Interest in Identity Security is Spiking – John Shier, Will Lin, Christopher Harrell, Jim Broome – ESW #364
Full Audio
View Show IndexSegments
1. Interest in Identity Security is Spiking – Will Lin – ESW #364
"Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the last 2 years) started seeing the ITDR (Identity Threat Detection and Response) acronym that we'll be focused on today. Particularly:
- Why is this trend/spike occurring now?
- What was or is missing to do identity security properly?
- What does the future of securing identity look like?
And it's difficult to do better for this conversation than Will Lin. He spent the last half decade as a VC. On a daily basis, he was looking at the big picture of cybersecurity markets and trends. He discussed security challenges with CISOs and other security buyers on a regular basis, both directly and through the Security Tinkerers community he founded. All this led to a decision to quit the VC world to become a founder himself. Of all the categories he could have chosen, he chose identity security, and that's why we're happy to have him for this conversation.
Segment Resources:
- The Future of Identity AKA Identity promo video focused on the future of Identity
Announcements
Dive into cybersecurity with CyberRisk Alliance for exclusive insights from RSA Conference 2024. Explore executive interviews with industry leaders, uncovering visionary perspectives on threats and strategies. Delve into curated articles on trends and innovations, equipping yourself with essential knowledge for today's cyber landscape. Visit securityweekly.com/RSAC for expert guidance and inspiration in navigating cybersecurity challenges confidently.
Guest
Will Lin is the CEO of AKA Identity, which he co-founded in 2023 with Rob Fry to solve the hardest problem in identity: data. Prior to co-founding AKA Identity, Will was the managing director at Forgepoint Capital, where he invested in some of today’s leading cybersecurity companies. Will also previously held roles at Trident Capital, where he focused on investments in cybersecurity, financial services, and software, and Citi. At Citi, Will was an investment banking analyst and worked on various strategic transactions and capital offerings with companies such as Facebook, GoPro, and SAP.
Will graduated with Honors in Economics from the University of California, Berkeley. Outside of AKA Identity, Will enjoys traveling, racing cars, and constantly experimenting with new gadgets.
Hosts
2. The Cybersecurity Market Gets Some New Quirks and Features – ESW #364
We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.
Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.
From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.
To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.
We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: Announcing Transcend’s $40M Series B to fix privacy for the enterprise
Oh wow, it's going to be fixed? For all enterprises? Go on, I'll wait.
- 2. FUNDING: Lumos Secures Series B to Launch the Unified Access Platform
$35M Series B, led by Scale Venture Partners. Aims to bring IT and security together, by enabling them to solve app and access related problems through merging the SaaS Management and Identity Management industries into one platform.
I've never seen anyone THIS excited about their raise (click the link to see what I mean).
- 3. FUNDING: WitnessAI Secures $27.5 Million in Series A
$27.5M Series A, co-led by GV and Ballistic Ventures.
"WitnessAI specializes in AI safety, privacy, governance, and security. Their Secure AI Enablement platform offers solutions for observability of AI use, policy enforcement, and governance, ensuring data protection and user safety. WitnessAI's platform is deployed as isolated, cloud-based instances for each customer, encrypted with their keys to ensure data privacy and regulatory compliance. Its mission is to give organizations the security and governance controls needed to adopt AI safely."
- 4. FUNDING: Patronus AI Raises $17 million To Detect LLM Mistakes at Scale
- 5. FUNDING: BforeAI Announces $15 Million in Series A Funding Led by SYN Ventures
- 6. FUNDING: Averlon Comes Out of Stealth with $10M in Funding to Advance AI-Powered Cloud Security
$8M (seed? Series A?) led by Voyager Capital.
"Averlon’s Foundation is Built on Three Pillars:
- Panoptic Visibility: Provides CISOs and security teams deep visibility into their cloud environment.
- Predictive Attack Intelligence: Averlon’s AI model proactively predicts the actions of attackers and identifies end to end attack chains.
- Rapid Remediation: Helps security and engineer teams to identify and eliminate end-to-end attack chains by deploying surgical fixes."
- 7. FUNDING: Zendata raises $2M to redefine AI governance and data privacy with no-code platform
Though the company name sounds like something that gets transferred when Zendaya migrates to the latest iPhone, Zendata intends to improve AI governance and data privacy using a no-code platform.
- 8. ACQUISITIONS: Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure
- 9. ACQUISITIONS: Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops
If I recall correctly, BugCrowd started offering an ASM product that partially leveraged BitDiscovery's ASM platform. Now that BitDiscovery is part of Tenable, it makes sense for BugCrowd to acquire their own ASM vendor (which seem to still be plentiful).
- 10. DIVESTITURES: 3 reasons Synopsys is selling its app security business
- 11. NEW COMPANIES: Hydrolix seeks to make storing log data faster and cheaper
- 12. NEW COMPANIES: Lasso Security brings contextual data protection to generative AI applications – SiliconANGLE
- 13. NEW COMPANIES: Brian Markham on LinkedIn: Demoed Inc.
Demoed is an interesting approach - as a mediator between seller and buyer, the seller doesn't know who they are demoing to. The buyers sign up for a hassle-free experience, though one where they can easily ask the vendor questions.
- 14. NEW FUNDS: New Cisco AI investment fund not just ‘another billion dollars,’ CEO says
- 15. NEW PRODUCTS: Lacework extends platform capabilities with security service edge product for zero-trust connectivity – SiliconANGLE
A bit surprising that, after hearing Lacework was prepared to go to Wiz in a fire sale, that they had a new product ready for launch, just weeks later! It makes me wonder how "baked" this new product is.
- 16. NEW FEATURES: LastPass is now encrypting URLs in password vaults for better security
Ugh, FINALLY.
- 17. NEW FEATURES: How the new Microsoft Recall feature fundamentally undermines Windows security
Does it though? Let's discuss.
- 18. NEW FEATURES?: Microsoft to start enforcing Azure multi-factor authentication in July – DataBreaches.net
Ugh, FINALLY.
- 19. NEW FEATURES: Dashlane Nudges reduces the risk of credential theft – Help Net Security
- 20. NEW FEATURES: Nightfall AI introduces ‘Firewall for AI’ to enhance security in generative AI applications – SiliconANGLE
- 21. NEW FEATURES: BigID announces new AI data security features for Microsoft Copilot
See, to be safe using Microsoft Copilot, you gotta use Microsoft Purview. But to successfully use Microsoft Purview, you need BigID...
- 22. NEW FEATURES: PagerDuty Operations Cloud gets a boost with new AI and automation capabilities – SiliconANGLE
- 23. NEW FEATURES: Huntress adds Active Remediation and macOS coverage to its EDR solution – Help Net Security
- 24. HOT TAKES: Rather Than Measuring Risk, Fix an Interesting Problem
- 25. HOT TAKES: UnitedHealth leaders ‘should be held responsible’ for installing inexperienced CISO, senator says
- 26. HOWTOS: Automating Incident Triage with Copilot for Security
THIS is the kind of content I'm here for, and it's unsurprising seeing that it's coming from Brandon Dixon, the founder of PassiveTotal (acq by RiskIQ, which was then acq by Microsoft). He's very much a builder and hands-on tinkerer, so it was nice seeing clear demonstrations of how you can leverage this technology and how it works.
With that said, it becomes clearer that generative AI won't be revolutionary, it's a quality of life improvement. The ability to use conversational language to program an automated workflow is going to be a big time saver, and also reduces the training effort and time for SecOps employees.
We don't see a whole lot of results in this article though, so I'm interested to see how it actually performs!
- 27. HOWTOS: Doing Stuff with AI: Opinionated Midyear Edition
I just discovered this Substack, and LOVE this idea of a periodic check-in with a new technology trend (AI, in this case), and suggestions on how you should increase your exposure to it and better understand it.
- 28. ESSAYS: Navigating the AI Marketing Copyright Minefield
There are a number of unresolved issues this essay goes into, like:
- is it okay that AI models have trained on copyrighted works?
- what do we do when the output resembles copyrighted works?
- do we "own" the output of generative AI tools?
And it includes some guidance for ethical AI use.
- 29. INTERVIEWS: An interview with the most prolific jailbreaker of ChatGPT and other leading LLMs
- 30. REPORTS: Tech Trends in Enterprise Tech, from CBInsights
Some VERY interesting insights in this slide deck. If you're in enterprise security, you need to keep up with enterprise tech trends!
