Enterprise Security Weekly

This week, in the enterprise security news,

1. Cribl, Zafran, and US states raise funding
2. Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups
3. AI Security products are picking up steam
4. You probably shouldn’t be too worried about Yubikey cloning
5. Instead, you should be more worried about malicious npm packages!
6. The White House wants to fix BGP
7. SolarWinds has shady stuff in its source code, AGAIN
8. The challenge of bringing security to small business
9. Scams are getting quicker and more effective
10. how not to run a phishing test
11. and AI assistants rickroll paying customers!

We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.

This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!

Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.

For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.

A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!

Segment Resources:

• Keeper Press Release on the Partnership
• Williams Press Release on the Partnership
• Some more details from Keeper on why they chose to sponsor automotive racing

Visit https://www.securityweekly.com/esw for all the latest episodes!

Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This episode was initially published on April 21 2023.

Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future.

Segment Resources:

IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.

Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?

Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!

Boerger Consulting Resources:

• Email newsletter
• LinkedIn newsletter
• Book page
• Amazon book page

I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.

Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.

Segment Resources:

• ThreatLocker Solutions

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.

Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/

This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!

Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.

Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1

2) Holiday Hack Challenge - sans.org/holidayhack

Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, in the enterprise security news,

1. A funding that looks like an acquisition
2. And two for-sure acquisitions
3. Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year
4. Speaking of rumors, Crowdstrike did NOT like last week’s Action1 acquisition rumor!
5. Shortening detection engineering feedback loops
6. HoneyAgents
7. More reflections on Black Hat 2024
8. The attacker does NOT just have to get it right once
9. and the defender does NOT have to get it right every time
10. Remember BEC scams? Yeah, they’re still enterprise enemy #1

All that and more, in the news this week on Enterprise Security Weekly!

SquareX

With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.

This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.

Segment Resources:

• DEF CON talk abstract
• Enterprise use cases for SquareX
• Data Sheet
• Why Browser Native Solutions are better than Cloud Based Proxies
• Blog on the Many Failures of Secure Web Gateways

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!

Tanium

The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.

In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.

Segment Resources:

• The Future of Converged Endpoint Management is Autonomous Endpoint Management (AEM)

This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!

Swimlane and GenAI

Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Swimlane and ProCircular

ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.

Segment Resources:

• ProCircular Case Study
• ProCircular Web Site

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions.

Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.

Segment Resources: https://www.devo.com/defend-everything/

This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.

As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.

This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!

Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!

The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.

Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety?

We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel.

We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results?

Resources:

• PyRIT AI redteaming tool
• Microsoft's AI redteaming guide

We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th.

References

• DarkReading: Knostic Wins 2024 Black Hat Startup Spotlight Competition
• Knostic's Website

, in the enterprise security news,

1. AI is still getting a ton of funding!
2. Netwrix acquires PingCastle
3. Tenable looks for a buyer
4. SentinelOne hires Alex Stamos as their new CISO
5. Crowdstrike doesn’t appreciate satire when it’s at their expense
6. Intel begins one of the biggest layoffs we’ve ever seen in tech
7. Windows Downdate
8. RAG poisoning
9. GPT yourself
10. The Xerox Hypothesis

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access?

Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work.

We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger".

There's plenty of content out there detailing how vendors fall short:

• scummy, aggressive sales tactics
• overuse of jargon and buzzwords
• sneaky sales tactics
• dumping on competitors
• products that fall far short of claims
• ambulance chasing

So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations.

We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry.

This week, in the enterprise security news,

1. over half a billion in funding, as everyone gets their pre-Blackhat announcements out!
2. Mimecast picks up Code42
3. Will Cato Networks IPO?
4. Canarytokens update
5. We still have some crowdstrike fallout to discuss
6. CISO responses to SEC rules
7. Making things secure without security tools
8. tips for going SOCLess
9. denial of service robots

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

The emergence of generative AI has caused us to rethink things on two fronts:

1. how we consume threat detection data, as defenders
2. how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities

But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to security operations, just as Gartner announces that AI is hitting the trough of disillusionment. What better time to dispel the hype and focus on where real progress can be made?

Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations.

We'll talk about what has changed here, and I have so many questions:

• after many generations of AI/ML technology in security, is the current gen really that dramatically different?
• Dropzone is far from the only startup with the same idea here, how will they differentiate?
• Is the problem that we need more help than we can possibly hire, or are we fundamentally doing something wrong in security operations?
• Specifically, what is this tech doing to help?

Finally, we'll wrap by talking about where this tech goes next, and can we get there with current technology, or are we dependent on more breakthroughs from companies like OpenAI, Anthropic, and Meta?

This week, on Enterprise Security Weekly, we've got:

1. Identity Security gets more funding
2. Wiz walks away
3. BlackHat Announces Startup Spotlight Finalists
4. Crowdstrike post mortem
5. Simple Security Tricks are the Best Security Tricks
6. Splitting the CISO role
7. Web scraping for AI is out of control
8. SEC vs Solarwinds
9. Vaping the Internet

Visit https://www.securityweekly.com/esw for all the latest episodes!

In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries and the best entry points into the field. Next, we tackle the critical issues plaguing the cybersecurity industry despite its rapid growth and increased influence at the board level. We ask why, despite ample resources, are failures more prevalent than ever? Lastly, we cover significant news in enterprise security, including the rumored historic acquisition of Wiz by Google, recent company acquisitions, and the evolving concept of shared responsibility in cybersecurity. Join us for a comprehensive discussion that spans career guidance, industry analysis, and the latest news in enterprise security.

Visit https://www.securityweekly.com/esw for all the latest episodes!

I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here.

We'll cover a variety of topics in this interview, including:

• Why Henrique chose to go to Saviynt from Gartner
• Vendor risk concentration in identity
• Resilience in identity, especially when depending on a SaaS IdP
• Identity attack evolution (and the creation of the ITDR category)
• What's working in identity to move things forward, and what is holding us back

This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them!

In this week's enterprise security news,

1. Seed rounds are getting huge
2. Lots of funding for niche security vendors
3. Rapid7 acquires Noetic Cyber
4. but Rapid7 is also rumored to sell itself!
5. Slack battles infostealers
6. The loss of Chevron deference impacts cyber
7. Should cybersecurity put up a no vacancy sign?
8. Figma and Google both make some embarrassing mistakes
9. The RockYou2024 file does NOT contain 10 billion passwords
10. I introduce a new news category: AI indegestion

All that and more, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!