0patch – Security Patching That Doesn’t Make Your Life Miserable – Mitja Kolsek – ESW #261
0patch is a simple but powerful service that provides tiny targeted security patches to Windows computers, eliminating the most critical vulnerabilities without restarting the computer or relaunching applications. A different approach to patching allows us to both create and deploy 0day patches much quicker than original vendors can with their traditional update processes.
Segment Resources: 0patch Blog with many posts on vulnerabilities and patches we make https://blog.0patch.com/
0patch FAQ https://0patch.zendesk.com/hc/en-us/categories/200441471
After completing the computer sciences study, Mitja co-founded ACROS Security in 1999, offering application security assessments and penetration testing services to large, mostly US-based customers. Many discovered vulnerabilities and successfully penetrated customer networks later, he co-founded 0patch, a 3rd party security patching service aiming to make penetration testers’ – and more importantly, attackers’ – lives harder.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Changing the TPCRM Game W/ Cyber Risk Intelligence Tools – Vikram Asnani – ESW #261
Definitions of the word intelligence include a collection of information of military or political value as well as the ability to acquire and apply knowledge or skills. In cybersecurity, when we possess intelligence, we feed that data in our Security Operations Center (SOC) to further analyze the risk present. In this case, the risk is based on the probability of threats materializing and the impact they would have on the organization.
We’re calling the output of that SOC Cyber Risk Intelligence. Cyber Risk Intelligence is the ability to think holistically about risk and provide information that decision makers can act on...not just analyze.
Traditional Vendor Risk Management (VRM) processes focus on the gap, which is essentially information that needs to be further analyzed against the risk to the business. This is an additional step that takes time and effort, especially when different compliance frameworks and threats are constantly emerging.
Segment Resources: https://www.cybergrx.com/resources/research-and-insights/blog/beyond-risk-management-how-cyber-risk-intelligence-tools-are-changing-the-tpcrm-game
This segment is sponsored by CyberGRX.
Visit https://securityweekly.com/cybergrx to learn more about them!
Vikram is a CISSP and SABSA certified cybersecurity and privacy professional with 15 years of global experience in assisting clients across Risk Management, CyberSecurity Strategy, Third Party Risk, Cloud Migration, Business Continuity and Data Privacy, through Advisory and Managed Services offerings with a motto of using technology as an innovative solution for driving maturity. Vikram has worked with many assurance functions, risk managers as part of his experience of working with Big4 consultancy companies. He also has experience of leading a national practice for third party risk management, where he has built end to end TPRM programs including establishing governance and assurance functions. Vikram is currently a solution architect for a CyberGRX, which has revolutionized the way to manage TPRM program and has been assisting its clients in maturing their TPRM program using CyberGRX.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Cisco/Splunk Rumors, Canonic Security, Unhelpful Legislation, & Securonix Round – ESW #261
Finally, in the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raises a totally legit $26.5M Series A, Vicarius and Calamu raise Series As ,Permit.io, KSOC, Titaniam, Canonic Security, Allure Security, and SecureThings all pick up seed funding! We look at Big Tech’s cybersecurity funding and acquisitions, The rumor mill goes nuts over a Cisco/Splunk deal that’s probably not happening (maybe?) Why are cybersecurity asset management startups so hot right now? New products, unhelpful legislation, a major acquisition, & of course a few squirrel stories!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Adrian Sanabria
- FUNDING: Cyber security company Securonix raises $1 billion in Vista-led roundSurely this is an acquisition??
- FUNDING: Salt Security Raises $140 Million Series D Round Led by CapitalG at $1.4 Billion ValuationUNICORRRRRRN
- FUNDING: Legit Security raises $26.5 million Series A to protect software supply chainsTOTES legit.
- FUNDING: Vicarius raises $24M to build out its vulnerability remediation platform – TechCrunch
- FUNDING: Calamu Raises $16.5M Series A Round to Scale Next Gen Multi-Cloud Data Protection Platform for Ransomware Recovery
- FUNDING: Permit.io raises $6M to make permissions easier – TechCrunch
- FUNDING: KSOC Raises $6 Million Seed Round to Definitively Secure KubernetesLaziest name ever, but easy to remember and kinda catchy, so I can't hate.
- FUNDING: Titaniam Secures $6 Million in Seed Funding as Customer Demand Soars
- FUNDING: Canonic Security raises $6 million Seed round for SaaS application security platform
- FUNDING: Allure Security Closes $5.3M in Seed Funding – FinSMEs
- FUNDING: Cybersecurity startup SecureThings.ai picks up $3.5 million in funding led by Inflexor VenturesAn India-based automotive cybersecurity startup. Makes sense - cars are full of computers these days and India is the world's 4th largest automaker, behind China, the US, and Japan. It just edges out Germany, Mexico, and South Korea.
- ACQUISITION: Akamai to acquire AWS competitor Linode for $900MAWS competitor? Not even close. Maybe a Digital Ocean competitor. An interesting buy though: - bootstrapped, profitable from the beginning (which was several years before AWS) - 250 employees (yeah, that's right - each employee is valued at $3.5M in this deal) - $100M ARR ($400k revenue per employee is nothing to sneeze at either!) - SMB-focused, which makes the Akamai acquisition a bit of a head scratcher. The stated rationale is "The goal of the acquisition is to provide developers with a distributed platform for building, running, and securing “next-generation” applications", which I'm struggling to translate into anything meaningful
- REPORT: CBInsights – Big Tech In Cybersecurity
- OP-ED: Vulnerabilities don’t countYour vulnerability metrics are hot garbage. Andy Ellis knows it and you know it. A great read, full of examples and visualizations.
- RUMORS: Cisco Made $20 Billion-Plus Takeover Offer for SplunkI don't know where this rumor started, but it is absolutely NOT newsworthy that Splunk is in M&A conversations. They're probably having M&A conversations EVERY SINGLE DAY OF THE YEAR. Now, if they're in the market for a SIEM, that's generally interesting and newsworthy - but basically everyone on all sides has denied that a deal is happening between the two giants. Or maybe that's exactly what both sides would say if they WERE in more serious, late-stage acquisition talks? Hmmm... If it did happen, it would be the biggest acquisition ever.
- TRENDS: Why are cybersecurity asset management startups so hot right now? – TechCrunchI'm betting Tyler and Katie might have some theories?
- LEGISLATION: To protect consumers, Congress should secure the app store supply chain – TechCrunchCongress means well, I guess.
- NEW PRODUCT: Early access to Chrome OS Flex: The upgrade PCs and Macs have been waiting for
- NEW PRODUCT: Introducing Passage: Biometric User Authentication Built for Developers
- SQUIRREL: Netflix optioned a movie about crypto’s biggest scandal – TechCrunchBecause, of course they did. Same guy that made Fyre Festival and Theranos dumpster fire specials (to be clear, his documentaries aren't dumpster fires, his subject matter is). From now on, I'm calling this category of documentaries, DUMPSTERmentaries.
- SQUIRREL: Virgin Galactic opens ticket sales to the general public$450k tickets to space are now available! What does this get you? - an opportunity to annoy people by insisting you're now an "astronaut" (yes, they actually use this term) - an opportunity to buy an 'Astronaut Edition' Range Rover - a custom Under Armour "spacesuit" - "astronaut" training
