ESW #268 – Josh Snow & Catherine Ullman
Full Audio
View Show IndexSegments
1. Common Sense Steps for Implementing Shields Up – Josh Snow – ESW #268
In the recent Shields Up advisory, CISA released guidance advising enterprises to prepare for an influx of malicious cyber activity. The advisory includes best practices for reducing the likelihood of a damaging cyber intrusion and how to detect and respond to potential incidents from nation state-sponsored actors. Josh Snow joins Enterprise Security Weekly to provide additional, practical advice for analysts who are on the front lines of the developing cyber conflict. He will dive into the specific practices and protocols that defenders should shore up, as well as behavioral indicators that signal active exploitation attempts.
Segment Resources: A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/
Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Josh Snow is a Principal Sales Engineer at ExtraHop with over 15 years’ experience in network computing and security. He is passionate about helping others learn about security topics and has a popular YouTube channel where he shares insights and recommendations for securing against anything ranging from common misconfigurations or emerging threats.
Host
2. Why Learning Offensive Security Makes You A Better Defender – Catherine Ullman – ESW #268
Defensive and Offensive skills have never been mutually exclusive, but the value in training across disciplines has often been overlooked. Catherine joins us today to explain why familiarity with offensive skills, tools, and the attacker's mindset is such a huge benefit for defenders. A few of the highlights we'll cover in this interview include: - How to get started, learning offensive tools and techniques - What it means to be an 'Active Defender' - How to get into the head of the attacker - How to avoid 'tool-focused tunnel vision'
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff via a department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and BlueTeamCon. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
Hosts
3. Editing Tweets, Lithuanian Unicorn (NordVPN), Trust Issues, & Ubiquity Legal Battle – ESW #268
Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: Glilot Capital raises $220 million for fourth Seed fundUnlike other funding pieces we report on, this one is a VC fund intended to partially be used for funding cybersecurity startups. Not a huge fund, until you consider that their aiming for Seed investments, and then it seems huge.
- 2. FUNDING: NordVPN raises its first money, $100M, at a $1.6B valuation$100M round led by Novation. Boom: just like that, we have another unicorn. I have some strong opinions on consumer VPN products, but Nord Security has at least expanded beyond just a private VPN, adding products like password databases, cloud storage, and other offerings.
- 3. FUNDING: Former Amazon exec gives Chinese firms a tool to fight cyber threats – TechCrunch$76M Series E, led by CPE and CDH Investments. ThreatBook is described as threat intel and endpoint security, depending on where you look. The company's founder makes a Crowdstrike comparison and plans to take the company public (in China) in the not-too-distant future. The company also aims to go global with its' product portfolio.
- 4. FUNDING: Coro secures $60M at ~$500M valuation for an all-in, SaaS-based cyber protection platform aimed at SMBs – TechCrunch$60M Series C led by UK-based Balderton Capital. Appears to be another one of these boil-the-ocean approaches that intends to be everything an SMB needs when it comes to security. Godspeed to them, it's an important segment of the market to figure out, since that's where the vast majority of businesses exist and also where they're most vulnerable.
- 5. FUNDING: Airgap Networks Raises $13.4M in Series A Funding$13.4M Series A, led by Storm Ventures. "Airgap delivers an Agentless Zero Trust Segmentation platform with a patented Ransomware Kill Switch™"
- 6. FUNDING: Cybersecurity startup Corsha lands $12M – TechCrunch$12M Series A co-led by Ten Eleven Ventures and Razor's Edge Ventures to "bring MFA to machine-to-machine API traffic". Uh, what? Ah, got it. Later on they clarify how this works: "Corsha toughens those requests with a one-time-use MFA credential built from the machine’s dynamic identity and checked against a cryptographically verifiable distributed ledger network. The API request is only accepted if there is a match between the MFA credential and that machine’s identity, and each API call requires a fresh, one-time-use credential". Seems like this could potentially be used for SaaS authentication as well - it seems like a lot of consumer and business SaaS is still ridiculously easy to attack by stealing session tokens (e.g. OAuth 1.0).
- 7. FUNDING: tru.ID Adds Sorenson Ventures to $9m Seed Round to Scale the Mobile Cybersecurity Platform$9M Seed round, led by Sorenson Ventures. Tru.ID appears to be leveraging the SIM cards built into mobile devices as an additional factor for MFA use cases.
- 8. FUNDING: Nudge Security announces seed funding with Ballistic Ventures$7M Seed round led by Ballistic Ventures (the firm's first investment), Nudge is founded by long-time Alienvault employees Russel Spitler and Jaime Blasco. There aren't a ton of details on what Nudge's product will be, but lots of hints that it takes a more proactive and positive approach in helping employees make good security choices.
- 9. FUNDING: SeeMetrics scores $6M seed to surface key security metrics for CISOs – TechCrunch$6M Seed round, led by Work-Bench, 8VC, AGP, Essence, and others. The plan is to build a product that will provide better metrics/KPIs to CISOs. Not many details yet on how the necessary data will be ingested, analyzed, and presented. Potentially a very interesting product/space - this is fairly unique from what I've seen.
- 10. FUNDING: Polaris Web Protection & Cyber Security$500K Seed round. Singapore-based security startup offering Web Application and API Protection (WAAP)
- 11. FUNDING: Ermetic Receives Strategic Investment from Splunk VenturesFunding details unknown, but this follows a $70M Series B led by Qumra Capital with support from Forgepoint Capital. Appears to be a CSPM vendor.
- 12. ESSAYS: Trust issues: The two sides of Say:DoPart 3 of a great series that focuses on something we don't have enough of in this industry: vendor trust.
- 13. TRENDS: The how and why of raising OT security capital – TechCrunchThere has always been capital available for OT Security startups, but they tended to get less funding than mainstream security startups and were highly focused in the Israeli markets. This article, by Insight Partners' Matt Gatto, suggests there might be (or should be?) increased interest in OT Security in the near future.
- 14. TRENDS: AcidRain – a Modem Wiper Rains Down on EuropeThis is the _seventh_ wiper that Russia has unleashed since the invasion of Ukraine. This isn't something we'd typically report on, except that, if history is anything to go on, we'll be seeing criminal groups leveraging wipers moreso in the future.
- 15. TRENDS: Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber playerWhoever controls the REDSPICE controls $9.9B AUS. Yes, this joke is the only reason this article is here. Aside from the fact that we reported on the White House earmarking some $10B+ for cybersecurity, so I suppose the federal cyber spending trend is spreading?
- 16. REPORTS: Cyber Security Market Industry Analysis, Size, Share, Growth Opportunities, Future Trends, SWOT Analysis, Competition, and Forecasts 2022 to 2030 – Digital JournalBased on the outdated info in the abstract, I wouldn't recommend buying this $4,000 report.
- 17. LEGAL: Ubiquiti Teaches AWS Security and Crisis Comms Via CounterexampleA particularly good writeup from @QuinnyPig on Ubiquiti's poorly advised lawsuit against Brian Krebs.
- 18. RESEARCH: ForAllSecure offering $1K to integrate free fuzzer to open source projectsWe had David on the podcast back on December 23rd, 2021 and found a very unique and interesting approach to discovering software issues. Continuing in the vein of unique approaches, ForAllSecure is now offering $1000 to anyone that will integrate its fuzzer with a popular open source project (>100 stars).
- 19. SQUIRREL: Elon Musk to join Twitter’s board of directors, teases ‘significant improvements’
- 20. SQUIRREL: Trung Phan on Twitter
- 21. SQUIRREL: Editing of Tweets is a bad idea. Here’s why.