Gas South and ExtraHop- A Journey of Security Partnership – Rajiv Thomas – ESW #234
Rajiv has more than 20 years of IT infrastructure and security experience. He has worked in various parts of the world for huge multinationals before settling down in Atlanta. He is currently works in the security operations and network operations teams of Gas South LLC
- Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Microsoft Acquires RiskIQ, Rapid7 InsightCloudSec, & Bitdefender eXtended EDR – ESW #234
- Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
- Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!
Adrian Sanabria
- TOOLS: Release Ransomware Readiness Assessment CSET v10.3 · cisagov/csetSounds great, but I actually installed it. It was a 1GB download. Windows smartscreen tried to block it. The installer looks like it was designed for Windows XP. It installs MSSQL Server 2012 and IIS 11. Seems the first thing this tool does is extend your attack surface... I thought it was going to be a BAS-like tool, like Guardicore's Infection Monkey, but it seems like more of a questionnaire/self-assessment tool. I don't understand why it had to be so heavy-handed???
- TOOLS: RansomwhereShow me the money! A neat tool that makes it easy to track ransomware actors and how much they're getting paid.
- TOOLS: Deciduous: A Security Decision Tree GeneratorInspired by examples in Kelly Shortridge's book on Security Chaos Engineering, Ryan Petrich created this amazing attack tree mapping tool. It's a basic, but beautiful tool that you can use to create attack maps in minutes!
- FUNDING: IoT/OT Device Security Firm NanoLock Raises $11 Million
- FUNDING: Netskope Attracts $300 Million in Additional Investment, Elevating Valuation to $7.5 BillionInside-led round, CEO says this will be the last private funding they'll raise, they didn't really need it, and not in a rush to IPO.
- FUNDING: Sevco Security Launches with $15 Million in Funding to Scale Adoption of Industry’s First Cloud-Native Security Asset Intelligence Platform
- FUNDING: Ex-Trump Treasury Secretary Steven Mnuchin’s firm leads $275 million investment in CybereasonThis Series E brings Cybereason's total funding to $664m! That's a LOT of funding. The company's valuation in 2019 was $1bn after a $200m raise led by Softbank. This round is PE-led, so maybe IPO is next? Or some strategic acquisitions?
- FUNDING: Virsec Lands $100M As Cyberattacks Ramp Up
- ACQUISITION: Microsoft reportedly to acquire cybersecurity startup RiskIQ for more than $500MRumor is that the deal could be for as much as $1bn. I'm guessing this will be sold adjacent to Azure Sentinel, or maybe as part of it? The tagline is "attack surface management", but RiskIQ only very recently started doing that - they're better known for their massive database of Internet asset data.
- ACQUISITION: Sophos acquires Capsule8Bit of a surprise? I might have thought a more pure-play EDR vendor would go after Capsule8, but Sophos has a history of doing some solid deals to not only acquire good technology, but good teams as well. Invincea was a big one for them and Capsule8 will help round out their offerings in the enterprise/devops spaces.
- REGULATION: Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order
Paul Asadoorian
- Contrast Security partners with Secure Code Warrior to deliver security training for developers
- Bandura Cyber Intelligence Marketplace deploys cyber intelligence data across network in real-time
- Outpost24 acquires threat intelligence solution Blueliv
- ThreatQuotient Advances Industry Threat Intelligence Sharing With Stronger Data Curation Capabilities – Enterprise IT World
- Cybersecurity firm Arctic Wolf triples valuation to $4.3bn after Viking Global Investors-led $150m round
- Cybereason raises $275 million led by Steven Mnuchin’s VC fund
- Illumio beefs up zero-trust security with automated policy enforcement – SiliconANGLE
- Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance for Complex Cloud Environments
- Leaked email shows $9 billion cybersecurity startup Tanium just lost its fourth chief marketing officer in five years
- Bitdefender launches eXtended EDR platform
- ThycoticCentrify Modernizes Just-in-Time Privilege Elevation with Newest Release of Server Suite
All Our Devices and Privacy on the Web – Deepika Gajaria, Scott Scheferman – ESW #234
Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.
Deepika is responsible for product strategy and delivery at Tala. Working closely with our customers, she drives product direction and shapes the product roadmap to address their core needs.
Prior to Tala, Deepika was part of Cisco Jasper where she led the launch of IoT smart city applications. Her career in Product Management began at EMC, in the New Product Introduction team, working on key initiatives across the Storage and the Data Protection divisions.
Deepika has held diverse roles in her career: her first job out of school was in Research and Development of high voltage particle accelerator technology used in cancer therapy machines.












