Fixing how cybersecurity products are bought and sold – Mariana Padilla – ESW #385

Okay, brace yourselves. This isn't even the security stuff, just the mainstream Microsoft stuff.

• Windows 365 is now a thing, and refers to Windows' own brand of VDI, from what I can tell.
• Microsoft Office is now Microsoft 365 Apps
• The icons for Microsoft 365 Apps now have a little Copilot icon on them. Nesting icons is so communicative and helpful
• The icon for Microsoft 365 is now THE COPILOT icon, because that's helpful and makes sense - it will have 4 characters on it: M365, which will be the only thing distinguishing it from the Copilot copilot.

The new AI buzzword is 'agentic'. Not to be left out, Microsoft is debuting agents everywhere throughout the M365 ecosystem.

More visibility for copilot admins - something they've DEFINITELY been asking for.

It was Microsoft Ignite week, so we're talking about a few of their announcements today. One is the announcement of a new bug bounty with a payout pool of $4M.

This hacking event has a scope focused on AI and Cloud products. It is open now, and runs through January 19th.

Microsoft debuts a thin client of sorts. It has local processing, but runs Windows in the cloud? I'm curious if this might be similar to Windows S, in that it would have software installation options restricted to the Microsoft Store.

It's an enterprise product, so there are unfortunately no plans to sell it to consumers, though I'd very much like to check it out and test it.

No interesting fundings this week, so we're going to focus on the fact that this buyer's market continues to encourage consolidation.

1. Cyera raises $300M in a Series D with a valuation of $3B
2. Bitsight acquires cyber threat intel platform Cybersixgill for $115M. Cybersixgill is an Israeli startup that was founded in 2014 and raised $56M to date.
3. Snyk acquired Probely for an undisclosed amount. Probely was a DAST platform founded in 2017, and has raised €9.6M to date.
4. Silverfort picked up Rezonate for an undisclosed amount. Rezonate was an identity threat detection and response (ITDR) vendor founded in 2022, and has raised $8.7M to date.
5. Wiz acquires Dazz for $450M

From the press release:

Tanium Autonomous Endpoint Management (AEM) enhances and extends the Tanium platform with a set of category-defining autonomous capabilities across the industry’s most comprehensive real-time platform, which includes asset discovery and inventory, vulnerability management, endpoint management, incident response, and digital employee experience.

“Tanium AEM leverages real-time insights from millions of Tanium cloud-managed endpoints to recommend and automate changes on endpoints within a customer’s environment, giving IT and Security teams a safe, scalable and automated platform to deliver increasingly efficient operations and an improved security posture,” said Matt Quinn, CTO, Tanium. “Tanium AEM provides customers the confidence to take the right action at the right time, giving them the power of certainty based on real-time data at scale.”

With organizations already stretched too thin and budgets not keeping up with the demands of the business, it has become imperative for IT and security operations teams to enhance efficiency by automating the numerous time-consuming, often mundane and repetitive tasks they handle daily. Knowing what tasks to prioritize and automate is a challenge, however, and, without the benefit of real-time data, automation can become unreliable in highly dynamic environments, leading to operational issues, disruptions, security risks and a lack of confidence.

UMAXX is now carrying Purism's Liberty line of phones. Purism made a splash a few years back with privacy-focused smartphones, laptops, and tablets. The company has a few more products now, including the Liberty Phone, which has some unique features:

1. Made in the USA
2. Hardware switches to enable/disable radios (WiFi, Cell, BT), microphones, and cameras
3. Runs PureOS, which seems to be a Linux-derived OS that doesn't share any codebase with Android (they also run this on their laptops)
4. Specs that are nothing to write home about (4GB RAM, 128GB storage, a solitary 13MP camera)
5. a user-replaceable modem module

How much does it cost to make a fairly basic smartphone in the US? The phone with the specs described above goes for an eye-watering $2000. A base model with 3GB of RAM and only 32GB of onboard storage will save you $400.

This is unsurprising, as these are all the political appointees. Dems go out, democrat appointees will resign and go with them. Still, it raises the question: what will CISA's next chapter look like, and who will write it?

Same as it ever was. A top 10 malware strain is going after 7+ year old vulnerabilities, and it is succeeding. Are there legit reasons for using old versions of Office, or is this just neglect/thriftiness?

If you build it, and leave it wide open to the public Internet, they will come.

The latest edition of Thinktscapes is out, in both a summarized audio/news/podcast form, and the traditional PDF. For those unaware, Thinkstscapes aims to summarize the most interesting security research from the last quarter. If you were unable to attend BH/DC, read any of the research that came out of it, or catch the thousands of security blog posts written in the last few months, this quarterly report can catch you up on the highlights.

My favorite? The story about how quickly LetsEncrypt could, if it needed to, revoke and replace all 400 million active certificates they've produced, if some worst-case scenario occurred.

An interesting report from Tines!

I've always wondered how good a job services like DeleteMe do, and we now a data-backed answer to that question from the increasingly cyber-savvy Consumer Reports.

Love this story. Such a fun and (hopefully) effective project.

Watch Strongman Hafþór Júlíus Björnsson lift over 282.624 PB of Data