical Series B/C goal).

    Interestingly, they’re Cambridge-based and have been around since 2009. They got an investment from In-Q-Tel in 2011, but nothing after that until their Series A in 2017. This suggests they must have been fairly bootstrapped and self-sufficient but then decided to take funding and scale, or just have eyes on an exit.

    ReversingLabs is best known for scanning files for threats, from many different sources, at a massive scale.

  2. Latent AI, which says it can compress common AI models by 10x, lands some key backing – TechCrunch – This isn’t directly cybersecurity-related, but with so much ML in use in our market – smaller ML models could open up new use cases, especially on endpoints. Also notable is Google’s upcoming Pixel 6 having more on-device hardware assistance with ML. Could we see more dynamic ML models on-device in the near future if this trend spreads to laptops?
  3. Introducing the Allstar GitHub App – Open Source Security Foundation – Basically taking the guardrail approach we see a lot of CSPM vendors tackling (DisruptOps, for example), but open source in this case.
  4. NortonLifeLock and Avast to Merge to Lead the Transformation of Consumer Cyber Safety – 10 or even 5 years ago, this might be huge news, but it seems like this is less about dominance in 2021 and more about survival, as the market share for traditional AV companies continues to wane. According to OPSWAT’s monthly market share reports (which does have a limited sample size, so take with a grain of salt), AVAST was tops back in 2017, McAfee took the top spot in 2019 as Symantec was going through changes and splitting up into NortonLifeLock, with the rest of the company going to Broadcom (I’m assuming the also recently-acquired Computer Associates would absorb the Symantec assets and staff). These days, Symantec and AVAST seem to have almost equal market share, which combined is only about 26%.

    But that’s 26% of what OPSWAT can SEE, and they have a few HUGE blind spots: Microsoft and all the NGAV companies (SentinelOne, Blackberry Cylance, Carbon Black, Crowdstrike, etc.).

  5. ACQUISITION: An Intriguing Update to Mandiant Advantage – No deal size reported, but very exciting! This is the third Attack Surface Management vendor acquired (after Expanse and RiskIQ) and won’t be the last.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. ThreatX API Catalog enables enterprises to reduce risk and protect critical APIs – “ThreatX’s API Catalog gives enterprises visibility into legitimate, suspicious and malicious requests that hit their APIs. By analyzing and profiling actual traffic, ThreatX discovers and profiles API endpoints, providing users with enhanced visibility into legitimate, rogue and zombie APIs in production.” – Zombie APIs sound awesome, do you kill them with a headshot?
  2. Qualys scans Red Hat Enterprise Linux CoreOS on Red Hat OpenShift to reduce risk – “Teaming with Red Hat, Qualys is offering a unique approach providing a containerized Qualys Cloud Agent that extends security to the operating system. The Cloud Agent for Red Hat Enterprise Linux CoreOS on OpenShift combined with the Qualys solution for Container Security provides continuous discovery of packages and vulnerabilities for the complete Red Hat OpenShift stack. Built on the Qualys Cloud Platform, Qualys’ solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk.” – Great enterprise feature.
  3. Black Hat 2021: What we don’t know may be the greatest cybersecurity threat – So much this: “Who is responsible for security when everyone is responsible for security,” Wyler said, in reference to the platform vendors….I heard this sentiment echoed numerous times in different briefings throughout the show, and it definitely isn’t the first time I’ve heard this during my relatively short time in the industry. Without a definitive answer to the question, “whose job is security?,” we’re left to determine what the answer is for our own organizations.”
  4. Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle, Minimize Business Impact – Huh? “Optiv MXDR brings simplicity, transparency and automation to clients’ environments, enhancing existing defenses to counter known and emerging threats with confidence and speed,” said David Martin, chief services officer for Optiv. “What’s more, we can seamlessly leverage the power of Optiv to extend and layer the offering with a full suite of complementary services like remediation, incident response, threat hunting, and beyond.”
  5. Morphisec Announces New Incident Response Services as Enterprise Attacks Escalate – “Morphisec’s new IR services aims to assist these organizations with containing in-progress incidents, reducing damage, providing recommendations for long-term risk reduction, and auditing critical infrastructure to ensure the lowest possible risk exposure to a cyberattack. The company’s highly experienced and on-demand IR team will be led under the direct supervision of the CTO’s office.”
  6. Automate Validation of Your Security Controls with SafeBreach & Cortex XSOAR – I really like this concept: “By automatically executing thousands of attacks, safely and continuously, SafeBreach helps identify high-priority weaknesses in your security defenses. The data-driven simulation results are mapped to an interactive heat map of the MITRE ATT&CK? framework for automated remediation of high-priority exposures with Cortex XSOAR. Following remediation, Cortex XSOAR triggers SafeBreach to rerun the attack simulations to validate that hardening of your defenses was successful across your network and endpoint controls.”
  7. Risk Scoring is the Secret to a Successful Risk-Based Vulnerability Management Program – I’m not big on industry comparisons, but the rest is sound: “Impact – If this vulnerability was to be exploited, how severe would it’s impact be? Likelihood – How likely is it that an attacker can and will attack this space? Environmental Modifiers – Think broadly about the asset and the environment in which the vulnerability is located. Temporal Modifiers – Focuses on exploit code maturity, confidence, and remediation requirements. Temporal modifiers bring your risk score to life. Industry Comparisons – How does your risk compare to other organizations or peers in your sector? Threat Actors – Are threat actors actively exploiting vulnerabilities present in your environment? Remediation Risk – Using the remediation SLAs available through PTaaS, all vulnerabilities are automatically assigned customizable due dates. Use remediation risk to determine your aggregates that require attention from a compliance perspective.”
TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Automate Hacker Knowledge & Community in Learning InfoSec – Carolin Solskär, TJ Null – 02:00 PM-02:30 PM

Description

The reason our founder started Detectify is that they wanted to automate hacker knowledge and make it scalable. This is very different from how most hackers work today and what we believe will revolutionize hacking.

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify ?to learn more about them!

Tony “TJ Null” from Offensive Security will discuss the role of the community in learning infosec, particularly pentesting, and also in continuing education. Additionally, he will offer some practical tips on learning pentesting with help from the community.

This segment is sponsored by Offensive Security.

Visit https://securityweekly.com/offSec to learn more about them!

Guest(s)

Carolin Solskär

Carolin Solskär – Community Manager, Detectify Crowdsource at Detectify

@carolinsolskar

Carolin is the Community Manager for Detectify Crowdsource; an invite-only platform for ethical hackers. Detectify Crowdsource works differently from most bug bounty platforms; instead of hacking one company at a time, we focus on commonly used technologies, so that all companies using that technology can be protected.

Tony

Tony ‘TJ Null’ Punturiero – Community Manager at Offensive Security

@TJ_Null

Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor and is known for his great passion for educating and
mentoring others. TJ is also an Adjunct Professor for a Local Community
College teaching cybersecurity courses and coaches one of the top
Community College’s cyber team in the State of Maryland.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly