RSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360

RSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360

by Security Weekly

Trending Podcast Topics, In Your Inbox

Sign up for Beacon’s free newsletter, and find out about the most interesting podcast topics before everyone else.

Rated 5 stars by early readers

By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.

Topics in this Episode

Chrome PRODUCT (x9)Darwin PERSON (x8)CNAP ORG (x8)Adrian PERSON (x6)LinkedIn ORG (x5)Cisco ORG (x5)CrowdStrike ORG (x5)WIS ORG (x5)Chris Ferris PERSON (x5)tyler PERSON (x4) & 179 more topics

About This Episode

67:00 minutes

published 16 days ago

English

© 2024 CyberRisk Alliance

Speaker 20s - 108.34s

Graylog ORG is on a mission to make threat detection and incident response easier, faster, and more affordable. They help cybersecurity teams reduce risk across attack surfaces with SIM, log management, and API security solutions. Their newest offering, Greylog PRODUCT API security, adds a new layer of defense by discovering rogue APIs, monitoring for threats from inside the perimeter, and providing detailed guided responses. Full fidelity capture of API requests and responses ensures you can perform complete investigations and meet regulatory requirements. Some popular and persistent API myths have almost become threatsthemselves. Go to securityweekly.com forward slash graylog and watch the video there to debunk the top five misconceptions surrounding API security. Welcome back to Enterprise Security Weekly ORG. A few announcements here. Security Weekly listeners can save $100 on their RSA ORG conference, 2024 full conference pass.It's next week, so if you're going to do it, you should probably do it as soon as you're hearing this. It's all day next week, Monday through Friday in San Francisco GPE, and on demand if you're not going out there. To register using our discount code, please visit securityweekly.com for it slash RSAC24 and use the code 5 for you sec weekly. We hope to see you there. And on the evening of Monday, Mayth, 2024, W2 Communications and Cyber Risk Alliance ORG are bringingcyber tacos back to San Francisco GPE. If eating free tacos, sipping on margaritas, and mingling with cyber professionals from all over the world, sounds good to you. Make sure to register to secure your spot. You can visit security weekly.com forward slash cyber tacos to RSVP today. I just love saying cyber tacos.That's a lot of fun.

Speaker 1108.34s - 109.3s

Over tacos.

Speaker 2110.68s - 159.52s

Now for the Enterprise Security Weekly News, you can check out Securityweekly.com for it slash ESW360 if you want to follow along as we go through the news. Likely we won't get to everything. There's so many things I didn't have timeto get in my usual level of notes. Usually my show notes are enough for a newsletter almost. But there's just so much going on this week, guys. We've got RSA next week.So everybody's, all the marketing departments are all, you know, firing all their messaging out of their cyber marketing cannons. And then we've got Verizon dropping the DBIR, mandiant dropping M-Trens PRODUCT.All the reports are coming out, you know, which is also effectively marketing for some of these companies. So there's a lot to talk about.

Speaker 1160.56s - 167.54s

Oh, it's a week, Adrian PERSON. Holy smokes. And the hits keep coming literally every single day this week. It's incredible. Yeah.

Speaker 0167.6s - 174.16s

Yeah. Hard not to get whiplash these days. All right.

Speaker 2174.66s - 204.12s

Let's see. So I actually thought I had it pulled up here. I'm pulling up now. And let's see. Yeah, so a big one there up top is Island pulling down 175 million. You know, so their main competitor, Talon, already got picked up by Palo Alto ORG here.How far do you think these guys can go with an enterprise browser?

Speaker 1205.38s - 216.1s

Buddy, at what point do we stop bagging on secure browsers? I feel like I've been bagging on secure browsers forever. And now it's like somebody is shoving humble pie right in my face.

Speaker 2217.5s - 225.56s

I mean, you know, Fire Eye ORG IPOed on something that, you know, wasn't a thing that didn't really have market fit.

Speaker 1226.24s - 227.24s

So I don't know.

Speaker 2227.34s - 227.92s

They got to.

Speaker 1229.34s - 234.52s

There's no way to get 175 on three without at least some kind of revenue. I mean, some serious freaking revenue.

Speaker 2234.52s - 238.66s

And I think I'm just going to have to tell you L stamp it on my forehead.

Speaker 0238.94s - 239.3s

I'm wrong.

Speaker 2240.24s - 300.66s

Well, so, you know, I think it takes a little bit more because remember these companies came out of stealth, what, like two years ago? Like, like, I mean, I think it takes a little bit more because remember, these companies came out of stealth, what, like two years ago? Like, like, I mean, some of these original contracts, like, they, they probably haven't wrapped, you know, they probably haven't hit renewals yet, you know, it's. So with Fire Eye, it took after the IPO, really, you know, it took five or six years for us to find out that they were having some serious churn. Customers didn't realize what they had bought. They didn't understand it. And I think that's a verydifferent situation than what we have here. It's a much easier product to understand. I think here it's just, are people going to get the level of value out of it that I don't know what these guys are charging, but I imagine it must be at least 30 bucks a seat for something like this. Like it's not, you know, costing companies the same amount as any malware, you know, or endpoint protection or something like that. I'm imagining this is a not a cheap product.

Speaker 1301.06s - 356.4s

I head up a person in the know when this news dropped with my quote that I sent him was holy smokes on the island to raise. WTF haven't we learned from overraising? And this particular person in the know is very well connected and basically sent me back. Nope. This one's real. And I was shocked. Like this person is a kind of guy and and this person is going to know, right? This is absolutely real. There's a real market being formed here. There's disruption occurring and that this particular company is going after a space that they think they can make a realmulti-billion dollar run at. So I honestly, I'm just going to take the L. I'm going to, I'm going to take the L and say that I'm wrong. The secure browser and, you know, the bigger picture of maybe like a VDI style play is, is something that it has a longevity. And Darwin, I'd love to hear your thoughts on Island ORG and the VDI and the secure browser space in

Speaker 0356.4s - 446.38s

general. Yeah, 100%. I think with Tallinn getting scooped up, I think last year for a 625 mil by Palo Alto, it leaves only one or two other competitors in the space with Island ORG. And so when it comes to, they came out of stealth in February of 2022. And to raise a series D of this size 175 mil at a $3 billion valuation, it speaks a lot to how well they've been executing. I think they're way past product market fit.And if we think about what has changed in the security landscape over the past year, it's that generative AI and corporate end users having access to these tools and potentially leaking sensitive data to chat bots or chat GPT, that is a true risk. And so maybe this is something that they're also focusing on and leveraging as a new segment that they're targeting or a new problem that they're targetingthat is very prevalent in the enterprise today. So backed by Sequoia and Kotu, so pretty reputable backers. It'll be interesting to see if they get scooped up. I'm not sure how much it's like room to run they have. And I also in a kind of cynical way that sometimes think to myself, like, why can't Google Chrome PRODUCT just like add a bunch of security features and just give it away for free? They have the money to do it. And in my opinion, they have the duty to do it.So this is an interesting space.

Speaker 1447.7s - 449s

So, Andrew PERSON, I have a quick question.

Speaker 0449.16s - 512.8s

I have a quick question, and I'd like your thoughts on this particular point. I read in an article this week. I don't know if it was Tom Tungis PERSON or somebody else who had written this. But they brought up the point that the super high growth companies that, and you mentioned two years ago, they've essentially, I learned what, two or three years old, really, at this point? Yeah, too.It takes that many years to actually determine the churn in your business, meaning you sell one-year contracts early on, you maybe make it to the second, to the first re-up, and they re-up for another year, two year, or even three years. But you really can't, as a SaaS company, you really can't understand the churn on your business and whether you have true PMF for at least one, if not two or three years. So I wonder, is this market maybe just not hitting the churn point yet? And they're just still having the hypergrowth curve and they run some risk on the potentialfor turnover time. That's going to be an interesting to track, interesting thing to track with this particular market.

Speaker 2514.1s - 682.94s

Yeah, I think a big factor here also. I mean, this is still something that's very true of security products where there is value in whether or not something you buy makes you feel secure, regardless of whether it actually reduces or has any impact on risk. And, you know, I've kind of got a different take on the AI stuff. Like, I've gotten pretty deep with this stuff. And honestly, like, I think there's little to no risk of putting your data in a promptin it popping out in somebody else's output. You know, that's not part of your company. Or even that is part of your company. You know, looking at the way LLMs are trained, you know, I think if there is any risk there, it's the same as any other SaaS service. Like when ChatTPT had a, there was a bug in the Redis database, and one day people loggedin and were just seeing other people's stuff, had nothing to do with the fact that it was LLMs or with the training models. It was just a database software had a bug in it and was serving up the wrong data to the wrong people. So I think the risk with using these AI chatbots is roughly the same as any other SaaS service. And absolutely a browser is a great place to be right now because a lot of people are kind of scared of that. I've done over 30 advisory calls on Microsoft ORG co-pilot.And I've got it all fired up in my own Microsoft 365 PRODUCT tenant. I've studied all the architectural stuff that I could find on it. And that's kind of where I've landed with it. And I'm still going to say enterprise browsers, I still see being pretty niche. You know, I don't see it filtering down. I don't, I don't see it becoming something regulations are going to require.I don't see it filtering down to the mid market or small businesses. You know, I think Chrome PRODUCT will come up. And they do have some enterprise security features for free. So Chrome Enterprise PRODUCT, there's like a core, I forget what they call the product, they keep changing the name, taking a page out of Microsoft ORG's book, rebranding stuff every couple of years.But they do have a paid version, a nonpaid version. And I think they will change that to be whatever is good enough, right? You know, like Island ORG will always have kind of like a premium offering there. They'll always be able to kind of trump what they're doing there. But, yeah, I don't know. I still hear a lot of concerns from people about, okay,but what if they're not using their corporate device with Island ORG installed? What if they're not, you know, and the answer is kind of you don't even let them log in, right? You know, they can't even log into corporate systems unless they're using the correct browser. But that's pretty constraining. You know, people are used to accessing stuff from their mobile phones, from their tablets, from other devices. You know, I think it's a productivity hit if you're trying to exert that level of control over their browsing.Yeah, we'll see.

