Enterprise Security WeeklySubscribe
Security Program Controls/Technologies, Security Staff Acquisition & Development

Normalyze, Axio, Flashpoint, Medical Records With Amazon, & Dial-Up Service Returns! – ESW #284

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!

Full episode and show notes

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Axio lands $23M to help companies quantify cyber risk – TechCrunch
  2. 2. FUNDING: Normalyze Announces $22 Million for DSPM Technology
  3. 3. FUNDING: LIAN Group invests eight-digit amount in Alkira, a top disruptor in the cloud industry, backed by Sequoia, Kleiner Perkins, Google Ventures, and Koch Disruptive Technologies
  4. 4. FUNDING: Flow Security Is Protecting Data At Rest and In Motion with $10M In Seed Funding – Grit Daily News
  5. 5. FUNDING: Cybersecurity Company Lumu Raises $8M, Signs Partnership with KnowBe4, the World’s Largest Integrated Platform for Security Awareness Training
  6. 6. FUNDING: Footprint – one-click KYC & PII vault
    $6M seed round led by Index Ventures
  7. 7. FUNDING: Mesh Security emerges from stealth with $4.5 million Seed round to improve Zero Trust in the cloud
  8. 8. ACQUISITIONS: BitSight Announces Intent to Acquire ThirdPartyTrust to Simplify and Modernize Third-Party Risk Management Throughout the Entire Vendor Lifecycle
  9. 9. ACQUISITIONS: Flashpoint Acquires Open Source Intelligence Leader Echosec Systems
    Flashpoint is busy building quite the security intelligence platform these days. The company is historically a threat intel vendor, going deep on researching and understanding threat actors, not just gathering and distributing IoCs. This Echosec acquisition adds the ability to monitor risks and events in real time across social media, forums, news, dark web, and other sources. No deal We missed the announcement of Flashpoint Automate last month, the rebrand of a SOAR tool Flashpoint acquired back in 2020, called CRFT. The company also picked up Risk-Based Security back in January as well, making Echosec its third. It's also worth mentioning that Flashpoint got picked up by a private equity firm, Audax Private Equity, about a year ago, and acquire/mashup/sell is a PE strategy we see often.
  10. 10. IPOs: ZeroFox Begins Trading on Nasdaq Under Symbol “ZFOX”
    Originally announced back in December 2021, the $1.4B transaction closed last week and ZeroFox has gone public on the NYSE under ZFOX. This was achieved through a SPAC named L&F Acquisition Corp (NYSE:LNFA) and as part of the deal, ZeroFox will acquire IDX, a privacy and identity protection platform.
  11. 11. REBRANDING: runZero 3.0: Check out our new name, and sync assets, software, and vulnerability data from Qualys
  12. 12. NEW PRODUCTS: Canonic Security’s AppTotal
    A novel approach to SaaS security, AppTotal gives some deep background on 3rd party apps and integrations. It even evaluates whether the permissions requested are actually necessary or not!
  13. 13. TRENDS: Do You Trust Amazon With Your Medical Records?
  14. 14. TRENDS: Accepting Crypto: A Vendor Perspective
    An interesting piece by Shodan's founder, he details the company's experiences accepting cryptocurrency as payment for memberships. This reminds me of a time I tried to give the TOR network the benefit of the doubt, but in the end, decided to block it, after realizing we had never received a single legitimate customer login from TOR, while the number of attacks we received from it was massive. TOR evangelists didn't like it, but no one was paying their mortgages via TOR, so there was little reason to endure the amount of abuse we received from TOR when we could simply block it all by checking a box in our Palo Alto Firewalls. (https://twitter.com/sawaba/status/637454396201267204) Similarly, Matherly offers some very logical reasoning in choosing not to accept cryptocurrency - few people use it and it attracts a lot of scams. It simply isn't worth the trouble it generates. He might take some flack for it, but it's the right choice.
  15. 15. TOOLS: A defender’s MITRE ATT&CK cheat sheet for Google Cloud Platform (GCP)
  16. 16. HOT TAKE: AWS CISO On Why Its Security Strategy Tops Microsoft, Google
    "We’re Not Playing Checkers, We’re Playing Chess", says CJ Moses. Ooooh, what now, Google? Need some cream for that burn, Microsoft?
  17. 17. SQUIRREL: Prodigy Reloaded
    Yup, a group of reverse-engineering techno-necromancers reanimated Prodigy. Why? Because our silly brains reward nostalgia (https://www.neurologylive.com/view/brain-and-nostalgia).
Senior Engineering Leader at AWS
Product Marketer and Content Strategist at OX Security

Related

You can skip this ad in 5 seconds