Enterprise Security Weekly (audio)

This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Sour

This week, in our first segment, we welcome Michael Ehrlich, Chief Technology Officer at IronNet to talk about Attack Intelligence, Collective Defense, & Trends to Watch! Then, Jackie Comp, VP Sales at Nok Nok & Rolf Lindermann, VP Products at Nok Nok, join for an interview about Where to Start Your Passwordless Journey! Lastly, in the Enterprise News for this week: Funding announcements from Seclore, Pangea Cyber, StackHawk, Xage, and more. Trends include Clouded Judgement, Crypto Muggings, Tourist Investors, and more! Segment Resources: https://www.ironnet.com/blog/what-is-attack-intelligence-and-why-do-you-need-it*****   Segment Resources: www.noknok.com https://www.youtube.com/watch?v=yQIwOx2XCSE   Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw274

This week, in our first segment, we welcome Yasser Rasheed, Global Director of Enterprise Client Sales at Intel to talk about Protecting Your Environment with Intel vPro platform! Then, Omer Taran, Co-Founder and CTO of CybeReady, joins for an interview about Overcoming Challenges in Multinational Phishing Simulations! Lastly, in the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua! In other news, all South Koreans are about to become one year younger! This segment is sponsored by Intel. Visit https://securityweekly.com/intel to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw273

This week, in our first segment, we welcome Prashasth Baliga, Senior Security Consultant at Palo Alto Networks to talk about Security Orchestration and Automation Simplified! Then, Ryan Fried, Senior Security Engineer at Brooks Running, joins for an interview about Getting Value from SOAR beyond Phishing Workflows! Finally, in the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw272

This week, in our first segment, we welcome Rich Mogull, the CISO of DisruptOps - FireMon to discuss The Turbulent Cloud Security Market! Then, Andrew Hindle, the Content Chair at Identiverse & Chair of IDPro at Identiverse, joins to discuss Digital Identity: The Cornerstone of Our Digital World! Finally, in the Enterprise News: Basis Theory raises $17 million funding round, Crunchbase Funding Round Profile, Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC”, Hivemapper Dashcam, Authtech, Twitter accepts Elon Musk’s $44 billion offer, Austin Peay State University on Twitter, Basis Theory raises $17 million funding round, & more! To register for our upcoming webcast with Rich Mogull on Deploying Cloud Applications Securely, visit https://attendee.gotowebinar.com/register/3131398543024475915?source=esw Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.fac

This week, in the first segment, we learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization! Then, we bring on a VC to provide an investor’s point-of-view! It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! Finally, in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya’s breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time - how many security vendors are on the list, Is the SE

In our first segment, we welcome Bob Erdman, Director of Development at HelpSystems to discuss The Role of Automation in Pen Testing! Then, Justin Tolman, Forensic Evangelist at Exterro joins us to discuss Forensic Challenges for Security Professionals! Finally in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck? Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests This segment is sponsored by Core Security, A Help Systems Company. Visit https://securi

In our first segment, we welcome Josh Snow, Principal Sales Engineer at ExtraHop to discuss Common Sense Steps for Implementing Shields Up! Then, Catherine Ullman, Sr. Information Security Forensic Analyst at the University at Buffalo, joins for an interview on Why Learning Offensive Security Makes You A Better Defender! Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why a

This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodci

This week, in our first segment, we welcome Zane Bond, Director of Product Management at Keeper Security, for an interview on How to Secure Your Secrets! We discuss how, Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords! Then, Erin Kenneally, Senior Director, Cyber Risk Strategy at Guidewire to discuss Cyber Risk, & how past ransomware incidents could lead to a call for cyber insurance industry adaptation! Finally, we dive straight into the Enterprise News for this week! In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and

This week, in our first segment we're joined by Johanna Ydergard, VP of Product at Detectify joins us to cover a brief overview of the attack surface market - what it is, why it’s necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify’s unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Next, Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems! Finally, this week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, N

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least

This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security’s newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this ep

