esw261

Enterprise Security Weekly Episode #261 – February 17, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. 0patch – Security Patching That Doesn’t Make Your Life Miserable – 03:00 PM-03:30 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

0patch is a simple but powerful service that provides tiny targeted security patches to Windows computers, eliminating the most critical vulnerabilities without restarting the computer or relaunching applications. A different approach to patching allows us to both create and deploy 0day patches much quicker than original vendors can with their traditional update processes.

Segment Resources:
0patch Blog with many posts on vulnerabilities and patches we make
https://blog.0patch.com/

0patch FAQ
https://0patch.zendesk.com/hc/en-us/categories/200441471

Guest(s)

Mitja Kolsek

Mitja Kolsek – Founder, CEO at ACROS Security

@mkolsek

After completing the computer sciences study, Mitja co-founded ACROS Security in 1999, offering application security assessments and penetration testing services to large, mostly US-based customers. Many discovered vulnerabilities and successfully penetrated customer networks later, he co-founded 0patch, a 3rd party security patching service aiming to make penetration testers’ – and more importantly, attackers’ – lives harder.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Changing the TPCRM Game W/ Cyber Risk Intelligence Tools – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Definitions of the word intelligence include a collection of information of military or
political value as well as the ability to acquire and apply knowledge or skills. In
cybersecurity, when we possess intelligence, we feed that data in our Security
Operations Center (SOC) to further analyze the risk present. In this case, the risk is based on the probability of threats materializing and the impact they would have on the organization.

We’re calling the output of that SOC Cyber Risk Intelligence. Cyber Risk Intelligence is
the ability to think holistically about risk and provide information that decision makers
can act on…not just analyze.

Traditional Vendor Risk Management (VRM) processes focus on the gap, which is essentially information that needs to be further analyzed against the risk to the business. This is an additional step that takes time and effort, especially when different compliance frameworks and threats are constantly emerging.

Segment Resources:
https://www.cybergrx.com/resources/research-and-insights/blog/beyond-risk-management-how-cyber-risk-intelligence-tools-are-changing-the-tpcrm-game

This segment is sponsored by CyberGRX.

Visit https://securityweekly.com/cybergrx to learn more about them!

Guest(s)

Vikram Asnani

Vikram Asnani – Sr Director Solution Architecture at CyberGRX

Vikram is a CISSP and SABSA certified cybersecurity and privacy professional with 15 years of global experience in assisting clients across Risk Management, CyberSecurity Strategy, Third Party Risk, Cloud Migration, Business Continuity and Data Privacy, through Advisory and Managed Services offerings with a motto of using technology as an innovative solution for driving maturity. Vikram has worked with many assurance functions, risk managers as part of his experience of working with Big4 consultancy companies. He also has experience of leading a national practice for third party risk management, where he has built end to end TPRM programs including establishing governance and assurance functions. Vikram is currently a solution architect for a CyberGRX, which has revolutionized the way to manage TPRM program and has been assisting its clients in maturing their TPRM program using CyberGRX.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Cisco/Splunk Rumors, Canonic Security, Unhelpful Legislation, & Securonix Round – 04:00 PM-04:30 PM

Announcements

  • We have a couple webcasts coming up soon. First, join us March 2nd to learn five things you can do to catch more bad guys! Then join us March 10th for an intro to KQL queries! To register for these webcasts visit https://securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.

