Figure It Out – ESW #232
Full Audio
View Show IndexSegments
1. How Criminals Use Cloud Apps to Inject Chaos Into Work Environments – Doni Brass – ESW #232
In 2020, cyber criminals used cloud apps, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain. In this interview featuring Cisco’s Doni Brass, we lay out how companies and their IT teams can stave off threats in the cloud app discovery process, stop data from landing in the wrong hands, and identify and block cloud malware that can cost both time and treasure!
Segment Resources:
What attacks aren’t you seeing?
- https://learn-umbrella.cisco.com/ebook-library/what-attacks-arent-you-seeing?utmmedium=media-article&utmsource=sc-magazine&utmcampaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utmterm=pgm&utm_content=umb-fy20-q3-content-ebook-what-cyber-attacks-arent-you-seeing
The modern cybersecurity landscape: Scaling for threats in motion - https://learn-umbrella.cisco.com/technical-paper-library/the-modern-cybersecurity-landscape-scaling-for-threats-in-motion?utmmedium=media-article&utmsource=sc-magazine&utmcampaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utmterm=pgm&utm_content=umb-fy21-q2-content-technical-papers-the-modern-cybersecurity-landscape
Cloud Security Buyers Guide - https://learn-umbrella.cisco.com/ebook-library/cloud-security-buyers-guide?utmmedium=media-article&utmsource=sc-magazine&utmcampaign=umb-fy21-q3-na-0201-paid-media-sc-magazine-podcast&utmterm=pgm&utm_content=umb-fy21-q2-content-ebook-cloud-security-buyers-guide
This segment is sponsored by Cisco Umbrella.
Visit https://securityweekly.com/ciscoumbrella to learn more about them!
Sponsored By
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Doni Brass is passionate about technology and innovation in the fast growing world of cloud computing. With almost 15 years of product management experience across telecom, hardware and SaaS industries, he has seen firsthand the way Enterprise B2B products have undergone a fundamental shift towards product design based on user experience. Over the past 5 years Doni has brought a unique perspective to the Cloud Security space and has helped drive the transition from a traditional security stack to Cisco’s latest Cloud Security platform. He now leads a team of Product Managers dedicated to Cisco Cloud Application and Data Security (CASB & DLP).
Hosts
2. How Teams Can Reduce the Visibility Gap – Brendon Macaraeg – ESW #232
Security is a shared responsibility, but teams need to know what’s really going on in production with their web apps and APIs, as it’s happening, in order to achieve the reliable security that companies crave. In this podcast, Brendon Macaraeg will focus on the mission-critical need for real-time visibility. As many teams no longer work in the same room side by side, the role visibility plays today — and will continue to play in the future — can no longer be ignored. And it’s not just a shift toward distributed work that’s creating this increased need for information: while security teams may have more application security tools than ever before, very few of them will actually provide visibility into the important decisions they need to make, like which alerts to triage or which APIs are being targeted. Brendon will discuss why companies need to quickly move past legacy technologies that have limited visibility, to instead more active observability tools that provide real insights to act upon — allowing developers and IT security teams to collaborate in real time.
This segment is sponsored by Fastly.
Visit https://securityweekly.com/fastly to learn more about them!
Sponsored By
Announcements
Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!
Guest
Brendon Macaraeg is the Senior Director of Product Marketing for Fastly’s product portfolio where he manages a team of product marketers responsible for messaging and positioning, sales enablement and competitive intelligence across Fastly’s portfolio of web app and API security, delivery and serverless compute offerings. He has over 8 years of security experience in various product marketing roles. He came to Fastly via its October 2020 acquisition of Signal Sciences, a web app and API security vendor. Prior security roles include supporting CrowdStrike’s Professional Services team and Symantec’s consumer and enterprise products and services. Before getting into security, he worked in product management across a variety of industries. He started his career as an editorial researcher and staff writer at PC Magazine. He has a Masters of Professional Studies from New York University’s Interactive Telecommunications Program and a Bachelor of Science from Minnesota State University, Moorhead.
Hosts
3. SentinelOne IPO, Cloudflare Integrations, D3FEND, & Rumble Network Discovery – ESW #232
This week In the Enterprise News: Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a Better Internet with Code BGP, and more!
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Hosts
- 1. FUNDING: Building a Better Internet with Code BGPIDS for BGP, it's about time!