Speaker 1683.02s - 685.26s

We're going to have to watch this one closely. Yeah. I think it ends up a niche. over their browsing. Yeah, we'll see. We're going to have to watch this one closely.

Speaker 2685.42s - 789.36s

Yeah. I think it ends up a niche. And like Darwin PERSON said, I think, you know, it's an important note that this is not a big space. You know, this is not external attack surface management, you know, where two dozen companies pop up overnight. This isn't not even Casby, which had at least a dozen players in it at its peak, um, you know, but was also kind of niche, uh, I think. You know, this is, uh, the fact that there's only two, three, four companies in the space, like, like seriously,there's some that are adjacent to it, you know, using like Chrome PRODUCT plugins or something like that, you know, but, but really, you know, with a, uh, a full chromium backed browser, you know, using like Chrome PRODUCT plugins or something like that, you know, but, but really, you know, with a full chromium backed browser, you know, we've only got two or three in the space. We got surf. We got Tallinn, which is now Palo Alto Prisma PRODUCT browser or something. I forget what they rebranded it as, but it's a, it's part of the Prisma Sassy PRODUCT, a platform,I believe now. And, yeah, yeah, I think we'd see others pop up. You know, it kind of reminds me of Invincy and Bromium, you know, where there are really only two big ones there. And Invincia decided to pivot into NextGen AV and got a good exit to Sophos ORG. And Bromium did not get a good exit to HP ORG out of that.You know, they kind of stuck to the microvirtualization thing with their secure browser. And, yeah, it was not a great exit for them. All right. Let's see, Corlite ORG. Corlite ORG is the, that's the IDS-IPS, right? That's based on Zique PRODUCT?I think it's a Zique-based? Correct.

Speaker 0789.82s - 792.62s

Yeah, their network detection and response play.

Speaker 2793.3s - 805.38s

They just raised Series E, 150 mil. And this one is interesting. They're backed by Cisco Investment Crowdstrike ORG, and also the round was led by a cell.

Speaker 0806.38s - 808.66s

I haven't, this is like the first time.

Speaker 3808.82s - 809.06s

Big names.

Speaker 0809.7s - 878.44s

Yeah, huge names, right? And also when you get the backing of someone like CrowdStrike or Cisco ORG, another security vendor, it obviously speaks levels to the type of product and how much traction they're seeing in the market. I think that with cloud and microservices, network security is much different than the traditional approach that we were taking maybe like 10 years ago.And so it requires like newer and different approaches. It seems like they're doing something with AI and they're plugging directly into seam and source solutions. So streamlining some of that analysis, whether it's through enrichments or correlation on what they're seeing across the entire network. So this one's interesting.It brings to mind also the network security startup that Barrett Lion ORG also founded sometime last a couple of years ago. I'll come back to it. Netography, very similar to notography, it sounds like. So this is a unique space, a very difficult problem to tackle, and it's good to see that it's based on Zique PRODUCT.

Speaker 2879.38s - 880.6s

Yeah, Martin Resch PERSON, right?

Speaker 0880.86s - 885.48s

Yeah, yeah, it reminded me that also.

Speaker 2885.58s - 896.66s

But Corlite ORG's been around for a while, I feel like. I don't know when they're founded, but I feel like they're at least 10 years old at this point. Nice.

Speaker 3897.58s - 899.62s

But, yeah, it seemed pretty steady.

Speaker 2899.74s - 922.14s

I've heard good things about them. You know, I think they're more, like I think of a, as a direct competitor to Dark Trace PRODUCT, which had an acquisition exit, which we'll talk about in a bit here. So that can't be bad for him, right? You know, the fact that Dark Trace PRODUCT had a, what looks like a pretty good exit. I think it was like, anybody calculated?I think it was like 17X, something like that.

Speaker 0923.18s - 926.34s

Was Dark Trace PRODUCT? Not sure what the multiplier. Not sure what the multiplier there was, butx, something like that. Was, was not sure what the multiplier.

Speaker 2927.52s - 931.84s

Not sure what the multiplier there was, but I know they got to acquire for 5.4 Billy,

Speaker 0932.76s - 938.66s

which is a, that's a number that I think only private equity can pay out at this point.

Speaker 1938.96s - 942.22s

So Toma Bravo ORG continues to build out their security portfolio.

Speaker 0943.44s - 947.48s

I think it was 650. was their revenue for 20,

Speaker 2947.48s - 953.7s

2023, so that comes out to 8.3x by my calculations.

Speaker 0954.26s - 958.24s

So, yeah, not a terrible exit, not for a PE anyway. Yeah.

Speaker 2962.32s - 973.38s

Any thoughts here, Tyler? On Dark Trace PRODUCT? I wouldn't have guessed to see them go that far. Yeah, I mean, it's not a company you hear a lot of great things about.

Speaker 1974.06s - 977.68s

Were they publicly traded? They were not, right? They were privately held before this P.E. ORG acquisition?

Speaker 2977.92s - 981.2s

I thought they went public on the London Stock Exchange ORG.

Speaker 1981.2s - 1015.46s

On the London Exchange ORG. Right. Okay, that's what I thought. That's why I asked. Does it take private, right? So it's thrown off enough cash to, for somebody to look at and go, yep, we can squeeze this.We can lever it up. We can make the math work on the financial side of the business to take a private, lever it up, and re-publicate or resell it off, right? So, you know, I don't think there's anything interesting necessarily and unique that's indicative of any market trends or anything here other than, hey, it's another PE scoop up where they're going to squeeze blood from the turnup, right?That's the playbook.

Speaker 21016.18s - 1024.06s

Yeah, almost exactly three years ago, they went public in April 2021 on the London Stock Exchange ORG. Yeah.

Speaker 11027.18s - 1028.02s

All right.

Speaker 21028.86s - 1047.28s

Let's see. I didn't, you know, like I mentioned, I didn't have time to really do a lot of deep research into any of these. I did look at Oasis PRODUCT. I'm trying to remember what they do. I thought it was kind of, yeah, non-human identity management. So I thought that was kind of interesting.

Speaker 11047.28s - 1050.32s

Machine identity? Yeah, machine identity.

Speaker 21050.92s - 1059.98s

So that's their Series A extension. So that gives them a total of 70 mil on their Series A. Extensions are always interesting.

Speaker 11060.08s - 1063.14s

It feels like there's lots of companies doing extensions for numerous reasons right now.

Speaker 21063.14s - 1069.82s

It wasn't one of those like two years later extensions though. Like the original series A was August.

Speaker 11070.6s - 1072.82s

Yeah, you can't over read into the extensions, right?

Speaker 21072.82s - 1078.34s

Because the extensions could be two years later we can't raise so we're doing an extension, right?

Speaker 11078.68s - 1135.02s

And often that's one path. The other path is, hey, we just finished raising and the interest is so strong that three months later, we go ahead and we do an extension where we decided we'll take more in, right? So it's tough to know exactly what the driving factor behind an extension round could be. But in this particular case, you said August to now, it's probably more the demand is there. The company's probably healthy and doing well. And I swear in the last two weeks, I've seen the investment jump, the investmentdisclosures, PR's, press releases jumping pretty drastically. And Darwin PERSON might have a better insight into the numbers because I know he writes up, he writes up a lot of this stuff in his cybersecurity pulse newsletter, which I highly recommend you subscribe to. He's probably got a little bit of better understanding of that. But it feels like it might be one of those situations where investors are looking at it goingthe bottoms here, the bottoms here. Let's just start plowing money into the end of the market. Or is it the pre-RSA effect?

Speaker 21135.98s - 1136.78s

I think it's combo player.

Speaker 11137.7s - 1139.08s

Macro plus pre-RSA timing.

Speaker 21139.32s - 1143s

And not only that, but it's pre-RSA timing, but these things were not closed this week.

Speaker 11143.42s - 1152.18s

These things were closed one, two, three, four months ago. and they sit on the news to announce it right before rsa EVENT yeah right

Speaker 31152.18s - 1162.72s

yeah and i've certainly see the amount um per round has increased uh we've seen like much larger

Speaker 01162.72s - 1166.14s

later like uh series eight to Series C's.

