Illuminating Data Blind Spots, Topic, Enterprise News – Tony Kelly – ESW #437
Interview Segment: Tony Kelly
Illuminating Data Blind Spots
As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we’ll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.
Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We’ll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare.
Segment Resources:
https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Topic Segment: We've got passkeys, now what?
Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked.
After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced:
- DBSC (Device Bound Session Credentials) for browsers
- DPoP (Demonstrating Proof of Possession) for OAuth applications
We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted?
Segment Resources:
- FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication
News Segment
Tony Kelly is a cybersecurity leader with 20+ years of experience driving technical sales and strategy. At Fortra, he leads GTM efforts for Secure Service Edge (SSE), partnering with C-level execs to secure cloud environments. His expertise spans DSPM, CSPM, SSPM, and AI-driven automation. He has held key roles at Netskope and Cisco, holds CISSP and CCIE certifications, and excels at translating complex security concepts into business value.
Adrian Sanabria
- FUNDING & ACQUISITIONS: Courtesy of the Security, Funded newsletter, #223 – Money Printer Go Brrrr
FUNDING
"...3rd straight quarter with over $5B in cybersecurity funding raised!"
- Check Point Software Technologies, a United States-based suite of network and email security tools, raised a $1.8B Post-IPO Debt from Public Offering.
- Fastly, a United States-based web application and API protection platform, raised a $160.0M Post-IPO Debt from Public Offering.
- 7AI, a United States-based platform focused on agentic AI-driven security operations tasks, raised a $130.0M Series A from Index Ventures.
- Antithesis, a United States-based application security testing platform, raised a $105.0M Series A from Jane Street Capital.
- Zafran Security, a United States-based threat and risk prioritization platform that uses your existing tool stack to show risks and mitigations, raised a $60.0M Series C from Menlo Ventures.
- Imper.AI, a United States-based deepfake and digital impersonation protection platform, raised a $28.0M Seed from Battery Ventures and Redpoint.
- Lumia Security, a United States-based agentic and AI application discovery and governance platform, raised a $18.0M Seed from Team8.
- Multifactor, a United States-based password management platform, raised a $15.0M Seed from Nexus Venture Partners.
- Helmet Security, a United States-based governance and monitoring platform for AI agents and autonomous workflows, raised a $9.0M Seed from SYN Ventures and WhiteRabbit Ventures.
ACQUISITIONS
- Veza, a United States-based data protection platform focused on identity and authorization, was acquired by ServiceNow for an undisclosed amount. Veza had previously raised $233.0M in funding.
- Tromzo, a US-based AppSec startup was acquired by Checkmarx for an undisclosed amount. Tromzo had previously raised $11.1M.
- NEW FEATURES: Introducing Query-Based Blocklists: Fully Configurable, Real-Time Threat Blocking in the GreyNoise Platform
A very cool feature that automates the bottom tiers of Bianco's classic pyramid of pain.
- OPEN SOURCE: Gadi Evron RAPTOR
“Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.”
- TRENDS: Microsoft drops AI sales targets in half after salespeople miss their quotas
- TRENDS: Say Goodbye to the Billable Hour, Thanks to AI
Please. The billable hour has been a well-documented bad idea for decades. AI doesn't get credit for this one, in my opinion.
- TRENDS: Ex-teen hackers warn parents are clueless as children steal ‘millions’
- TRENDS: Security pros should prepare for tough questions on AI in 2026
I imagine we'll see insurance providers asking some of these questions as well.
- ESSAYS: Overconfident by Design
- TALKS: AI Eats the World – Benedict Evans
Some good perspective on how to look at AI with some historical perspective on big trends, and also in terms of how it shifts other parts of the market (e.g. if ChatGPT/Perplexity becomes the new Google, what happens to all that Google Ad money?)
- REGULATION: Trump to issue order creating national AI rule
An Executive Order can't create a national AI law, right? Am I missing something?
- SQUIRREL: Mibuddy—World’s First AI-Powered Dog Translation Collar
Jackie McGuire
- SUPPLY CHAIN: Is Your Android TV Streaming Box Part of a Botnet? – Krebs on Security
What NOT to get your friends/family for the holidays.
MERRY CHRISTMAS MOM, YOU'RE PART OF A BOTNET NOW!
