Enterprise Security WeeklySubscribe
Application security, Breach, AI/ML, Security Operations, Threat Management, Threat Hunting

Autonomous – I don’t think that word means what you think it means – Adam Shostack, Ely Kahn – ESW #359

Full Audio

View Show Index

Segments

1. Autonomous – I don’t think that word means what you think it means – ESW #359

A clear pattern with startups getting funding this week are "autonomous" products and features.

  • Automated detection engineering
  • Autonomously map and predict malicious infrastructure
  • ..."helps your workforce resolve their own security issues autonomously"
  • automated remediation
  • automated compliance management & reporting

I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop.

The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained.

We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.

Announcements

  • Google has announced that they will be shutting down the Google Podcasts platform in mid-2024. To ensure that you don't lose access to the Security Weekly content you know and love, please make sure that you subscribe to your favorite podcasts feeds on an alternative platform such as Spotify, YouTube Music, Amazon Music, Apple Podcasts, Overcast, Podcast Addict, PocketCasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now!

  • On the evening of Monday, May 6, 2024, W2 Communications and CyberRisk Alliance are bringing CYBERTACOS back to San Francisco! If eating FREE tacos, sipping on margaritas and mingling with cyber professionals from all over the world sounds good to you, make sure to register to secure your spot! Visit securityweekly.com/cybertacos to RSVP today!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Tines – Announcing our $50M Series B extension

    $50M Series B extension (2nd one!), led by Accel & Felicis. The original Series B was a €21.9M round in April 2021, led by Addition. The first Series B extension was $55M, closed in October 2022.

  2. 2. FUNDING: Anvilogic Closes $45M Series C

    $45M Series C, led by Evolution Equity Partners. "The industry’s first multi-data platform SIEM"

    "Today, Anvilogic is announcing the second generation of its copilot, Monte Copilot, which is now available for beta. Monte Copilot extends these capabilities to threat hunting and alert investigation to help accelerate analysts’ workflows."

  3. 3. FUNDING: Nagomi Security Emerges from Stealth with $30 Million in Funding to Help Security Teams Minimize Threat Exposure Using Existing Tools

    $30M Series A, led by TCV. "Proactive security" is the operative term in the press release, but I'm struggling to figure out what that means. Lots of "getting the most out of tools you already have". Automated detection engineering? Nathan Burke joins them as CMO, after 6 years as the CMO of Axonius.

  4. 4. FUNDING: Sublime – Announcing our $20M Series A to redefine email security

    $20M Series A, led by Index Ventures. Email security.

  5. 5. FUNDING: Cynomi Raises an Additional $20M to Bring Expert-level Security to SMEs

    $20M Series A, led by Canaan. "Cynomi is an AI-powered vCISO platform, designed to serve MSPs and MSSPs."

  6. 6. FUNDING: Vorlon Raises Series A from Accel with $15.7 Million Total in Funding for Proactive Third-Party API Security

    $15.7M Series A, led by Accel for "Proactive Third-Party API Security"

  7. 7. FUNDING: BforeAI Announces $15 Million in Series A Funding Led by SYN Ventures

    $15M Series A, led by SYN Ventures.

    "BforeAI autonomously maps and predicts malicious infrastructure through the ingestion of massive datasets, analyzing Internet metadata and establishing baselines to detect anomalies, deterring them before they turn into attacks. This unique capability empowers customers with a preemptive active defense posture that enables security teams to stop attacks before they are executed."

    So, it automatically generates and acts upon threat intelligence?

  8. 8. FUNDING: VulnCheck Raises $7.95M in Seed Funding

    $7.95M seed round for exploit/vulnerability intelligence. Backers included Sorenson Capital.

  9. 9. FUNDING: BreachRx Closes $6.5M Seed Round to Transform Incident Response and Shield C-Level Executives from Cyber Liability

    $6.5M Seed round, led by SYN Ventures. Joe Sullivan is on the advisory board. Generates advice and incident response plans.

  10. 10. FUNDING: NightVision Raises $5.4M in Seed Funding

    $5.4M in Seed Funding. "NightVision will empower developers to discover and remediate issues in their environments of choice before the flaws are deployed."

  11. 11. FUNDING: Introducing Amplifier: Self-Healing Workforce Security

    $3.3m pre-seed round led by Cota Capital. "Powered by a security data fabric, AI copilot and human-in-the-loop automation, Amplifier helps your workforce resolve their own security issues autonomously."

  12. 12. ACQUISITIONS: Commvault Announces Acquisition of Appranix, Accelerating and Advancing Cyber Resilience for Enterprises Globally

    "Cloud resilience"

  13. 13. ACQUISITION RUMORS: IBM courting Hashicorp

    "IBM Nears Deal for Cloud-Software Provider - Takeover could value HashiCorp at a premium to its market value of $4.9 billion"

    UPDATE: The deal is official - https://www.hashicorp.com/blog/hashicorp-joins-ibm

  14. 14. IPOS: Microsoft-Backed Rubrik’s IPO Is 20 Times Oversubscribed

    The headline basically says it.

  15. 15. NEW COMPANIES: Judy Security

    "Judy Provides Smart, Simple. Streamlined Cybersecurity for SMBs: AI-driven, enterprise-grade protection within an affordable, user-friendly platform. All-in-one security made easy."

