Simplify Your Audit Process, News, BlackHat Interviews – Tomer Bar, Raghu Nandakumara, Erik Huckle – ESW #330
Full Audio
View Show IndexSegments
1. Simplify Your Audit Process without Compromising Identity Data Security – Erik Huckle – ESW #330
Having direct visibility into your access data is crucial for two reasons:
- Simplifying audit preparation and
- Managing progress of your identity program to ensure peak performance.
Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies.
Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations.
Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.
This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them!
Announcements
Security Weekly listeners: SC Media’s Endpoint Security eSummit is just weeks away. Register now for this free two-day virtual event, September 12th through 13th at 10:45 AM. Gain cybersecurity knowledge and professional development all in one place. Join keynotes and sessions led by industry’s top leaders plus receive 6.5 CPE credits just for attending! Register today: securityweekly.com/endpointsecurity
Guest
Erik Huckle is a Group Product Manager at SailPoint. He graduated the US Naval Academy with a degree in Mechanical Engineering, spent over six years in the US Marine Corps, and than transitioned out of the military into an MBA at the University of Texas-Austin. After cofounding a successful startup in robotic automation, he transitioned to product management at Amazon, leading the internal launch of a startup called Amazon One. Later, he ventured into the Oil and Gas space, launching a distributed ledger company focused on credentials for oilfield workers. Currently, he leads the Data Platform for SailPoint, which makes data both useful and accessible. He is passionate about technology and community involvement, he contributes to local startups as a mentor and serves as the tech committee lead for a non-profit organization.
Hosts
2. Funding, SentinelOne/Wiz rumors, Layoffs, NordVPN’s skunkworks, ChatGPT Enterprise – ESW #330
There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and removes it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D
Announcements
Security Weekly listeners: InfoSec World 2023 is just weeks away! Have you registered to join over 2,500 cybersecurity experts on September 25-27 in Lake Buena Vista, FL? InfoSec World is your gateway to a world of knowledge and growth. Don't miss the chance to enhance your career, connect with industry leaders, and make an impact on the rapidly evolving landscape.
Secure your seat using code ISW23-SECWEEK20 to save 20% off your registration. Register today: securityweekly.com/infosecworld2023
Hosts
- 1. FUNDING: SpyCloud Raises $110 Million Growth Round Led by Riverwood Capital
- 2. FUNDING: Announcing our Series A funding round (Cerby)
- 3. FUNDING: Cypago, which aims to automate compliance and governance for companies, raises $13M
- 4. ACQUISITIONS: Malwarebytes acquires Cyrus Security
- 5. ACQUISITION RUMORS: Cybersecurity startup Wiz considers potential bid for SentinelOne
- 6. DUMPSTER FIRE: After merger reports, SentinelOne ends Wiz collaboration
SentinelOne is reportedly angry about leaks regarding the merger talks between the two Israeli cybersecurity companies.
- 7. DIVESTITURE: iVerify is now an independent company!
iVerify is a unique case. First, it has been spun out of Trail of Bits, which is already a quite unique consulting/product company. Second, it's focused on mobile device security - a category that fizzled out years ago, with not much to show for the billions investors poured into it.
However, like most divestitures from small, savvy consulting shops, iVerify nailed market fit and gained customers before even thinking about doing a spinout.
- 8. LAYOFFS: Sevco issues a RIF
Other layoffs in the security space we haven't mentioned from August: Fortinet (?), SecureWorks (300), NCC Group (?), Rapid7 (470), Aware (?), and HackerOne (12%).
- 9. DEAD COMPANIES: BlueLava Ceases Operations
While asking around about this one, I learned that a few other security startups have quietly shuttered this year: ByteChek, possibly Araali and Fidelis got parted out last week. Armorblox was said to be a fire sale, though Cisco hasn't shared the deal amount.
- 10. NEW PRODUCTS: NordLabs — join us in creating cutting-edge technology
- 11. NEW PRODUCTS: Introducing ChatGPT Enterprise
- 12. TOOLS: GitHub – utkusen/promptmap: automatically tests prompt injection attacks on ChatGPT instances
- 13. TOOLS: PIPE – Prompt Injection Primer for Engineers
- 14. ESSAYS: 5 Tips for Creating a Memorable Cybersecurity Brand (And 5 That Will Crush You)
- 15. ESSAYS: Notes on Roadtrips by The Browser Company
One of the most interesting and useful write-ups I've seen on company values. Most organizations' values feel like someone scheduled a 60 minute meeting titled "Decide On Company Values", picked 5 or 10 from a list, and published it. This is not that.
- 16. ESSAYS: AI & Cybersecurity: Learnings from three months of Semgrep Assistant
- 17. ESSAYS: Security Budgets – Supply and Demand
- 18. ESSAYS: Is it Time to Accept that the Current Role of the CISO Has Failed?
- 19. BREACHES: HTML Smuggling Leads to Domain Wide Ransomware – The DFIR Report
- 20. BREACHES: A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
It's rare we talk about a breach that's a win, but that's what this is.
- 21. BREACHES: Rackspace’s costs to deal with ransomware attack top $10 million
Following up on Rackspace's incredible ransomware experience that resulted in them shutting down a legacy business line.
- 22. BREACHES: Hosting firm says it lost all customer data after ransomware attack
- 23. BREACHES: When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability
- 24. TAKEDOWNS: U.S. Hacks QakBot, Quietly Removes Botnet Infections – Krebs on Security
- 25. VULNERABILITIES: CISA Releases IOCs Associated with Malicious Barracuda Activity
- 26. GUIDES: How to Prevent ChatGPT From Stealing Your Content & Traffic
- 27. GUIDES: Updated whitepaper available: AWS Security Incident Response Guide
- 28. REPORTS: The state of AI in 2023: Generative AI’s breakout year
Some very interesting stats compiled in this lovely report from McKinsey.
- 29. SQUIRREL: Yes, a Pigeon is Faster for Data Transfer than Gigabit Fiber Internet
3. Secure the Cloud and See ROI, Attack Your Way to Accurate Answers – ESW #330
In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments.
This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them!
It’s no secret that the attack surface is increasing and the best defense is one that’s matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry’s most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.
Segment Resources: https://www.safebreach.com/safebreach-labs/
This segment is sponsored by SafeBreach. Visit https://securityweekly.com/safebreachbh to learn more about them!
Guests
Tomer Bar is a hands-on security researcher with 20 years of unique experience in cyber security. He leads the SafeBreach Labs as the VP of Security Research. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. His main interests are Windows vulnerability research, reverse engineering, and APT research. His recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation Pwnie awards. He presented his research at Black Hat 2020, Defcon 2020, 2021, 2022, SecTor, Recon, HackCon, Security Fest and Confidence conferences.
Raghu Nandakumara is Head of Industry Solutions at Illumio, the Zero Trust Segmentation company. Based in London, UK, Raghu is responsible for helping customers and prospects across a variety of industries build resilience and accelerate Zero Trust outcomes with Zero Trust Segmentation.
Previously, Raghu spent 15 years at Citibank, where he held a number of network security operations and engineering roles. Most recently, he served as a Senior Vice President, where he was responsible for defining strategy, engineering, and delivery of solutions to secure Citi’s private, public, and hybrid cloud environments. Raghu holds an undergraduate degree in mathematics and computer science from the University of Cambridge, and a master’s degree in advanced computing from Imperial College London.