esw254

Enterprise Security Weekly Episode #254 – December 16, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Morale Is a Safety Control – 03:00 PM-03:30 PM

Announcements

  • Throughout 2022, CRA’s Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

Description

Not all security is complicated—many aspects boil down to noticing that something is off. Attentive and curious employees are an overlooked safety mechanism, as is handling problems in a constructive way.

Guest(s)

Shoshana Gourdin

Shoshana Gourdin – at

Shoshana Gourdin is a Director of Operations with a history in security operations and compliance. She’s devoted to team and individual growth.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

 KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

 TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. The Evolution & Future of XDR & the SOC – 03:30 PM-04:00 PM

Announcements

  • Join us January 20th to learn how to build your own security lab at home! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.

Description

Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cybersecurity categories – XDR.

This discussion will touch on why the only thing about XDR that was a surprise was maybe the name – we all saw this coming, partly due to the failure of other, less effective products and technologies. Perhaps more interesting will be to get Scott’s thoughts on where we’re going from a macro perspective. Distributed SOC? Automated remediation? Next-gen XDR?

Guest(s)

Scott Crawford

Scott Crawford – Research Director at 451 Research / S&P Global Market Intelligence

@s_crawford

Scott Crawford is an industry analyst and heads the Information Security team at 451 Research, a technology industry analyst firm now part of S&P Global Market Intelligence. He was the first information security officer for the Comprehensive Nuclear-Test-Ban Treaty organization in Vienna, Austria, and served as a senior strategist with IBM Security before joining 451.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

 KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

 TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk – 04:00 PM-04:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80’s cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We’ll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance
  1. TRENDS: The ‘art’ of VC startup valuations is a forgery – TechCrunch
  2. FUNDING: Noname Security achieves unicorn status, one year after exiting stealth, with $135 million Series C
  3. FUNDING: Ermetic raises $70M for ‘identity-first’ cloud security
  4. FUNDING: Dazz, from ex-Microsoft team, gets $60M to automate cloud security – $50m Series A + $10m Seed. Sounds like a CSPM play, and who can blame them with all the money getting raised there? Founding team includes former general manager of Microsoft’s cloud business and a few other ex-Microsoft folks with backgrounds in IoT security (Armis and Claroty). Founding crew looks to be mostly Israeli and funding comes from Insight Partners, Greylock Partners, Index Ventures, and Cyberstarts.
  5. SPIN-OUT: LogMeIn spins LastPass out as an independent company once more
  6. VULNS: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
  7. POST-MORTEM: Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region
  8. REPORTS: Cisco Secure Outcomes Study Report 2021 – Part 2 of an excellent series funded by Cisco and put together by the excellent Cyentia Labs. It studies security outcomes – I highly recommend reading both!
  9. TRENDS: Report: 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees
  10. STANDARDS: SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach – Even NIST is ready to admit the security team can’t do all the lifting.
  11. REGULATIONS: Democrats accuse GOP of scuttling incident reporting in massive defense bill
  12. REGULATIONS: Senate approves cyber-loaded defense bill loaded
  13. SQUIRREL: What’s the jankiest piece of tech you’ve seen a company depend on? – Brandon Rohrer asks on Twitter: War stories please. What’s the jankiest piece of tech you’ve seen a company depend on?
KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius
TylerShields

Tyler Shields

@txs

CMO at JupiterOne