esw247

Enterprise Security Weekly Episode #247 – October 20, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. First Jobs in Cybersecurity: The Analyst Role – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/devo for more information!

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Starting the week of October 25th, we will be live streaming Paul’s Security Weekly on Wednesday nights from 6pm-9pm ET & Enterprise Security Weekly’s on Thursday afternoons from 3pm-4:30pm ET. You can view our live stream schedule at any time at https://securityweekly.com/live!

Description

There are tons of cybersecurity job openings for folks with 3-5 years of experience, but where are the junior roles? How are people getting their initial 3-5 years in? Josh and the ESW hosts discuss the finer points and challenges of breaking into InfoSec via the analyst path.

– As mentors: where do we struggle with our mentees?
– There are a million certs and degree programs – which are worth the time and money?
– How can folks learn and hone cybersecurity skills prior to getting a job in InfoSec?

We’ve even included a handy cheat sheet full of recommendations and resources: https://securityweekly.com/wp-content/uploads/2021/10/Starting-a-Cybersecurity-Career-Cheat-Sheet.pdf

This segment is sponsored by Devo.

Visit https://securityweekly.com/devo to learn more about them!

Guest(s)

Joshua Copeland

Joshua Copeland – SOC Director at ATT

Josh has 20+ years working in the IT/Cybersecurity space. He retired from the United States Air Force in 2018 and has working in the Federal, SLTT, and Commercial space specializing in Security and Cloud. He is currently a SOC Director within AT&T’s Consulting division.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

DimitriVlachos

Dimitri Vlachos

@DimitriVlachos

Chief Marketing Officer at Devo

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Query.AI, Tenchi Security, HelpSystems, CrowdStrike, & Snowcat Scanner for Istio – 01:30 PM-02:00 PM

Announcements

  • Join us for our next live webcast on November 4th to learn about Pragmatic Steps to Reduce Your Software Supply Chain Risk. Then join us November 11th to learn the key insights and takeaways from the the 2021 OWASP top ten. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

This Week in the Enterprise Security News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING (SORTA): Google Cloud invests $50 million in cybersecurity startup Cybereason – This article is describing this $50m as an extension to Cybereason’s Series F (bringing total company funding to over $700m, yikes!), but Google Cloud isn’t a VC, so this isn’t a typical raise. It is described as a “strategic partnership”, which is fine and all, but we’ve got to wonder if this might be a downpayment. Cybereason needs an exit – a $3bn valuation is a lot for a company that just does endpoint security, especially considering the humble pie currently being served up to the previous generation of endpoint and platform security vendors (Symantec, McAfee, FireEye).
  2. FUNDING: Vendor Risk Management Firm Black Kite Raises $22 Million – Black Kite (fka NormShield) raises a $22m Series B to compete in the Security Rating Services (SRS) market. This is a contentious market, with opinions ranging from “total BS” to “necessary evil” to “the ones that work with actual data models are okay”. Black Kite doesn’t use data models, but rather uses industry frameworks to calculate a score.

    The general sales model here has been described to me as “they gave us a bad grade due to some false positives and we were forced to work with them to correct it”. Security Weekly Labs is planning to assess some of these products in January and we’re eager to see what they’re like for ourselves.

  3. FUNDING: Query.AI Closes Oversubscribed $15 Million Series A Round to Enable Greater Security Operations Efficacy and Efficiency Across Decentralized Cloud, Third-Party SaaS and On-Prem Environments – “the provider of the market’s only security investigations control plane for modern enterprises”

    Decent-sized Series A at $15m. Looks like they’re pitching themselves as a SOAR alternative (less engineering/dev effort for same results). Sure enough, they’ve got the requisite laundry list of integrations on their website for such a claim: https://query.ai/integrations/

  4. FUNDING: Valence Emerges From Stealth With $7M in Funding to Secure the Business Application Mesh – $7m is a significant seed round from the latest YL Ventures-backed startup. YL has a solid track record, so we always perk up when a new YL portfolio company hits the scene. In trying to figure out what “Business Application Mesh” means, it sounds like this is primarily a visibility tool highlighting automated workflows leveraging APIs and “enterprise IFTTT”-style services like Zapier and Workato (which are mentioned in the PR). I’m reminded of one of the CASB use cases here, shadow IT discovery, though the other aspect of that is building a catalog of third-party services and how risky they are.
  5. FUNDING: Tenchi Security raises a US$3.3MM seed round to improve transparency and security in the cloud – Alexandre Sieira and the rest of the existing team at Tenchi Security by Filipe Bouças, reuniting part of the team that successfully built and sold Niddel to Verizon in 2018. It’s early days, but the company is firmly focused on cloud security. It currently appears to offer a mix of services and what sounds like a SaaS cloud security platform that focuses on first and third-party maturity monitoring.
  6. FUNDING: Tenacity Raises $3MM to Make Public Cloud Security Accessible to Every Company – Believe it or not, I found this company accidentally by searching for Tenchi’s seed funding press release! This also looks like a similar-sized seed round for another startup focused on cloud security. The ideal customer focus is much further down market, however. Tenacity says they’re aiming to build a self-serve service that helps small businesses use the cloud securely.
  7. ACQUISITIONS: HelpSystems Acquires PhishLabs – HelpSystems has been on a tear! Shortly after HGGC became the lead investor in PE-owned HelpSystems started to set its sights on cybersecurity companies. Traditionally, Helpsystems has been big iron-focused, offering automation for AS/400 (iSeries, i, etc) for almost 40 years, so it’s no surprise most security folks hadn’t heard of them. In fact, they’re the world’s biggest independent i software vendor. A bit of history first.

