Initial entry to resilience: understanding modern attack flows and this week’s news – Warwick Webb – ESW #444
Segment 1: Interview with Warwick Webb
From Initial Entry to Resilience: Understanding Modern Attack Flows
Modern cyberattacks don’t unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today’s breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He’ll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense.
Segment Resources:
- Wayfinder MDR Solution Brief
- 451 MDR Report
- Managed Defense Redefined Blog
This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!
Segments 2 and 3: The Weekly News
In this week's enterprise security news,
- we’ve got funding
- free tools!
- the CISO’s craft
- agentic browsers
- tech companies are building cyber units?
- giving AI agents access to your entire life
- lots of dumpster fires in the industry today
- Cisco killed Kenna
- the state of AI in the SOC
- homemade EMP guns! don’t try this at home
All that and more, on this episode of Enterprise Security Weekly.
Warwick Webb is Vice President of Managed Detection & Response at SentinelOne. With over 20 years of threat detection and incident response experience, he leads a global team that provides continuous threat detection, investigation, and response for customers worldwide. Prior to SentinelOne Warwick built extensive experience working at market leaders including SalesForce and Rapid7.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Most security conferences talk about threats. Zero Trust World lets you attack them. From March 4th to 6th, 2026 in Orlando, Florida, this hands-on cybersecurity event features live hacking labs where you’ll break real environments, think like an adversary, and learn how attacks really work. You’ll also get expert sessions, real-world case studies, CPE credits, and networking with top practitioners. And yes — the Security Weekly team will be there too. Don’t miss it! Register today at securityweekly.com/ZTW.
Adrian Sanabria
- FUNDING/M&A: courtesy of the Security, Funded newsletter, issue #228 – Even RSA Is Raising Again
VIBE CHECK
What security problem is criminally underfunded?
- 43% OT/ICS/critical infrastructure
- 29% Open-source security
- 21% SMB security
- 7% Security workforce/education
FUNDING
- Claroty, a United States-based secure industrial, IoT, and healthcare network security platform, raised a $150.0M Series F from Golub Growth and raised $50.0M in secondary market financing.
- RSA Security, a United States-based suite of secure authentication and identity management tools, raised a $135.0M Debt Financing.
- furl, a United States-based automated security and vulnerability remediation platform, raised a $10.0M Seed from Ten Eleven Ventures.
- Symbiotic Security, a United States-based application vulnerability and remediation platform, raised a $10.0M Seed from Alven.
- AiStrike, a United States-based AI-assisted security automation platform, raised a $7.0M Seed from Blumberg Capital. <- this is AI SOC... a little late to market, no?
- Dam Secure, an Australia-based IDE-integrated application security guardrails platform, raised a $4.1M Seed from Paladin Capital Group.
- CyberNut, a United States-based cybersecurity education and training platform for K-12 school audiences, raised an undisclosed amount of private equity from Growth Street Partners. <- BRO - you can't name it that and have middle school boys use it. Who named this thing?
- FREE TOOLS: GreyNoise’s most popular feature is free
It's the alerts they send when the networks you monitor start attacking people.
- FREE TOOLS: BlackIce: A Containerized Red Teaming Toolkit for AI Security Testing
I'm never going to complain about free tools
but I feel like they should have asked for Rob Graham's permission before reusing this name.
- ESSAYS: The CISO’s Craft: Watchmaker or Gardener?
A useful metaphor, though I think only two categories is a bit restrictive, especially given how many types of CISOs are out there. Still, a useful metaphor.
- ESSAYS: Agentic Browsers
From our very own Katie!
- ESSAYS: Every Decision Has Three Costs: Time, Focus, and Optionality
- VULNERABILITIES: GCVE launches as a decentralized system for tracking software vulnerabilities
- TRENDS: OpenAI is building a new cybersecurity product business unit
- TRENDS: Cyberattack Targeting Poland’s Energy Grid Used a Wiper
Shades of Shamoon
- TRENDS: The creator of Clawd: “I ship code I don’t read”
I'm not sure I like this.
Has led to at least one egregious vulnerability.
- DUMPSTER FIRES: Fortinet Disables FortiCloud SSO After 0-Day Exploit Hits in the Wild
It's bad when the supply chain you depend on gets hacked and you're exposed as a result.
It's REALLY bad when that supply chain vendor is your SSO provider and they have to take the service offline to stop the exploits.
- DUMPSTER FIRES: Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw
Well, it's a good thing these are GOOD GUY KEYS that can only be used by people that aren't BAD GUYS.
Whew! Almost thought this was a back door situation.
- DUMPSTER FIRES: eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
It's bad when the supply chain you depend on gets hacked and you're exposed as a result.
It's REALLY bad when that supply chain vendor is your anti-malware vendor and they're leveraged to infect you with malware.
Morphisec has more here
- DUMPSTER FIRES: What’s the most expensive security control you’ve seen that added zero security?
"Don't name names" the OP says.
What does everyone do?
I think there's only one comment on this post that DOESN'T name and shame a vendor. Yikes.
Some of it fair, some of it seems less so, like folks that just want to drag a vendor because they heard someone slam it once.
- DUMPSTER FIRES: Nearly 800,000 Telnet servers exposed to remote attacks
WHY DOES TELNET STILL EXIST
sigh
I know why
I just don't like it
- DEAD PRODUCTS: The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management
The state of RBVM is ?
- LESSONS: Agentic AI in the SOC: Build vs Buy Lessons
Some GREAT details and lessons learned from my friend Mustapha. Well worth a read for anyone trying to build their own LLM-enabled security solutions in-house.
- SQUIRREL: CyberCryptoAI – Quantum-Sentient Security
- SQUIRREL: Homemade EMP Gun
