Enterprise Security WeeklySubscribe
Vulnerability Management, Malware, Leadership, Data Security, Network Security, Security Staff Acquisition & Development, Threat Management

ESW #283 – Anthony James, Evgeniy Kharam

Full Audio

View Show Index

Segments

1. Global Security Report Highlights the Hazards of Remote Work – Anthony James – ESW #283

The pandemic forced us to rethink our IT environment as office workers went remote, outside the traditional framework of enterprise connectivity and security. This conversation will focus on top security concerns, costs, and containment strategies that 1,100 IT/security workers in 11 countries shared in a global report Infoblox sponsored to understand how organizations are addressing the new workplace.

Segment Resources: https://blogs.infoblox.com/security/1100-it-pros-spotlight-the-security-hazards-of-hybrid-work/

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Guest

Infoblox

Hosts

Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

2. What is SASE/SSE & Why It’s Even More Important in 2022 – Evgeniy Kharam – ESW #283

Secure Access Service Edge (SASE)/Secure Service Edge(SSE) has quickly become part of day-to-day lexicon. But what exactly is SASE/SSE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? How SASE frameworks compares to traditional network protection, such as Secure Web Gateway, Next gen Firewalls, Remote Access and DLP.

Segment Resources: https://www.brighttalk.com/webcast/288/508560 https://www.brighttalk.com/webcast/288/538266

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Co-Founder at Security Architecture Podcast

Evgeniy had the opportunity to spend more than 40,000 hours working in cybersecurity, mainly in implementing various technologies and later on in design and architecture. Evgeniy also spent a lot of time in the technical pre-sales role, where he helped Herejavec salespeople and cyber security vendors sell their solutions. The last several years were focused on Large Enterprise workshops to lead and guide them on improving their cyber security tools, design, and overall security program.

Evgeniy is proficient in speaking on most cyber security technical domains, including Endpoint Security, Network, Security, SIEM/SOC/SOAR, SASE/SEE, VMS, and many more.
In 2020 EVgeniy co-hosted a Security Architecture Podcast. The podcast format focuses on architecture and vendor integration into customer environments.

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

3. Enterprise Browsers, Netskope, Ping Identity, Ghost Security, & Winamp Returns! – ESW #283

In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: BlackRock-Backed Round Values Cyber Firm Acronis at $3.5 Billion
    $250M round from Blackrock that raises Acronis's valuation from $2.5B to 3.5B.
  2. 2. FUNDING: Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work
    I covered the secure browser space when I was at 451. Once of the nice things about them is they were easy to try out and test, so I got to have hands-on experience with all of them: Spikes, Light Point, Ntrepid, Fireglass, Authentic8, Menlo, Invincea, Bromium, etc. They all violated an unwritten rule: don't screw up the browser experience. The browser is too important from a productivity standpoint to add friction to or risk breaking workflows. My prediction is that these browsers will also break this rule, relegating them to niche use cases, just like v1.0 of AppControl offerings and v1.0 of secure browsers. Browser use cases, especially in the enterprise tend to get very messy. With the primary use cases being "prevent the employee from doing X, Y, or Z", I think it's inevitable that it will follow the same path: 1. Let's try this out, sounds sexy 2. Employees can't get work done and are requesting exceptions to use other browsers for these 24 edge cases 3. "Maybe we could just use this for contractors" And it is relegated to niche hell. It will still exist, but will never come close to the currently promised TAM/SAM/SOM.
  3. 3. FUNDING: Cybrary Lands $25 Million in New Funding Round
  4. 4. FUNDING: RegScale Announces $20 Million Series A Funding Round
  5. 5. FUNDING: Ghost Security defends APIs and apps from attackers – TechCrunch
    $15M round from DNX Ventures, 468 Capital, and Munich Re Ventures at a $50M valuation. Not a lot of details available, but it looks like this is likely a Series A. Ghost takes a "data science" approach to addressing API security. Appears to be competing with noname, Salt Security, and the other 1-2 dozen API security startups we've seen emerge over the last year or two.
  6. 6. FUNDING: Cybersecurity Protocol Naoris Raises $11.5M to Build Decentralized Proof-of-Security Consensus Mechanism
  7. 7. FUNDING: Island Adds Cisco Investments as Strategic Investor
    $10M Series B2? Ba? B+? It's a Series B add-on round.
  8. 8. FUNDING: API security startup Impart Security closes seed round on $6m
  9. 9. ACQUISITIONS: Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
  10. 10. ACQUISITIONS: Thoma Bravo picks up Ping Identity for $2.8B – TechCrunch
  11. 11. REBRAND: Microsoft Intros New Attack Surface Management, Threat Intel Tools (RiskIQ, rebranded)
  12. 12. ATTACKS: 35k cases of infected code on GitHub (Tweet from Stephen Lacy)
    We saw this happen on NPM a while back - instead of hacking repos, they're cloning them, adding the back door and using a typo-squatting-style strategy.
  13. 13. VULNERABILITIES: Vulns in 27 Jenkins plugins (Tweet from Catalin Cimpanu)
    https://twitter.com/campuscodi/status/1554567966200434688?t=6Pwi9WjfPR0a5bOAMANycg&s=09
  14. 14. TRENDS: 1,000s of Phishing Attacks Blast Off From InterPlanetary File System
    Web3 technologies continue to fail to account for abuse cases. It seems the Web3/crypto/NFT community is doomed to make all their own mistakes, rather than learn from the same ones we've made. Maybe some of these Web3-focused security startups can help?
  15. 15. NEW HIRE: Shiftleft appoints Stuart McClure as CEO – Help Net Security
  16. 16. REPORTS: RTF Report: Combating Ransomware
  17. 17. REGULATION: Cryptocurrency 2022 Legislation
  18. 18. REGULATION: Here come the Crypto Cops
  19. 19. STANDARDS: Traffic Light Protocol (TLP) 2.0 Released
    Introduces TLP:AMBER+STRICT and changes TLP:WHITE to TLP:CLEAR. Much more specific about how TLP should be used by the source and recipient. Defines Community, Organization, and Clients to help explain how to TLP should be applied to recipient groups.
  20. 20. LEGAL: Uber Admits Covering Up 2016 Data Breach, Avoids Prosecution
    Uber evades any punishment for the 2016 Breach, because they agreed to team up with Uncle Sam to go after former CISO Joe Sullivan. Discuss.
  21. 21. THOUGHT LEADERING: Google Cloud will never be profitable (Zack Kanter on Twitter)
    Google Cloud will never be profitable. It is borderline impossible for a company whose core product is high margin to build cost discipline in a low-margin secondary product. AWS’s biggest advantage is being borne from (and run like) a low margin core business. If you run a medium margin business like a low margin business, you’ll have a culture that’s oddly frugal. If you run a medium margin business like a high margin business, you’ll have a business that loses money forever.
  22. 22. SQUIRREL: Enabling remote operations with Remote Desktop Protocol
    https://3389rocks.com/
  23. 23. SQUIRREL: Winamp releases new version after four years in development
    Alright, there's a lot to unpack here. Winamp has been updated to run smoothly on more modern versions of Windows, includes podcast support, and includes cloud streaming support. But that's not all! What's that you say? You wish there was some kind of Winamp-skin-related NFT art competition? You're in luck! THERE IS. https://www.winamp.com/winamp-nft-initiative/ Also, Winamp is *hiring*, if you can believe that. Seven positions are currently open, and if I went for one, it would be the Product Owner position. "Knowledge of the inner workings of the industry is a plus" "Good taste in music is optional" https://audiovalley.bamboohr.com/jobs/view.php?id=232&source=bamboohr
Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

Fortinet, Palo Alto, VMWare – PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...