B (11:17)

Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple?

A (11:23)

Meet Meter, the company reimagining enterprise networking.

B (11:27)

From the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together.

A (11:37)

The result?

B (11:38)

Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs.

A (11:45)

From wired and wireless to routing, switching.

B (11:48)

Firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E-R.com cyberwire. What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

A (13:43)

Chris Nyhais is founder and CEO of Vigilant. I recently caught up with him to discuss some practical steps to protect money, identity and devices. So Chris, as we are heading into the early part of this year, I'd love to get kind of a reality check from you where you estimated most organizations stand in terms of being prepared for the challenges that face them when it comes to cybersecurity this year, I.

C (14:11)

Would actually tell you from experience, I would say most organizations are not prepared for what's coming their way. It's a combination of two things. The cyber industry isn't prepared, but then the organizations out there that are purchasing technology or the implementing it. They either don't have the resources on their staff to to man some of the technology they're purchasing in the way that they need to, to fight the threat actor of today, or they are buying things that have, that just really can't hit the mark at defending them. And it's, it's, it's going to be a big problem this year, especially as we accelerate with a lot more nation state activity from China and Iran and Russia.

A (15:00)

Can you give us some examples of some of the things that are top of mind for you in terms of concerns?

C (15:06)

Sure. I would say the last 10 years of evolution, what you see is cybersecurity used to fit across. I'm sure your audience is familiar with this, but the OSI model, the TCP model, where you have this full stack detection within an organization and as we've started moving things out to the cloud, or we start using things like virtualized firewalls, or we're implementing, you know, detection more at the endpoint because our users are remote and we're not really, we're starting to disregard the network. What we're seeing is a lot of attackers are taking advantage of that and so they're going downstack in terms of their attacks. And you're seeing a lot of detection go upstack. And where that benefits a lot of the cyber companies out there is it's a lot less expensive to do security upstack than it is to do full stack. But the issue to the consumer is that now you have a technology that's only seen a portion of your environment and when you then go and look at how a lot of these things are deployed, the very means by which they collect data is diminished or flawed. So you're making cyber decisions with a lot less information and data than you had before.

A (16:34)

Is your sense that folks out there are aware that they're not seeing the whole picture or is there sort of a blissful ignorance?

C (16:43)

I think there's a, I wouldn't say blissful ignorance. I think there's a desire, I think the consumer is saying, look, we want cyber at this level, we need these things. But I think a lot of the approach, a lot of the education, even inside cyber programs, and I would even say most of the marketing that's out there really markets heavy towards this upstack, you know, approach. And, and so, you know, when you're looking at the things that are, you know, best practices, those best practices, you really have to question them sometimes because they're really driven in a lot of cases by who's marketing the best and who's marketing the best is not Always the best at cyber warfare. And, and, and, and so a lot of the decision making now at the consumer level from what I see is they're driven by those top 10 lists or the best practices or the right vendors. And those are not always the vendors or the technologies that actually work.

A (17:53)

It reminds me of that old chestnut about how from decades ago how nobody ever got fired for choosing IBM. You heard that?

C (18:01)

Yeah, It's a similar type thing.

A (18:03)

Right.

C (18:04)

Until they did. And the thing, it's a very similar thing, the way in which these organizations have driven and I'll even say this, you know, a lot of our, and this is a controversial topic, but a lot of cyber is driven by private equity. And that's not always a good thing. You know, it's the, the decision making inside those rooms are a lot different than, you know, does. Does this work on the ground? And when you deal with something like cybersecurity, you know, I'm a big believer that cyber should be a standard of care industry. And, but I'm also a capitalist. I'm a big fan of high growth organizations. I own a company as well. And you have to balance that as a decision maker, an organization. You have to look at this and go, you know, we're fighting cyber warfare. This applies to the organizations that trust us to secure them. Those organizations are primarily, you know, a large chunk of the financial sector, you know, the financial stability of the United States. And you have to make decisions to say, okay, will we allow ourselves to reduce our margin but make the right decision to fight against the threat actor. Right. Because the threat actor out there isn't, they're not making a capability decision. Right. But that does happen across the cyber industry and organizations that purchase these things, they don't really know that a capability has been diminished. You know, especially as you look at AI coming into play. AI is a hyperscaler in some sense to help assist cyber detection and cyber professionals. But it, it isn't even close to being a place where it can be replaced. But a lot of consumers are buying AI technology. But if you look at why a cyber company would want to deploy AI first in a lot of cases it's to replace the very costly human analyst and increase their margin. So I would just say that this year is going to be a very interesting year where you have, the consumer's going to have to ask some really hard questions of the people they're buying technology from.

A (20:16)

What sorts of questions do you recommend they ask?

C (20:19)

It depends on where you're applying, what you're Applying if you're looking at things like Endpoint Technology, I would be very, very concerned as a consumer of asking the cyber providers that you're purchasing from on how they are precisely curating detection to your organization. Because when you look at things like take marketing for instance, we're told that aggregation is good and that taking technology from all of these organizations and doing an aggregation across what's being attacked and then using those aggregated detections and intel with inside your environment to detect, well, when you start to ask questions of, well, how does that company actually create those aggregations, you know, and, and how do those averages come around? And you start to see that a lot of that comes from some of the larger customers that they have, because that's where that average is coming from. And so most of their organizations that they protect, or a lot of the smaller companies that are out there, they're not getting any curation to the detection of their environment. And in fact, the smaller companies, the mid sized organizations, are the primary targets for these hackers because they're going through them to get to the larger companies. And so, you know, when it comes to Endpoint Technology or even just intel in general, that intel is nowhere near curated to what you actually need to protect your organization. So unless you have people on your staff that are going to curate or modify that intel, it's not going to detect what you need it to in your environment. When you look at things like the network, for instance, it poses the same problem. Most people do detection in their firewalls or they do detection with appliances that use span ports or mirror ports. And when you look into the way that these technologies work, a mirror port just by itself running on a daily basis loses 30% of the packets going across your network. And the reason for that is a couple fold. One, the primary function of a firewall or switch is not to collect security data, it's to be a firewall or a switch. And so the processing priority for a span porting airport is lower. And as those devices start to use more bandwidth or more of their backplane, they just start dropping packets to things that have less priority, which is your span ports and mirror ports. And the other factor there is that a lot of these technologies, like firewalls, for instance, you know, you have detection systems, they're all using an ASIC chipset, you know, mostly in these. And ASIC chipsets can't do deep packet inspection the way you need it to. They're really meant to store and forward traffic. And so when you're purchasing A network detection technology. You really have to get into the architecture and saying, hey, you know, do you have intel processors with enough cores? You know, are, you know, show me, show me deep packet inspection, you know, you know, a lot of these companies even have reduced the storage on these devices. And so you can't do continuous PCAP anymore. And, and so they, they marketed things like smart pcap, right, where you know, it's, it's smart because it turns on when an event happens. Well, that doesn't help you because frankly, an event's happened. You need to know what happened before it. Right. So the questions when it comes to these things are more around architecture now. And you have to ask, how are you doing what you're doing? Because there's a lot of corners being cut in this industry and you can see that by how many companies are getting hacked.

A (24:25)

So what are your recommendations then? I mean, for folks who are responsible for turning these dials and figuring out how to get the most for their security budget. Any words of wisdom?

C (24:36)

Yeah, I'd speak first to CEOs. You know, I think that you're, you have to put yourself, and if, and if you're a professional listening to this, it's in cyber and your CEO isn't listening to this podcast, I would, I would strongly suggest that you sit down with them and really challenge them to become the cyber leader of the organization. Now they're going to say, hey, I don't have the skill set to do that. And really what I would say is become their coach, you know, because they have to be able to understand how to wield cyber warfare at their company. They have to, the CEO has to get to that point. And I would say it's, it's one of the reasons why cybersecurity does not get the budget at most organizations. And because the C level just, they just don't understand it. And, and so I would say is, as you're purchasing, do not purchase the cheapest solution. You have to purchase the, the things that work and the best in class. I would 100% do side by side comparisons and I would ask them hard questions like can you forensically prove this? And I would ask them to show you the real data behind the reporting that they give you because there's a lot of reports that just frankly are just skewed to be false. As a consumer of these technologies, I would highly and very strongly, from a cyber standpoint, really challenge yourself to work with US Based companies that have US Citizens protecting your infrastructure. We're going to see over the next few years, I think significant change in the boundaries of cyber security and they're going to start looking more like nation lines. We're already seeing that in Europe, et cetera. And when you work with organizations that have more, you know, foreign presence, things like that, as we're starting to do incidents, you're going to start seeing a lot of compliant requirements that restrict them from even doing analysis within your environment.

A (26:53)

That's Chris Nyhuis from Vigilante.

B (27:08)

When it.

A (27:09)

Comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience.

B (27:36)

Discover how Guard Square provides industry leading.

A (27:39)

Security for your Android and iOS apps at www.guard square.com. Security works best in layers, and when those layers actually work together, that's when things get interesting.

B (28:00)

Nordlayer is a network security platform designed for modern teams. It secures connections, controls access and helps.

A (28:08)

Stop threats, all without hardware or long deployment cycles. Now Nordlayer has partnered with CrowdStrike to bring Falcon endpoint protection into the mix, giving small and mid sized businesses a multi layered security approach that's practical to deploy and easy to manage. Nordlayer handles secure access and zero trust networking.

B (28:29)

CrowdStrike Falcon adds endpoint visibility and protection. Together they cover more ground than either.

A (28:35)

Could alone without requiring a large IT staff. For business leaders, that means clearer control and easier compliance. For IT teams, IT means granular access policies, faster onboarding and protection that scales.

B (28:50)

If you're looking for enterprise grade security.

A (28:52)

Without enterprise grade customer service complexity, take a look at Nord Layer get up to 22% off yearly plans plus an.

B (28:59)

Additional 10% with code CYBERWIRE10. There's even a 14 day money back guarantee.

A (29:06)

Check out Nord layer.com cyberwire daily to learn more. And finally, the Curl Project is an open source effort that builds and maintains Curl, a command line tool and software library used to transfer data over networks. The Curl project has decided it has had quite enough of being told repeatedly and creatively that it might be vulnerable. Its maintainer Daniel Stenberg announced that Curl will shut down its HackerOne bug bounty program at the end of January after being swamped by low quality, often AI generated vulnerability reports. Since 2019, Curl and its sibling library Libcurl have offered cash rewards through HackerOne. Recently, however, the signal to noise ratio collapsed. Stenberg says the security team has been buried under reports that sound impressive, require hours to triage, and ultimately describe non issues. The fix is remove the bounty, remove the incentive, and restore sanity. Starting February 1st, Curl will accept reports directly via GitHub, offer no money, and reserve the right to publicly mock especially bad submissions. A blog post, presumably more polite, is promised, And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday my conversation with Andrew Northern, principal security researcher at Census. The research we're discussing is titled From Evasion to Evidence Exploiting the Funneling Behavior of Injects. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Buettner. Thanks for listening. We'll see you back here next week. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th.

B (32:30)

In San Francisco, bringing together the global.

A (32:33)

Security community for four days of expert insights, hands on learning, and real innovation.

B (32:39)

I'll say this plainly, I never miss this conference.

A (32:42)

The ideas and conversations stay with me all year.

B (32:46)

Join thousands of practitioners and leaders tackling.

A (32:49)

Today'S toughest challenges and shaping what comes next.

B (32:52)

Register today@rsaconference.com cyberwire26 I'll see you in San Francisco. Attackers don't go through your tools, they go around them. In our interview with Jared Atkinson, CTO at Spectrops, he reveals how attackers look to exploit our identities, steal tokens, and quietly snowball their access across active Directory, cloud apps and GitHub. We talk through attack paths, why least privilege keeps failing, and how one misconfiguration can hand over the keys to your organization. Want to see risk as attackers do? Then check out the full interview now on TheCyberWire.com Spectrops.