Enterprise Security WeeklySubscribe
Vulnerability Management, Incident Response

Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk – ESW #254

This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!

Full episode and show notes

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. TRENDS: The ‘art’ of VC startup valuations is a forgery – TechCrunch
    https://techcrunch.com/2021/12/10/the-art-of-vc-startup-valuations-is-a-forgery/
  2. 2. FUNDING: Noname Security achieves unicorn status, one year after exiting stealth, with $135 million Series C
  3. 3. FUNDING: Ermetic raises $70M for ‘identity-first’ cloud security
  4. 4. FUNDING: Dazz, from ex-Microsoft team, gets $60M to automate cloud security
    $50m Series A + $10m Seed. Sounds like a CSPM play, and who can blame them with all the money getting raised there? Founding team includes former general manager of Microsoft's cloud business and a few other ex-Microsoft folks with backgrounds in IoT security (Armis and Claroty). Founding crew looks to be mostly Israeli and funding comes from Insight Partners, Greylock Partners, Index Ventures, and Cyberstarts.
  5. 5. SPIN-OUT: LogMeIn spins LastPass out as an independent company once more
    https://blog.lastpass.com/2021/12/lastpass-investing-even-more-in-your-password-security-in-2022/
  6. 6. VULNS: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
  7. 7. POST-MORTEM: Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region
  8. 8. REPORTS: Cisco Secure Outcomes Study Report 2021
    Part 2 of an excellent series funded by Cisco and put together by the excellent Cyentia Labs. It studies security outcomes - I highly recommend reading both!
  9. 9. TRENDS: Report: 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees
  10. 10. STANDARDS: SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach
    Even NIST is ready to admit the security team can't do all the lifting.
  11. 11. REGULATIONS: Democrats accuse GOP of scuttling incident reporting in massive defense bill
    https://therecord.media/democrats-accused-gop-of-scuttling-incident-reporting-in-massive-defense-bill/
  12. 12. REGULATIONS: Senate approves cyber-loaded defense bill loaded
    https://therecord.media/senate-approves-cyber-loaded-defense-bill-loaded/
  13. 13. SQUIRREL: What’s the jankiest piece of tech you’ve seen a company depend on?
    Brandon Rohrer asks on Twitter: War stories please. What’s the jankiest piece of tech you’ve seen a company depend on?
Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

You can skip this ad in 5 seconds