Enterprise Security Weekly (Audio)

This week, in our first segment, Attila Török, joins for an interview on Manages Security for A 100% Remote Workforce! After that, we welcome Darwin Salazar, Cloud Security Consultant at Accenture to take A Look at Microsoft's Cloud-Native SIEM! Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M Series E, Tenable acquires BAS vendor Cymptom, Orca swallows up RapidSec (sorry, had to), Cybereason confidentially files for IPO, KKR looks to offload Optiv, Cybersecurity startup trends of 2022, 1000 Unicorns, Infosec Startup Buzzword Bingo, We’ve got fundings, IPOs, acquisitions, take privates, a $3B seed round, legislation that makes sense - all kinds of exciting stuff today, on this episode of Enterprise Security Weekly! To register for Darwin’s upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw Microsoft Sentinel Ninja Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310# Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw259  

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Log4Shell: Impact and Lessons Learned! In the Enterprise Security News, Hunters raises a series C to continue building XDR, Anitian raises a $55M Series B, Four new startups emerge from stealth with seed funding, BugAlert is a new tool for notifying the public of new vulnerabilities, Turns out, Crypto.com WAS hacked, but it wasn’t Matt Damon’s fault, Who is at fault if a hacked car kills someone?, Merck wins - it was NOT an act of war, according to one court...Pearson is fined $1M for misleading investors about their 2018 data breach, Secrets of Successful Security Programs, & Why employees don’t care about your security policies! Lastly, we air a pre recorded segment with Adrian and Bikash Barai, Co-founder, CEO at FireCompass, to talk about Continuous Red Teaming Trends!   Show Notes: https://securityweekly.com/esw258 Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Rickard Carlsson from Detectify is with us to discuss a funeral for vulnerability management! Then, Will Clark from Accela joins us to talk about architecture and security in the trenches! In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!   Show Notes: https://securityweekly.com/esw257 Segment Resources: Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned!   Show Notes: https://securityweekly.com/esw256 Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. David Brumley from ForAllSecure is with us to discuss Bringing Autonomy to Appsec Then, in the enterprise security news, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise’s efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn’t effective and is even potentially harmful. Finally, we’ll take a look at some of the biggest stories and interviews we discussed this year on ESW and will wrap with our thoughts and hopes for 2022.   Show Notes: https://securityweekly.com/esw255 Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Shoshana Gourdin, to discuss how Morale Is a Safety Control! Up next, we welcome Scott Crawford, Research Director at 451 Research / S&P Global Market Intelligence, to talk about The Evolution & Future of XDR & the SOC! In the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!   Show Notes: https://securityweekly.com/esw254 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Allie Mellen, Industry Analyst at Forrester Research to discuss Digging Into XDR! In the second segment, Vincent Berk, CTO and Chief Security Architect at Riverbed to talk about Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide! Finally, in the Enterprise Security News for this week: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly! Segment Resources: https://visibility.riverbed.com/ https://www.riverbed.com/solutions/security.html https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html Visit https://securityweekly.com/riverbed to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw253

In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for 20 years before that! Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem to be coming at the challenge the same way. In the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC - is the SOC dead?, Comparing secure messaging apps, The best cities for cybersecurity professionals, and Don't miss today's Squirrel Story - it's a personal anecdote!   Show Notes: https://securityweekly.com/esw252 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. Jeffrey then joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment. In the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!   Show Notes: https://securityweekly.com/esw251 Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Angela Marafino, PM at Microsoft, to talk about MegatronAL on Kicking in the Door to Cybersecurity! In the second segment, we welcome Nick Leghorn, Director of Application Security at The New York Times, to discuss Building a Risk Based Security Program That Actually Works! In the Enterprise Security News: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more.   Show Notes: https://securityweekly.com/esw250 https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome https://www.itspmagazine.com/focal-point-podcast https://twitter.com/hackerbookclub1   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly