ESW #295 – John Grancarich, Alan Radford
Full Audio
View Show IndexSegments
1. Meet Fortra, Your Cybersecurity Ally – John Grancarich – ESW #295
Positive change is coming to cybersecurity. In this segment, John Grancarich, EVP of Strategy at Fortra, explains what it means when we say we’re tenacious in our pursuit of a stronger, simpler future for cybersecurity, and that our advanced threat research and intelligence informs everything we do. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Guest
John works with global organizations and their security teams to develop a full understanding of their business and security priorities in light of today’s ever changing threat landscape. John’s leadership enables the Fortra team to develop and bring to life a product vision that enables customers to increase their security maturity while simultaneously decreasing their operational burden. Prior to joining Fortra in 2018, John was the founder of Product Fuse, where he worked with enterprise technology companies to build and execute successful product strategies. Prior to becoming a product leader, John served in a variety of hands-on technical roles, including web developer, database administrator, and computer forensics engineer.
Hosts
2. The Overlooked Identity Security Risks of RPA – Alan Radford – ESW #295
Gartner recently reported that the RPA software market will reach $2.9 billion by the end of 2022, up 19.5% from 2021. But, despite Airlines adopting it to help with cancellations and retail for inventory management, we’re not talking about the security risk this tech will cause. Alan Radford, Global IAM Strategist at One Identity discusses the truly devastating impact that can occur when an organization leaves its RPA program vulnerable and without any identity and access protection, why realizing that machines have identities too could save us from dangerous RPA breaches in the future, and steps companies can take to secure their RPA technology as more companies continue to implement it.
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Guest
Alan Radford, Global IAM Strategist at One Identity, is a business technologist responsible for the PAM field strategy in EMEA for One Identity, with 15 years’ experience in Identity Access Management. Alan is an experienced business owner and subject matter expert in Privileged Access Management and governance and has worked with organizations across the globe facing unique challenges in the IAM space, bringing innovation and thought leadership to successful IAM strategies.
Hosts
3. FTC Against Drizly’s CEO, 12 Funding Announcements, Cisco Meraki, & MFA Trends – ESW #295
Finally, in the enterprise security news, 12 funding announcements, 1Password acquires Passage, Layoffs continue with another round at Cybereason, FTC takes action against Drizly’s CEO, everything you need to know about new US data privacy legislation, Cisco Meraki devices in Russia go POP! Young silicon valley workers are in for a shock, Ransomware trends, MFA trends, US officials say tech companies need to build secure products, All that and lots more, on this episode of Enterprise Security Weekly!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: Versa Networks Secures $120M Financing in Pre-IPO Round Led by BlackRock to Capitalize on Rapidly Growing SASE Market
- 2. FUNDING: Binary Defense Raises $36 Million From Invictus Growth Partners to Propel Rapid Expansion as the Most Trusted MDR Platform
- 3. FUNDING: Sepio announces series B funding, supporting growth in expanding its sales organizations and allocating resources toward the product roadmap
$27M Series B, led by US Venture Partners. "Physical-layer-based Asset Risk Management"
They REALLY want us to know Lane Bess contributed to this round, because he took a trip to space with Jeff Bezos.
- 4. FUNDING: Valence Security raises new cash to secure the SaaS app supply chain
$25M Series A led by M12 (MSFT). Collaborative SaaS Security (SSPM).
- 5. FUNDING: PreVeil Raises $20M in Series C Funding – FinSMEs
- 6. FUNDING: Spyderbat Nabs $10M Series A Funding Round
$10M Series A led by NTTVC. "Cloud native runtime security"
- 7. FUNDING: Alethea Closes $10M Series A Financing Led by Ballistic Ventures
$10M Series A led by Ted Schlein and Kevin Mandia. Using ML to identify disinformation and social media manipulation. Designed for use by threat intel teams.
- 8. FUNDING: BluSapphire raises $9.2 Mn in Series A
$9.2M Series A, led by Barings PE India. SaaS-based SOC/XDR stack. Not to be confused with the vape brand.
- 9. FUNDING: Data security company Bearer closes seed round at $8 million
$4M add-on to total an $8M Seed round, led by Alven. Data security SaaS company based in Paris.
- 10. FUNDING: Atlanta Inno – Atlanta startup Arnica raises $7M as it enters growing cybersecurity market
$7M Seed round, led by Joule Ventures.
- 11. FUNDING: Perygee Raises $4.75M in Seed Funding
$4.75M Seed round led by Ballistic Ventures. "Boston, MA-based company providing a lightweight and complete security platform for Internet of Things (IoT) and Operational Technology (OT)"
- 12. FUNDING: Cybersecurity Startup Protexxa Raises $4 Million in Seed Funding to Protect Businesses and Individuals Online as Cybercrime Accelerates
- 13. ACQUISITIONS: Passage is joining 1Password!
