esw278

Enterprise Security Weekly Episode #278 – June 23, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Breaking Through Vendor Barriers: Product Data as a Service – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/tanium for more information!

Announcements

Description

Introducing the concept of Tanium Data as a Service. When you’ve got a product like Tanium, that collects so much useful data – why would you want to keep it within Tanium? The ‘Data-as-a-Service’ model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer’s organization.

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Guest(s)

Tim Morris

Tim Morris – Financial Services Strategist at Tanium

Tim joined Tanium in May 2021, after retiring from Wells Fargo, where he spent 21 years. He led the Cyber Threat Engineering and Research teams within Information & Cyber Security for the bank.
Tim has worked with almost every facet of computer and network technologies. Concentration has been with endpoint detection & response, systems & patch management, and vulnerability assessment. He has built teams that manage: endpoint security, platform engineering, incident response, digital forensics, and offensive security, i.e., “red team”.
Tim was first introduced to Tanium in 2008. However, he didn’t begin working with it fully until 2013. Tim was privileged to have the opportunity to be one of the first to deploy & manage Tanium at a large scale on 500K endpoints. At the same time, he was able to build one of the best cyber security engineering teams in the industry. Their effectiveness and efficiency were due in large part to Tanium – The best incident response and system management tool in the industry.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. IBM Acquires Randori, Quantum Devices, Microsoft Defender, & RapidFort – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection?
Managing and monitoring your quantum devices?
Making sure you don’t lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

  1. FUNDING: Cyberint raises $28 million to help organizations gain visibility into external risk exposure
  2. FUNDING: RevealSecurity Raises $23M – Sounding a lot like CASBv2 from the descriptions – detecting insider threat in SaaS, etc.
  3. FUNDING: Attack surface management platform RapidFort raises $8.5M – TechCrunch – RapidFort is NOT an attack surface management platform. At least, not according to the current definition of this term. When you say “ASM” these days, the term invokes thoughts of scanners that discover abandoned, vulnerable assets exposed to the public Internet. But instead of finding existing security/tech debt, Rapidfort interestingly attempts to avoid sending it out there in the first place, by filtering out unnecessary and vulnerable components BEFORE they’re put into production.
  4. FUNDING: Quickpass Cybersecurity Raises $7 Million to Secure MSPs and Automate Helpdesk Security
  5. FUNDING: evolutionQ News Release June 13, 2022 – evolutionQ Secures US$5.5 Million in Series A Funding for Global Expansion – “The quantum-safe software allows organizations building a network based on Quantum Key Distribution devices to easily deploy and cost-effectively manage quantum technologies throughout their network.”

    Huh?

  6. FUNDING: Firmware Supply Chain Company Binarly Raises $3.6 Million from WestWave Capital, Acrobator Ventures – Does Eclypsium have competition??
  7. FUNDING: Kriptos Raises US$3.1 Million To Address Sensitive Data Breach – I don’t think this translated well. Bi-lingual California-based Kriptos discovers and classifies data, but from this title, it sounds like they just needed money to pay for a breach!

    Data security is definitely back, and it will be interesting to see what early adopters say – is Data Security 2.0 better at DLP/classification than the original round of products in this space?

  8. FUNDING: Bunkyr raises over $1M to bring frictionless security to developers and end users • Bunkyr – Two things caught my attention here:
    1. As I’ve previously mentioned, cryptocurrency and especially hardware (cold) wallets are a challenge for the average consumer and it’s painful to see all the folks losing thousands or tens of thousands of dollars to a forgotten pin or passphrase. Even Joe Grand is running a company that attempts to recover wallets now.
    2. Though this company’s primary focus is ensuring cold wallet owners never lose access, they manage to completely avoid mentioning cryptocurrency or wallets in the press release. I don’t think it’s a coincidence, but it still leaves me wondering what they’re worried about.
  9. ACQUISITIONS: IBM bolsters cyber security offerings with Randori acquisition
  10. ACQUIHIRE: Darkbit Founders Join Aqua Security to Bolster Cloud Native Security Expertise – Both of Darkbit’s founders join Aqua. They’re not calling it an acquisition, so we won’t either.
  11. PARTNERSHIPS: We’ve joined the FIDO Alliance to build a better future for authentication
  12. NEW PRODUCTS: Jit aims to simplify product security for developers – Not to be confused with git
  13. NEW PRODUCTS: Contrast Security Makes Enterprise-Class Code Security Testing Tools Available to All Developers for Free – Free code scanning!
  14. NEW PRODUCTS: SafeBreach Unveils SafeBreach Studio
  15. NEW FEATURES: Noname Security Launches Most Advanced Global API Security Solution on the Market Delivering Greater Scalability and Performance
  16. NEW FEATURES: Rumble 2.14: Sync assets, software, and vulnerability data from Tenable, run external discovery from our cloud, and extend your Microsoft Azure coverage – Rumble continues to impress and now has a large number of integrations that pull additional asset data and enrichment data into Rumble. List of integrations here: https://www.rumble.run/docs/integrations/
  17. NEW PRODUCT: AnoMark – An interesting open source product that baselines (trains a model) on what’s normal in your environment and can then alert when abnormal command-line parameters are used.
  18. NEW PRODUCT: Microsoft Defender launches on Windows, macOS, iOS, and Android – Defender is now cross platform!
  19. RECOMMENDED READING: The Tar Pit of CSPM – Chris Farris
  20. RECOMMENDED READING: The Philosphy of Prevention – Chris Farris
  21. TRENDS: Israel’s most overvalued cybersecurity startups exposed – report – The market correction heats up in InfoSec as Globes spills the tea on valuation multiples for some of the largest unicorns in security.
  22. RESEARCH: Password policies of most top websites fail to follow best practices – Could it be that MFA has made password requirements complacent, or are tech companies neglecting security and their customers?
  23. SQUIRREL: How Git Came to Be
KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Stopping Phishing Attacks & A Fresh Approach to Reducing Cyber Risk – 04:00 PM-04:30 PM

Description

PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices.

Segment Resources:
https://pixmsecurity.com/mobile/

This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!

The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization’s environment. He’ll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk.

Segment Resources:
www.qualys.com/trurisk
www.qualys.com/vmdr

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

Guest(s)

Chris Cleveland

Chris Cleveland – CEO at Pixm

Chris started PIXM after winning a pitch contest in Columbia’s machine learning graduate program. He built PIXM’s initial computer vision AI engine that stopped hundreds of phishing breaches at point of click in the browser. He has raised over five million in venture funding and is now on a mission to seal phishing gaps beyond the inbox with great technology.

Mehul Revankar

Mehul Revankar – VP Product Management and Engineering, VMDR at Qualys

@MehulRevankar

Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security