    In 2019, they picked up Core Security from SecureAuth, which was already a combination of Courion, Damballa, and the original Core Security (Courion dropped its own brand in favor of Core Security). Under HelpSystems, the Core Security subsidiary picked up Cobalt Strike. Also in 2019, HelpSystems picked up Clearswift (email security).

    In 2020, Titus, Boldon James (both data classification), and VERA (DRM) were picked up.

    In 2021, Digital Defense (vuln mgmt), Beyond Security (vuln mgmt), Agari (email security), and now PhishLabs have been picked up!

    Despite its name, PhishLabs is a lot more than security awareness training. It describes itself in the Digital Risk Protection (DRP) space along with vendors like RiskIQ (now MSFT) and Zerofox. DRP is all about protection brands and accounts by trying to spot misuse before it becomes a problem (e.g. anyone other than CapitalOne registering the domain capital0ne.com is not a good sign). Since HelpSystems is privately owned, no juicy deal details for us. Is there an S-1 in their future? I’d love to hear Tyler’s take.

  8. ACQUISITIONS: Elastic and Optimyze join forces to deliver “always on” continuous profiling of infrastructure, applications, and services – Halvar Flake’s latest startup gets acquired! Optimyze hasn’t been around long, and recently just went through a pivot. They started out looking for ways to “optimize” cloud workloads, in order to save organizations significant cloud spend. The pivot focused instead on profiling production cloud application workloads without most of the drawbacks traditional profiling tools would have.

    While not a pure-play security tool, any tool that offers better visibility into workloads definitely has a solid security use case. Optimize, along with Cmd, build.security, Endgame, and Elastic’s native security offerings represent a solid and quickly growing security lineup.

  9. MUST READS: The Leading Indicators of a Great Info/Cybersecurity Program – Updated – InfoSec veteran, soothsayer, and investor Phil Venables posts a lot of stuff well worth your time, but this one is especially interesting. It’s a list of what he considers to be “leading indicators of a great cybersecurity program”.

    Thought exercise: how many of these are data points collected by Security Rating Services?

    1. Accountable executive
    2. Experience depth
    3. High reliability organization
    4. Independent challenge
    5. Strategic architecture
    6. Transparency
    7. Preventative maintenance
    8. Extended enterprise
    9. Contribution
    10. Vulnerability reporting process

  10. STANDARDS: New CrowdXDR Alliance Defines Data Exchange Standard for XDR – So Crowdstrike has been avoiding using XDR for a while, but I guess that’s over. They’ve not only started using the term, but leaped out of the gate with the “CrowdXDR Alliance”. They say Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight are all members at launch.

    I guess it makes sense to have a common schema for XDR, but you might be asking, “doesn’t something like this already exist for SIEM”? Your hunch is correct – we’ve already got the Azure Sentinel Information Model, Chronicle Security’s Unified Data Model (and Cybereason is hitched up with them, along with their XDR play), and Elastic’s Elastic Common Schema.

    Obligatory XKCD: https://xkcd.com/927/

  11. TOOLS: blacklanternsecurity/writehat: A pentest reporting tool written in Python. Free yourself from Microsoft Word. – A neat FOSS, python, web-based tool that aims to speed up the process of generating pen test reports.
  12. TOOLS: Introducing Snowcat: World’s First Dedicated Security Scanner for Istio – Praetorian – TIL that Istio was a thing, AND there was a way to scan it for security issues!
  13. TOOLS: kdigger: a Context Discovery Tool for Kubernetes – A pen test-focused tool for discovering details about Kubes installs!
  14. SQUIRREL: Precious NFT – Follow Adam Sacks for more great cartoons on his Instagram at https://www.instagram.com/adamsackstoons/
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. What We’ve Learned From Interviewing Cybercriminals – 02:00 PM-02:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/devo for more information!

Announcements

  • Join us for our next live webcast on November 4th to learn about Pragmatic Steps to Reduce Your Software Supply Chain Risk. Then join us November 11th to learn the key insights and takeaways from the the 2021 OWASP top ten. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

Over the last year, The Record has published several interviews between security analysts and cybercriminals. This includes representatives from REvil, BlackMatter, and Marketo. The interviews have uncovered the gangs’ motivations, targets, and tactics, and have been cited by officials including White House Deputy National Security Advisor Anne Neuberger.

This segment is sponsored by Devo.

Visit https://securityweekly.com/devo to learn more about them!

Guest(s)

Adam Janofsky

Adam Janofsky – Editorial Director at The Record by Recorded Future

@adamjanofsky

Adam Janofsky is editorial director of The Record, a leading cybersecurity news site published by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance