Visibility with EDR/MDR is still important, ‘the basics’ are impossible, and the news – Rob Allen – ESW #460
Interview with Rob Allen from Threatlocker
This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.
Topic: Do the basics, they said. Easier said than done.
Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front.
The weekly enterprise news
Finally, in the enterprise security news,
- a really interesting vibe check
- funding
- acquisitions
- the verizon DBIR
- we give a tutorial on how to leak AWS keys on github
- OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL
- agents versus agents
- exploitbench
- the vulnpocalypse
- robot dogs are SO EASY to take out, we don’t need to be too scared of them yet
All that and more, on this episode of Enterprise Security Weekly.
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Adrian Sanabria
- FUNDING/M&A courtesy of the Security, Funded newsletter, issue #244 – AI Crisps
VIBE CHECK
Is AI having its "ransomware moment" with cyber insurance?
- 9% - Already here - AI exclusions/riders in our last renewal
- 27% - Coming soon - AI riders + validated controls by end of 2026
- 55% - Overblown - insurers will have to absorb AI risk into standard cyber coverage
- 9% - You guys have cyber risk insurance?!
Wow, there aren’t many poll outcomes that I end up disagreeing with, but last week’s is an exception. I see no way out of a world where insurance coverage pays for when AI, either directly or indirectly, creates outages or data leakages that lead to fines.
In my experience working for one of the world’s largest insurance companies, I've seen how they know how to do one thing very well: make money and keep it.
Some of the top comments from last week’s vibe check:
???? “It’s only a matter of time that insurance abdicates responsibility from the onslaught of losses that are yet to come.”
FUNDING
- ExaForce, a United States-based multi-modal AI agent security operations platform, raised a $125.0M Series B from AICONIC Ventures and others.
- Frame Security, a United States-based human risk management and security simulation platform, raised a $50.0M Venture Round from Index Ventures, Picture Capital, and Team8.
- White Circle, a United States-based application vulnerability detection platform, raised an $11.0M Seed from Hummingbird Ventures.
ACQUISITIONS
- LayerX Security, an Israel-based user-first browser security platform, was acquired by Akamai Technologies for $205.0M. LayerX Security had previously raised $51.6M in funding.
- Driftnet, a United States-based threat intelligence and attack surface management platform, was acquired by SecurityScorecard for an undisclosed amount. Driftnet has not previously disclosed funding.
- REPORTS: The Verizon 2026 Data Breach Investigations Report
A must read! Use your eyeballs, not Claude to read this one. At least the first 25 pages. Trust me.
- PATCHING: Rocky Linux Adds Security Repo for Urgent Fixes
Folks are preparing for the vulnpocalypse in different ways.
- DUMPSTER FIRES: CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security
Been a while since we had a dumpster fire. This one qualifies.
- AI: Chainalysis Launches AI Agents for Crypto Crime Investigations
Remember Spy v Spy? Looking like we're going to have bot v bot very soon.
- RESEARCH: ExploitBench
Cybersecurity is moving into the realm of repeatable benchmarks. It only has a v8 benchmark for now, but it's an interesting and necessary idea, as LLMs become a permanent ingredient in AppSec/vulnscan recipes.
- HUMOR: The Vulnpocalypse
Humor making a point. I'm not sure how many people interpret the "vulnpocalypse" as something that destroys the Internet and leads to everything getting hacked. I personally define it as "too many patches and vulns to keep up with".
By that definition, the vulnpocalypse began roughly around 2006.
- SQUIRREL: Robot dogs are a security nightmare