This week, in our first segment, we welcome Jimmy Vo, Detection Engineer at Datadog for an interview on Detection Engineering in the Age of Cloud! Then, Brian Peterson, ICS4ICS Program Manager, ISAGCA Advocacy Program Manager, and LOGIIC Program Manager at International Society of Automation, joins us to discuss Incident Command System for ICS Improves Response to Cybersecurity Incidents! This week in the Enterprise News: eSentire raises $325M as it expands into services, Beyond Identity raises $100M to build out MFA, Secureframe raises $56M to help folks with SOC 2 and HIPAA compliance, Nashville-based Phosphorus Cybersecurity raises $38M to secure IoT devices (curious about the name - what kind of Phosphorus? Could be dangerous!), anecdotes raises a $25M Series A to compete in the same space as Secureframe (lots of money for folks that ease compliance pains!), Cloudflare acquires, Area 1 Security for $162M, Darktrace acquires ASM vendor Cybersprint, Snyk acquires Fugue, Andy Ellis drops an SBOM in his lates

This week, we welcome Mitja Kolsek, Founder, CEO at ACROS Security, to talk about 0patch - Security Patching That Doesn't Make Your Life Miserable! In the next segment, we welcome Vikram Asnani, Sr Director Solution Architecture at CyberGRX, to discuss Changing the TPCRM Game W/ Cyber Risk Intelligence Tools! In the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raises a totally legit $26.5M Series A, Vicarius and Calamu raise Series As,Permit.io, KSOC, Titaniam, Canonic Security, Allure Security, and SecureThings all pick up seed funding! We look at Big Tech’s cybersecurity funding and acquisitions, The rumor mill goes nuts over a Cisco/Splunk deal that’s probably not happening (maybe?) Why are cybersecurity asset management startups so hot right now? New products, unhelpful legislation, a major acquisition, & of course a few squirrel stories!   Show Notes: https://securityweekly.

This week, in our first segment, we welcome our own Tyler Robinson for a segment discussing how "To err is human, but the blockchain is forever"! Then, Branden Williams, VP of IAM Strategy at Ping Identity joins to discuss The State of Identity in the Enterprise! Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Glyptodon (I’m 90% certain Keeper hasn’t just purchased the remains of an ancient, long-extinct armadillo), SecurityScorecard acquires LIFARS, a DFIR consulting firm, There’s a rumor that Microsoft is considering picking up Mandiant with all the extra cash still laying around after the Activision/Blizzard buy, & DHS launches the first-ever cyber safety review board! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Note

This week, in our first segment, Attila Török, joins for an interview on Manages Security for A 100% Remote Workforce! After that, we welcome Darwin Salazar, Cloud Security Consultant at Accenture to take A Look at Microsoft's Cloud-Native SIEM! Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M Series E, Tenable acquires BAS vendor Cymptom, Orca swallows up RapidSec (sorry, had to), Cybereason confidentially files for IPO, KKR looks to offload Optiv, Cybersecurity startup trends of 2022, 1000 Unicorns, Infosec Startup Buzzword Bingo, We’ve got fundings, IPOs, acquisitions, take privates, a $3B seed round, legislation that makes sense - all kinds of exciting stuff today, on this episode of Enterprise Security Weekly! To register for Darwin’s upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Log4Shell: Impact and Lessons Learned! In the Enterprise Security News, Hunters raises a series C to continue building XDR, Anitian raises a $55M Series B, Four new startups emerge from stealth with seed funding, BugAlert is a new tool for notifying the public of new vulnerabilities, Turns out, Crypto.com WAS hacked, but it wasn’t Matt Damon’s fault, Who is at fault if a hacked car kills someone?, Merck wins - it was NOT an act of war, according to one court...Pearson is fined $1M for misleading investors about their 2018 data breach, Secrets of Successful Security Programs, & Why employees don’t care about your security policies! Lastly, we air a pre recorded segment with Adrian and Bikash Barai, Co-founder, CEO at FireCompass, to talk about Continuous Red Teaming Trends!   Show Notes: https://securityweekly.com/esw258 Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securi

This week, Rickard Carlsson from Detectify is with us to discuss a funeral for vulnerability management! Then, Will Clark from Accela joins us to talk about architecture and security in the trenches! In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!   Show Notes: https://securityweekly.com/esw257 Segment Resources: Visit https://securityweekly.com/detectify to learn more about them!

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter