Addressing Identity-Related Threats in 2024 – Rod Simmons – ESW #353
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going.
Segment Resources:
As vice president of product strategy at Omada, Rod Simmons provides vision for where the IGA market is going and how Omada retains a leadership position. Rod works closely with the product teams and chief technology officer to define Omada’s vision and objectives to achieve the goals.
As a 20-year industry veteran, he has a passion for innovation and software design. He has extensive experience in leading and designing cutting edge products and technologies. Prior to Omada, Rod spent time at Stealthbits, BeyondTrust, and Quest Software. During his tenures, he held the roles of vice president of product strategy, director of product management and director of solution architects, respectively.
Security Weekly listeners save $100 on their RSA Conference 2024 Full Conference Pass! RSA Conference will take place May 6 to May 9 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac24 and use the code 54USECWEEKLY! We hope to see you there!
Will AI allow us to finally scale vuln mgmt and threat detection? – ESW #353
We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us.
Also in this week's news:
- Homomorphic encryption pops up again!
- Microsoft Security Copilot has a release date!
- Sudo for Windows
- Microsegmentation pops up again!
- The TikTok Ban
- Darwin's Newsletter: The Cybersecurity Pulse
All that and more, on this episode of Enterprise Security Weekly.
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Adrian Sanabria
- FUNDING: The Zama FHE Master Plan
$73M Series A led by Multicoin Capital and Protocol Labs. Aiming to "make the internet end-to-end encrypted using Fully Homomorphic Encryption", which doesn't make a lot of sense. The investors are tied to blockchain, which makes me a bit worried. The company is French, but I don't have enough experience with French startups or investments to know where that should move my confidence slider.
Still, back to the earlier statement that doesn't make sense. Homomorphic encryption was designed to protect data in such a way that it remains structured enough to be useful. Think, performing a lookup on encrypted data without decrypting the data to perform a keyword match.
This is a VERY specific use case, so I'm not sure why someone would want to apply it to the entire Internet. It compromises the strength of the encryption in exchange for utility - a compromise you'd only want to make if the use case justified it. Definitely not something you'd want to apply with a broad brush.
- FUNDING: Israeli startup Sweet Security raises $33M to strengthen cloud security operations – SiliconANGLE
$33M Series A led by Evolution Equity Partners. The company's "Cloud Runtime Security" aims to actively disrupt cloud-focused attacks.
- FUNDING: IDfy Secures $27 Million Investment to Propel Global Expansion in Identity Verification Solutions
$27M Series E led by Elev8 Venture Partners. Mumbai-based IDfy combats fraud by providing secure identity verification.
- FUNDING: Cayosoft Raises $22.5M in Funding
The $22.5M Private Equity round from Centana Growth Partners is Cayosoft's first round of funding. The 6 year old company specializes in "Microsoft active directory management, monitoring, and recovery."
- FUNDING: Reach Security Raises $20M for AI to Transform How Companies Use Their Cybersecurity Products
$20M Series A led by Ballistic Ventures. The company is aiming to use "advanced AI" to "reinvent security operations". Sounds like a Security Copilot competitor, in other words!
- FUNDING: Crypto4A announces $7.5m Quantum-Safe Secure Manufacturing Initiative in conjunction with the FedDev Ontario – Quantum Safe Hardware Security Modules
$7.5M round from the Regional Quantum Initiative in Canada, includes a $3.75M repayable contribution from the Canadian Government (FedDev Ontario). The company designs, develops, and manufactures quantum-ready hardware security products, QxHSM and QxEDGE, in Canada.
- FUNDING: Cybersecurity startup Nullify locks in $5.2 million Seed round for US launch
$3.4M seed round co-led by Two Sigma Ventures and Root Ventures. The Australian company is planning a US launch in June. The product is an AI-driven appsec bot, aiming to aid and automate human work in detecting and fixing vulnerabilities in code.
- ACQUISITIONS: Gcore Enhances Security Portfolio with Acquisition of Industry-Leading WAAP Solution
Stackpath launched with a $180M Series A and four acquisitions in 2016. Seemed aimed at competing with Akamai, Fastly, Cloudflare right out of the gate. Raised another $216M in 2020 and I never heard from them again.
Looks like they lost a third of their workforce in the last 18 months, so I'm guessing this is a fire sale. No deal amount that I can find, as Gcore appears to be a private EU-based company (based in Luxembourg).
- ANALYSIS: Cybersecurity Market Update: February 2024 Insights & Trends
The latest market analysis from Mike Privette!
- NEW COMPANIES: UK-based fintech (named Nuke from Orbit) on a mission to deliver smarter smartphone security
I'm not sure why it's being described as a fintech, but it raised 500 pounds in pre-seed funding to address the problem of fraud resulting from stolen phones. It aims to "instantly" cancel bank cards and SIM cards; secure digital accounts; and more.
