AI Bedtime Stories, IBM Cloud, Docker Hub, & EU CyberSec Legislation – ESW #298

$31M Series B led by Edison Partners. Sphere is 13 years old, woman-owned, and aims to make attacks like ransomware more difficult, through identity hygiene.

$26M Series B led by GV, for SPaaS (Security Platform as a Service). I think I remember their Series A. Interesting concept - it's a suite of API-based security services, designed to be easy for developers to adopt in their applications. Pay-as-you-go consumption model, designed to be similar to cloud service providers.

€4M post-Series A venture round, led by Subvenio Invest. The 7-year old, Stockholm-based company focuses on vulnerability management and claims over 750 global customers. What kind of vulnerability scanning? Traditional internal/external network vulnerability scanning (credentialed and uncredentialed, policy-based, etc). Web application scanning (DAST), Cloud scanning, and Phishing/Awareness training ("human" vulnerabilities is the idea here, I suppose).

Classic round acquisition numbers from Palo Alto. They've been hunting for an acquisition target for a while, and this one is earmarked for the company's Prisma cloud security platform. Cider has a suite of tools that aim to discover security issues along the CI/CD path: dependencies, infrastructure as code, kubernetes, containers. It also appears to have lots of integrations: github, Jenkins, K8s, Jira, Slack, etc.

Cider refers to its product as an "AppSec Operating System", because sure, why not. How about ESW as an "Enterprise Security News and Interview Operating System"? We'll just lose the term podcast, because it's old, obsolete, and not at all cool anymore.

This is an interesting concept - the idea is to attract advisors, startups, and investors to play matchmaker. Advisors commit to providing 4 hours of free consultation for startups, and then the terms of any ongoing partnership are between the two parties. the Collective was started by Ross Haleliuk, who is also head of product at LimaCharlie.

Prelude appears to be somewhat in the breach and attack simulation space, with a product called "Operator". The general idea is to test your controls to ensure they work. Prelude builds the tests included in Operator, which also integrates with external tests, which can be imported with a few clicks. There is a free community license, along with paid Professional and Enterprise tiers.

Another entry in the SOARv2 space that looks like it will be going head-to-head with the likes of Tines.

We're going to continue to see many flavors of DSPM. This is possibly the first we've seen within an existing cloud security vendor.

This just came off embargo this morning, but apparently, Wiz researchers were able to reach behind the IBM Cloud curtain, thanks to some plaintext credentials and vulnerabilities in PostgreSQL.

HUGE if true

Ransomware not going anywhere anytime soon

It totally makes sense that story-writing would be a new area for AI generators to explore (and ruin), but why include the Dalle-2 imagery? Dalle 2 doesn't understand faces yet and the result often seems more like something out of an adult horror novel, not something young kids should be exposed to at bedtime.

Should we use this to create a story about the security weekly hosts?

This was a rabbit hole I just couldn't turn myself away from, partly because Knoxville is featured in this story and a movie is dropping in a few months.