esw276

Enterprise Security Weekly Episode #276 – June 02, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Understanding Web Application Client-Side Risk – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/sourcedefense for more information!

Announcements

  • Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!

Description

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.

Segment Resources:
“Magecart 101” – a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense’s solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense’s brand new (as of 5/25/22) “State of the Industry” report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper

This segment is sponsored by Source Defense.

Visit https://securityweekly.com/sourcedefense to learn more about them!

Guest(s)

Matt McGuirk

Matt McGuirk – Solution Architect at Source Defense

Matt McGuirk is an expert in JavaScript, web technologies, and both client-side risk and client-side attacks. He has over 15 years of experience in web application development, website administration, and cybersecurity. Additionally, he has provided consultation and analysis to Fortune 50 companies on how best to secure their customer-facing web properties and business critical web applications. Matt lives in the American Northeast with his wife and two dogs.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Salesforce’s Journey Towards Complete Customer MFA – 03:30 PM-04:00 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

In the Autumn of 2019, Salesforce started on an ambitious journey – to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce’s customer to deploy new technology and to change all of their user’s behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved.

Join Ian Glazer as he discusses the impetus for Salesforce’s MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce’s journey towards complete customer MFA adoption and apply it in your own organization.

Guest(s)

Ian Glazer

Ian Glazer – SVP, Product Management, Identity at Salesforce

@iglazer

Ian Glazer is the Senior Vice President for Identity Product Management, at Salesforce. His responsibilities include leading the product management team, product strategy and identity standards work. Prior to that, he was a research vice president and agenda manager on the Identity and Privacy Strategies team at Gartner, where he oversaw the entire team’s research. He is the co-founder IDPro, the professional organization for digital identity management, and works to deliver more services and value to the IDPro membership, raise funds for the organization, and help identity management professionals learn from one another. During his career in the identity industry, he has co-authored a patent on federated user provisioning, co-authored and contributed to user provisioning specifications, is a noted blogger, speaker, and photographer of his socks.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. ReliaQuest, Mimecast Delisted, 57th Unicorn, Expired Certs, & CyberSec Skill Crisis – 04:00 PM-04:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Description

Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn,
JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

  1. FUNDING: Security Vendor Semperis Lands $200M Funding Round Led By KKR
  2. FUNDING: Devo Announces $100 Million Funding Round Led by Eurazeo to Fuel Global Expansion and Acquisitions – $100M Series F with a valuation of $2B, making Devo our newest and 56th Cybersecurity unicorn! Eurazeo led the round along with Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and ISAI Cap Venture
  3. FUNDING: JupiterOne Achieves Valuation of Over $1B with $70M Series C Funding to Fuel Innovation in Cybersecurity and Democratize Access for All – And our very own Tyler Shield’s company makes our 57th Unicorn after a $70M Series C with a $1B+ valuation!
  4. FUNDING: Announcing the First Images Designed for a Secure Software Supply Chain – $50M Series A. The round was led by Sequoia Capital with participation from Amplify Partners, Chainsmoker’s Mantis VC, K5/JPMC, Banana Capital, and LiveOak Venture Partners
  5. FUNDING: Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security
  6. FUNDING: Hoxhunt raises $40M to solve the hardest part of cybersecurity: people
  7. FUNDING: Seemplicity Raises $32 Million with First-of-its-Kind Productivity Platform for Modern Security Teams to Scale Risk Reduction Efforts
  8. FUNDING: Open Source Security Gets $30M Boost From Industry Heavy Hitters
  9. FUNDING: Laminar Doubles Funding in Less Than Six Months to $67 Million, Leading the Way in Cloud Data Security
  10. FUNDING: Vade Lands $30 Million in New Funding Round
  11. FUNDING: Tidelift Raises $27 Million in Series C Funding as Open Source Software Supply Chain Health and Security Become Urgent Priorities
  12. FUNDING: Incognia Raises $15.5M Series A to Combat Increased Identity Fraud
  13. FUNDING: ShardSecure Secures $11M in Series A Funding
  14. FUNDING: Forgepoint Capital Fuels Cyber Market, Launches New Incident Response Firm Surefire Cyber with $10 Million in Series A Funding
  15. FUNDING: OT Remote Access Firm Xona Raises $7.2 Million in Series A Funding
  16. FUNDING: Red Access Emerges from Stealth with $6M Round to Secure Every Web Session Across any Browser, App and Device
  17. ACQUISITIONS: Mimecast goes private after Permira completes $5.8B acquisition – Boston Business Journal – First announced last December, this acquisition has now closed and Mimecast has been taken private.
  18. ACQUISITIONS: ReliaQuest to Acquire Digital Shadows
  19. NEW PRODUCT: Another arrow in the quiver: Mastercard strengthens cybersecurity consulting practice with new Cyber Front threat simulation platform
  20. TRENDS: Cybersecurity performance in public markets & 2022 economic downturn
  21. TRENDS: Cybersecurity Performance Summary – Public Markets (updated automatically every 20 minutes)
  22. TRENDS: Trellix Survey Findings: A Closer Look at the Cyber Talent Gap – If you want to jump into the full survey results for the previous story, it’s all here.
  23. TRENDS: Bad news: The cybersecurity skills crisis is about to get even worse – “Cybersecurity firm Trellix commissioned a survey of 1,000 cybersecurity professionals globally and found that 30% are planning to change professions within two or more years.”

    This is a decent sample size. While surveys are difficult and unreliable in the best of times, the question was well worded and does trouble me a bit. One issue is that it didn’t account for soon-to-be-retirees. The biggest thing I’d want to see is the cross section of time-in-industry across this 30%. Are we losing new people? Industry veterans? Even losses across time-in-industry?

  24. REBRANDING: McAfee Enterprise SSE Business Renamed Skyhigh Security
  25. SQUIRREL: Expired Cert + IoT = PAIN – Joey Piccola on Twitter – Never thought I’d say this: My window blinds won’t open because of an expired cert.
  26. SQUIRREL: Gene-editing experiment turns fluffy hamsters into ‘aggressive’ rage monsters
KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne