Risky Business Podcast Summary: Snake Oilers Episode Featuring LimaCharlie, Honeywell Cyber Insights, CobaltStrike, and Outflank

Release Date: April 28, 2025

In this dynamic episode of Risky Business, host Patrick Gray delves into the competitive landscape of cybersecurity solutions through the "Snake Oilers" segment. This edition features pitches from three prominent companies: LimaCharlie, Honeywell Cyber Insights, and Fortra, each presenting their cutting-edge tools designed to bolster security operations. The episode provides insightful discussions on the functionalities, use cases, and strategic advantages of these products, enriched with notable quotes and detailed explanations.

1. LimaCharlie: Revolutionizing SecOps with a Cloud-Native Approach

Guest: Chris Christensen, CEO and Founder of LimaCharlie
Timestamp: [00:04] - [15:03]

Overview: LimaCharlie positions itself as a pioneering cloud platform for Security Operations (SecOps). Chris Christensen articulates the company's vision of offering "cybersecurity primitives" akin to how cloud providers deliver infrastructure services. This modular approach allows organizations to build and customize their security posture without being tethered to monolithic solutions.

Key Features:

• Cloud Provider for Cybersecurity: LimaCharlie functions as a cloud provider, delivering essential security tools like Endpoint Detection and Response (EDR), automation agents, telemetry ingestion, and data routing. This framework enables rapid scaling, such as deploying protection for "20,000 endpoints in the next five minutes" ([00:04], [02:03]).

• Telemetry and Automation: The platform offers full telemetry retention for a year at a fraction of the cost compared to traditional storage solutions. Its automation engine standardizes detection processes across various data sources, simplifying the management of security alerts and responses ([02:03]).

• Modular and Flexible: Unlike vendors that offer all-in-one solutions, LimaCharlie provides "LEGO-like blocks" allowing enterprises to construct their security architectures tailored to specific needs. This flexibility ensures that organizations can identify what they are protected against and where gaps exist ([03:42]).

Case Studies: Christensen shares real-world applications where LimaCharlie has enabled service providers to consolidate multiple security tools into a single platform, achieving significant cost reductions. For instance, one service provider reduced their infrastructure spend by 70% by leveraging LimaCharlie's unified detection and telemetry management ([08:55]).

Notable Quote: “We are built like a cloud provider. So, everything can come in, everything can go out. We don't hold your data hostage in any way.” — Chris Christensen, LimaCharlie ([13:23])

2. Honeywell Cyber Insights: Enhancing OT Security through Comprehensive Visibility

Guest: Chris Christensen, Director of Global Cybersecurity for Honeywell Building Automation
Timestamp: [15:03] - [25:47]

Overview: Honeywell Cyber Insights, formerly known as Skate Offense and Scar Defence before its acquisition by Honeywell, provides a robust platform tailored for Operational Technology (OT) environments. Patrick Gray explores how Cyber Insights bridges the gap between IT and OT by offering unparalleled visibility and asset management.

Key Features:

• Asset Discovery and Visibility: Cyber Insights continuously monitors and inventories all OT assets across facilities, providing real-time insights into system statuses, patch levels, and vulnerabilities. This passive monitoring approach ensures minimal disruption to existing operations ([17:09]).

• Risk Mitigation: The platform alerts IT teams to vulnerabilities and potential issues, facilitating proactive patch management and security enhancements. This capability is crucial as OT systems often consist of legacy devices that are susceptible to attacks ([16:51]).

• Compliance and Regulation: With increasing regulatory demands like NIST updates in both Europe and America, Cyber Insights assists organizations in maintaining compliance by ensuring thorough asset visibility and security posture management ([18:29]).

Deployment Approach: Cyber Insights emphasizes a passive deployment strategy, utilizing span ports to monitor network traffic without intrusive measures. This method ensures seamless integration with existing infrastructures, avoiding the pitfalls of active scanning, which can disrupt OT operations ([17:30]).

