Enterprise Security WeeklySubscribe
Ransomware, Penetration Testing, Black Hat, Cloud Security, Data Security, Identity, Asset Management, Endpoint/Device Security

Tackling the Perennial Problem of Device Management, News, BlackHat Interviews – Jason Meller – ESW #329

Full Audio

View Show Index

Segments

1. Tackling the Perennial Problem of Device Management – Jason Meller – ESW #329

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones.

Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?

This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them!

Sponsored By

Kolide

Announcements

  • Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!

Guest

Founder and CEO at Kolide

Jason Meller is the founder and CEO of Kolide, a Device Trust solution for teams with Okta. He has spent his 15-year career building technology that enables cybersecurity professionals to protect their interests and successfully defend from sophisticated and organized global cyber threats. Jason started his security and product career at GE’s elite computer incident response team, led by Richard Bejtlich (the father of modern network security monitoring). From there, Jason moved to the legendary Mandiant Corporation (acquired by FireEye) quickly working his way up from an entry-level analyst position to becoming the Chief Security Strategist. He conceptualized, built, and deployed key products, including their managed services and threat intelligence offerings. He also organized, structured, and led the engineering strike team to facilitate and grow high-profile partnerships and key strategic initiatives. Jason has also co-founded and served as CEO of Threat Stack, a Techstars-backed cloud security startup.

Jason’s proven track record and passion for building purpose-built cybersecurity products led him to launch Kolide. Today, Kolide provides companies across the globe with a solution that should have been built years ago, along with the security guidelines and education for employees to achieve compliance without resorting to rigid management in today’s digital economy. Jason received his B.S. at the University of Connecticut.

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist at OX Security
Founder & CTO at Trimarc

2. Record startup funding, identity and context, and the Hot Ones format comes to Cyber! – ESW #329

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation.

You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.

Announcements

  • Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape. We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register. Visit securityweekly.com/cybersecuritysummit to learn more and register today!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Akamai Technologies Raises $1.08B Via Debt
  2. 2. FUNDING: Resilience Raises $100MM Series D Round, Led by Intact Ventures with Participation from Lightspeed Venture Partners
  3. 3. FUNDING: Horizon3.ai Raises $40M Series C to Confront Attackers with Proactive, Continuous Security Testing
  4. 4. FUNDING: Announcing Our Felicis Led Series A Expansion to $27M – ConductorOne

    ISPM (Identity Security Posture Management)

  5. 5. FUNDING: Baird Capital Invests in Osano
  6. 6. FUNDING: Symmetry Systems Raises $17.7M in Funding

    DSPM

  7. 7. FUNDING: Veza Announces Strategic Investments from Capital One Ventures and ServiceNow Ventures
  8. 8. FUNDING: Sweet Security Raises $12M in Seed Funding
  9. 9. FUNDING: Gomboc.ai Emerges from Stealth and Raises Over $5M in Seed Funding to Deliver Cloud Infrastructure Remediation With Its Deterministic AI Engine
  10. 10. FUNDING: Announcing ProjectDiscovery Cloud Platform + $25 Million Series A
  11. 11. FUNDING: DynamoFL Raises $15.1M Series A to Scale Privacy-Focused Generative AI for the Enterprise
  12. 12. FUNDING: Rootly Raises $12 Million from Renegade Partners, Google Gradient Ventures, & XYZ Ventures
  13. 13. FUNDING: Arpio Raises $8.2 Million Round – Arpio
  14. 14. FUNDING: Grip Security raises $41M to help enterprises manage their SaaS identity risk
  15. 15. ACQUISITION PROSPECTS: Exclusive: Cybersecurity firm SentinelOne explores sale -sources
  16. 16. ACQUISITIONS: Protect AI reveals “the highest paying” bug bounty platform for AI hackers
  17. 17. ACQUISITIONS: Partner One Acquires Key Fidelis Cybersecurity Assets
  18. 18. HOT TAKE: “Quantum” Doesn’t Solve Anything for Cybersecurity

    Reminds me of something I wrote 11 years ago! https://averysawaba.blogspot.com/2012/04/uncrackable-quantum-encryption-unicorns.html

    Some things never change...

  19. 19. HOT TAKE: Cost Per Record is still a terrible stat – Jay Jacobs
  20. 20. ESSAYS: Who Will AI Help More—Attackers or Defenders?
  21. 21. ESSAYS: Default behaviour sticks (And so do examples)
  22. 22. ESSAYS: What is the UN cybercrime treaty and why does it matter?
  23. 23. REPORTS: CISA (CSRB) Review of the Attacks Associated with LAPSUS$ and Related Threat Groups
  24. 24. VULNERABILITIES: Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws

    EvilProxy phishing campaign targets 120,000 Microsoft 365 users

  25. 25. REPORTS: Palo Alto Q4 Earnings Call & Medium Term Update
  26. 26. REGULATIONS: SEC Cybersecurity Rule Leans on Materiality and Reasonableness
  27. 27. NEW FEATURES: New Chrome Feature Alerts Users About Malicious Extensions
  28. 28. SQUIRREL: “Hot Takes” with CISOs & CyberSecurity Leaders – Caleb Sima
  29. 29. SQUIRREL: MSOutlookit

    The best way to browse Reddit without getting busted

Product Marketer and Content Strategist at OX Security
Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

3. Ransomware Economy Players, Pentest War Stories, & Ransomware Groups Working Together – ESW #329

During this segment, Jon will explore today’s ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon’s latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.

This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them!

In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!

This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them!

In this Black Hat 2023 interview, CRA’s Bill Brenner and Sophos’ John Shier discuss the company’s latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.

This segment is sponsored by Sophos. Visit https://securityweekly.com/sophosbh to learn more about them!

Sponsored By

SophosHorizon3.aiHalcyon

Guests

Field CTO, Threat Intelligence at Sophos

John Shier is a Field CTO, Threat Intelligence at Sophos with more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats, and has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.

John is often consulted by press, and has been quoted in publications like Reuters, WIRED, Fortune, CNN, The Hill, Fast Co, Yahoo, and more. He’s also a frequent speaker at industry events like RSA Conference, Infosec, Cebit, Gitex, and more.

Based in Toronto, John is available on Twitter (@john_shier) and can be reached via email at [email protected].

CEO and Co-Founder at Horizon3.ai

Snehal Antani is co-founder and CEO of Horizon3.ai. Prior to Horizon3.ai, he was CTO of Joint Special Operations Command (JSOC), CTO of Splunk, and a CIO within GE Capital. Antani holds 18 patents granted by the USPTO in data processing, cloud computing, and virtualization. He regularly participates in keynote speeches and often writes articles on leadership, innovation, digital transformation, data security, and cloud security.

CEO & Co-Founder at Halcyon

Jon Miller is the CEO & Co-founder of Halcyon with 25+ years working in the cybersecurity industry. Prior to Halcyon, Jon was the CEO & Co-founder of Boldend, a next-generation defense contractor focused on building offensive tools for the US Government. Previous to Boldend, Jon held the title of Chief Research Officer of Cylance (now Blackberry) where he focused on malware and product efficacy. Prior to Cylance, Jon was employee number 70 at Accuvant (now Optiv) where with a group of others he helped build and lead the largest technical consultancy at the time Accuvant LABS, working with over 95% of the Fortune 500 as an offensive security expert. Before Accuvant, Jon was a ten year veteran penetration tester, serving as one of the first in the industry working for the Internet Security Systems (now IBM) X-Force.

Hosts

Senior Vice President, Audience Content Strategy at CyberRisk Alliance
Sr. InfoSec Consultant at Online Business Sytems
Brainstem Hacker and InfoSec Enthusiast at Redacted

Related

Fortinet, Palo Alto, VMWare – PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...