ESW #266 – Zane Bond, & Erin Kenneally
Full Audio
View Show IndexSegments
1. How to Secure Your Secrets With Keeper Security – Zane Bond – ESW #266
Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments.
Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more.
Segment Resources:
https://www.keepersecurity.com/en_GB/secrets-manager.html
This segment is sponsored by Keeper Security.
Visit https://securityweekly.com/keepersecurity to learn more about them!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Zane Bond is the Director of Product Management at Keeper Security. In his role, Zane is responsible for driving product strategy while building the product roadmap for Keeper’ portfolio. Zane has managed various cybersecurity solutions for more than 12 years, across many disciplines including, endpoint security, network detection, machine learning and AI, incident response, privileged access management, and now credential and secrets management.
Hosts
2. Cyber Risk- A Darwinian Opportunity for Cyber Insurance – Erin Kenneally – ESW #266
The uptick in cyber incidents- and in particular ransomware- offer an opportunity if not serve as a clarion call for cyber insurance industry adaptation. In short, risk transfer that meets the needs of both industry and insurers demands more effective coordination of infosec controls, more complete and continuous optics, and more robust risk modeling.
Segment Resources:
-https://www.dhs.gov/sites/default/files/publications/3950CYRIEReport_FINAL508.pdf
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Erin Kenneally is currently the Global Director for Cyber Insurance at SentinelOne. after most recently serving as Director of Cyber Risk Strategy at Guidewire-Cyence Risk Analytics. She previously served as Portfolio Manager in the Cyber Security Division for the U.S. Department of Homeland Security, Science & Technology Directorate where she directed nearly 20 projects across programs in cybersecurity research data infrastructure, cyber risk economics, and technology ethics & privacy. Kenneally also served as Technology-Law Specialist at the International Computer Science Institute (ICSI) and the Center for Internet Data Analysis (CAIDA) and Center for Evidence-based Security Research (CESR) at the UC San Diego. She also founded and is CEO of Elchemy, Inc.. Erin is a licensed Attorney specializing in information technology law, including privacy technology, AI & autonomous systems ethics and legal risk, trusted data sharing & governance, technology policy, and emergent IT legal risks. She holds Juris Doctorate and Masters of Forensic Sciences degrees and is a graduate of Syracuse University and the George Washington University.
Hosts
3. SEC Proposals, Following Unicorns, Island’s Browser, HUB Security, & Fake Companies – ESW #266
In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. FUNDING: Island hits $1.3B valuation with $115M round – TechCrunchLess than 2 weeks after we discussed Island coming out of stealth with a massive $100M series A, they're announcing a $115 Series B (Insight, Stripes & Sequoia)? At a $1.3B valuation? For a BROWSER? That's based on an existing browser (Chromium)??? I don't disagree that there's some cool stuff you can probably only do at the browser level, but historic trends in this space suggests this will end up being far more niche than the funds raised suggest.
- 2. FUNDING: Bionic raises $65 million for application intelligence platformThe Series B was led by Insight Partners, with Cyberstarts and Battery also participating. They have an interesting approach to AppSec, where it appears they map out applications to help security teams better understand architecture, dependencies, and data flows. I know you're probably visualizing this product spitting out a Visio diagram, but don't laugh - I can't underscore how valuable something like that could be for a security team. They're using the term ASPM (application security posture management), which joins DSPM as the lastest *SPM acronym we've seen.
- 3. FUNDING: Apptega Raises $37M; Further Engages MSSPs for Automated Cybersecurity ComplianceFunding is from growth equity firm Mainsail Partners. Apptega "develops an MSSP-friendly platform designed to simplify cybersecurity and compliance", and is based in Atlanta.
- 4. FUNDING: Todyl Banks $28M Series A InvestmentSeries A led by Anthos Capital with participation from Blu, StoneMill, and Tech Operators. Product is a "single-agent, cloud-first platform that brings together EDR, NGAV, GRC, MXDR, SASE, and SIEM". That's a LOT of stuff to bake into one product platform, especially for an early stage startup! More details on their blog: https://blog.todyl.com/blog/series-a-funding-todyl-security-platform-launch
- 5. FUNDING: Application Security Firm ForAllSecure Raises $21 MillionA very interesting approach to AppSec, ForAllSecure is a decade old, but this is only their Series B, co-led by KDT and NEA. You can check out our interview with ForAllSecure's CEO and founder, David Brumley, here on episode 255: https://securityweekly.com/esw255
- 6. IPO: Israeli cybersecurity startup HUB Security merging with SPAC at $1.28 billion valuationThis is an odd one. I hadn't heard of Hub Security before. They're apparently currently public in Israel, but will delist there to go public on the NASDAQ through Mount Rainier, a SPAC. They describe themselves as a producer of "confidential computing solutions", which is a fancy way of saying they design technologies that are tamper resistant, so you can physically run systems in locations that aren't fully trusted. The only other company along these lines I can recall was PrivateCore, another Israeli startup that Facebook acquired back in 2014 (you can imagine why Facebook might need technology like this - https://privatecore.com/privatecore-is-joining-facebook/index.html). Looks like they're doing some similar stuff, like encrypting all data in RAM to defend against attacks that directly target RAM to acquire private encryption keys and other credentials. One of their products is named "Quantum Ransomware Cure".
- 7. TRENDS: Cybersecurity has 53 unicorns. Here are 10 to watchInteresting that DeWalt is interviewed for this piece. The ten unicorns Kyle chooses to focus on here (heavy lean towards cloud security) are: 1. Snyk 2. Lacework 3. Wiz 4. Arctic Wolf 5. Illumio 6. Sysdig 7. Orca 8. Beyond Identity 9. BlueVoyant 10. Aqua Security
- 8. TRENDS: New data shows how far VCs are pulling back on US Series A, B, and C valuations – TechCrunchhttps://techcrunch.com/2022/03/16/new-data-shows-how-far-vcs-are-pulling-back-on-us-series-a-b-and-c-valuations/
- 9. TRENDS: Over 90% of organizations had a security incident linked to a third-party partner in last year
- 10. REPORTS: Coalition’s H1 2021 Cyber Insurance Claims Report
- 11. REGULATION: Proposed SEC rule offers deeper insight into new cyber demands facing publicly traded companieshttps://www.scworld.com/analysis/compliance/proposed-sec-rule-offers-deeper-insight-into-new-cyber-reporting-requirements-for-publicly-traded-companies
- 12. SQUIRREL: Jobfished: the con that tricked dozens into working for a fake design agencyWe talk a lot about startups, and you'll find cases of "fake-it-till-you-make-it" culture everywhere. But there's a big difference from pretending like you have a CFO when you're only 5 employees and pretending you have a decade-old business with a full staff and clients when you've got nothing and don't intend to run a real business at any point...