    "Judy does it All from: -Endpoint Detection and Response (EDR) -Secure Authentication -Password Management -DNS Filtering -Managed Threat Detection & Automated Remediation (SIEM & XDR) -Automated Compliance Management & Reporting -Security Awareness Training"

  16. 16. OPEN SOURCE: GitHub – openai/openai-security-bots

    OpenAI shares some of its internally-developed security bots:

    1. Incident Response Slackbot
    2. SDLC Slackbot
    3. Triage Slackbot
  17. 17. OPEN SOURCE: GitHub – tldrsec/awesome-secure-defaults: Awesome secure by default libraries to help you eliminate bug classes!

    Awesome libraries that ship with secure defaults, curated by Clint Gibler!

  18. 18. POST MORTEMS: From OneNote to RansomNote: An Ice Cold Intrusion – The DFIR Report

    Some very useful details in this post mortem breakdown! The initial access vector is novel and interesting, but I love digging into the other details - what they do once they're in!

  19. 19. CYBERCRIME: CoralRaider leverages CDN cache domains in new infostealer campaign
  20. 20. DUMPSTER FIRE: Devs flood npm with 15,000 packages to reward themselves with Tea ‘tokens’

    So annoying, but perverse incentives have a knack of resulting in annoying outcomes.

  21. 21. ESSAYS: You Can’t Teach Someone to Swim When They’re Drowning

    This interesting piece, by Chris Hughes, explores the paper Evidence-based cybersecurity policy? A meta-review of security control effectiveness, which we discussed a few episodes ago on this podcast. It gets into the interesting concept of "loosening guides" as opposed to "hardening". I've never heard hardening described as a potentially negative practice, but it makes some good points.

  22. 22. ESSAYS: 5 trends in the cyber insurance evolution
  23. 23. ESSAYS: Gunnar Peterson – Top 10 Digital Account Risks and How to Mitigate Them

    Some of these will be obvious to defenders, but at least a few of the ten on this list won't, I'm betting. Some very comprehensive defense strategies, which is the real value of this post, in my opinion.

  24. 24. NO BRAINERS: FTC Announces Rule Banning Noncompetes

    It's about time.

    There is a carveout for management with policymaking privileges that make over $151K.

  25. 25. MARKET NEWS: Cybersecurity Venture Market Rebounds With Tailwind From AI

    Title pretty much says it. The hook reads "Funding for startups in the cybersecurity sector jumped 69% in the first quarter from the prior quarter, according to Crunchbase"

  26. 26. SQUIRREL: Tracker Beeper – Bert Hubert’s writings

    Hilarious. Bert Hubert has coded together a Linux project that makes noise whenever your data is sent to Google. It can be extended to other potentially malicious or privacy-thwarting trackers as well.

    As you can imagine, things get noisy in the demo video.

    Reminds me a bit of an open source project I played with years ago, that attempted to represent network traffic, or network security findings with sound. A calm, bumbling brook? Everything is fine. A jungle with screaming monkeys? Better check out your dashboards and see what's up!

    For those interested, it was called Peep - The Network Auralizer

  27. 27. SQUIRREL: DO NOT BUY HISENSE TV’S LOL (Or at least keep them offline)
Lead Product Manager at Monad
Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

2. How GenAI Can Improve SecOps – Ely Kahn – ESW #359

We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas!

This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!

Sponsored By

SentinelOne

Announcements

  • Get ready for an electrifying experience at the 15th annual Identiverse! Join 3,000+ identity professionals at the ARIA Resort & Casino in Vegas on May 28-31, 2024, for 4 days packed with dynamic learning & collaboration. Don't miss out on keynote speakers including Denee Defiore, CSIO of United Airlines; Tucker Bryant, Entrepreneur and Former Googler; George Roberts, Director of Identity and Access Engineering at McDonald's and many more!

    As a community member, receive 25% off your Identiverse 2024 tickets using code IDV24-SW25!

    Register today: securityweekly.com/idv2024

Guest

VP, Product Management, Cloud Security, AI/ML, and Core Platform, Product Management at SentinelOne

Ely Kahn is VP Product for Cloud Security, AI/ML, and Core Platform at SentinelOne. Previously, he was Head of Product for AWS Security Hub. Before his time at AWS, Ely was a co-founder for Sqrrl, a security analytics startup that AWS acquired and is now Amazon Detective. Earlier, Ely served in a variety of positions in the federal government, including Director of Cybersecurity at the National Security Council in the White House.

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist at OX Security

3. Threat Modeling and Understanding Inherent Threats – Adam Shostack – ESW #359

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.

Resources:

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2024 Full Conference Pass! RSA Conference will take place May 6 to May 9 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac24 and use the code 54USECWEEKLY! We hope to see you there!

Guest

President at Shostack + Associates

Adam is the author of Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

His accomplishments include:
– Helped create the CVE. Now an Emeritus member of the Advisory Board.
– Fixed Autorun for hundreds of millions of systems
– Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)
– Created the Elevation of Privilege threat modeling game
– Co-authored The New School of Information Security

Beyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Host

Principal Researcher at The Defenders Initiative

Related

AI fixes everything, C++ the actual worst, IAM is hard – ASW #308

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Wat...