Breaking Through Vendor Barriers: Product Data as a Service – Tim Morris – ESW #278
Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization.
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Tim is a visionary leader and an IT and cyber security expert, with decades of experience across industries. He joined Tanium after retiring from Wells Fargo, where he was an SVP and led several teams in cyber operations, engineering, and research. He holds 25 US patents and has written many articles on cyber security topics. He is also a trusted source of insights and opinions for major publications and web shows, where he shares his knowledge and passion for the field.
Tim started his IT career as a developer and sysadmin in manufacturing, then moved to banking, where was a software packaging, scripting, active directory administration, and M&A projects. He has been dedicated to cybersecurity since 2009, specializing in areas such as detection and response, systems and patch management, vulnerability assessment, web-content filtering, malware analysis, red-teaming, and digital forensics.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
IBM Acquires Randori, Quantum Devices, Microsoft Defender, & RapidFort – ESW #278
Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don’t lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Adrian Sanabria
- FUNDING: Cyberint raises $28 million to help organizations gain visibility into external risk exposure
- FUNDING: RevealSecurity Raises $23M
Sounding a lot like CASBv2 from the descriptions - detecting insider threat in SaaS, etc.
- FUNDING: Attack surface management platform RapidFort raises $8.5M – TechCrunchRapidFort is NOT an attack surface management platform. At least, not according to the current definition of this term. When you say "ASM" these days, the term invokes thoughts of scanners that discover abandoned, vulnerable assets exposed to the public Internet. But instead of finding existing security/tech debt, Rapidfort interestingly attempts to avoid sending it out there in the first place, by filtering out unnecessary and vulnerable components BEFORE they're put into production.
- FUNDING: Quickpass Cybersecurity Raises $7 Million to Secure MSPs and Automate Helpdesk Security
- FUNDING: evolutionQ News Release June 13, 2022 – evolutionQ Secures US$5.5 Million in Series A Funding for Global Expansion"The quantum-safe software allows organizations building a network based on Quantum Key Distribution devices to easily deploy and cost-effectively manage quantum technologies throughout their network." Huh?
- FUNDING: Firmware Supply Chain Company Binarly Raises $3.6 Million from WestWave Capital, Acrobator VenturesDoes Eclypsium have competition??
- FUNDING: Kriptos Raises US$3.1 Million To Address Sensitive Data BreachI don't think this translated well. Bi-lingual California-based Kriptos discovers and classifies data, but from this title, it sounds like they just needed money to pay for a breach! Data security is definitely back, and it will be interesting to see what early adopters say - is Data Security 2.0 better at DLP/classification than the original round of products in this space?
- FUNDING: Bunkyr raises over $1M to bring frictionless security to developers and end users • BunkyrTwo things caught my attention here: 1. As I've previously mentioned, cryptocurrency and especially hardware (cold) wallets are a challenge for the average consumer and it's painful to see all the folks losing thousands or tens of thousands of dollars to a forgotten pin or passphrase. Even Joe Grand is running a company that attempts to recover wallets now. 2. Though this company's primary focus is ensuring cold wallet owners never lose access, they manage to completely avoid mentioning cryptocurrency or wallets in the press release. I don't think it's a coincidence, but it still leaves me wondering what they're worried about.
- ACQUISITIONS: IBM bolsters cyber security offerings with Randori acquisition
- ACQUIHIRE: Darkbit Founders Join Aqua Security to Bolster Cloud Native Security ExpertiseBoth of Darkbit's founders join Aqua. They're not calling it an acquisition, so we won't either.
- PARTNERSHIPS: We’ve joined the FIDO Alliance to build a better future for authentication
- NEW PRODUCTS: Jit aims to simplify product security for developersNot to be confused with git
- NEW PRODUCTS: Contrast Security Makes Enterprise-Class Code Security Testing Tools Available to All Developers for Free
Free code scanning!
- NEW PRODUCTS: SafeBreach Unveils SafeBreach Studio
- NEW FEATURES: Noname Security Launches Most Advanced Global API Security Solution on the Market Delivering Greater Scalability and Performance
- NEW FEATURES: Rumble 2.14: Sync assets, software, and vulnerability data from Tenable, run external discovery from our cloud, and extend your Microsoft Azure coverageRumble continues to impress and now has a large number of integrations that pull additional asset data and enrichment data into Rumble. List of integrations here: https://www.rumble.run/docs/integrations/
- NEW PRODUCT: AnoMarkAn interesting open source product that baselines (trains a model) on what's normal in your environment and can then alert when abnormal command-line parameters are used.
- NEW PRODUCT: Microsoft Defender launches on Windows, macOS, iOS, and AndroidDefender is now cross platform!
- RECOMMENDED READING: The Tar Pit of CSPM – Chris Farris
- RECOMMENDED READING: The Philosphy of Prevention – Chris Farris
- TRENDS: Israel’s most overvalued cybersecurity startups exposed – reportThe market correction heats up in InfoSec as Globes spills the tea on valuation multiples for some of the largest unicorns in security.
- RESEARCH: Password policies of most top websites fail to follow best practicesCould it be that MFA has made password requirements complacent, or are tech companies neglecting security and their customers?
- SQUIRREL: How Git Came to Behttps://twitter.com/swyx/status/1536832603411451905?t=NQ5XXCXUvYC9a5bC04cbyQ&s=09
Stopping Phishing Attacks & A Fresh Approach to Reducing Cyber Risk – Chris Cleveland, Mehul Revankar – ESW #278
PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices.
Segment Resources: https://pixmsecurity.com/mobile/
This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!
The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk.
Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Mehul is a seasoned Cybersecurity Product Leader with a proven track record of building award-winning products and scaling B2B SaaS and open-source solutions. With over 20 years of experience in enterprise security, he has led product, engineering, and research teams at industry leaders like Qualys, and Tenable. He is now a Co-founder at Quantro Security where he is building agentic AI solutions for Enterprise Cyber Risk Management. Where he leads Product, Sales and Marketing.
Chris started PIXM after winning a pitch contest in Columbia’s machine learning graduate program. He built PIXM’s initial computer vision AI engine that stopped hundreds of phishing breaches at point of click in the browser. He has raised over five million in venture funding and is now on a mission to seal phishing gaps beyond the inbox with great technology.
