esw244

Enterprise Security Weekly Episode #244 – September 29, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. How Good CISOs Build Bad Security Programs – 01:00 PM-01:30 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.

Segment Resources:
RevolutionCyber – www.revolutioncyber.com, Forbes Business Council Member

Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021

Guest(s)

Juliet Okafor

Juliet Okafor – CEO & Founder at RevolutionCyber

@julesmgmt

Juliet Okafor, J.D., is a cybersecurity professional who has combined her knowledge of the legal system
and cybersecurity solution models into success stories across fortune 500
industries throughout the USA. Her ability to scope, plan and design the creation of an OT Cybersecurity
Management System framework for one of the largest cruise lines in the world is testament of
her commitment and leadership regardless of the challenge.

She is a passionate security solutions visionary and strategist who builds the Fortune 500 enterprise’s
overarching security strategy that governs all other smaller strategies within. She is the person who
determines how to solve the company’s problem, be it vulnerability management, incident response or
reducing the risk associated with technology or vendors, and then puts a plan into action or roadmap to
remediate the risks in place – using a combination of people, transforming operations and an array of
emerging security technology.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. The Importance of Identity Detection and Response (IDR) – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/attivonetworks for more information!

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Description

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities.

Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit.

While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks.

Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security.
Segment Resources:
https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf https://attivonetworks.com/what-is-identity-detection-and-response-idr/ https://attivonetworks.com/solutions/identity-security/

This segment is sponsored by Attivo Networks.

Visit https://securityweekly.com/attivonetworks to learn more about them!

Guest(s)

Joseph Salazar

Joseph Salazar – Technical Deception Engineer at Attivo Networks

Joseph Salazar is a veteran Information Security professional with over 20 years of both military and civilian experience. He is a retired Major from the US Army Reserves, having served 22 years as a Counterintelligence Agent, Military Intelligence Officer, and Cyber-Security Officer. He’s been a Systems and Security Administrator, a CSIRT Analyst, a Security Operations Manager, and a Computer Forensic Investigator in his civilian career. He maintains the CISSP, CEH, and EnCE certifications, holds a BA in Legal Studies from UC Berkeley, and currently works for Attivo Networks as a Technical Marketing Engineer.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Startup Post Mortems, Live Security Statuses, LG Acquires Cybellum, & Coalition – 02:00 PM-02:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us October 21 to learn why zero-knowledge encryption matters. If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor “live security status page”, 386 startup post mortems,
and don’t forget to stick around for Adrian’s curveball “Squirrel of the Week” story at the end!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Cyber insurance firm Coalition lands $205M at Series E, valued at $3.5B – So, cyber insurance/cyber security combo firms are a thing now. It’s kind of the inverse of a conflict of interest – it’s more like a _protection of interest_. In fact, if every vendor had some real stakes in preventing their customers from getting breached, the whole cybercrime landscape would likely look very different right now. Resilience and Corvus offer some continuous monitoring and services, but Coalition has nearly a full security program stack that they can deploy to customers.

    They acquired BinaryEdge, an ASM vendor, in early 2020.
    They raised a $90m Series C back in May 2020, with an $890m valuation. (10x the raise)
    They raised a $175m Series D in March 2021, with a $1.75bn valuation. (10x the raise)
    This is a $205m Series E, at a $3.5bn valuation. (17x the raise)

    Their master plan, they propose, is to build an insurance product to fund a security platform, which informs a better insurance product, which leads to better security tools. I’m skeptical, but I can’t hate it. At least it’s a different approach – one that seems to have some sound logic behind it.

  2. FUNDING: Cyber risk management platform provider Panorays nabs $42M
  3. FUNDING: SenseOn nabs $20M for faster, more accurate cybersecurity detection and response via its ‘triangulation’ approach – TechCrunch
  4. FUNDING: Jscrambler Raises $15 Million in Series A Funding to Rewrite the Rules of Website Security – REWRITE the rules? Get it? GET IT???
  5. FUNDING: Exein raises €6M to fuel the company’s planned architectural product expansion – Help Net Security
  6. FUNDING: EQT Private Equity invests in EC-Council, a global leader in cybersecurity training and certification – Swedish PE firm grabs a significant stake in EC-Council as part of their Asian fund (EC-Council’s founder is Malaysian and they seem to have significant operations in India)
  7. ACQUISITION: LG is acquiring automotive cybersecurity startup Cybellum in a $240M deal – TechCrunch
  8. ACQUISITION: OneTrust acquires Tugboat Logic to automate InfoSec assurance and certification
  9. TRENDS: Crossbeam introduces their live security status page – is this the future of vendor management? – Crossbeam is part of a new trend taking a bold step: publicly sharing their current compliance and security status. They’re using an off-the-shelf product to do it, called SafeBase (https://safebase.io) and they’re not the first to do it, just the first that has come to my attention. Any way you look at it, it’s impressive and it’s really where we need to be: Kirckhoff’s Principle really seems to apply here.
  10. TRENDS: 386 Startup Failure Post-Mortems – It’s always interesting reading case studies of startup successes and failures. This is a long list of very concise post-mortems. Each one is about a 10-20 second read. One of the 386 failures is even a cybersecurity startup, called Rubica. (I couldn’t really figure out what Rubica did, despite reading several descriptions)
  11. SQUIRREL: Here’s everything Amazon announced this morning… – NOTE: co-hosts, don’t read beforehand, I want to do a ‘bluff the listener’ style quiz. I’ll throw out three new products Amazon announced. Two will be made up, one is real. You try to guess which one is real!
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

TylerShields

Tyler Shields

@txs

CMO at JupiterOne