- 2. FUNDING: Transmit Security raises $543M Series A to kill off the password – TechCrunchThis is a series A larger than many VC firms' entire funds! I checked - this isn't just big for cybersecurity - it's a big Series A by any measure. In the last year, the only other US Series A I could find that was bigger was a company called Perch, that sells and grows third-party D2C brands that sell through Amazon.
- 3. FUNDING: Industrial cybersecurity firm Claroty raises $140 million from investorsA big Series D for the OT security world, especially considering that OT is fairly niche in the larger cybersecurity world.
- 4. FUNDING: Startup Arctic Wolf Valued Above $4 Billion in New InvestmentArctic Wolf has emerged from the boom in managed services as a leader and this growth is evidence of that. They've already raised nearly $350m to date, with the last round a $200m Series E. That suggests an even larger forthcoming Series F, also backed by Viking Global Investors, a global hedge fund based in Connecticut.
- 5. TOOLS: NSA Funds Development, Release of D3FENDA matrix of mitigations to match MITRE ATT&CK
- 6. TOOLS: Rumble Network Discovery 2.3Rumble is doing so much amazing stuff at such a fast pace! No one else comes even close to some of the stuff Rumble has done over the past 2 years. Release 2.3 brings a new RFC1918 coverage report that keeps track of which internal IPv4 subnets have been discovered, which are unscanned but are hinted at by discovered assets, and which are still uncharted territory. This report includes links to run new scans of the unmapped networks using Rumble’s lightning-fast subnet sampling feature.
- 7. STANDARDS: Biden’s executive order on cybersecurity should include behavior transparency – TechCrunchSBOMs aren't enough! Great argument here for vendors to not only provide detailed baselines for their products' behavior but to provide it in a format that's easily consumable by security monitoring products!
- 1. Neo4j’s $325M funding round lifts fortunes of graph database industry
- 2. Smoothwall Acquires eSafe Global
- 3. Ping Identity : Announces the Acquisition of SecuredTouch to Accelerate Identity Fraud Capabilities
- 4. LookingGlass Cyber Announces Acquisition of AlphaWave
- 5. Splunk raises $1B from Silver Lake as it refocuses growth strategy on the cloud
- 6. Vectra Launches Detect for AWS" Detect for AWS is a cloud-native SaaS solution that provides continuous, scalable agentless threat detection, prioritisation, investigation, and response to attacks targeting applications running on AWS, as well as users, compute, and storage instances, including the use on AWS of the control plane itself. Detect for AWS works both at runtime and holistically across all AWS regions and does not require packet mirroring."
- 7. Aqua Security Launches on AWS CloudFormation Public Registry for IaC Automation"The Aqua validated CloudFormation templates for multiple resource types radically simplify provisioning and deploying modules as customers scale and help them easily upgrade as new versions of the Aqua Cloud Native Security Platform are released. "
- 8. Claroty raises $140M to expand into new regions and enhance its product portfolio
- 9. SentinelOne announces IPO
- 10. Securitize raises $48M to expand into digital asset securities market
- 11. SecurID’s enhancements allow organizations to strategize for the future of IAM"The SecurID access management platform provides enterprises with a single, enterprise-grade, scalable, and secure way to account for employees, customers, and vendors: over the last quarter, the service’s daily cloud authentications grew by 338% versus the same time last year."
- 12. Ping Identity acquires SecuredTouch, accelerates identity fraud capabilities
- 13. Pondurance acquires Bearing Cybersecurity to help clients assess and remediate security gaps
- 14. Cloudflare integrates with Microsoft, Splunk, Datadog, and Sumo Logic"Now, businesses will be able to funnel security insights from Cloudflare directly into their preferred analytics platform to easily analyze in the context of their entire technology stack – without the cost or complexity of building custom integrations."
- 15. Transmit Security raises $543M to accelerate its mission of helping the world go passwordless
- 16. Skybox Security enables proactive vulnerability remediation across hybrid environments"This latest release makes vulnerability management more precise and efficient by presenting numerous remediation alternatives beyond patching. Available now, Skybox identifies remediation options to pinpoint the best course of action. This innovation advances Skybox’s mission to proactively secure complex hybrid and multi-cloud networks through a single platform approach to security policy management and vulnerability and threat management."
