The end of the road for some cyber startups & making detection actually work! – Vivek Bhandari, Vivek Ramachandran, Mike Lyborg, Brandon Potter – ESW #373
Full Audio
View Show IndexSegments
1. The end of the road for some cyber startups & making detection actually work! – ESW #373
This week, in the enterprise security news,
- A funding that looks like an acquisition
- And two for-sure acquisitions
- Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year
- Speaking of rumors, Crowdstrike did NOT like last week’s Action1 acquisition rumor!
- Shortening detection engineering feedback loops
- HoneyAgents
- More reflections on Black Hat 2024
- The attacker does NOT just have to get it right once
- and the defender does NOT have to get it right every time
- Remember BEC scams? Yeah, they’re still enterprise enemy #1
All that and more, in the news this week on Enterprise Security Weekly!
Announcements
To ensure that you don’t lose access to the Security Weekly content you know and love, please make sure that you subscribe to your favorite podcasts feeds on an alternative platform such as Spotify, YouTube Music, Amazon Music, Apple Podcasts, Overcast, Podcast Addict, PocketCasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now!
Hosts
- 1. FUNDING: Kiteworks Private Content Network (“PCN”) Vision Validated by $456M Growth Equity Investment From Insight Partners and Sixth Street Growth
Funding, or acquisition? A $456M round led by Insight Partners and Sixth Street Growth values Kiteworks at just over $1B. We can't be sure, but those numbers don't make sense unless a LOT of equity just traded hands. Like, the majority of ownership in the company.
- 2. ACQUISITIONS: Mimecast acquires Aware
- 3. ACQUISITIONS: DigiCert to Acquire Vercara, Strengthening Its Position as a Leader in Digital Trust
- 4. ACQUISITION RUMORS: VP CorpDev at Crowdstrike calls out Action1 M&A rumors
These Action1 M&A rumors struck a nerve with Gur Talpaz, VP of Corporate Development at Crowdstrike. He claims that Crowdstrike had one 45 minute conversation with Action1, nothing more. No execs on that call, no senior folks at all, no NDA, no due diligence activities.
Then he says, months later, this rumor emerges. I think he takes it a bit far when he says, "this behavior destroys trust and undermines the credibility of our industry." I think this says more about the credibility of the organizations reporting the rumors, personally. And these rumors pop up so often, I don't think anyone is taking them too seriously.
- 5. OPEN SOURCE: Shorten your detection engineering feedback loops with Grimoire
This is a very cool project, but also struck me as a bit odd. This open source project simulates attacks to help you understand what an attack might actually look like - what events you should expect to see in your logs when an attack occurs.
But shouldn't this be well documented, institutional knowledge in our industry? Shouldn't this be baked into every SIEM? Shouldn't this be the very heart of every XDR and MDR service?
This story came from Darwin's newsletter, The Cybersecurity Pulse (TCP), issue 57. Check it out!
- 6. NEW FEATURES: Orca Simplifies Azure Policy Creation With Generative AI
But can't you just do this with a $20/mo ChatGPT subscription?
This story came from Darwin's newsletter, The Cybersecurity Pulse (TCP), issue 57. Check it out!
- 7. OPEN SOURCE: mrwadams/honeyagents: HoneyAgents
"HoneyAgents is a PoC demo of an AI-driven system that combines honeypots with autonomous AI agents to detect and mitigate cyber threats. Features include intelligent threat analysis, automated deny list updates, and detailed natural language threat reports."
Lots of folks saying that autonomous AI agents will be the next big AI breakthrough.
- 8. CONFERENCES: Reflections on Black Hat 2024 – Francis Odum
Some interesting insights here:
- "AI buzz was subdued compared to RSA"
- Companies' booths look better than their products
- Undeployed capital
- Israelis not slowing down
- Lots of high quality security leaders present
- Buyer's market
- Highest spending on SOC and identity
- New wave of founders
- and more!
- 9. ESSAYS: Transform the Defender’s Dilemma into the Defender’s Advantage
Preach!
- 10. ESSAYS: Azure outages should spark new urgency for a multi-cloud approach
- 11. REPORTS: EPSS A Visual Exploration of Exploits in the Wild – Cyentia Institute
One of two new reports from the always excellent Cyentia Institute.
- 12. REPORTS: IRIS Ransomware – Cyentia Institute
One of two new reports from the always excellent Cyentia Institute.
- 13. AI THREATS: Slack AI can leak private data via prompt injection
We definitely saw this coming! It won't be the last case of this, either.
- 14. BREACHES: BEC scam costs Orion nearly $60M
Just a reminder that BEC scams are still a thing, they involve little to no hacking, and still do more direct damage than ransomware.
- 15. REPORTS: Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
The always excellent source of DFIR wisdom and details has a new post out.
- 16. TRENDS: AI will create a tidal wave of vulnerable software, researcher predicts
Will it though? Will we even notice? After all, AI is just emulating existing levels of software dev quality, right?
- 17. SQUIRREL: Apple Pushes Ahead With Tabletop Robot in Search of New Revenue
In the search for new markets to dominate, Apple has a lot of weird stuff going on behind the scenes.
2. Secure Web Gateways Have Failed Us & Using AI to Prevent the Next CrowdStrike Outage – Vivek Ramachandran, Vivek Bhandari – ESW #373
SquareX
With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.
This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.
Segment Resources:
- DEF CON talk abstract
- Enterprise use cases for SquareX
- Data Sheet
- Why Browser Native Solutions are better than Cloud Based Proxies
- Blog on the Many Failures of Secure Web Gateways
This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!
Tanium
The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.
In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.
Segment Resources:
This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!
Sponsored By
Guests
Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.
Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages.
He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets.
In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
As the Vice President of Product Marketing, Vivek Bhandari leads the organization responsible for positioning, messaging, and go-to-market strategies for Tanium’s products globally. Prior to Tanium, Vivek led product marketing for VMware’s network security business. Before VMware, Vivek held leadership roles in product management at Google Cloud, Area 1 Security, Cisco, and VeriSign, working on enterprise security products. Vivek has a master’s degree in Computer Science and a bachelor’s degree in Electrical Engineering.
Hosts
3. Let’s Get Real About Where AI can Help SecOps & AI, Automation & Low-Code – Mike Lyborg, Brandon Potter – ESW #373
Swimlane and GenAI
Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Swimlane and ProCircular
ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.
Segment Resources:
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Sponsored By
Guests
For over 15 years, Michael Lyborg has been a trusted leader in the information security space. He is known for his most recent experience as the Chief Information Security Officer (CISO) at Swimlane, the leader in automation for the entire security organization. During his time at Swimlane, he has also served as the Vice President of Global Consulting Services, and successfully led engineering teams and authored controls, policies, plans, and procedures for various compliance certifications, including SOC2, ISO 27001, and CMMC.
Previously, Michael made valuable contributions to Heska Corporation as the IT & Security Operations Manager. He has also served as an Operations Manager for the Marine Special Operations Command, following his service as Chief Instructor at the Marine Special Operations School and as an Infantry Leader of the 2nd Marine Division in the United States Marine Corps.
With over 20 years of experience in Information Technology, including 14 years in cybersecurity, Brandon Potter brings a wealth of knowledge and a dynamic approach to the industry. He excels at forging strong partnerships with clients, understanding their unique business objectives, and developing tailored cybersecurity strategies. Brandon’s ability to resonate with both executives and technical teams highlights his expertise in balancing budgets, personnel, compliance, and real-world security measures.
Currently serving as the CTO at ProCircular, Inc., Brandon leads a distinguished team of cybersecurity experts. Under his leadership, red, blue, and purple teams rigorously test and fortify organizational security from every angle. By aggressively tracking cybersecurity practices and emerging threats, he fosters continuous improvement in both his team and his approach, consistently delivering unmatched quality of service. Brandon’s commitment to fostering an environment of excellence solidifies his reputation as a leader in the cybersecurity industry.
Host