Speaker 31166.64s - 1172s

But another thing that I've been noticing is that seed rounds have stayed low.

Speaker 01172.78s - 1178.92s

So it's not like we're going back to 2020 and pandemic level type of rounds where

Speaker 31178.92s - 1182.2s

someone may raise like 15 mil for a seed, 10 mil for a seed.

Speaker 01182.68s - 1186.4s

One example is Run Reveal, who will cover, they raised 2.5 mil for their seed 10 mil for a seed one example is run reveal who will cover they raised a 2.5

Speaker 31186.4s - 1193.6s

mil for their seed just this past week and folks are folks can do more with less today because of

Speaker 01193.6s - 1212.88s

AI and like having a much more scrappier mindset and focusing on bottom line revenue versus growth at all cost so for the earlier rounds folks are already taking in less money so that they can prove out that they have PMF and then for the later rounds it seems are already taking in less money so that they can prove out that they have PMF. And then for the later rounds, it seems like they're taking on more capital so that they can expand into more markets and things of that nature.

Speaker 11214.06s - 1216.82s

It's such a healthier way of doing business too.

Speaker 01217.18s - 1226.94s

Like, let's not overinvest early. Let's make sure we can actually hit PMF. Let's make sure we can create a business that the market actually cares about before we funnel, you know,

Speaker 11226.98s - 1233.92s

just ungodly amounts of capital into the into the playbook. Now, it still is mind boggling to me when these companies are taking $100 million round,

Speaker 01234.04s - 1235.28s

$70 million rounds. Like,

Speaker 11235.6s - 1283.52s

why do we need that in today's day and age? It's absolutely mind boggling to me. And the idea is, you know, blitz scale. The market ends up being a winner take all market. Therefore, you have to blitz scale, the market ends up being a winner takeall market. Therefore, you have to blitz the market so that you can be the one winner in market. But, you know, I'm half tempted to write an article about this because I'm not of the belief that many, if any, cyber markets are blitz scale required. I don't know that there's a situation where there's always one winner. I think it goes to three or four winners. And sure, you have to take some venture, take the fast route to be the four winners. And sure, you have to take some venture, take the fast route to be the top four.But you're not going to get boxed out if you're, you know, taking in a reasonable amount of money and growing in a healthy way. So, yeah, it's going to be interesting to see if the investment side actually learns from the Zerberer PERSON mistakes on this one. Well, put.

Speaker 01285.04s - 1290.34s

And I would love to see that article sometimes. So let me know if you want to partner up on that. I think it's,

Speaker 11290.34s - 1293.78s

Hey, man, absolutely. You and I both know how to write. Let's do this together. I'd love it.

Speaker 01294.24s - 1295.3s

Let's party. Yeah.

Speaker 11295.3s - 1295.76s

Love it.

Speaker 21296.9s - 1301.52s

Yeah, we got partnerships to talk about today, but we may be forming some right now. There you go.

Speaker 01302.02s - 1302.44s

Oh, yeah.

Speaker 21304.34s - 1306.04s

So jumping back to

Speaker 01306.04s - 1308.06s

Elicity ORG, you know, I'm not sure what's

Speaker 21308.06s - 1370.9s

going on there with identity-based micro segmentation. The only thing, or at least the initial thing that hits me, is edgewise network, which too bad Katie isn't here. Maybe she could weigh in.She was edgewise for a little while, which got acquired by Z-scaler a couple years back. And more than a couple. Wow, it's been 2020, almost four years now. And it's interesting, you know, with zero trust and everything, using identity to do segmentation,but I don't know if they're truly talking about connecting network segmentation and identities, or if they're using micro segmentation as like an analogy or metaphor for permissions, for access to systems and things like that. So, yeah, I don't know anything about the product here, you know, beyond what's on their website and the press release.But yeah, it could be interesting, but, you know, the kind of buzzwordy title, I don't know anything about the product here, beyond what's on their website and the press release. But yeah, it could be interesting, but the kind of buzz-worthy title, you know,

Speaker 01373.66s - 1426.72s

I think causes confusion than it helps. Yeah. I think we're seeing a lot of this lately where folks are, I wouldn't say rushing to use AI in how they describe the product, but it's, I've been seeing AI or AI-based AI-powered more in these product announcements, and it takes away from like, what problem are they actually solving? But when I go on to the Elicity ORG homepage, I see thatthe industries that they mostly operate in are in healthcare and IoT OT OT, which leads me to think. They're also talking about IoT devices,t, which leads me to think. They're also talking about IoT devices, obviously, of being at the edge. And so it's, and they plug into things like clarity, Armis PRODUCT, crowdstrike, and active directory. So it may be like an IOT identity play, which does, in fact, require a much different approach than cloud-based identity protection, for example.

Speaker 21427.4s - 1439.5s

And you'd have to expand your definition of identity to be like machine identity, right? Because in a lot of these cases, it's not a human that needs this access between network devices. It's machine to machine, right?

Speaker 01440.58s - 1467.12s

100%. And also, some of these sessions on medical devices may be capped at eight hours or just the time of the planned surgery, four hours for protection. So much more fine-grained security controls on the IOT-O-T space and definitely on the critical infrastructure side of things that requires a different approach. So this is interesting. I definitely am going to dig in a little bit more into the city.

Speaker 21468.68s - 1538.02s

Yeah, so there's, you know, it's, I think it's a great idea. I like microsegmentation as a philosophy as an idea that the principle of lease privilege applied to network access controls. And, you know, same thing for application control, right? You know, only allowing certain things to execute on boxes but you know the the killer's always been how to how to build those build out that rule set and maintain that rule set right you know like the first time ilumiopitched microsegmentation to me back in 2012 2013 um you know my first question was okay like like so you've gone from managing eight firewall rule sets to 8,000? Like, is that what you're telling me here? Like, how do you manage that? And I think pairing it up with identity might be a good way that they can solve that, you know,because it's one of these technologies I think is a good idea, but really hard to execute on, really hard to make it so that it's not just, you know, okay, you know, like this works, but you got to hire seven people to manage it, you know. I don't think that works for a lot of these products. You got to figure out a way to solve the management piece.

Speaker 01539.04s - 1586.92s

100%. Yeah, and this is why we're seeing a lot of vendors spinning up services arms so that they could help with the implementation because what's the point of buying a solution that's very complex to integrate it and fully deploy so that you can get the full value of it if you need five, seven people to manage it versus say a vendor has a services arm or they partner with like a consulting firm like in a center and Stingang ORG. This has been one of the biggest growth channels for Palo Alto ORG networks is those types of partnerships with like a Deloite or Center. And they help with the implementation and integration into these environments. So I would say huge plus one to the increasing trend of vendors having services arms. I think that helps out a lot.Yeah.

Speaker 21589.36s - 1589.92s

Definitely.

Speaker 31591.12s - 1598.84s

Though, you know, yeah, ideally, you know, less overhead for the product is also a great thing.

Speaker 21599.14s - 1681.66s

Like not having to just brute force it by throwing warm bodies at it. You know, I'm not sure how sustainable that is with some of these products, but we will find out in time. SafeBase PRODUCT is an interesting one. They have kind of a unique approach to third-party risk management where you get like you're, you can basically have your own web page that shows your current status like ofyour SOC2 PRODUCT, your last pen test and stuff like that. And you can approve one of your third parties to view it so they can download your latest pen test report executive summary or whatever. So kind of a neat idea of, you know, instead of filling out these Excel PRODUCT spreadsheet questionnaires, you know, your SIG lights, your RFPs, stuff like that, you know, we can just publish it, you know, publish the information. So what's the, there's another one that does that aswell. I'm blinking on the name, Cyber PRODUCT, Cyber something. But yeah, it's the idea of creating like a network of folks on, so the other one kind of requires you to use their platform, whereas this one doesn't. You know, you're publishing a web page, you know, so the other one kind of requires you to use their platform, whereas this one doesn't. You know, you're publishing a web page, you know, so you could go to a company name forward slash security and there's their safe base page that has like, we'll answer a lot of the questions that you have on these, on these questionnaires. Yeah, it's a consistent problem, I think, for a lot of

Speaker 11681.66s - 1689.1s

vendors in market, right? Especially the young startups that I tend to get involved with and work with. They get these RFPs with these, you know,

Speaker 01689.44s - 1695.6s

100, 200 questions on it about how they're doing their cyber functionality. And there's six people,

Speaker 21695.84s - 1730.46s

right? The company's six people. And it's like they don't, A, they don't have anything that you're stating. B, if they do, they'd have no way to prove it or show it, right? And so that ends up being this, oh, we want to sell to insert random massive bank here. We have to now spend the next three weeks implementing MFA, implementing this, implementing that, setting up this procedure,just so we can prove it, right? And there's a certain level of diligence that has to occur, right? And so I get it in the smaller companies, but as soon as you get to mid-size, it's just a super useful thing to have a one-page thing, hey, go here. That's all I

Speaker 01730.46s - 1735.06s

got to look at. Just go here. It shows everything, all our latest results, our latest pen tests,

Speaker 31735.12s - 1739.38s

our latest SOC data. Here you go, right? It's done. We've just answered your 500 questions.

Speaker 01740.12s - 1780.72s

Yeah. And I know Vanta has a similar feature for Trust Center ORG where you can create a web page for all of the certifications and audit reports that your company has and you just upload it there. And then on the flip side, I recently pulled HubSpots PRODUCT, SOC2 report, and they had the full auto report available. Though I had to log in and and request access to that file. Then they gave me timed access to it. And so there are some security features around these auto reports as well, and you have to have a paid user account to be able to pull that report, which is pretty interesting. But yes.

Speaker 21781.46s - 1784.46s

Were they using Safeface or Vanta ORG in that case?

Speaker 01784.84s - 1787.9s

Couldn't even tell because it was hosted on HubSpot.

Speaker 21787.9s - 1794.08s

And so I'm not sure what the underlying tech under it was. But it was streamlined security questionnaires.

Speaker 01795.02s - 1803.56s

It saves us all time and headaches. And like these are things that we have to do repetitively. And I love the fact that there are folks tackling this. Yeah.

Speaker 21803.96s - 1816.64s

Yeah, definitely. I think a vendor questionnaire GPT is a thing that's going to happen sooner, if not even, probably has already happened somewhere.

Speaker 11817.18s - 1822.08s

You know, because it pointed at my last 300 vendor questionnaire spreadsheets,

Speaker 31822.22s - 1826.06s

and you're just doing what those, you know, junior folks are doing.

Speaker 21826.18s - 1834.6s

They're just reading through the questions that we've answered, matching up the ones that match up, copy paste, copy paste, copy paste. Like a GPT can easily do that.

Speaker 11835.08s - 1838.18s

And a GPT can improve it. It's not even just copy paste.

Speaker 21838.26s - 1842.38s

It's also going to be like, oh, by the way, you're a better way to state what you wrote, you know?

Speaker 31844s - 1846.06s

Yeah, you copy paste 200 things. When a human does it, you know, you know? Yeah, you copy, paste 200 things.

Speaker 21846.26s - 1850.56s

When a human does it, you know, you get an error rate of at least five of those cells.

Speaker 01850.68s - 1860.34s

You copied and paste it into the wrong cells, right? Like the error rate will go down to zero if you use a GPT to do it. Yeah.

Speaker 21861.44s - 1865.42s

Yeah, and CyberGerex PRODUCT is what I was thinking of earlier. That was the other one doing this.

Speaker 01865.62s - 1879.46s

And the problem there is they've got, you kind of have to use their template. That's the thing I've heard people complain about is they don't want to use, you know, kind of dictates the template you have to use.

Speaker 21879.46s - 1920.54s

And there's often some disagreement there over what should be in that questionnaire and what they're willing to share. But yeah, let's see. Attega ORG, I don't know a lot about, looks interesting, looks like they're basically, they're building a product for MSSPs. And I think it's also around, it's compliance related, but I don't know exactly what they're doing here. Any of these that we really need to talk about before we move on?We've got three here with seed funding. Deepkeep has 10 million telescope five and then run reveal two and a half. So we're like going in half and in half again with seed funding here.

Speaker 11921.18s - 1931.44s

No, I think we're just in the air of, hey, we're hitting the bottom. Let's get some money back into the early stage, and let's be smarter about it in the early stage. As Darwin PERSON mentioned, the numbers look a little bit tighter.

Speaker 01932.56s - 1946.18s

100%. And there is one that recently came out this morning, new funding round for Strong Diem, who was funded by Timmy Pendergast, who I believe was either the founder at Twistlock or Redlock ORG,

Speaker 21946.28s - 1947.5s

which was acquired by Palo Alto ORG.

Speaker 11948.4s - 1951.18s

No, it was evident.I.

Speaker 01951.18s - 1952.18s

Evident.com.

Speaker 21952.18s - 1952.5s

Sorry.

Speaker 01952.78s - 1952.88s

Yep.

Speaker 21953.68s - 1958.84s

And they just raised 37 mil series B, I want to say.

Speaker 01959.02s - 1974.2s

Let me double check. But they're in the zero trust ham spot. And they're coming after a cyber arc if you follow Tim on LinkedIn ORG he's always posting hot takes and coming directly at cyber cyber arc's neck

Speaker 11974.2s - 1979.6s

so I think he's a pretty fun follow and I guess they're building some pretty cool stuff so

Speaker 21979.6s - 1985.44s

this was a he's a fun guy we we chatted a lot back in the evident days when I was an industry analyst.

Speaker 01985.68s - 1987s

I haven't talked to him in a little while.

Speaker 21987.52s - 1988.36s

Yeah, super smart guy.

Speaker 11988.48s - 2021.08s

I love the work he's doing. It's good to see him as a CEO of Strong DM ORG. If I recall correctly, don't hold me to this audience. But I believe Strong DM ORG was not founded by him. I think he's the second CEO, but I could be wrong there. But he's just a super smart dude, right?He knows how to do it. He's been down this path before, has had some successful exits, has done a significant amount of investing. And I just love on his LinkedIn, he's actually spent two years and four months in his career as, quote, chief couch officer of couch ventures, which I really need to put that

Speaker 02021.08s - 2026.36s

on my LinkedIn ORG at some point, because I need to learn to sit on the couch quite a bit more.

Speaker 22026.36s - 2035.74s

Yeah, he took a, I think he took a bit of a break after the evident, after he exited Symantec, which I think is where Evident PRODUCT ended up going.

Speaker 02036.04s - 2037.56s

But he's so damn witty, right?

Speaker 22037.62s - 2048.76s

He has strict responsibilities for increasing the ROI of seating surfaces in his abode, managing a seating budget and allocating time amongst various seating infrastructure while operating complex systems like Xbox and PS4 PRODUCT.

Speaker 12049.06s - 2053.7s

I have significant cloud experience in this role as I have thoroughly tested cloud video streaming

Speaker 02053.7s - 2063.62s

upon cloudlight cushioning capabilities of my seating infrastructure, cloudventures.io. Love it. Love it, Tim PERSON. Great work. Wow. I want to be that when I grow up.

Speaker 12063.88s - 2064.2s

Yes.

Speaker 02064.3s - 2065.78s

That's what I want to be for sure.

Speaker 12067.08s - 2069.5s

He's advertising a job posting.

Speaker 22069.62s - 2074.28s

He says, this job's so good, I can't container myself. It's a Kubernetes engineer.

Speaker 12074.74s - 2078.3s

He's just so freaking funny. I love the guy. So witty. That's great.

Speaker 02079.34s - 2084.04s

One of my favorite follows on LinkedIn ORG for sure. All right.

Speaker 22084.54s - 2149.12s

Let's see. So speaking of enterprise browsers, I kind of slipped in. I'm a bit of an ARC fanboy and ARC is officially out for Windows PRODUCT now. It's been out for Mac for a couple of years. The app that they have on iOS is amazing. Like you just give it a question, like something you want to research and it does all the research for you and just puts together a custom web page that you can share with other people. It's they build them. The browser company builds amazing products.And one of the things I really like about it is how I can easily segment up my different profiles. Like you can do different profiles on Chrome and on Brave, you know, but it's a little funky, like switching between them. On Arc PRODUCT, it's built from the ground up, like the UX's makes it very, like with just a swipe on the track pad, I can jump from my like M365 PRODUCT co-pilot testing environment, which is completely different credentials than my other one.So like I want that in a completely different Chrome PRODUCT profile, right? And it does use Chrome under the covers.

Speaker 12149.54s - 2153.12s

Adrian PERSON, here's what I must say to you. And for those that aren't watching on video, you should be right

Speaker 22153.12s - 2159.58s

now, Adrian, get off my lawn. I'm not leaving Google Chrome PRODUCT. I'm just not doing it. My workflows

Speaker 12159.58s - 2163.18s

work in Google Chrome PRODUCT. I'm not leaving it.

Speaker 22164.58s - 2165.4s

All right. All right. If you try it,'m not leaving it. All right.

Speaker 12165.4s - 2166s

All right.

Speaker 32166.8s - 2168.96s

If you try it, you'll love it.

Speaker 22170.06s - 2170.88s

Yeah, I did it.

Speaker 12171.4s - 2175.24s

I was going to say, I didn't think I needed like an updated browser experience

Speaker 22175.24s - 2177.42s

until I just heard your excitement explaining it.

Speaker 12177.48s - 2181.38s

And I'm thinking you should probably be an investor in ARC

Speaker 02181.38s - 2184.88s

because you've definitely convinced me to try it out.

Speaker 12185.04s - 2186.54s

So good stuff.

Speaker 02187.94s - 2189.78s

Yeah, yeah, it's amazing.

Speaker 22189.78s - 2217.12s

It's, it's got a lot of, I mean, they're definitely taking some risks there by default. It will archive your tabs and clean them up. You can disable that if you don't like that. But, I mean, it's pretty easy to get them back. And it keeps me from just really going too far down the rabbit hole and making too big of a mess. And there are just hundreds and hundreds of little things they've done that are just like,like, why didn't nobody else think of that, you know, type.

Speaker 12217.12s - 2227.9s

So what is. So for what it's worth, I tried it. I could not get into the workflow of it. Like it just broke too many flows for me. But you got to understand, I've lived in the browser forever.

Speaker 02227.9s - 2235.66s

So it is kind of an old man scenario for me. Like, I get it. I'm a Luddite. You know, anybody who's coming up,please try it. Adrian PERSON's probably right.

Speaker 22235.76s - 2236.9s

This is definitely a situation

Speaker 02236.9s - 2241.36s

where my old man tendencies are getting the better of me, but I just couldn't break free of Chrome PRODUCT.

Speaker 22241.52s - 2274.6s

If you don't try that, try, try arc search on, on your iPhone PRODUCT. Arc search is amazing. It's a completely different free of Chrome. If you don't try that, try, try, try Arc search on, on your iPhone. Arc search is amazing. It's a completely different type of tool than the browser on the, than the arc browser for the desktop.Its main purpose is to just do research for you. So I still use two different browsers on my phone. I still have Chrome PRODUCT on there, which I use for different things. But if I need to research something, I will just plug that in there, tell it to browse for me. And it goes out and it'll browse like 11 websites simultaneously and just bring you back all

Speaker 02274.6s - 2279.98s

the research results. It's great. Wow. I remember when we used to have to go to the library,

Speaker 12280.1s - 2287.42s

get this information. Yeah. You got to put your glasses on the tip of your nose like the old men when you say that, Darwin PERSON. Yeah.

Speaker 02287.92s - 2289.48s

I actually never had to get it.

Speaker 12289.48s - 2294.14s

I grew up in the in the internet world, so I'm just trolling you guys.

Speaker 02294.74s - 2295.38s

I did not.

Speaker 22295.62s - 2298.4s

It is like a little librarian on your phone.

Speaker 02299.2s - 2302.24s

That's actually a really good description of what it does.

Speaker 22303.84s - 2346.64s

So Nord Security ORG launched a new product. Very interesting. They've been launching a lot of new stuff. I think they launched like a whole like research lab. I think that was the last thing we talked about with Nord ORG, taking that VPN money and doing all kinds of interesting stuff with it.I'm not the biggest. I kind of hate their advertisements. I think they're the YouTube ORG advertisements are, you know, little, you know, kind of taking advantage of people who don't know how VPN's work. You know, saying it protects you in situations where it doesn't really protect you. Ladies and gentlemen, welcome to ESW ORG where we pull no punches.

Speaker 12348.7s - 2355.6s

But, you know, it's interesting to see where they're going to go from there because obviously they can't just build a VPN.

Speaker 22356.12s - 2357.8s

You know, so they're building out some other stuff.

Speaker 12358.04s - 2362.68s

This looks like EASM ORG product, you know, some kind of a tax surface management product.

Speaker 32363.46s - 2364.68s

Exactly what the world needs.

Speaker 22365.62s - 2366.16s

Another one. Yeah. Another one.

Speaker 12366.82s - 2367.82s

Another one.

Speaker 02371.74s - 2375.88s

Real quick, the AWS Security Hub ORG announced.

Speaker 12375.98s - 2378.68s

Yeah, I was just going to throw to you and have you talk about that.

Speaker 02378.86s - 2378.98s

Yeah.

Speaker 12379.08s - 2379.36s

Beautiful.

Speaker 02379.54s - 2384.5s

Yeah, I was super excited about this one, though I've spent most of my life in Azure and not much time in AWS ORG.

Speaker 12384.5s - 2389.46s

It was good to see that they're deploying like a resource tagging standard with 85

Speaker 32389.46s - 2397.36s

checks across multiple, like the most used AWS ORG services. And resource tagging is like a very,

Speaker 12399.52s - 2410.42s

like it's a crucial low effort, high ROI thing that security teams can do.

Speaker 02410.84s - 2415.66s

And kind of, I like to characterize it as one of the, like, living off the land and leveraging

Speaker 22415.66s - 2420.36s

these solutions that are available to you through your cloud provider and not going

Speaker 02420.36s - 2457s

and getting like super fancy security tools to do things for you. So resource tagging, it helps with like FinnaOps. So which cost center does this asset belong to? Which engineering or infrastructure team does this, does this asset belong to? What type of data is being stored in this S3 bucket? All of those types of things and assigning metadata to cloud assets helpsfolks orienter themselves to whatever resources may be involved in an event or an incident. And also, say you're bringing out a new teammate, a new team member, it allows them to reinterer themselves as well.

Speaker 12457s - 2481.58s

And this metadata can get ingested by security solutions. And you can leverage it to enrich events, let's say, in a data pipeline for a seam. So there's a lot of powerful things that you can do at resource tags. And these checks that they've pushed helps audit whether or not these cloud assets havethe tags assigned to them. And if not, it'll flag it as noncompliant.

Speaker 02481.92s - 2503.18s

Azure PRODUCT policy has something similar, but they also have a deny mode for which if, say someone on your team is deploying a Kubernetes PRODUCT cluster and it doesn't have a specific tag on it, it won't allow them to deploy that cluster until the tag is applied until it says, like, who's the owner of this thing?

Speaker 22503.18s - 2510.6s

It sounds similar, right? Like, this will also prevent you from doing stuff with it unless you properly tag it i'm not sure i didn't i'm not

Speaker 02510.6s - 2517.94s

sure if uh a ws has like a similar like type of guardrail um capability but i will i would

Speaker 32517.94s - 2523.74s

assume yes um yeah i thought i saw that at the very minimum they are auditing and flagging

Speaker 02523.74s - 2528.9s

when assets do not have a specific resource tag assigned to it. Yeah.

Speaker 22529.04s - 2569.4s

Automated asset management is so difficult anyway. You know, like having that, you know, like it's both your documentation and also like automating how you apply controls. Like, like, okay, like anything tagged with this has to have S.E. Linux enabled, right? You know, or, you know, help you apply controls. Like, okay, like anything tagged with this has to have SE Linux PRODUCT enabled, right? You know, or help you apply regulations, compliance stuff. Okay, somebody wants a list of all the PCI stuff.Okay, well, there's a PCI tag. So you can just, it's a query, anything with that tag. And boom, there's your list. It's great. I love it. It's exactly the kind of thing the cloud should be doing for us.It's a beautiful thing.

Speaker 02569.48s - 2572.18s

It's practical and it's free. There you go.

Speaker 22574.02s - 2575.3s

All good things to hear.

Speaker 02575.7s - 2579.88s

Well, I mean, the AWs tax, you're already paying pays for it.

Speaker 22579.94s - 2582.2s

You're not paying any additional for this, right?

Speaker 02582.5s - 2586.36s

Right, right. It's not for you. You're just not incurring any additional costs as you would,

Speaker 22586.46s - 2591.22s

like a vendor solution or whatever. Still, still very appreciative. Hell yeah.

Speaker 02594.72s - 2595.7s

Let's see.

Speaker 22598.1s - 2612s

So we have some interesting partnerships here. So we talked about lacework taking a heck of a haircut. And whether or not like what do they have to offer WIS ORG? You know, and I don't know if

Speaker 12612s - 2613.44s

this is still a rumor stage.

Speaker 32613.96s - 2615.96s

No, did you see the news today, Adrian PERSON, on this?

Speaker 22616.48s - 2618.08s

No, I did not. The deal's

Speaker 12618.08s - 2620.12s

dead. It died in diligence.

Speaker 22620.52s - 2622s

Yeah, died in diligence today.

Speaker 12622.56s - 2624.08s

Laceworks ORG is no longer being acquired

Speaker 22624.08s - 2625.64s

by WIS ORG.

Speaker 12628.76s - 2629.44s

This is the one that was at the 200 or sub 200 level, right? Yeah, yep.

Speaker 02629.82s - 2632s

Yeah, I read a news article.

Speaker 12632.2s - 2650.5s

Listen, we get our news from same news sources as everybody else. We're not going straight to WIS ORG. We're not going straight to LaceWork. So please, audience, take this for what it's worth. We're hearing it through the Grapevine, through the same news, grapevine that you might be hearing it through. But I did see a news article today that comes out and says that deal's been dead.It's been killed. Apparently a died in diligence.

Speaker 22650.82s - 2656.44s

No idea why, whether it's numerical diligence, financial diligence, technical product diligence.

Speaker 02656.66s - 2661.24s

They give no explanation other than a died in diligence. Right.

Speaker 12662.44s - 2663.4s

Yeah, interesting.

Speaker 22664.36s - 2668.72s

Yeah, maybe not the best news for for already that was a low amount

Speaker 12668.72s - 2675.26s

well for it to um you know died indiligence is not something that makes other folks want to go out

Speaker 22675.26s - 2681.9s

and buy it i wouldn't think that's true but there's many reasons why i could die in diligence right

Speaker 02681.9s - 2688.7s

so um you know when you get into the meat of the why, and we will never know, this will never come out, right?

Speaker 22688.74s - 2691.16s

This will always be behind the scene inside baseball kind of stuff.

Speaker 12691.58s - 2693.64s

But there could be other companies that are interested.

Speaker 02693.78s - 2696.08s

I also heard on the rumor mill Cisco ORG is interested in them.

Speaker 32696.42s - 2699.26s

I heard on the rumor mill that Paulo's potentially interested in them.

Speaker 22699.76s - 2704.18s

So, you know, at those prices, I think they generated.

Speaker 32704.18s - 2712.12s

It could also be oftentimes people leak this information to make a smarter decision on who they get acquired by and for what amount.

Speaker 02712.48s - 2712.6s

Yeah.

Speaker 12712.72s - 2714.38s

So there could have been a leak situation here.

Speaker 32714.46s - 2722.98s

There could have been a diligence kill situation. We're here where it's like, look, yeah, we're in LOI with with WIS at 200 or 150 or whatever the number is.

Speaker 12722.98s - 2732.26s

But Cisco just offered us 300. We're going to chuck some garbage diligence at him, get out of this deal and go sell to Cisco ORG. So not saying that's what happened. This is all conjecture again,

Speaker 02732.26s - 2735.72s

but these things die for many reasons, right?

Speaker 12735.8s - 2744.04s

I don't know if you've ever bought a house. There's lots of reasons why when you get into contract for the house that you'll walk from one, everything from, hey, the foundation's crap to

Speaker 22744.04s - 2747.26s

the guy's not negotiating in good faith.

Speaker 02747.26s - 2749.38s

And I think he's a jerk. So I'm walking from the deal.

Speaker 22749.46s - 2757.5s

Like it can happen for any number of reasons. These kind of business transactions are very similar. Yeah, 5,000 rats in the attic. You never know.

Speaker 32759.88s - 2760.2s

Yeah.

Speaker 12760.2s - 2760.32s

Yeah.

Speaker 32760.44s - 2766.04s

So the reason I bring that up, and I'm glad I did because I hadn't seen the news on that,

Speaker 12766.12s - 2770.32s

so it's good to get that news out there, that update on that story.

Speaker 22770.32s - 2804.7s

But Aqua and Orca ORG are partnering up. Now, both of these companies both make the same statement that they are the most comprehensive CNAP ORG on the market. So like I'm sitting here thinking like like you know, would Sentinel 1 in CrowdStrike ORG partner like how is this making any sense? Unless maybe they're each of them are not the most comprehensivesynaps on the market. And there are in fact big huge gaping gaps in feature, you know, the offerings that they have. Do you guys have any insight here?

Speaker 02805.92s - 2816.68s

There can only be one most comprehensive CNAP ORG on the market, right? So somebody's lying. The other thing is the CNAP ORG market has been overly saturated.

Speaker 32818.04s - 2825.84s

Yeah. Dude, the CNAP ORG space has been oversaturated ever since CSPM, which I think gave birth to CNAP.

Speaker 02826.3s - 2841.92s

So for the past five, six years, we've seen more and more of these pop up. And then also a lot of acquisitions in the space, right? So Cisco acquired lightspin, Tenable acquired Hermetic ORG. There was talks about Wiz and Lacework ORG. CrowdStrike has a CNAP ORG. Paolo has a CNAP ORG.

Speaker 12842.52s - 2889.3s

Cystig has a CETA everybody has a CNAP ORG, right? And so there has to be some consolidation in this space. And I think the partnership between Aquasek and Orca ORG may be hinting at that a little bit, but in terms of overlap and capabilities and the difference in the delta between the two solutions, Aqua security excels at micro segmentation security, so like Kubernetes and Docker, using like their agent-based approach.And they also have some pretty good open source projects popular in the space, Tribe and QVi and Cubebench PRODUCT. And then obviously, Orca ORG has great agent list coverage for like API security, cloud security, GitHub ORG security, and all these other things, right? So the partnership makes sense. They're kind of augmenting where each of them may have gaps or maybe we...

Speaker 22889.3s - 2892.7s

Yeah, if you look at where they began, right, Aqua PRODUCT was a...

Speaker 02892.7s - 2896s

They competed with Twistlock ORG. They were container security startup, right?

Speaker 12896s - 2896.3s

Originally.

Speaker 22896.64s - 2902.1s

You know, which is different from where Orca started out, which was CSPM ORG, right?

Speaker 12902.7s - 2905.16s

LaceWorks was also a container security company originally.

Speaker 02905.28s - 2905.9s

Oh, that's right.

Speaker 22905.96s - 2906.5s

They were, right?

Speaker 12906.56s - 2908.62s

Yeah, a billion years ago, yeah.

Speaker 22908.66s - 2909.64s

So maybe we saw both.

Speaker 12909.64s - 2913.64s

Laceworks has pivoted three or four times to get to where they are now.

Speaker 22914.6s - 2925.04s

So maybe we solved the mystery of both why a WIS ORG would want lacework and why Ork is partnering with Aqua PRODUCT and it's container stuff, container security. It might be. Or what could be. Ah, we got to the bottom of it. work is partnering with with aqua ORG and it's it's container stuff container so might be there

Speaker 12925.04s - 2932.1s

could be ah we got to the bottom of it or at least uh and like we did you know like a scooby-do

Speaker 02932.1s - 2944.22s

mystery yeah all right um um a fun partnership here uh williams racing uh partnered with keeper security

Speaker 22944.22s - 2965.32s

so i always take note when uh'm F1 Formula One fan. So when I see cybersecurity sponsors in Formula One, I take note of it. William's not having the best year, but probably having a better year than Alpine ORG and some of the others. I don't know. It's hard to say.

Speaker 02965.84s - 2967.34s

None of them have any points yet.

Speaker 22968.46s - 2971.56s

Well, I bet on Ferrari to win outside of Red Bull ORG.

Speaker 12971.64s - 2973.3s

I bet on Ferrari ORG to win. So just FYI.

Speaker 22973.46s - 2994.3s

Here's some good rumors there. I don't want to turn this into an F1 ORG podcast, but Lewis Hamilton PERSON announced he's going there. Big shocker earlier this year. And Adrian Newe just announced he's leaving Red Bull ORG. He's well known as the best car designer out there. What if? Huh? What if? What if? What if? We can take this offline.

Speaker 12994.3s - 3000.38s

They are today went to Ferrari with Lewis PERSON. We can take this offline, but just to put a fine point on

Speaker 23000.38s - 3010.08s

it, my bet specifically says not including Red Bull, who will win the Constructors Cup EVENT. You're asking the question, not including? We'll take it off line,

Speaker 13010.14s - 3018.3s

but I bet Ferrari. Yeah. Yeah. I mean, yeah. We'll have to see who goes where in 2025,

Speaker 23018.6s - 3024.52s

2026. New regs in 2026. We got Ford coming in, Audi ORG coming in. It's going to be interesting.

Speaker 13025.62s - 3026.64s

It will be a year. I can't wait to see next in. It's going to be interesting. It will be a year.

Speaker 23026.74s - 3027.94s

I can't wait to see next season.

Speaker 13028.04s - 3028.48s

It's going to be fun.

Speaker 23028.64s - 3031.52s

And we completely go off the cyber rails here.

Speaker 13031.78s - 3032.1s

Yeah.

Speaker 23033.02s - 3037.5s

To real us back in, though, I'm not a big F1 ORG fan.

Speaker 13037.56s - 3038.56s

I don't watch much of it.

Speaker 03038.6s - 3039.46s

I think it's super cool.

Speaker 13039.46s - 3044.36s

But at last year's RSA ORG, I got this super cool

Speaker 03044.36s - 3047.14s

Ashton Martin shirt at the Center of One ORG booth.

Speaker 33047.6s - 3055.42s

So I know Sentinel One sponsors Aston Martin, and I think CrowdStrike sponsors one of them. I think maybe Mercedes ORG.

Speaker 03056.64s - 3059.84s

But it's, it's a, you know, it's kind of like a.

Speaker 23060.92s - 3064.4s

Yeah, so CrowdStrike ORG, what's his name?

Speaker 03064.44s - 3066.64s

The founder of CrowdStrike races cars. Demetrioporovich PERSON? No, no, not, uh, crowd strike, uh, what, what's his name? The founder of crowd strike, uh, races cars.

Speaker 23067.06s - 3072.98s

Dimitri operovich PERSON. No, no, not, not Dmitri PERSON, but, um, uh, the, the other guy.

Speaker 03072.98s - 3074.66s

George Gertz PERSON. Yeah, George Kurtz PERSON.

Speaker 23075.32s - 3081.24s

Uh, yeah, I remember turning on the TV, you know, and there was like, uh, GT racing, Porsche ORG racing.

Speaker 03081.46s - 3083.2s

And he was, he was there on the screen.

Speaker 23083.44s - 3106.72s

Yeah, there he was, uh. He was in the race. But yeah, yeah, there was an F1 ORG race where I remember like they'll show the celebrities that are in the paddocks. You know, some of them are like movie, TV celebrities. But yeah, there's George Kurtz PERSON, you know, just, you know, standing behind some of the folks there watching the race from the paddock. That's an expensive sport. All right.