- NEW COMPAINES: Why I’m Joining Detecteam and Why it Matters
Looks like a similar focus/value prop to CardinalOps, who we just spoke with last episode. Folks have the people, the budget, the tools, but actually detecting stuff is really hard, so there's still a missing piece in the market here.
As always, it should be SIEM/XDR vendors filling this need, but the security market has a way of producing submarkets when they fail to build a complete product (e.g. vulnerability management giving birth to the RBVM market).
- NEW PRODUCTS: Microsoft Copilot for Security is generally available on April 1, 2024
The very hotly anticipated Security Copilot product is being released on... April Fools? Start getting your jokes ready for social media now, folks.
Microsoft's marketing: "With Copilot, you can protect at the speed and scale of AI and transform your security operations."
Real Life Expectations: "Hey Copilot, What protocol runs on TCP 25 again?"
There's a lot of hype and hubris here. First off, the marketing description makes it sound like one SOC analyst could do the work of five! But then they share these underwhelming stats:
- Experienced security analysts were 22% faster with Copilot.
- They were 7% more accurate across all tasks when using Copilot.
- They were 1% more accurate at the incident report task used in the study.
- They were 1% more accurate at the response task used in the study.
- And, most notably, 97% said they want to use Copilot the next time they do the same task.
Okay, so the improvements were marginal, but enough that pretty much everyone liked them and want to continue using them. That's fine, just say that! Enough with the "machine speed" and "speed and scale of AI" fluff. Ultimately, it looks like the majority of the positive benefits were due to the LLM's ability to accurately summarize text data.
Some other details
- Licensing will be pay-as-you-go, which likely means that Copilot will be billed and available via Azure.
- It is multilingual (a nice bonus feature of LLMs, which can seemingly effortlessly switch between languages)
- Will be able to reference data from Sentinel, Defender XDR, Intune, Defender Threat Intelligence, and Entra
- Already has over 100 partners?!? These include both MSSPs and security software vendors
- can integrate with your existing knowledgebase and playbooks, and can supposedly perform actions based on existing step-by-step instructions (I'm a bit nervous about this)
- NEW FEATURES: Introducing Sudo for Windows!
NOT ONLY is this sudo for Windows, it's also going to be open sourced. They already have the repo ready: https://github.com/microsoft/sudo
- NEW NEWSLETTER: The Cybersecurity Pulse
This is Darwin's newsletter!
- ESSAYS: Microsegmentation Finally Gets Its Day
The latest from Katie Teitler!
- ESSAYS: Cloud Control: Q&A with Andy Ellis on Pushing Innovation with Apology Budgets
- ESSAYS: The Shifting Landscape of Application Security – Scale Venture Partners
- REPORTS: Welcome to the Red Canary 2024 Threat Detection Report
- REPORTS: Exposing Malware in Linux-Based Multi-Cloud Environments from VMware’s threat analysis unit
An interesting technical study on using entropy to better detect Linux-based malware. (based on my very brief skim of the report!)
- LEGISLATION: The TikTok Ban Bill
So many questions.
- It passed the House, will it pass the Senate?
- Will it also ban WeChat? (it doesn't seem to affect Alibaba Cloud)
- How many hours until a video is uploaded to YouTube and Instagram, telling folks how to bypass restrictions?
- It won't be in US-based app stores anymore, but what about overseas app stores? Can I just use those by firing up NordVPN?
- Most of the content on TikTok finds its way onto YouTube and Instagram anyway, so will anyone care?
- How many US-based TikTok creators are out there, and how much income will they lose if the app gets pulled? Some get as much as $20k for a short, sponsored video.
- VULNERABILITIES: ComPromptMized
A proof-of-concept GenAI worm. While the proof-of-concept involves some fictional tooling that doesn't really currently exist (at least to my knowledge), it's important guidance for folks doing product design and architecture work.
TL;DR - fully automating anything with GenAI is probably a bad idea right now.
- DUMPSTER FIRE: CISA breached by hackers exploiting Ivanti bugs
To be fair, the timeline is unclear. We don't know if CISA published the advisory before or after the attack against its own Ivanti products exposed to the public Internet.
- DUMPSTER FIRE: Microsoft says it hasn’t been able to shake Russian state hackers
What a mess. I don't even know where to start.
- DUMPSTER FIRE: Death Knell of the NVD?
If only someone in USGov knew how disruptive this might be and took steps to avoid it...
- SQUIRREL: Belgian village whose brewery was hit by cyberattack faces another on its coffee roastery
Coffee AND beer is under attack?? This cannot stand.
