Marktkommentar from the 26. April 2024

Hello,

I hope you are well and that you have not automatically moved this mail to the spam folder!

Today I am writing to you to ask whether you would be interested in receiving my “Marktkommentar”, which is aimed at security users and providers across all markets, by email on an irregular basis in future.
If so, you must agree to this: [Link]

You are probably already on the mailing list of countless security providers and are generally not bored due to too little reading material or a lack of to-dos.
So here’s more information on what to expect and a few warnings 😉:

What are the main topics?

  • Insights from the 10-20 conversations with vendors and customers about security projects and vendor briefings that my colleagues and I have every week.
    • A random example: Until now, we only knew Nextron from the Thor scanner for incident response analyses
    • There, the IR service providers (Compromise Assessment) often roll out the Thor Scanner to search for IoC artifacts such as web shells
    • However, Nextron has also been offering a kind of AV/EDR solution (“Aurora”) for a few months now, albeit purely rule-based => Since there are not so many EDR manufacturers in Germany (and generally not so many with headquarters in the EU – Tehtris, Harfang and ESET come to mind off the top of my head), I found this quite interesting. But there is no MITRE evaluation with Aurora (yet)
    • There are also apparently customers who scan regularly with Thor (i.e. not on an ad hoc basis). Especially with DC and systems in the DMZ, this works quite well, but with larger volumes, false positives increase and you need a lot of experience to manage this efficiently
  • Unpopular theses in the security community
    • For example, I still don’t know of any healthy company (free cash flow positive, not overindebted) that has slipped into insolvency as a result of a cyber attack. Fortunately, I also don’t know anyone who has been seriously injured or even lost their life as a result of a security incident. In my opinion, security should therefore not be the top priority on the agenda of a board of directors (but should of course be managed responsibly as an economic risk).
    • Or the massive overcapacity in the security vendor market (vs. the much-cited talent shortage)…
    • …that lead to the biggest cost driver for security: Marketing + Sales. No matter which newspaper I read now, I get advertising from security vendors. System houses and channel partners typically sell customer access for a mark-up of 50-100% on the purchase price (without any further added value). Strange, when everyone needs security so urgently – one would assume that customers would be queuing up and applying to the providers.
  • Questions and specific observations where I would like to get a better picture, also with your input. For example, whether the topic of SAP security is relevant. We know a few established providers in this area (e.g. Onapsis, Xiting, NoMonkey, Pathlock), but in more than 500 customer projects there has not yet been a single inquiry about this.

What’s not in it:

  • Excitement about the new CVEs from Ivanti, Microsoft or other manufacturers
  • Teacher-like criticism of the IT security of companies or authorities that were hacked this week

Disclaimer:

  • If I’m on vacation, I can’t think of anything halfway clever or it’s too tiring to write, there’s no “Marktkommentar”. That’s why it’s called that (and not “Cyber news of the week” or similar), because it’s not a newsletter.
  • In case of doubt, the text is more likely to contain my own limited and unattuned perspective in flippant wording instead of the soft-purged formulations of the editors => So probably with potential for outrage for one or the other reader from time to time (e.g. when I forget to use gender again)
  • Ditto, I tend to make 80/20 generalizations that are probably not academically correct and do not apply in all exceptional cases
  • On the other hand, it may well be that you receive my e-mail just when your inbox is overflowing, everything is totally hectic anyway and you have no time to read. But I’m sure you can handle that with ease…
  • For me, this is also a little experiment – let’s see how it develops

So, if you’ve made it this far, thank you from my side!
Here again is the link for registration: [Link]
Forwarding to interested readers or spontaneous feedback is of course also welcome.

Many thanks in advance + best regards

Jannis Stemmann

CyberCompare Logo

Protect, Detect, Respond

20. June 2024 | 09:00 - 11:15 AM

Gain insights from security providers on incident response and forensic analysis of cyber attacks.