This week in the Enterprise News: Basis Theory raises $17 million funding round, Crunchbase Funding Round Profile, Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC”, Hivemapper Dashcam, Authtech, Twitter accepts Elon Musk’s $44 billion offer, Austin Peay State University on Twitter, Basis Theory raises $17 million funding round, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw271
Digital identity is key to modern security architectures; enables privacy-preserving, trusted services; and drives customer-oriented experiences. Key trends like passwordless, verified credentials, and personal identity will have a profound effect on enterprise security. Discover how you can make the most of these evolutions, and learn how you can support the industry and its professionals.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw271
Cloud security is confusing enough these days, but a complex product landscape doesn’t make it any easier. In this segment we’ll talk about what’s driving this, how to make sense of it, and where to find things that actually help.
To register for our upcoming webcast with Rich Mogull on Deploying Cloud Applications Securely, visit https://attendee.gotowebinar.com/register/3131398543024475915?source=esw
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw271
This week in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya’s breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time - how many security vendors are on the list? Is the SEC forcing CISOs into the boardroom, Better, but harder to collect, security metrics, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw270
This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! We're very excited to have Will back on and are looking forward to discussing:
- Huge valuations and potential pricing/market resets and corrections
- Interesting new security categories: DSPM, SaaS Security, Enterprise Browsers
- Why security startups seem to be more resilient than in other markets (for reference: https://www.cbinsights.com/research/biggest-startup-failures/)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw270
Learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization.
This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them!
Segment Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw270
This week in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw269
Security professionals face a variety of challenges on a daily basis. The cybersecurity talent shortage and the so-called Great Resignation can lead to gaps in security, an increase in insider threats and overworked employees, not to mention external threats like hacking and ransomware. Digital forensics can help alleviate these challenges with solutions that collect evidence properly, automate workflows, function in Zero Trust environments and detect and mitigate insider threats.
Segment Resources: FTK Over the Air podcast: https://www.exterro.com/ftk-over-the-air-podcast
FTK Feature Focus weekly videos: https://youtube.com/playlist?list=PLjlGL4cu_NaM0e7h1RCTJwNnZb-dyUf3B
This segment is sponsored by Exterro. Visit https://securityweekly.com/exterro to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw269
With cybersecurity attacks continually on the rise, security teams are under more pressure than ever. It’s imperative to use your pen testing resources wisely, leveraging automation capabilities where it makes sense to save time and help conduct more impactful engagements. During this interview, Bob Erdman will discuss how to find the right balance between the reliability and efficiency of pen testing automation with the astuteness and logic of human intervention.
Segment Resources:
The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation
Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests
This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw269
Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw268
Defensive and Offensive skills have never been mutually exclusive, but the value in training across disciplines has often been overlooked. Catherine joins us today to explain why familiarity with offensive skills, tools, and the attacker's mindset is such a huge benefit for defenders. A few of the highlights we'll cover in this interview include:
- How to get started, learning offensive tools and techniques
- What it means to be an 'Active Defender'
- How to get into the head of the attacker
- How to avoid 'tool-focused tunnel vision'
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw268
In the recent Shields Up advisory, CISA released guidance advising enterprises to prepare for an influx of malicious cyber activity. The advisory includes best practices for reducing the likelihood of a damaging cyber intrusion and how to detect and respond to potential incidents from nation state-sponsored actors. Josh Snow joins Enterprise Security Weekly to provide additional, practical advice for analysts who are on the front lines of the developing cyber conflict. He will dive into the specific practices and protocols that defenders should shore up, as well as behavioral indicators that signal active exploitation attempts.
Segment Resources:
A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/
Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw268
In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw267
Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because:
1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc)
2. a vendor is using 'zero trust' as a metaphor (small z, small t)
3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t)
4. the CMO said it needs to be somewhere on the website for SEO
5. someone told a founder to put it in the sales and/or pitch deck
Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend.
Segment Resources:
NIST SP 800-207
https://csrc.nist.gov/publications/detail/sp/800-207/final
UK NCSC ZT Guidance
https://github.com/ukncsc/zero-trust-architecture
USA CISA/OMB ZT Guidance
DOD ZT Reference Architecture
https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf
Microsoft ZT Guidance
https://docs.microsoft.com/en-us/security/zero-trust/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw267