Enterprise Security Weekly (Audio)

This week, Rickard Carlsson from Detectify is with us to discuss a funeral for vulnerability management! Then, Will Clark from Accela joins us to talk about architecture and security in the trenches! In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!   Show Notes: https://securityweekly.com/esw257 Segment Resources: Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned!   Show Notes: https://securityweekly.com/esw256 Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. David Brumley from ForAllSecure is with us to discuss Bringing Autonomy to Appsec Then, in the enterprise security news, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise’s efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn’t effective and is even potentially harmful. Finally, we’ll take a look at some of the biggest stories and interviews we discussed this year on ESW and will wrap with our thoughts and hopes for 2022.   Show Notes: https://securityweekly.com/esw255 Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Shoshana Gourdin, to discuss how Morale Is a Safety Control! Up next, we welcome Scott Crawford, Research Director at 451 Research / S&P Global Market Intelligence, to talk about The Evolution & Future of XDR & the SOC! In the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!   Show Notes: https://securityweekly.com/esw254 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Allie Mellen, Industry Analyst at Forrester Research to discuss Digging Into XDR! In the second segment, Vincent Berk, CTO and Chief Security Architect at Riverbed to talk about Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide! Finally, in the Enterprise Security News for this week: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly! Segment Resources: https://visibility.riverbed.com/ https://www.riverbed.com/solutions/security.html https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html Visit https://securityweekly.com/riverbed to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw253

In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for 20 years before that! Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem to be coming at the challenge the same way. In the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC - is the SOC dead?, Comparing secure messaging apps, The best cities for cybersecurity professionals, and Don't miss today's Squirrel Story - it's a personal anecdote!   Show Notes: https://securityweekly.com/esw252 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. Jeffrey then joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment. In the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!   Show Notes: https://securityweekly.com/esw251 Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Angela Marafino, PM at Microsoft, to talk about MegatronAL on Kicking in the Door to Cybersecurity! In the second segment, we welcome Nick Leghorn, Director of Application Security at The New York Times, to discuss Building a Risk Based Security Program That Actually Works! In the Enterprise Security News: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more.   Show Notes: https://securityweekly.com/esw250 https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome https://www.itspmagazine.com/focal-point-podcast https://twitter.com/hackerbookclub1   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chad Skipper, Director Product Marketing at VMware, to talk about Detecting the Next Breach: How to Win the War With NSX NDR! In the second segment, we welcome Frank McGovern, Cybersecurity Architect at StoneX Group Inc., to discuss Building Up the Blue Team! In the Enterprise Security News: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer, HelpSystems acquires endpoint DLP vendor Digital Guardian, Crazy valuations, Questionable statistics, Analysts shine a doubtful light on Darktrace's value, Facebook gets all Meta on us, and more!   Show Notes: https://securityweekly.com/esw249 Segment Resources: https://blogs.vmware.com/networkvirtualization/2021/10/vmware-achieves-industry-first-aaa-rating-for-network-detection-response-from-se-labs.html/ https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/NDR-Solution.pdf https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-nsx-ndr-breach-response-test-report.pdf Visit https://securityweekly.com/vmware to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Decrypt As If Your Security Depends On It! In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, and a silicon valley entrepreneur wants to scan your eyes! In the final segment, we spoke with Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups!   Show Notes: https://securityweekly.com/esw248 Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly