Enterprise Security Weekly
SubscribeTackling Barriers on the Road To Cyber Resilience – Rob Allen, Theresa Lanowitz – ESW #386
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:
- How to identify these barriers to cyber resilience
- Be secure by design
- Align cybersecurity investments with the business
Also, be sure to check out the first two installments of this series!
- Episode 380: Cybersecurity Success is Business Success
- Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
This week, in the enterprise security news,
- Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season”
- North Pole Security picked an appropriate time to raise some seed funding
- Breaking news, it’s still super easy to exfiltrate data
- The Nearest Neighbor Attack
- Agentic Security is the next buzzword you’re going to be tired of soon
- Frustrations with separating work from personal in the Apple device ecosystem
- We check in on the AI SOC and see how it’s going
- Office surveillance technology gives us the creeps
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
2023 Funding and Acquisition Summary with Return on Security – Mike Privette – ESW Vault
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023.
We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week.
In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more!
Segment Resources:
Mike's blog; Return on Security: https://www.returnonsecurity.com/ Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe
Segments
Fixing how cybersecurity products are bought and sold – Mariana Padilla – ESW #385
This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team.
We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important.
Why a special segment on Microsoft Ignite announcements?
- There were a lot of announcements
- Microsoft is the largest security vendor, in terms of revenue
- Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry.
In the enterprise security news,
- Bitsight, Snyk, and Silverfort announce acquisitions
- Tanium announces an “autonomous” endpoint security offering
- We find out how much a smartphone costs when it is manufactured in the US
- CISA’s leadership announces resignations
- Ransomware is going after old versions of Excel
- Should vendors be doing more about alert fatigue?
- The latest cybersecurity reports
- Using AI to mess with scammers
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
AI and the Autonomous SOC – Separating Hype from Reality – Justin Beals, Itai Tevet – ESW #384
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management).
Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks.
Segment Resources:
- From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
- From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools
- The Future of SOC Automation Platforms
- SentinelOne wants to make the autonomous SOC a reality
Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today?
This will be a more standards and GRC focused discussion, covering:
- the reasons why cross-walking doesn't work
- the reasons why traditional TPRM approaches (e.g. questionnaires) don't work
- opportunities for AI to help
- risk management or sales support?
This week in the enterprise security news,
- Upwind Security gets a massive $100M Series B
- Trustwave and Cybereason merge
- NVIDIA wants to force SOC analyst millennials to socialize with AI agents
- Has the cybersecurity workforce peaked?
- Why incident response is essential for resilience
- an example of good product marketing
- who is Salvatore Verini, Jr. and why does he have all my data?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
Cybersecurity Budgets: the Journey from Reactive to Proactive – Todd Thiemann, Theresa Lanowitz – ESW #383
CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation?
There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out.
In the enterprise security news,
- Some big fundings
- no less than 4 acquisitions
- Silencing the EDR silencers
- ghost jobs
- overinflated estimates on open cybersecurity jobs
- weaponizing Microsoft Copilot
- fun projects with disposable vapes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
What if securing buildings was as easy as your smartphone? – Damon McDougald, Blaine Frederick, Punit Minocha – ESW #382
The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking.
We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures.
This week, in the enterprise security news:
- the latest cybersecurity fundings
- Cyera acquires Trail Security
- Sophos acquires Secureworks
- new companies and products
- more coverage on Cyberstarts’ sunrise program
- AI can control your PC
- public cybersecurity companies are going private
- Splunk and Palo Alto beef
All that and more, on this episode of Enterprise Security Weekly.
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
Transforming the Defender’s Dilemma into the Defender’s Advantage – Charlotte Wylie, Bhawna Singh, Lenny Zeltser – ESW #381
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here!
The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage
The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers.
Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org.
Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/
Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link.
Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
Cybersecurity Success is Business Success – Renuka Nadkarni, Theresa Lanowitz – ESW #380
Secure by design is more than just AppSec - it addresses how the whole business designs systems and processes to be effective and resilient. The latest report from LevelBlue on Cyber Resilience reveals security programs that are reactive, ill-equipped, and disconnected from IT and business leaders.
Most security problems are out of security teams' hands. Addressing them requires input, buy-in, and action from business leaders and IT. Security cannot afford to be separate from the rest of the organization.
In this interview, we'll discuss how we could potentially solve some of these issues with Theresa Lanowitz from LevelBlue.
Segment Resources:
- Grab your copy of the LevelBlue Futures Report on Cyber Resilience
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Implementing SASE can be tricky and onerous, but it doesn't have to be. Today, we discuss Unified SASE as a Service with Renuka Nadkarni, Chief Product Officer at Aryaka. Particularly, how can Unified SASE make both networking and security more flexible and agile?
IT and security professionals need to ensure secure and performant applications and data access to all users across their distributed global network without escalating cost, risk or complexity, or sacrificing user experience.
This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryaka to learn more about them!
Finally, in the enterprise security news,
- HUMAN, Relyance AI, and watchTowr raise funding this week
- Alternative paths to becoming a CISO
- Vendor booths don’t have to suck (for vendors or conference attendees!)
- Budget planning guidance for 2025
- CISOs might not be that great at predicting their own future needs
- Use this one easy trick to bypass EDR!
- Analyzing the latest breaches and malware
- You probably shouldn’t buy a Fisker Ocean, no matter how cheap they get
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
Community Knowledge Sharing with CyberNest – Ben Siegel, Aaron Costello – ESW #379
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
- Aaron's blog about the ServiceNow data exposure.
- The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.
In the enterprise security news,
- Eon, Resolve AI, Harmonic and more raise funding
- Dragos acquires Network Perception
- Prevalent acquires Miratech
- The latest DFIR reports
- A spicy security product review
- Secure by Whatever
- New threats
- Hot takes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segments
Cybersecurity Career Paths: from touring musician to purple teaming at Meta – Neko Papez, Brian Contos, Jayson Grace – ESW #378
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.
Segment Resources:
- CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models
- The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
- ForgeArmory provides TTPs that can be used with the TTPForge
- Wired, by Lily Hay Newman: Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls
- MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers.
- BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact
- BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc
This week in the enterprise security news, we've got:
- Torq, Tamnoon, and Defect Dojo raise funding
- Checkmarx acquires ZAP
- Commvault acquires Clumio
- Would you believe San Francisco is NOT the most funded metro area for cybersecurity?
- Auto-doxxing Smart glasses are now possible
- Meta gets fined $100M for storing plaintext passwords
- AI coding assistants might not be living up to expectations
- Worst Practices
- Dumpster fires and truth bombs
All that and more, on this episode of Enterprise Security Weekly!
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.
This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!
Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.
Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/
This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!