Description

Finally, in the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raises a totally legit $26.5M Series A, Vicarius and Calamu raise Series As
,Permit.io, KSOC, Titaniam, Canonic Security, Allure Security, and SecureThings all pick up seed funding! We look at Big Tech’s cybersecurity funding and acquisitions, The rumor mill goes nuts over a Cisco/Splunk deal that’s probably not happening (maybe?)
Why are cybersecurity asset management startups so hot right now?
New products, unhelpful legislation, a major acquisition, & of course a few squirrel stories!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: Cyber security company Securonix raises $1 billion in Vista-led round – Surely this is an acquisition??
  2. FUNDING: Salt Security Raises $140 Million Series D Round Led by CapitalG at $1.4 Billion Valuation – UNICORRRRRRN
  3. FUNDING: Legit Security raises $26.5 million Series A to protect software supply chains – TOTES legit.
  4. FUNDING: Vicarius raises $24M to build out its vulnerability remediation platform – TechCrunch
  5. FUNDING: Calamu Raises $16.5M Series A Round to Scale Next Gen Multi-Cloud Data Protection Platform for Ransomware Recovery
  6. FUNDING: Permit.io raises $6M to make permissions easier – TechCrunch
  7. FUNDING: KSOC Raises $6 Million Seed Round to Definitively Secure Kubernetes – Laziest name ever, but easy to remember and kinda catchy, so I can’t hate.
  8. FUNDING: Titaniam Secures $6 Million in Seed Funding as Customer Demand Soars
  9. FUNDING: Canonic Security raises $6 million Seed round for SaaS application security platform
  10. FUNDING: Allure Security Closes $5.3M in Seed Funding – FinSMEs
  11. FUNDING: Cybersecurity startup SecureThings.ai picks up $3.5 million in funding led by Inflexor Ventures – An India-based automotive cybersecurity startup. Makes sense – cars are full of computers these days and India is the world’s 4th largest automaker, behind China, the US, and Japan. It just edges out Germany, Mexico, and South Korea.
  12. ACQUISITION: Akamai to acquire AWS competitor Linode for $900M – AWS competitor? Not even close. Maybe a Digital Ocean competitor. An interesting buy though:
    – bootstrapped, profitable from the beginning (which was several years before AWS)
    – 250 employees (yeah, that’s right – each employee is valued at $3.5M in this deal)
    – $100M ARR ($400k revenue per employee is nothing to sneeze at either!)
    – SMB-focused, which makes the Akamai acquisition a bit of a head scratcher. The stated rationale is “The goal of the acquisition is to provide developers with a distributed platform for building, running, and securing “next-generation” applications”, which I’m struggling to translate into anything meaningful
  13. REPORT: CBInsights – Big Tech In Cybersecurity
  14. OP-ED: Vulnerabilities don’t count – Your vulnerability metrics are hot garbage. Andy Ellis knows it and you know it. A great read, full of examples and visualizations.
  15. RUMORS: Cisco Made $20 Billion-Plus Takeover Offer for Splunk – I don’t know where this rumor started, but it is absolutely NOT newsworthy that Splunk is in M&A conversations. They’re probably having M&A conversations EVERY SINGLE DAY OF THE YEAR.

    Now, if they’re in the market for a SIEM, that’s generally interesting and newsworthy – but basically everyone on all sides has denied that a deal is happening between the two giants. Or maybe that’s exactly what both sides would say if they WERE in more serious, late-stage acquisition talks? Hmmm…

    If it did happen, it would be the biggest acquisition ever.

  16. TRENDS: Why are cybersecurity asset management startups so hot right now? – TechCrunch – I’m betting Tyler and Katie might have some theories?
  17. LEGISLATION: To protect consumers, Congress should secure the app store supply chain – TechCrunch – Congress means well, I guess.
  18. NEW PRODUCT: Early access to Chrome OS Flex: The upgrade PCs and Macs have been waiting for
  19. NEW PRODUCT: Introducing Passage: Biometric User Authentication Built for Developers
  20. SQUIRREL: Netflix optioned a movie about crypto’s biggest scandal – TechCrunch – Because, of course they did. Same guy that made Fyre Festival and Theranos dumpster fire specials (to be clear, his documentaries aren’t dumpster fires, his subject matter is). From now on, I’m calling this category of documentaries, DUMPSTERmentaries.
  21. SQUIRREL: Virgin Galactic opens ticket sales to the general public – $450k tickets to space are now available! What does this get you?
    – an opportunity to annoy people by insisting you’re now an “astronaut” (yes, they actually use this term)
    – an opportunity to buy an ‘Astronaut Edition’ Range Rover
    – a custom Under Armour “spacesuit”
    – “astronaut” training
KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne