Material: cybersecurity word of the year, thanks to the SEC – Amer Deeba – ESW #350

$231.5M Series C led by Iconiq Growth that values NinjaOne at $1.9B. Endpoint management platform (MDM, EMM, etc). We haven't seen raises like this since the before times!

$102M Series E led by General Catalyst follows a $30M Series D in 2020. "Strategic M&A opportunities" is listed as one of the uses for the funds, and I can't help but wonder if Casey Ellis has already coincidentally created a list of potential acquisition targets?

$42M Series A, led by Maor Investments. IONIX does attack surface management, but there word "external" isn't in there, so I'm not sure what to do with this information. I took a closer look, and they're definitely doing External Attack Surface Management. No hidden surprises or weird hybrid product models here.

$40M Series A led by Expedition Growth Capital for this Swedish software asset management startup, led by two brothers.

$10.2M Series A led by Sands Capital. LimaCharlie uses terms like "SecOps Cloud Platform", but it might be easier to think of it as a modern SIEM that competes alongside Google Chronicle and the like.

The company has been around for nearly 6 years, so not sure why they're just now raising a modest Series A. Bootstrapped in the early years, perhaps?

$7M Series A led by Ten Eleven Ventures. Device Authority appears to focus on key/cert-based device/non-human authentication, particularly IoT devices.

No details on funding amounts, but Vorlon comes out of stealth backed by "a global VC firm", and surely at least a seed round? Vorlon is focused on securing APIs that enterprises USE, rather than APIs that enterprise develop in-house and/or publish.

Running the numbers a bit: ZeroFox raised $154M privately prior to the SPAC. IDX raised $47M prior to their acquisition as part of the SPAC. Including the money raised from the IPO ($170M), a total of $371.2M was raised for the entity just taken private for $350M.

Not a great outcome, but they live to fight another day.

Symantec and Veritas were a weird couple that never made sense. Has Veritas finally found its forever home? The combined entity is described as having $1.6B revenue, $1.3B ARR, and a value around $7B.

FaceID for Microsoft Entra!

Apple released an open source AI model that is giving us ideas of what the future of 'shopping images might look like!

Yes, you heard that right - Apple, open source, AI, and image editing! It's a combination of words I didn't expect to see together either!

A new open source search engine "targeted towards tinkerers and developers". Has a neat feature called "optics" that allows you to customize search results. You can customize how the search engine works, and filter/limit/customize how results are returned.

I'm very, very curious.

Doo dee do dee do do Inspector Gadget doo dee doo dee do DUM DUM

This message will self-destruct.

New AI glasses! Roughly around the same price as Meta's Ray-Ban smart glasses (~$350), but with some different features, goals, and design approach.

Google is hoping to have finally caught up with OpenAI with the introduction of Gemini. Pro tier is free, and "Advanced" is $20/mo, with a 2 month free trial. Right in line with ChatGPT.

What about Bard? We shall not speak of it again, it's dead and that's not just a hallucination!

Imagine starting a ChatGPT session, but it ALREADY KNOWS YOU

Exciting and terrifying.

Inevitably, AI features come to Slack

There were a lot of positive things being said about another tiny island nation benefitting from a popular TLD and booming domain registration business that makes up most of the country's TLD: Tuvalu.

While the money is great for these tiny island nations, what happens when these TLDs go out of style? These island nations are becoming dependent on this income and don't have much of a backup plan when/if it dries up. Also, what happens if they're swallowed by the sea?

After taking a dip in 2022, we knew things were going back up when, almost halfway through 2023, the total direct losses from ransomware was already almost at 2022 numbers. It's still considerably less than direct losses from BEC scams, which were $2.7B just in the US back in 2022 (the ransomware numbers are global, not limited to the US).

This is only slightly more than 2020's $905M and 2021's $983M, but still not a trend we'd want to see. In hindsight, it seems that the dip in 2022 was an anomaly, thanks in part to law enforcement activities. The FBI's infiltration of the Hive ransomware alone saved targets at least $130M in ransom payments.

Not an enterprise security thing, but an interesting trend all the same. This is definitely something Paul's Security Weekly would have covered this week, but since they're on break, we've got their back!

Just released, this is a very consumable 45 pages that's not text dense and asks some provoking questions about tech debt. I haven't had a chance to dig very deep into it yet.

An interesting, high-level report on emerging tech trends from Mastercard

From Google Cloud's Office of the CISO is a short-and-sweet 20 pager that gets right into some of the most common causes of some of the most common cloud security incidents.

Some great meta-analysis of exploits used by ransomware crews over the years, from Recorded Future. A very short and sweet read that gets to the point in under 12 pages.

Good thing we've got the benefit of hindsight to know what policy decisions are likely to move the needle and which are doomed to -- oh FFS, Canada.

Remember when Germany banned schools and some other orgs from using Microsoft 365? Well, now it's Google and Denmark at odds.

A very well researched and referenced essay on the state of stats in the cybersecurity industry. As someone who also rants a fair bit on this topic, I can only fully agree with Ross's assessment.

TL;DR: loyalty doesn't exist anymore between companies and employees, regardless of generation.

Less of an essay and more of a cliff notes version of Kelly's book on security chaos engineering.

I consider it a sign of success and maturity that Andrew has moved over for a professional CEO, allowing him to go back to focusing on the core work he's best at!

No more 30/45/90 day patch windows here. They're recommending 5 days or less for Internet-facing stuff, 7 days for operating systems and applications, and 14 days for internal and even air-gapped services and software!

I think we're long overdue for guidance on how to securely manage package repos!

A request for comments on this whitepaper by DHS - you've only got a few days to get your comments in (closes Feb 20th)!

You know how there's a website dedicated to products killed by Google? This is that, but for Microsoft.

A crazy C8 Corvette-based supercar limited to 20 production cars. You should really click the link and scroll down to the "optional 007 package", that's where this gets really interesting.