Speaker 13106.8s - 3108.3s

Get back to the news. Where else are we going?

Speaker 23108.36s - 3170.88s

All right. Back to the news. Let's see. So the DPIR came out, but I don't really have that much to talk about yet because it came out so recently. I haven't had a time, a chance to tear through it.Kelly Shortridge PERSON got early access to it and she's got a great blog out on it, which we linked to from story number 29, and a good LinkedIn ORG post. But yeah, things are changing. It's generally when I'm getting out of these reports. Like these reports for a while were just kind of up into the rightwith trends and things like that. And now we're seeing some big changes, like in terms of vulnerability exploitation, like that was always there, but it was more going after the humans. And for whatever reason,we're seeing a whole lot more vulnerability exploitation than getting in through fishing and things like that these days. So that's a big shift. You know, one of, I think a couple that are in there.You know, I'll be more prepared maybe next time we have a show to talk about that more. Yeah, vulnerability.

Speaker 03171.88s - 3177.78s

Yeah, I think Kelly ORG's summary is a great TLDR for it.

Speaker 33178.32s - 3182.94s

I think that I'm not sure how long the report is, but there's a lot of stats and data.

Speaker 23182.94s - 3185.88s

And shout out to the Verizon team and all the contributors.

Speaker 03185.88s - 3206.5s

This is a massive effort that they undertake to provide like a non-biased perspective at the threat landscape and bring us data. And they've been doing it since 2008. And I think this is like one of the most comprehensive industry reports that we have access to. So they're doing great work there. But yeah, vulnerability exploitation tripled up

Speaker 33206.5s - 3214.74s

180% from last year. And also there's been an increase in financially motivated data breaches.

Speaker 03215.5s - 3232.94s

So ransomware and extortion, we're seeing more of that. I'm not sure if it's a sign of the type of financial climate that we're in. But a lot of interesting things there. I didn't get the chance to really dive into it. Not sure that I'll get the chance with RSA ORG coming up.

Speaker 23233.24s - 3235.74s

But good stuff for sure.

Speaker 03236.68s - 3238.46s

Yeah, maybe on the plane right over.

Speaker 23238.58s - 3317.46s

I've got my remarkable. That's where I go through reports and scribble my thoughts and ideas. But yeah, a lot of good reports here. There's also the M-Trens report, which just came out also. There's the 2024 State of the Industry report from Cybersecurity Tribe ORG. There's another report that looks really interesting.I don't have a copy because it's behind a reg wall. And I just wanted to make a point here. So this banking untrust from SaibSafe ORG looks really interesting. It looks like they've got some actual data scientists, researchers behind this report. This isn't just a marketing report. But when you put stuff behind reg walls these days and things like the mtrends ORG report and the db i are not behinda reddwall i mean there's so many reports getting released like we're listing just four for the from this for this week and we're not sure if we have time to read those four you know the ones behind the reg wall you know less and less chance that's going to create engagement for you you know so i i would just urge folks out there to to skip the redswall for your, for your big reports, you know, maybe find other other things to capture leads on, but I don't think less and less that makes sense to me. The voice of the people, Adrian Sinabria PERSON.

Speaker 03317.74s - 3322.94s

Yeah. You want your stuff read, you know, do you want it read or not?

Speaker 23324.04s - 3327.28s

Exactly. Yeah, there are other ways that you could grab people's information.

Speaker 03327.78s - 3332.92s

And it's also like, just because someone wants to read your report doesn't mean they're interested in your product, right?

Speaker 23333.52s - 3336.52s

This is another opportunity for folks to get off my lawn.

Speaker 03337.34s - 3337.36s

So.

Speaker 23337.54s - 3376.48s

Yeah. So Rich Mogul and he teamed up with somebody, this is number 34, to come up with a universal cloud threat model. He basically felt like more universal threat models didn't touch on some important aspects of what threats are like in the cloud. So him and who's the guy who works for Prime Harbor ORG here? So him and who's the guy who works for Prime Harbor ORG here? Missing the name of the other guy that he collaborated with on this.But yeah, really interesting model that they put together.

Speaker 03377.12s - 3378.38s

Chris Ferris PERSON.

Speaker 23382.18s - 3386.12s

Chris Ferris PERSON, if I'm not mistaken, is the founder, one of the founders of TLDR CloudSec. Yep. Chris Ferris is one of the one of the founders of TLDR, cloud sec. Yep.

Speaker 03394.06s - 3395.2s

Chris Ferris PERSON is one of the co-founders of TLDR CloudSec, or Forward CloudSec, which is one of the best cloud security.

Speaker 13398.72s - 3399.02s

Yeah, they've done some amazing work on the cloud security front.

Speaker 33399.66s - 3399.9s

Love that conference.

Speaker 13401.3s - 3402.98s

So shout out to Chris Ferris PERSON.

Speaker 03405.04s - 3407.12s

And this is three and no reg wall.

Speaker 23407.68s - 3408.52s

Yep. Yep.

Speaker 03410.68s - 3411.9s

So download the PDF and check that out.

Speaker 23412.6s - 3446.44s

Let's see. What else we got here? A lot of good essays here that we haven't really dug into. You know, making the case for an AI marketing ethics policy. That's an interesting conversation there. Rethinking alcohol is a cybersecurity bonding ritual.That one from, help me with the name here, Jennifer Leggio PERSON, who just announced, she's chief operating officer at Tide Cyber ORG, which is a really cool looking company.

Speaker 33447.16s - 3448.28s

Title, title, thank you.

Speaker 23448.64s - 3448.78s

Yeah.

Speaker 33449.28s - 3449.92s

Title Cyber ORG.

Speaker 13451.92s - 3453.4s

That's why we have co-host.

Speaker 23453.96s - 3454.16s

Yeah.

Speaker 13454.96s - 3460.34s

Well, I only know this because I just was DMing her about, she, her new role is actually

Speaker 23460.34s - 3462.5s

C-O, which is really cool.

Speaker 13462.62s - 3467.5s

She's been a multi-time CMO who has now transitioned into a C-O-O-Role,

Speaker 33467.58s - 3472.66s

which is always cool. I'm pretty good to see. Yeah. Yeah, yeah. So I was DMing her sending her

Speaker 13472.66s - 3479.02s

congratulatory message and quite frankly was asking her about the path that she took to get there,

Speaker 23479.08s - 3484.64s

which is a pretty interesting path. She actually focused on, you know, some operational components

Speaker 13484.64s - 3485.84s

in her last couple of

Speaker 23485.84s - 3491.7s

CMO positions to make sure she was well positioned for a CIO role on her next top. And yeah,

Speaker 13491.78s - 3505.06s

she found the right people who were willing to give her the shot at it. And, uh, hey, Jen PERSON, congratulations, Jennifer PERSON. It's fantastic. Good, good for you. And I hope you're highly successful at title. All right. A few more things that we're going to wrap up here.

Speaker 23506.96s - 3537.94s

We've got an AI dumpster fire with, you know, apparently people reviewing academic research. Yeah, scientific studies have found, they found some techniques they can use to figure out if things have been written by AI. And excessive use of words like commendable and meticulous highly suggest that they've been written by AI. But in some of these cases, the AI prompts are still in there. There's like, you know, sorry, I didn't fully understand your request.

Speaker 03538.78s - 3543.22s

Like, they're just copying and paste stuff in there, including like errors and things like

Speaker 33543.22s - 3543.5s

that.

Speaker 23543.6s - 3550.16s

Like, so some of it, you don't really need any fancy techniques to tell that it's been written by AI.

Speaker 13551.28s - 3573.08s

This, come on, guys. This is a situation of lazy plagiarism. If you're going to plagiarize, do a little bit of work and review it, read it. You can't just paste in the same, the, the, the pure garbage and expect to to be not found i mean you got to at least review it at least get one-on-one of being a jerk right come on yeah yeah and the

Speaker 03573.08s - 3581.56s

scary part is that someday AI models may be trained upon these studies that yeah created by

Speaker 23581.56s - 3592.38s

a i which is kind of like a snake eating its own tail. Yeah, like idiocacy, like just each generation getting dumber and dumber. Yeah.

Speaker 03592.54s - 3596.5s

Fully expecting idiocracy to become the reality of humanity after I die.

Speaker 13597.74s - 3598.68s

After you die.

Speaker 03601.76s - 3604.26s

There's a good blog post in here from Google ORG.

Speaker 23604.82s - 3618.58s

Google Security ORG blog, accelerating incident response using generative AI. They go through some really interesting examples and, you know, good thoughts in there. So that's a good read to check out.

Speaker 13619.08s - 3621.6s

And if that's a must read, I highly recommend that read.

Speaker 23622.38s - 3626.62s

And then I want to do a quick, a super quick shout out to my little brother who works on the Google

Speaker 13626.62s - 3630.52s

security incident response and research security engineering side of the house.

Speaker 23630.62s - 3632.8s

So I don't know that he was involved in this at all.

Speaker 13632.88s - 3634.62s

I'd be willing to bet he probably wasn't.

Speaker 23635.24s - 3637.88s

But yeah, definitely read this blog.

Speaker 03637.96s - 3639.68s

It's actually a really good, really good piece of content.

Speaker 13640.1s - 3642.64s

And hey, little brother. Very cool.

Speaker 23643.7s - 3658.04s

And with that, I think we can get to our squirrel stories. Both of which are, you know, seem like they're straight out of sci-fi, but sadly they're not. The, wait, did we cover number 35 before? Not here.

Speaker 13658.2s - 3659.56s

We covered it at a different show, Adrian.

Speaker 23660.2s - 3723.68s

Yeah. So, yeah, the, I'm trying to remember how they pronounced it densus. X1 PRODUCT exoskeleton is basically something you strapped to your waist and to your thighs. And it can either speed you up or slow you down, depending on if you want to run faster or with, you know, hike with less effort. Or if you want to train yourself and actually have it provide resistance while you're exercising and it uses AI to decide like when to apply force in which direction. So kind of interestingone there. I think it's kind of cool. You know, they have some videos of people actually trying it out and I started out thinking it was dumb. And at the end of one of those videos, I was like, no, actually I could like, and it's at a reasonable price for somebody who's, you know, training for some kind of, you know, all kinds of events, like even training for sports and things like that. I can see where this could be useful in training.And then the other one.

Speaker 13723.68s - 3725.46s

I'm definitely not the right audience on that one.

Speaker 23725.52s - 3732.6s

I do 700. Not 7,000. Not 70,000. 700 steps a day. So I am not the right audience for this technology.

Speaker 13734.54s - 3746.9s

Well, those 700 could be easier for you, Tyler. They could be. But more often than not, they were literally just walking up and down those steps right there to get to the fridge to eat. That's pretty much the only reason I take steps anymore.

Speaker 03748.58s - 3752.86s

And then we need to send an under desk treadmill to Tyler's house.

Speaker 23753.1s - 3753.7s

There we go.

Speaker 03753.78s - 3763.28s

Get those steps up. Facts. Get ready for RSA, man. I think you'll be able to log like 10X of what you're currently logging. Shouldn't be hard. Oh, yeah, easily.

Speaker 23764.82s - 3768.16s

Are you guys both going to be at RSA ORG? Sadly.

Speaker 13769.28s - 3769.9s

Yes, sir.

Speaker 03769.94s - 3770.22s

Sadly.

Speaker 13770.82s - 3770.98s

Yeah.

Speaker 03771.08s - 3772.16s

See, Darwin PERSON's all happy.

Speaker 13772.22s - 3773.46s

You can tell he's much younger than me.

Speaker 03773.52s - 3774.58s

He's like, yeah, let's go.

Speaker 13774.58s - 3775.94s

And I'm like, yeah, let's go.

Speaker 23776.56s - 3776.86s

Yeah.

Speaker 03778s - 3783.28s

Are you guys going to the blogger thing, the creator, the security creators event on

Speaker 23783.28s - 3785.02s

Wednesday at Tonga GPE?

Speaker 03787.04s - 3787.48s

Yes.

Speaker 13788.06s - 3789.78s

Maybe. There's so many.

Speaker 23790.46s - 3792.02s

Those tickets are almost gone,

Speaker 13792.12s - 3794.14s

but it's replacing the old

Speaker 23794.14s - 3797.38s

blogger thing that Jennifer Leggio

Speaker 13797.38s - 3799.16s

originally put on with

Speaker 23799.16s - 3800.82s

what's his name, Alan PERSON.

Speaker 13801.74s - 3803.86s

Darwin PERSON and I are in a couple

Speaker 23803.86s - 3806.76s

other things that we're going to, but not, I'm not going to that one.

Speaker 03806.76s - 3807.52s

I can't make that one.

Speaker 23807.74s - 3808.34s

I'm double booked.

Speaker 03808.42s - 3809.18s

That's an evening one.

Speaker 23810.32s - 3811s

Yep, it is.

Speaker 13811.08s - 3812.46s

It's a Wednesday evening, I think.

Speaker 03812.88s - 3813.06s

Yeah.

Speaker 13813.26s - 3822.2s

And our last grill story is the Terminator, which I don't know why they would advertise it like this,

Speaker 23822.2s - 3824.56s

but it's a robot dog with a flamethrower on the back.

Speaker 13825.08s - 3827.96s

And they decided people think it would really,

Speaker 23828.08s - 3830.52s

it would be really cool if they had it running around a forest,

Speaker 13830.68s - 3831.88s

setting the forest on fire.

Speaker 23833.3s - 3836.6s

But none of that looks cool at all to me.

Speaker 13836.9s - 3839.08s

I think it looks absolutely freaking amazing.

Speaker 23839.38s - 3840.9s

I 100% want one.

Speaker 13841.16s - 3842.64s

But here's the tricky thing.

Speaker 23842.72s - 3843.64s

When you watch these videos,

Speaker 13843.7s - 3844.8s

you're like, how cool is this?

Speaker 23845.16s - 3849.1s

But then when you read the fine print, you realize the dog is only about a foot by a foot.

Speaker 13850.04s - 3851.14s

Is it that small?

Speaker 23851.6s - 3851.9s

Yeah.

Speaker 13851.9s - 3852.34s

Yeah.

Speaker 23852.46s - 3855.42s

It actually says he's like 18 inch by 18.

Speaker 13855.42s - 3857s

Boston Dynamics ORG dog size.

Speaker 23857.32s - 3857.58s

I thought it was.

Speaker 13857.58s - 3858.9s

No, he's like 18 by 18.

Speaker 23858.98s - 3860.24s

He's literally like this big.

Speaker 13860.6s - 3862.32s

He's like a chihuahua size.

Speaker 23862.82s - 3865.76s

But that makes it even cooler because a chihuahua that can

Speaker 13865.76s - 3872.92s

launch a flame 30 feet, that's just amazing. Like, I want one so badly. But what the hell are they

Speaker 23872.92s - 3878.32s

thinking when they demo it by burning down a forest by starting force? Let's go. Starting

Speaker 03878.32s - 3890.96s

forest fires. Not sure. I think, like, I think panel needs to call them in and have them work on their marketing, but I would love to have a little army of these thermonators for by Doomsday WORK_OF_ART.

Speaker 13891.84s - 3892.44s

Oh, like, yes.

Speaker 03893.62s - 3905.08s

I mean, from a nerd gadget standpoint, you know, and as a person who likes fire as a thing. Sure, I get that,

Speaker 13905.16s - 3908.42s

but I'm also wondering how far I could punt it.

Speaker 23910.04s - 3911.58s

It's only 18 inches long.

Speaker 13911.68s - 3912.72s

You can punt the hell out of it.

Speaker 03913.54s - 3915.92s

I'm pretty sure I could send that a good 100 yards.

Speaker 23916.54s - 3917.28s

Yeah, probably.

Speaker 03917.28s - 3918.12s

With a running start.

Speaker 23918.9s - 3920.88s

Although, Adrian PERSON, you got to scroll down on that page

Speaker 13920.88s - 3922.12s

and look at the related products.

Speaker 23922.24s - 3925.88s

There's the TF19 WASP PRODUCT flamethrower drone attachment.

Speaker 13926.12s - 3928.26s

So you can add a flamethrower to your drone.

Speaker 23928.82s - 3930.14s

Wow. Oh my God.

Speaker 13930.56s - 3931.9s

I think I need a dog

Speaker 23931.9s - 3934.5s

and a drone flame thrower.

Speaker 13934.8s - 3940.48s

For sure. I need to be my defenses of my property needs to be bidirectional air and ground.

Speaker 03941.68s - 3946.36s

Only a thousand six hundred bucks for the drone, dude. Find me up.

Speaker 23946.88s - 3953.28s

Either this is going to be really handy in the apocalypse or it will help start one. Yeah.

Speaker 03955.44s - 3957.78s

Stay tuned to the next episode.

Speaker 23957.78s - 3958.62s

Dude, to find out.

Speaker 03960s - 3961.78s

And with that, that's all we've got.

Speaker 23961.88s - 3963.36s

That's all the time we've got today.

Speaker 03963.92s - 3969.36s

Thank you so much, Darwin and Tyler for joining me today. This is a lot of fun. Thanks for having us.

Speaker 13969.8s - 3974.26s

Thanks, I hope I see you both at RSA ORG and hope I see some of our listeners in RSA.

Speaker 23974.42s - 3976.4s

Come up and say hello if you see me.

Speaker 13976.52s - 3979.66s

My hair should make me pretty easy to spot.

Speaker 03980.44s - 3985.14s

And, yeah, big thanks to everybody watching or listening to this week's episode of Enterprise Security Weekly ORG.

Speaker 13985.82s - 3990s

And I don't think we have a normal show this coming week.

Speaker 23990.12s - 4009.38s

I forget exactly what we're doing, but it might be interviews from the show. So I'll be at the show doing a lot of these 15-minute executive interviews. So you can also find me in Broadcast Alley there, which I think is in the usual place in Moscone West FAC on the bottom floor opposite the bookstore. And yeah, see you there.