- 14. LAYOFFS: Cyber unicorn Cybereason sacks 200 employees, 17% of workforce
The second round of layoffs for Cybereason in 2022. The first saw 140 employees (10%) get cut on June 1st. This round sees 200 more employees (17%) out the door. Most are non-US, with 50 of the layoffs in Israel.
Recently, a confidential IPO filing fell through and it seems like they could be struggling to find a buyer at their desired valuation price, which may or may not be realistic, given the market correction (are they really worth $5bn??? What’s the multiple?)
- 15. REGULATIONS: FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
It's not just Joe Sullivan taking the heat on security responsibility here - the CEO of Drizly is personally impacted here as well (though he's not going to jail or anything).
- 16. REGULATIONS: What You Need to Know About the U.S.’s Forthcoming Data Privacy Legislation
- 17. SANCTIONS: Cisco disables Meraki networks in Russia
From the Risky Biz News newsletter: US networking equipment vendor Cisco allegedly disabled WiFi networks managed through its Meraki service in Russia. According to multiple online reports, the company failed to give customers any warning and just renamed all networks in Russia as "12345-Sanctions."
- 18. TRENDS: The fate of the world economy may depend on what happens to a company most Americans have never heard of
More of a national security story than an information security story, but relevant all the same.
- 19. TRENDS: Young Silicon Valley workers are in for a rude awakening as industry giants make major job cuts and ditch ambitious projects for the first time in their careers
It's easy to make fun of if you've never had access to fancy FAANG/MANTA perks, but then, these perks can make a big difference when you're paying $4k/mo for a 650sq ft efficiency in San Fran, which is not a position I've been in.
- 20. TRENDS: New LinkedIn profile features help verify identity, detect and remove fake accounts, boost authenticity
All the social media platforms are starting to feel pressure to deal with bot and fraud problems!
- 21. HOT TIPS: 4 ways cybersecurity startups can boost adoption and shorten time to value
- 22. HOT TIPS: Step 0: Create A Risk Register
- 23. REPORTS: The State of Crypto Security
Spoiler: it's bad.
- 24. REPORTS: Ransomware Victims and Network Access Sales in Q3 2022
- 25. REPORTS: A CISO’s Guide to Legal Risks and Liabilities
STEP1: Don't knowingly break the law to protect your employer STEP2: ...
- 26. REPORTS: Financial Trend Analysis – Ransomware Trends in Bank Secrecy Act Data between July 2021 and December 2021
- 27. BEST PRACTICES: CISA – Implementing Phishing-Resistant MFA
- 28. BEST PRACTICES: CISA – Implementing Number Matching in MFA Applications
- 29. CYBERCRIME: Young Finnish man detained in absentia over data breach at Vastaamo
This one is a big deal to me, because Vastaamo is the second largest company on my "Destroyed by Breach" list. https://docs.google.com/spreadsheets/d/15CTPcgZQenWKDLDTQ2ibveUM4i7Of_n20TzdTi23xcg/edit?usp=sharing
- 30. CYBERCRIME: Hackers selling access to 576 corporate networks for $4 million
Access to 576 corporate networks for only $4 MILLION dollars? That's a steal! At less than $8000 per network, could a security vendor do more good buying access to compromised companies and just fixing them, instead of building and selling a product?
- 31. CAPTAIN OBVIOUS: U.S. Officials Say Tech Companies Must Build Secure Products
The title of this article causes me physical pain. So does the content.
- 32. NEW FEATURES: Advanced Microsoft Authenticator security features are now generally available!
Better late than never! Something good comes out of the (most recent) Uber hack.
- 33. NEW TOOLS: Artemis: Hunt For Security Issues In Source Code
From README.md: "Artemis is an extensible source code scanning tool developed by the Warner Bros. Discovery Application Security team that provides a single interface for running multiple security analysis tools against a source code repository, regardless of the contents of the repository. Artemis can scan repositories in different GitHub, GitLab, Bitbucket, or Azure DevOps organizations from a single, unified platform."
- 34. BREACHES: Incident Report: Employee and Customer Account Compromise – August 4, 2022
The incident report for the Twilio breach has been finalized.
- 35. RESOURCES: Top 10 resources about the business of cybersecurity
A list of great cybersecurity resources! Somehow, they forgot to include ESW, but we can overlook that.
- 36. SQUIRREL: Malwarebytes marketing misses the mark, makes amends