Beautiful Sites – ESW #246
Full Audio
View Show IndexSegments
1. A Plea for Better Press Releases – ESW #246
A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous, full of hyperbole, or just plain unreadable. We talk about why so many press releases are like this (there are legit reasons!) and how they could be improved.
What's wrong with press releases? 1. Frivolous Press Releases 2. Unintelligible Press Releases 3. Bending the Truth 4. Excessive hyperbole; death by adjective 5. FUD
Why are they like this? 1. Feeding the SEO beast 2. Written by committee 3. Need to appear successful 4. Need to show growth/progress 5. Need to differentiate from the competition 6. "if it bleeds it leads"
Fixing Press Releases - When should you put out a press release? - What should go into a press release? - How should you write a press release?
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
2. Why Less Is More for Static Application Scanning – Surag Patel – ESW #246
Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!
Segment Resources:
Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning
eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing
Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-ScanningSolution%20BriefFinal.pdf
This segment is sponsored by Contrast Security.
Visit https://securityweekly.com/contrast to learn more about them!
Sponsored By
Announcements
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Guest
Surag brings more than a decade of experience to Contrast Security, where he serves as Chief Strategy Officer. An experienced, highly analytical product and marketing executive, Surag’s focus is in driving Contrast’s global marketing and product strategy. Prior to Contrast, Surag served as Vice President of Global Product Management and Corporate Marketing for 41st Parameter, which was acquired by Experian in 2013. Prior to 41st Parameter, Surag led global data strategy and consumer insights for InMobi, the largest global independent mobile ad network. Surag blends his experience of bringing innovative products to market with a mix of engineering skills, product strategy, and domain expertise. Prior to InMobi, Surag spent five years at Comscore leading advertising effectiveness research and development of the Ad Effx™ suite of products.
Hosts
3. Wiz Valuation, Facebook OSS Tools, Gretel.ai, & Yubico Biometric Keys – ESW #246
In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Hosts
- 1. FUNDING: Wiz Raises $250M Series C round at Staggering $6B ValuationIt's almost like Wiz saw Orca's raise last week and said "hold my 50 year old scotch". While the amount is considerably less than Orca's bonkers Series C, Orca's valuation is ONLY $1.8bn - less than a third of Wiz's $6bn prize. Only time will tell if either company ever sees an exit that validates these huge valuations.
- 2. FUNDING: Gretel.ai, a platform for generating synthetic and privacy-preserving data, raises $50M – TechioThis is our third privacy engineering Series B in two weeks! We're really interested to see how big this category is going to get. We can definitely see this as a solid niche for companies with large and varied data streams and repositories, but we suspect the majority of folks will just build their own scripts to do it or find a project on Github that mostly meets their needs.
- 3. FUNDING: Network observability startup Kentik lands $40MA $40m Series C led by Third Point Ventures. Total funding raised is $102m. Appears to be netflow-focused and can run in all the major clouds, containers, private networks, and on hosts. Seems like an agnostic product, in terms of use cases, focused on detecting statistical anomalies, which could be security-related or performance-related.
- 4. ACQUISITIONS: Forcepoint To Acquire Security Service Edge Leader BitglassAlong with Netskope, Bitglass was one of the few remaining CASBs that didn't get acquired. PE-owned Forcepoint didn't announce the deal size, but I'm willing to bet it was well shy of a reasonable return on the $150m in Funding BitGlass raised.
- 5. NEW COMPANIES: Chainguard – focused on making supply chains secure by defaultNot a lot of details on the "how", but it looks like Chainguard intends to address potential threats at each stage of the dev process.
- 6. PRODUCTS: Yubico Launches First YubiKeys With Biometric AuthenticationAfter talking up biometric keys for over a year, they're finally available to buy! Yubico isn't the first company to market with a biometric-enabled security key, but they're one of the biggest and most visible.
- 7. TOOLS: Open-sourcing Mariana Trench: Analyzing Android and Java app security in depthThe latest in a series of code analysis tools that Facebook has made open source. They previously released Zoncoyan (Hack analyzer) and Pysa (Python analyzer). MT source code is available on Github and binary releases can be installed via PyPI.
- 8. TRENDS: Venture capital is going to need a record-breaking run of IPOs to clear its own decks – TechCrunchUnicorns are so common these days (186 in 2021 so far) that the term is no longer useful. The crux of this article is that, with current startup growth, opportunities for exits could become an issue. Some tech giants are slowing down on acquisitions due to antitrust concerns, and the IPO process is complex and time-consuming. Where do startups go if options for exits dry up, but VC funding doesn't?
- 9. TRENDS: Raising the colors: Signaling for cooperation on maritime cybersecurityTL;DR - Maritime security is way behind, quite vulnerable, and attackers are starting to take an interest. Cargo ship ransomware, anyone?
- 10. SQUIRREL: Steve Wozniak and Alex Fielding’s startup Privateer aims to be the Google Maps of space – TechCrunchSpace junk! There are already millions of pieces of junk in low earth orbit, and no one knows where most of it is! (USSC only tracks items larger than 10 centimeters) Animation showing space junk grow over time: https://youtu.be/wPXCk85wMSQ Number of debris objects estimated by statistical models to be in orbit 36500 objects greater than 10 cm 1000000 objects from greater than 1 cm to 10 cm 330 million objects from greater than 1 mm to 1 cm Some weird stuff has been put in orbit: 1. tools 2. $100k tool bag 3. Gene Roddenberry's ashes 4. Urine (Astronauts have described watching urine being released into space as one of the most beautiful sights in orbit) 5. Camera 6. 1400 pound tank of ammonia Past ideas for removing space junk: 1. nets 2. harpoons 3. robots programmed to hunt down junk 4. Ground-based lasers (https://arxiv.org/abs/1110.3835) 5. Salvage for building new things (https://futurism.com/the-byte/space-company-turn-orbital-junk-space-stations) 6. Magnets or tentacles (https://www.wired.com/story/its-finally-time-to-take-out-the-space-trash/)