Use Cases and Threats: Christensen highlights the rising trend of attacks targeting OT systems, such as the infamous Target HVAC breach, which compromised customer data by infiltrating OT infrastructure. He underscores the importance of visibility in preventing such breaches and ensuring the operational integrity of critical systems ([19:41], [22:32]).

Notable Quote: “We make it trivial for those teams to be able to have that governance to come in and say, you know what? I want a rule on Windows that if I see this thing, I'm going to go and kill it.” — Chris Christensen, Honeywell Cyber Insights ([11:14])

3. Fortra: Empowering Red Teams with CobaltStrike and Outflank

Guest: Connor Johnson, Offensive Security Solutions Lead at Fortra
Timestamp: [25:47] - [38:23]

Overview: Fortra steps into the spotlight with its suite of offensive security tools, Cobalt Strike and Outflank, designed to emulate real-world cyber attacks. Connor Johnson elucidates how these tools empower Red Teams to identify and mitigate vulnerabilities effectively, keeping pace with the evolving threat landscape.

Key Features:

• Cobalt Strike: A venerable Command and Control (C2) framework, Cobalt Strike offers advanced post-exploitation capabilities through its beacon payload and malleable C2. Despite heightened EDR detections, Cobalt Strike remains a staple for many Red Teams due to its stability and customizability. Johnson notes that with continuous R&D, Cobalt Strike remains relevant, evident in its recent release (v4.11) introducing new functionalities ([28:39]).

• Outflank: Serving as a complementary toolkit to Cobalt Strike, Outflank features over 30 tools that cover the entire attack kill chain—from initial access to privilege escalation and evasion. Emphasizing operational security (OPSEC) and evasion techniques, Outflank is designed for mature and sensitive target environments ([30:01]).

• Community and Collaboration: Both Cobalt Strike and Outflank benefit from active community engagement. Cobalt Strike boasts a "community kit" with over 100 user-developed scripts, while Outflank fosters collaboration through dedicated Slack channels where users share insights and enhancements ([35:22]).

User Base: Fortra's solutions cater to a broad spectrum of users, from solo consultants and small to mid-sized pen test firms to large enterprises with internal Red Teams. This versatility ensures that organizations of all sizes can leverage these tools to enhance their security postures ([32:36]).

Deployment and Integration: Johnson highlights that many organizations are increasingly adopting internal Red Teams, supplementing annual external assessments. Tools like Cobalt Strike and Outflank facilitate these internal efforts by providing comprehensive capabilities that align with the methodologies of sophisticated threat actors ([33:23]).

Notable Quote: “Outflank is a toolkit that is built by elite red teamers for red teamers... covering the full attack chain from the in phase to the out phase.” — Connor Johnson, Fortra ([30:01])

Conclusion: A Competitive Edge in Cybersecurity Solutions

This episode of Risky Business underscores the diverse approaches companies are taking to address the multifaceted challenges of cybersecurity. LimaCharlie offers a flexible, cloud-native platform that streamlines SecOps operations, Honeywell Cyber Insights delivers critical visibility into OT environments to safeguard against targeted attacks, and Fortra equips Red Teams with sophisticated tools to simulate and mitigate advanced threats. Each company brings a unique value proposition to the table, reflecting the dynamic and evolving nature of the cybersecurity landscape.

By featuring these solutions, Risky Business provides valuable insights for information security professionals seeking to enhance their defense mechanisms, optimize their operations, and stay ahead of emerging threats.

Notable Quotes Reference:

1. “We're built like a cloud provider. So, everything can come in, everything can go out. We don't hold your data hostage in any way.” — Chris Christensen, LimaCharlie ([13:23])

2. “We make it trivial for those teams to be able to have that governance to come in and say, you know what? I want a rule on Windows that if I see this thing, I'm going to go and kill it.” — Chris Christensen, Honeywell Cyber Insights ([11:14])

3. “Outflank is a toolkit that is built by elite red teamers for red teamers... covering the full attack chain from the in phase to the out phase.” — Connor Johnson, Fortra ([30:01])