esw251

Enterprise Security Weekly Episode #251 – November 18, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Real Costs of Ransomware in 2021, 2022, & Beyond – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista! Keynotes from Alyssa Miller, John Strand, Lesley Carhart, Dave Kennedy, & Maril Vernon! Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem––everyone from cyber insurance providers to the federal government have taken note. ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

Mike Campfield

Mike Campfield – VP, GM of International and Global Security Programs at ExtraHop

Mike Campfield is the VP, GM of International and Global Security Programs at ExtraHop. Mike leads the Security GTM at ExtraHop and has been in Security, Risk, and Information Management for over two decades. Prior to ExtraHop, Mike was at FireEye where he held several key roles on the FireEye Threat Analytics Platform and Global Accounts teams. Mike has experience helping advise on Security program maturity and worked with many leading Security programs to enhance their incident response capabilities.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Understanding Cyber Insurance Trends & Changes – 03:30 PM-04:00 PM

Announcements

  • Throughout 2022, CRA’s Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

Description

Jeffrey joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment.

Presenter(s)

Jeffrey Smith

Jeffrey Smith – Managing Partner at Cyber Risk Underwriters

@JeffreyLS172

Jeffrey founded Cyber Risk Underwriters in 2017 to more efficiently distribute cyber insurance, take advantage of excess cyber insurance capacity to design new derivative products, and develop alternative channels to deliver product to exposed organizations. In this role, Jeffrey is building a business model to better educate clients about the catastrophic nature of cyber security risks, and create a brand reputation evolving around exposure analytics and custom program design. Prior to joining Cyber Risk Underwriters, Jeffrey enjoyed over 25 years of success providing complex insurance and risk financing design, brokerage and relationship management expertise for mid-large corporations, educational institutions, and not-for-profits. He has served many industry verticals including health care, technology, real estate and private equity.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Congress Goes Cyber-Crazy, Emotet Returns, SnapAttack, & Netography – 04:00 PM-04:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Join us for our next live webcast on December 2nd to see what’s under the XDR hood. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

This week in the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you’re willing to delete the NPM modules you manage, Congress goes Cyber Crazy – 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Netography Raises $45 Million in Series A Funding, Led by Bessemer and SYN Ventures, to Secure the Atomized Network – A whopper of a Series A! For… yet another NDR product? I’m getting heavy Protectwise (acq by Verizon) vibes here – both SaaS-based NDR, with the biggest difference that Protectwise consumed full PCAPs, while Netography aims to only consume netflow, arguing that there’s less and less value in deep packet inspection going forward.

    Even if the product doesn’t look all that impressive or compelling, I suspect it’s the leadership that brought the VCs to the yard on this one – Martin Roesch was the founder and CEO of Sourcefire. Martin guided the $2.7bn sale of Sourcefire to Cisco in 2013, and was key in turning Cisco into a legitimate security vendor, which picked up a ton of notable security acquisitions following Sourcefire, including ThreatGRID, Neohapsis, OpenDNS, Lancope, CloudLock, and Duo Security.

    Cisco had security products before Sourcefire, but it didn’t *feel* like a security company until after Sourcefire. It will be interesting to see where Roesch takes this one.

  2. FUNDING: Israeli Data Security Startup Laminar Emerges from Stealth with $32 Million Series A – Laminar
  3. FUNDING: Threat intel startup SnapAttack lands $8M Series A following Booz Allen spinout – TechCrunch
  4. FUNDING: Cloud security firm Lacework secures $1.3 billion in new funding round – As you do your double-take, I’ll point out that $1.3bn is the size of the ROUND. The valuation is $8.3bn.
  5. ACQUISITION: Lacework acquires Soluble to strengthen its data-driven cloud security platform – Help Net Security
  6. TRENDS: I will pay you cash to delete your npm module
  7. TRENDS: GitHub’s commitment to npm ecosystem security
  8. TRENDS: Emotet botnet returns after law enforcement mass-uninstall operation
  9. TRENDS: “As tech M&A soars into the stratosphere, one sector is doing more than its share to boost it toward those previously unimaginable heights: #Informationsecurity.” – One of my mentors when I was learning the business and investment side of the industry, Brenon Daly. He always has some interesting takes on the market. It’s good to see that the current market looks just as nuts to him as it has to us. It’s also shocking to see it quantified on a bar graph, zoomed out to an annual time scale!
  10. LEGISLATION: 18 new cybersecurity bills introduced as US congressional interest heats up – We won (by losing)! People are finally taking cybersecurity seriously. So now we’re swamped with proposed cybersecurity legislation, and some of it is… not well thought out.
  11. LEGISLATION: Congress Mulls Banning Big Ransomware Payouts – Utter idiocy.
  12. RESEARCH: Mapping ATT&CK to CVE for Impact
  13. TOOLS: Feodo Tracker (botnet tracker)
  14. TOOLS?: SS7 Hack Software – How to hack SS7 and Intercept SMS
  15. REPORTS: McAfee – Hidden Costs of Cybercrime
  16. REPORTS: Inside the Mind of a Hacker 2021 Edition
  17. SQUIRREL: The Mysterious Case of the F*cking Good Pizza
KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne