esw246

Enterprise Security Weekly Episode #246 – October 13, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. A Plea for Better Press Releases – 01:00 PM-01:30 PM

Announcements

  • Join us in our next live webcast, on October 21, to learn why zero-knowledge encryption matters! Then join us November 4th to learn about Pragmatic Steps to Reduce Your Software Supply Chain Risk. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous, full of hyperbole, or just plain unreadable. We talk about why so many press releases are like this (there are legit reasons!) and how they could be improved.

What’s wrong with press releases?
1. Frivolous Press Releases
2. Unintelligible Press Releases
3. Bending the Truth
4. Excessive hyperbole; death by adjective
5. FUD

Why are they like this?
1. Feeding the SEO beast
2. Written by committee
3. Need to appear successful
4. Need to show growth/progress
5. Need to differentiate from the competition
6. “if it bleeds it leads”

Fixing Press Releases
– When should you put out a press release?
– What should go into a press release?
– How should you write a press release?

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Why Less Is More for Static Application Scanning – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/contrast for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!

Segment Resources:
Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient – https://www.contrastsecurity.com/white-paper-modern-application-security-scanning

eBook: Pipeline-Native Static Analysis Why It Is the Future of SASThttps://www.contrastsecurity.com/ebook-static-analysis-security-testing

Solution Brief: Contrast Scan: Modern Application Security Scanning – https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf

This segment is sponsored by Contrast Security.

Visit https://securityweekly.com/contrast to learn more about them!

Guest(s)

Surag Patel

Surag Patel – Chief Strategy Officer at Contrast Security

Surag brings more than a decade of experience to Contrast Security, where he serves as Chief Strategy Officer. An experienced, highly analytical product and marketing executive, Surag’s focus is in driving Contrast’s global marketing and product strategy. Prior to Contrast, Surag served as Vice President of Global Product Management and Corporate Marketing for 41st Parameter, which was acquired by Experian in 2013. Prior to 41st Parameter, Surag led global data strategy and consumer insights for InMobi, the largest global independent mobile ad network. Surag blends his experience of bringing innovative products to market with a mix of engineering skills, product strategy, and domain expertise. Prior to InMobi, Surag spent five years at Comscore leading advertising effectiveness research and development of the Ad Effx™ suite of products.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

3. Wiz Valuation, Facebook OSS Tools, Gretel.ai, & Yubico Biometric Keys – 02:00 PM-02:30 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can’t have any pudding, Maritime security has a lot of security work to do, & don’t forget to stick around for the weekly squirrel!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Wiz Raises $250M Series C round at Staggering $6B Valuation – It’s almost like Wiz saw Orca’s raise last week and said “hold my 50 year old scotch”. While the amount is considerably less than Orca’s bonkers Series C, Orca’s valuation is ONLY $1.8bn – less than a third of Wiz’s $6bn prize. Only time will tell if either company ever sees an exit that validates these huge valuations.
  2. FUNDING: Gretel.ai, a platform for generating synthetic and privacy-preserving data, raises $50M – Techio – This is our third privacy engineering Series B in two weeks! We’re really interested to see how big this category is going to get. We can definitely see this as a solid niche for companies with large and varied data streams and repositories, but we suspect the majority of folks will just build their own scripts to do it or find a project on Github that mostly meets their needs.
  3. FUNDING: Network observability startup Kentik lands $40M – A $40m Series C led by Third Point Ventures. Total funding raised is $102m. Appears to be netflow-focused and can run in all the major clouds, containers, private networks, and on hosts. Seems like an agnostic product, in terms of use cases, focused on detecting statistical anomalies, which could be security-related or performance-related.
  4. ACQUISITIONS: Forcepoint To Acquire Security Service Edge Leader Bitglass – Along with Netskope, Bitglass was one of the few remaining CASBs that didn’t get acquired. PE-owned Forcepoint didn’t announce the deal size, but I’m willing to bet it was well shy of a reasonable return on the $150m in Funding BitGlass raised.
  5. NEW COMPANIES: Chainguard – focused on making supply chains secure by default – Not a lot of details on the “how”, but it looks like Chainguard intends to address potential threats at each stage of the dev process.
  6. PRODUCTS: Yubico Launches First YubiKeys With Biometric Authentication – After talking up biometric keys for over a year, they’re finally available to buy! Yubico isn’t the first company to market with a biometric-enabled security key, but they’re one of the biggest and most visible.
  7. TOOLS: Open-sourcing Mariana Trench: Analyzing Android and Java app security in depth – The latest in a series of code analysis tools that Facebook has made open source. They previously released Zoncoyan (Hack analyzer) and Pysa (Python analyzer). MT source code is available on Github and binary releases can be installed via PyPI.
  8. TRENDS: Venture capital is going to need a record-breaking run of IPOs to clear its own decks – TechCrunch – Unicorns are so common these days (186 in 2021 so far) that the term is no longer useful. The crux of this article is that, with current startup growth, opportunities for exits could become an issue. Some tech giants are slowing down on acquisitions due to antitrust concerns, and the IPO process is complex and time-consuming. Where do startups go if options for exits dry up, but VC funding doesn’t?
  9. TRENDS: Raising the colors: Signaling for cooperation on maritime cybersecurity – TL;DR – Maritime security is way behind, quite vulnerable, and attackers are starting to take an interest. Cargo ship ransomware, anyone?
  10. SQUIRREL: Steve Wozniak and Alex Fielding’s startup Privateer aims to be the Google Maps of space – TechCrunch – Space junk! There are already millions of pieces of junk in low earth orbit, and no one knows where most of it is! (USSC only tracks items larger than 10 centimeters)

    Animation showing space junk grow over time: https://youtu.be/wPXCk85wMSQ

    Number of debris objects estimated by statistical models to be in orbit
    36500 objects greater than 10 cm
    1000000 objects from greater than 1 cm to 10 cm
    330 million objects from greater than 1 mm to 1 cm

    Some weird stuff has been put in orbit:
    1. tools
    2. $100k tool bag
    3. Gene Roddenberry’s ashes
    4. Urine (Astronauts have described watching urine being released into space as one of the most beautiful sights in orbit)
    5. Camera
    6. 1400 pound tank of ammonia

    Past ideas for removing space junk:
    1. nets
    2. harpoons
    3. robots programmed to hunt down junk
    4. Ground-based lasers (https://arxiv.org/abs/1110.3835)
    5. Salvage for building new things (https://futurism.com/the-byte/space-company-turn-orbital-junk-space-stations)
    6. Magnets or tentacles (https://www.wired.com/story/its-finally-time-to-take-out-the-space-trash/)

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly