Info

Enterprise Security Weekly (Video)

If you’re looking for advice and information on enterprise security solutions, look no further than Enterprise Security Weekly! We give you an “insider” perspective into security vendors, including coverage on new product announcements, integrations, funding, M&A, and more! Adrian, Tyler, Katie, and Sean have unique perspectives on the enterprise security landscape. All four hosts are former analysts. Adrian has been a consultant, practitioner, founder, and runs Security Weekly Labs. Tyler has spent many years as a marketing executive for security vendors. Katie has also recently moved to a vendor marketing role. Sean is founder and CTO at Trimarc Security, a professional services company which focuses on improving enterprise security. Together they provide valuable resources for protecting the enterprise and following the market each week!
RSS Feed Subscribe in Apple Podcasts
Enterprise Security Weekly (Video)
2024
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April


Categories

All Episodes
Archives
Categories
Now displaying: 2024
Apr 12, 2024

This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later

They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor.

They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like.

Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW.

They discuss a number of essays, some of which are a must read:

  • Daniel Miessler's Efficient Security Principle
  • Subsalt's series on data privacy challenges
  • Lucky vs Repeatable, a must-read from Morgan Housel
  • AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo
  • Customer love by Ross Haleliuk and Rami McCarthy

We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach.

We wrap up discussing Air Canada's short-lived AI-powered support chatbot.

Show Notes: https://securityweekly.com/esw-357

Apr 11, 2024

In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened?

Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet.

Segment Resources:

Show Notes: https://securityweekly.com/esw-357

Apr 4, 2024

NVD checked out, then they came back? Maybe?

Should the xz backdoor be treated as a vulnerability?

Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?

What were some of the takeaways from the first-ever VulnCon?

EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?

How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?

There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.

Segment Resources:

Show Notes: https://securityweekly.com/esw-356

Apr 4, 2024

As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.

In this week's news segment,

  • We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
  • We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
  • We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
  • Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
  • Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!

By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

Show Notes: https://securityweekly.com/esw-356

Mar 29, 2024

This week, in the enterprise security news:

  1. Early stage funding is all the rage
  2. AI startups continue to pop out of stealth
  3. The buyer's market continues with more interesting acquisitions
  4. Purpose-built large language models for security
  5. Benchmarking LLMs for security
  6. GoFetch? More like... Get outta here (I couldn't think of anything clever)
  7. Crowdstrike and NVIDIA team up
  8. Why do people trust AI?
  9. What do Google Sheets and Carlos Sainz Jr. have in common?

All that and more, on this episode of Enterprise Security Weekly!

Show Notes: https://securityweekly.com/esw-355

Mar 28, 2024

Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity.

Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting insights and forehead-slapping observations to the table. I think part of the reason diversity is so necessary is that security itself is incredibly broad. It covers everything that technology, processes, and people touch. As such, cybersecurity workers need to have a similarly broad skillsets and background.

Today, we talk to someone that embodies both this non-typical cybersecurity background and sense of curiosity - Clea Ostendorf. We'll discuss:

  • The importance for organizations to actively seek and welcome curious newcomers in the security field who may not conform to traditional cybersecurity norms.
  • Strategies for organizations to foster an environment that encourages individuals with curiosity, motivation, and a willingness to challenge conventional norms, thereby promoting innovative thinking in addressing security risks.

Segment Resources:

Evolving Threats from Within - Insights from the 2024 Code42 Data Exposure Report

Show Notes: https://securityweekly.com/esw-355

Mar 25, 2024

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs.

Segment Resources:

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security!

Show Notes: https://securityweekly.com/esw-354

Mar 22, 2024

In the enterprise security news,

Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say

Show Notes: https://securityweekly.com/esw-354

Mar 15, 2024

We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us.

Also in this week's news:

  1. Homomorphic encryption pops up again!
  2. Microsoft Security Copilot has a release date!
  3. Sudo for Windows
  4. Microsegmentation pops up again!
  5. The TikTok Ban
  6. Darwin's Newsletter: The Cybersecurity Pulse

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-353

Mar 15, 2024

In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going.

Segment Resources:

Show Notes: https://securityweekly.com/esw-353

Mar 8, 2024

In the enterprise security news,

  1. Axonius raises $200M and is doing $100M ARR!
  2. Claroty raises $100M and is doing $100M ARR!
  3. Crowdstrike picks up DSPM with Flow Security
  4. CyCode picks up Bearer
  5. Are attackers like lawyers?
  6. How a bank failed (with no help from a cyber attack)
  7. the FTC cracks down on customer data collection
  8. Apple’s car sadly won’t be a thing any time soon
  9. or maybe ever.

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-352

Mar 8, 2024

Defenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks?

Wait for the annual pen test? Probably not a good idea.

In this segment, we'll talk with Michael Mumcuoglu about how MITRE's ATT&CK framework can help defenders better prepare for inevitable attack TTPs they'll have knocking on their doors.

Segment Resources:

Show Notes: https://securityweekly.com/esw-352

Mar 1, 2024

In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back.

Some other topics we discuss:

  • NIST CSF 2.0
  • insider threats
  • Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components)
  • Nevada AG trying to get messaging decrypted for children, to "protect them"
  • Kelly Shortridge's response to CISA's secure development RFI
  • OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity
  • Instacart spews out crappy AI recipes and photos

Show Notes: https://securityweekly.com/esw-351

Mar 1, 2024

Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture!

You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/

Show Notes: https://securityweekly.com/esw-351

Feb 22, 2024

Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021.

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

Show Notes: https://securityweekly.com/vault-esw-8

Feb 16, 2024

This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market forces, acquisitions - stuff we usually discuss.

Then we get into all the crazy new AI and non-AI products being announced and coming out. Have some disposable cash to pre-order crazy gadgets? This is the episode for you!

Show Notes: https://securityweekly.com/esw-350

Feb 15, 2024

In this segment, featuring guest Amer Deeba, we'll explore how the SEC's new breach reporting rules will affect companies. We've got a ton of questions: What behavior has to change? What additional preparation needs to take place? How does this rule affect data security? How does it affect crisis communications?

And most importantly, when is an incident "material"?

Show Notes: https://securityweekly.com/esw-350

Feb 9, 2024

This week, we discussed how a quick (minutes) and cheap ($15 a pop) fake ID service creates VERY convincing IDs that are possibly good enough to fool ID verification services, HR, and a load of other scenarios where it's common to share images of an ID. Kudos to 404Media's work there.

In the security market, we discuss who might be the first cybersecurity unicorn to go public in 2024, Oasis Security and Tenchi's funding rounds, Protect AI's acquisition of Laiyer AI and their FOSS project, LLM Guard. We discussed the seemingly inevitable M&A activity as unfunded security startups NEED to find a sale. Ross Haleliuk had an interesting LinkedIn post that goes deeper on this topic. Finally, we discussed Tyler's observation that Palo Alto Networks did the seemingly impossible - increased their valuation from $19B to over $100B in 5 years, despite having to weather a pandemic and market downturn along the way! Ryan pointed out that PANW joined the S&P 500 somewhere along the way - a watershed moment for them.

We discussed Bluesky and how it's likely too little too late when it comes to building back the community we lost when much of the InfoSec community left Twitter.

We also discussed a cybersecurity training scammer, Daniel Miessler's new Fabric tool, AnyDesk getting hacked, The Real Shim Shady vuln, new (voluntary) cybersecurity goals for healthcare, and the lack of toothbrush-enabled DDoS attacks!

Full show notes here: https://www.scmagazine.com/podcast-episode/3061-enterprise-security-weekly-349

Show Notes: https://securityweekly.com/esw-349

Feb 8, 2024

Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption

No longer can enterprises take their cryptography for granted, rarely evaluated or checked.

Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall security policy, zero-trust approach, and risk management strategy. After all, zero-trust is meaningless if your cryptography isn't working.

Segment Resources: https://www.businesswire.com/news/home/20231030166159/en/Proprietary-Research-from-Quantum-Xchange-Shows-the-Dreadful-State-of-Enterprise-Cryptography

https://www.forbes.com/sites/forbestechcouncil/people/vincentberk/?sh=3d88055852c1

This segment is sponsored by Quantum Xchange. Visit https://securityweekly.com/quantumxchange to learn more about them!

Show Notes: https://securityweekly.com/esw-349

Feb 2, 2024

In this week's Enterprise Security News, Adrian, Tyler, and Katie discuss: 1. Tons of funding! 2. A notable acquisition! 3. The line is blurring between services and product firms 4. Apparently IronNet isn’t dead? 5. The toxicity of Hero culture in tech 6. Knowing when to quit 7. AI-powered fraud is hitting close to home 8. Quantum snake oil is getting worse 9. Prompt injection 10. Are you being hacked by your washing machine?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-348

Feb 1, 2024

We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.

The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.

In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.

Segment Resources:

Show Notes: https://securityweekly.com/esw-348

Jan 26, 2024

Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I’m making none of this up). Rumors about Zscaler’s next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies.

Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA’s furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that.

Show Notes: https://securityweekly.com/esw-347

Jan 25, 2024

We interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist.

Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base.

Segment Resources:

Show Notes: https://securityweekly.com/esw-347

Jan 19, 2024

On this segment, we talk a lot about AI, new technologies, and the future from a personal and consumer standpoint. Not a lot of enterprise-relevant stuff in the news today, but consumer products and AI will have a HUGE long-term impact, so that's how we're justifying today's topical focus ;)

Show Notes: https://securityweekly.com/esw-346

Jan 18, 2024

The general public has varied opinions of biometric authentication, and an increasingly reluctant relationship with it, as more and more facial recognition is forced upon us (especially those of us that travel frequently). Facial recognition doesn't work for everyone, so what other options do we have?

In this interview, we'll explore accessibility in identity verification and the viability of voice-based authentication. How big an issue are AI-powered voice imposters? How will companies like Veridas combat these threats? We'll ask all these questions and more in this ESW interview.

Show Notes: https://securityweekly.com/esw-346

1 2 Next »