Microsoft Acquires RiskIQ, Rapid7 InsightCloudSec, & Bitdefender eXtended EDR – ESW #234

Announcements

• Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

• Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

@sawaba

https://adriansanabria.com

1. 1. TOOLS: Release Ransomware Readiness Assessment CSET v10.3 · cisagov/cset
   Sounds great, but I actually installed it. It was a 1GB download. Windows smartscreen tried to block it. The installer looks like it was designed for Windows XP. It installs MSSQL Server 2012 and IIS 11. Seems the first thing this tool does is extend your attack surface... I thought it was going to be a BAS-like tool, like Guardicore's Infection Monkey, but it seems like more of a questionnaire/self-assessment tool. I don't understand why it had to be so heavy-handed???
2. 2. TOOLS: Ransomwhere
   Show me the money! A neat tool that makes it easy to track ransomware actors and how much they're getting paid.
3. 3. TOOLS: Deciduous: A Security Decision Tree Generator
   Inspired by examples in Kelly Shortridge's book on Security Chaos Engineering, Ryan Petrich created this amazing attack tree mapping tool. It's a basic, but beautiful tool that you can use to create attack maps in minutes!
4. 4. FUNDING: IoT/OT Device Security Firm NanoLock Raises $11 Million
5. 5. FUNDING: Netskope Attracts $300 Million in Additional Investment, Elevating Valuation to $7.5 Billion
   Inside-led round, CEO says this will be the last private funding they'll raise, they didn't really need it, and not in a rush to IPO.
6. 6. FUNDING: Sevco Security Launches with $15 Million in Funding to Scale Adoption of Industry’s First Cloud-Native Security Asset Intelligence Platform
7. 7. FUNDING: Ex-Trump Treasury Secretary Steven Mnuchin’s firm leads $275 million investment in Cybereason
   This Series E brings Cybereason's total funding to $664m! That's a LOT of funding. The company's valuation in 2019 was $1bn after a $200m raise led by Softbank. This round is PE-led, so maybe IPO is next? Or some strategic acquisitions?
8. 8. FUNDING: Virsec Lands $100M As Cyberattacks Ramp Up
9. 9. ACQUISITION: Microsoft reportedly to acquire cybersecurity startup RiskIQ for more than $500M
   Rumor is that the deal could be for as much as $1bn. I'm guessing this will be sold adjacent to Azure Sentinel, or maybe as part of it? The tagline is "attack surface management", but RiskIQ only very recently started doing that - they're better known for their massive database of Internet asset data.
10. 10. ACQUISITION: Sophos acquires Capsule8
    Bit of a surprise? I might have thought a more pure-play EDR vendor would go after Capsule8, but Sophos has a history of doing some solid deals to not only acquire good technology, but good teams as well. Invincea was a big one for them and Capsule8 will help round out their offerings in the enterprise/devops spaces.
11. 11. REGULATION: Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order

Paul Asadoorian

Principal Security Researcher at Eclypsium

@0offset

https://securitypodcaster.com

1. 1. Contrast Security partners with Secure Code Warrior to deliver security training for developers
2. 2. Bandura Cyber Intelligence Marketplace deploys cyber intelligence data across network in real-time
3. 3. Outpost24 acquires threat intelligence solution Blueliv
4. 4. ThreatQuotient Advances Industry Threat Intelligence Sharing With Stronger Data Curation Capabilities – Enterprise IT World
5. 5. Cybersecurity firm Arctic Wolf triples valuation to $4.3bn after Viking Global Investors-led $150m round
6. 6. Cybereason raises $275 million led by Steven Mnuchin’s VC fund
7. 7. Illumio beefs up zero-trust security with automated policy enforcement – SiliconANGLE
8. 8. Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance for Complex Cloud Environments
9. 9. Leaked email shows $9 billion cybersecurity startup Tanium just lost its fourth chief marketing officer in five years
10. 10. Bitdefender launches eXtended EDR platform
11. 11. ThycoticCentrify Modernizes Just-in-Time Privilege Elevation with Newest Release of Server Suite

Tyler Shields

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

https://www.90degree.vc/