esw263

Enterprise Security Weekly Episode #263 – March 03, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Exposing Malware in Linux-Based Multi-Cloud Environments – 03:00 PM-03:30 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

90% of cloud runs on Linux, but current countermeasures are focused on addressing Windows-based threats, leaving multi-cloud deployments vulnerable to attacks. So, is it any wonder that malware is propagating in multi-cloud environments under the radar?

Segment Resources:
https://via.vmw.com/exposingmalware

This segment is sponsored by VMware.

Visit https://securityweekly.com/vmware to learn more about them!

Guest(s)

Chad Skipper

Chad Skipper – Global Security Technologist at VMware

Chad Skipper serves as Global Security Technologist in the Network and Security Business Unit at VMware. With more than 25 years in Information Security, Chad has served in many executive security technologist and strategist roles of endpoint, network, cloud, and hosted security services at Lastline, acquired by VMware, Cylance, acquired by Blackberry, Dell, Cisco, Symantec and is a USAF veteran.

Karen Worstell

Karen Worstell – Sr. Cybersecurity Strategist at VMware

Karen Worstell, Sr. Cybersecurity Strategist and Howler for VMware, is well known today for her work as a CISO for iconic brands such as Russell Investments, Microsoft, and AT&T Wireless. She is one of the pioneer leaders of all aspects of information and internet security serving in research and consulting roles at Boeing Research and Technology, SRI International, NIST, Aerospace Industries Association, US Department of Commerce Computer Systems Security and Privacy Advisory Board, and multiple standards bodies.

As an author and industry luminary, Worstell frequently contributes to various publications and speaks at global industry events on a range of topics including security, innovation, creativity and strategies for improving representation and equity for women in the Tech workforce. She is a contributing author to the 6th ed of the Computer Security Handbook (Wiley), and author of Governance and Control for Cutting Edge IT (ITGI) and Your Amazing Itty Bitty Book on Personal Data Protection (IttyBitty® Books).

Worstell holds Bachelor of Science degrees in Chemistry and Molecular Biology from the University of Washington, and a Master of Science degree in Computer Science from Pacific Lutheran University and an MA in Jewish Studies from MJTI.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Putting the Zero Back Into Zero-Trust – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

We’ll cover the cutting-edge recommendations in the US federal governments January 2022 memo on their “transition to zero trust”. Then we’ll talk about what the standard definition of “zero-trust” means in our industry, and why it doesn’t mean “trust zero things”. Finally, we’ll chat about architectures that can get us closer to actually trusting zero things.

Segment Resources:
Analysis of the federal government’s zero trust memo:
https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to

https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit

Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model

Guest(s)

Sharon Goldberg

Sharon Goldberg – CEO and Co-Founder at BastionZero Inc

@goldbe

Dr. Sharon Goldberg is the CEO and cofounder of BastionZero, an infrastructure cybersecurity startup, and a tenured computer science professor at Boston University. She has taught courses in cybersecurity for over a decade and has published over 30 peer-reviewed research papers on infrastructure security and cryptography. She is a contributor to security of BGP, NTP, DNS, Bitcoin, Ethereum and IETF cryptography standards, and is an author of the 2015 attacks on NTP. Lately, she spends most of her time thinking about zero trust, bastion hosts and why perimeter VPNs are just not a good idea.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Defense for Healthcare, Scope Security, Balbix, & DevOps Wizardry – 04:00 PM-04:30 PM

Announcements

Description

Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security’s newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. FUNDING: BlueVoyant nabs $250M to help enterprises nab malicious hackers and stop security breaches – TechCrunch – This $250M Series D is an interesting one. BlueVoyant between a services firm and a software firm. On the services side, they’ve got professional services and are an MDR firm. On the software side, they have Digital Risk Management and Third Party Risk Management offerings.
  2. FUNDING: Balbix Announces $70M Series C Funding to Fuel AI Innovation in Cybersecurity Posture Automation
  3. FUNDING: Scope Security Announces $20M Series A Funding Round Led by Thrive Capital
  4. FUNDING: BastionZero Raises $6M in Seed Funding
  5. TRENDS: Cybersecurity M&A Roundup: 35 Deals Announced in February 2022
  6. TRENDS: The Crunchbase Unicorn Board
  7. TRENDS: Epic Games just bought an entire Bandcamp, and it’s not even Friday – TechCrunch – I think we’re starting to see some Metaverse moves this week. Epic Games picks up Bandcamp. Netflix picks up Next Games. The lines are starting to blur.
  8. NEW PRODUCTS: Can Palo Alto Networks XSIAM Disrupt SIEM Security Software Market? – MSSP Alert
  9. NEW PRODUCTS: Infra – “The Open Source Identity Engine” – Not a ton of information on this one, but looks like they’re addressing admin/engineer access to infrastructure and apps, which apparently is a trickier issue than I previously realized. They mention support for UI, API, and CLI-based authentication.
  10. STANDARDS: Third Party Risk Management and Cybersecurity Leaders from BitSight, Black Kite, Panorays, RiskRecon, SecurityScorecard Formally Adopt Shared Assessments’ First Ever Unified Third Party Continuous Monitoring Cybersecurity Taxonomy
  11. PEOPLE: Zane Lackey joins A16Z as GP – After Signal Science’s successful exit to Fastly, CISO, founder, CEO, and angel investor Zane Lackey goes VC for the next step on his journey.
  12. SQUIRREL: Emerge Home – a social VR experience you can feel
KatieTeitler

Katie Teitler

@Katherinert15

Sr. Product Marketing Manager at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element