- 31. TRENDS: Shop Copilot+ PCs: A New Era of Windows AI PCs and Laptops
What do all these laptops have in common?
None of them have Intel inside. These are all rocking Snapdragon chipsets.
- 32. STANDARDS: NIST unveils ARIA to evaluate and verify AI capabilities, impacts – Help Net Security
- 33. SQUIRREL: Russia Has Been Transmitting a Mysterious Radio Signal for 40 Years—And No One Knows Why
- 34. SQUIRREL: Rock band’s hidden hacking-themed website gets hacked
SUCH a cool read, with a weird twist.
3. Securing Health, Creating Phishing-Resistant Users & Rising Ransomware Stakes – Jim Broome, John Shier, Christopher Harrell – ESW #364
The interview will delve into the healthcare industry's tumultuous year in 2023, marked by 124 million breached health records across 725 hacking incidents (according to The HIPAA Journal). This interview will explore the critical role that MSSPs play in safeguarding health data and systems against potential security incidents, such as ransomware and business email compromise attacks. Jim Broome will share how to proactively prepare for an incident - including establishing a comprehensive incident response plan, outlining strategies for containment, restoration, and ongoing security operations, and how an MSSP can help.
Segment Resources: Tales from the Road Blog: An External Pen Test at a Healthcare Organization Reveals the Dangers of the Dark Web - https://www.directdefense.com/tales-from-the-road-an-external-pen-test-reveals-the-dangers-of-the-dark-web/
2023 Security Operations Threat Report: https://go.directdefense.com/2023-Security-Operations-Threat-Report
This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!
In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised employee login credentials – resulting from attacks such as phishing which has been exacerbated by the rise in use of Artificial Intelligence (AI). The 2023 Verizon Data Breach Investigations Report underscores the staggering impact of breaches caused by stolen credentials, accounting for a staggering 74% of incidents. Christopher Harrell, Yubico’s Chief Technology Officer, shares how organizations can achieve passwordless authentication at scale with high assurance phishing-resistant multi-factor authentication (MFA) to elevate their security posture against phishing attacks while creating phishing-resistant users.
Segment Resources: https://www.yubico.com/blog/empowering-enterprise-security-at-scale-with-new-product-innovations-yubikey-5-7-and-yubico-authenticator-7/
This segment is sponsored by Yubico. Visit https://securityweekly.com/yubicorsac to learn more about them!
In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolving role of cyber insurance in ransom payments. Our discussion will provide insights into how organizations can adapt their cybersecurity measures to mitigate these heightened threats and recover more effectively from attacks.
Segment Resources: Blog: The State of Ransomware 2024 Report: https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf Press release: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report
This segment is sponsored by Sophos. Visit https://www.securityweekly.com/sophosrsac to learn more about them!
Sponsored By
Guests
Jim Broome is a seasoned IT/IS veteran with more than 20 years of information security experience in both consultative and operational roles. Jim leads DirectDefense, where he is responsible for the day-to-day management of the company, as well as providing guidance and direction for our service offerings.
Previously, Jim was a Director with AccuvantLABS where he managed, developed, and performed information security assessments for organizations across multiple industries. Prior to AccuvantLABS, Jim was a Principal Security Consultant with Internet Security Systems (ISS) and their X-Force penetration testing team.
John Shier is a Field CTO, Threat Intelligence at Sophos with more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats, and has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.
John is often consulted by press, and has been quoted in publications like Reuters, WIRED, Fortune, CNN, The Hill, Fast Co, Yahoo, and more. He’s also a frequent speaker at industry events like RSA Conference, Infosec, Cebit, Gitex, and more.
Based in Toronto, John is available on Twitter (@john_shier) and can be reached via email at [email protected].
Christopher Harrell is the Chief Technology Officer at Yubico where he is responsible for driving innovative authentication and security products to market. He has more than 20 years of security engineering and architecture expertise along with extensive experience managing and leading teams.
Previously, Christopher served as Director of Security Engineering at Yahoo, and as Information Security Manager at Apple. Together, in these roles, Christopher had the opportunity to secure hundreds of thousands of computers, impacting billions of users worldwide. Christopher is passionate about the potential for technology to improve lives. He believes that security and usability can co-exist, and enjoys the engineering challenge of proving it.
Hosts
