View More ESW Episodes

SIEM Rules – Eric Capuano, Tim MalcomVetter – ESW #323

InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage – even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this. In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new mod...

Full Show Notes
Segment One

It’s Time for the Traditional SIEM to Die – Eric Capuano – ESW #323

InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this.

In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new models actively replacing them.

(No, they’re not branded as next-gen SIEMs)

Guest
CTO at Recon InfoSec

Eric is the CTO and co-founder of Recon InfoSec. He is also a certified SANS instructor of Digital Forensics and Incident Response, and a former Cyber Warfare Operator in the Texas Air National Guard.

Announcements

  • Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.

Segment Two

“Just Write a SIEM rule” isn’t a detection strategy – Tim MalcomVetter – ESW #323

Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn’t and why.

We’ll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends.

2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK

Guest
Co-Founder & CEO at Wirespeed

Tim MalcomVetter (@malcomvetter) is the Co-Founder of ⚡Wirespeed, a 100% Automated and SaaS-based MDR that is faster, more consistent, easier to use, and significantly cheaper than the legacy MDR approaches. We’re changing your relationship with MDR!

Tim has been building, defending, and hacking computer systems since the 1980s as a kid. Tim’s accomplishments include:
– startup exit to a world leading private equity firm
– scaling a security business to 300% growth in a little over a year
– building the Red Team program at the world’s largest company
– advising and consulting startups, enterprises, and mergers & acquisitions
– leading high performing teams
– hacking everything from mainframes to apps to AI
– holding an academic university cybersecurity research fellowship
– presenting at numerous technical conferences
– contributing to open source software and frameworks like MITRE ATT&CK

Announcements

  • Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.

    We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.

    Visit securityweekly.com/cybersecuritysummit to learn more and register today!

Segment Three

17 Fundings, AI Sec, Cell Privacy, School Hacks, & Nifty Swifties – ESW #323

Finally, in the enterprise security news: We were off for a week, so there are 17 fundings to discuss! AI security startups emerge, and 8 acquisitions! Snyk loses 50% off its valuation is building security tools the wrong approach? SEC delays new cybersecurity rules, Why taylor swift fans should work in security, All that and more, on this episode of Enterprise Security Weekly.

Announcements

  • Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.

List of Articles

Adrian Sanabria

  1. FUNDING: SAVVY Exits Stealth with $30M in Funding to Enable Safe Use of SaaS Applications at Scale
  2. FUNDING: Savvy, a platform to secure SaaS apps, launches out of stealth with $30M
  3. FUNDING (AI): Tibo obtains Pre-A funding to combat AI data leak issues
  4. FUNDING: Invary Pre-Seed Announcement
  5. FUNDING: 1Fort Raises $2M in Pre-Seed Funding
  6. FUNDING: 0pass locks in $3.5m in funding to revolutionise enterprise authentication
  7. FUNDING: Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security
  8. FUNDING (AI): Resistant AI Raises Additional $11M; Extends Series A to $27.6M
  9. FUNDING (AI): BeeKeeperAI Raises $12.1 Million Series A to Accelerate AI Development on Privacy Protected Healthcare Data
  10. FUNDING (AI): CalypsoAI Raises $23 Million from Paladin Capital Group and Strategic Investors to Drive Secure Enterprise Adoption of Generative AI and Large Language Models – CalypsoAI
  11. FUNDING: Cyware Raises $30 Million to Accelerate Expansion of AI-Powered Global Cyber Fusion and Threat Sharing Networks
  12. FUNDING: Cyera Secures $100 Million Series B Investment to Become the Data Security Platform Enabling the AI Revolution
  13. FUNDING: HSBC loans £5m to cybersecurity firm Glasswall
  14. FUNDING (AI): Naver D2SF invests in AI data generation startup – KED Global
  15. FUNDING: Google’s Gradient backs YC alum Infisical to solve secret sprawl
  16. FUNDING: Unit21, the Risk and Compliance Infrastructure Company Helping Clients Prevent Financial Crime, Announces $45M Series C
  17. ACQUISITIONS: Securing Identity as the New Perimeter: Cisco Announces Intent to Acquire Oort
  18. ACQUISITIONS: EDGE expands its portfolio with acquisition of OryxLabs
  19. ACQUISITIONS: ProcessUnity and CyberGRX Combine to Form the Most Complete Third-Party Risk Management Platform in the Market
  20. ACQUISITIONS: Bitdefender to Acquire Horangi Cyber Security to Expand its GravityZone Unified Risk and Security Analytics Platform
  21. ACQUISITIONS: Jumbo is Being Acquired by Coalition, the Leading B2B Cyber Insurer
  22. ACQUISITIONS: Safe Security Acquires RiskLens to Become CRQM Market Leader
  23. ACQUISITIONS: TPG To Acquire Forcepoint Global Governments and Critical Infrastructure Business from Francisco Partners
  24. ACQUISITIONS: SCADAfence to be Acquired by Honeywell
  25. VALUATIONS: Cybersecurity unicorn Snyk sees valuation plummet by over 50% in secondary deals
  26. ESSAYS: Building security tools is the wrong approach

    Same guy that created the "Stop Silly Cybersecurity Awards" website. Also, I think he's selling a security tool, so ¯_(ツ)_/¯

  27. ESSAYS: Flipping the Vulnerability Management Model: CVSS → SSVC
  28. NEW FEATURES: Perception Point Unveils New AI Model to Thwart Generative AI-Based BEC Attacks – Perception Point

    Calling BS on this

  29. RESEARCH: MIT researchers devise a way to evaluate cybersecurity methods
  30. VULNERABILITIES: The massive bug at the heart of the npm ecosystem

    https://security.snyk.io/package/npm/darcyclarke-manifest-pkg

  31. REBRANDS: Microsoft rebrands Azure Active Directory to Microsoft Entra ID
  32. COMMUNITY: Support for cybersecurity clinics across the U.S.
  33. TRAINING: Cloud & Compromise: Gamifying of Cloud Security
  34. TOOLS: AI and Machine Learning in Cybersecurity
  35. REGULATION: SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules – Data Matters Privacy Blog
  36. REGULATIONS: Chris H. on LinkedIn: NCS Implementation Plan

    https://www.linkedin.com/posts/resilientcyberncs-implementation-plan-activity-7085231629891158016-smZw?utmsource=share&utmmedium=memberandroid

  37. CYBERCRIME: Ransomware criminals are dumping kids’ private files online after school hacks
  38. LEGAL: Orca Sues Wiz for ‘Copying’ Its Cloud Security Tech
  39. SQUIRREL: Why Taylor Swift fans should work in cybersecurity – Red Canary

    https://redcanary.com/blog/taylor-swift-cybersecurity/

  40. SQUIRREL: Google Calendar now lets users specify where they’re working from throughout the day

    "Adrian is currently working from [NONE OF YOUR DAMN BUSINESS]"

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds