Enterprise Security Weekly Subscribe

Vulnerability Management, Malware

Unicorn Layoffs, Zombiecorns, IronNet, Remediant, & AI Generated Insecurity – ESW #301

January 5, 2023

Finally, in the enterprise security news, Security funding is back, baby! Security Unicorn layoffs continue though! We talk Zombiecorns, IronNet struggles, Netwrix acquires Remediant, We talk breaches: Lastpass, Rackspace, Okta via Github, Slack via Github, Github announces 2FA improvements, AI generates insecure code, Cyberinsurance challenges, Fyre Festival Fraudster Funding more Frauds All that and more, on this episode of Enterprise Security Weekly.

Full episode and show notes

Announcements

Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

1. FUNDING: Aztec Raises $100 million to Build Encrypted Ethereum
2. FUNDING: CyberCube raises $50m for growth, with HSCM participating again – Artemis.bm
3. FUNDING: DataVisor Announces $40 Million Strategic Growth Investment Led by Brighton Park Capital
4. FUNDING: Germany’s VMRay ties up $34 million series B to expand threat detection and analysis
5. FUNDING: Trilio raises $17M for its cloud-native data protection service – SiliconANGLE
6. FUNDING: Seattle cybersecurity startup that aims to protect machine learning-based code lands $13.5M
7. FUNDING: FireTail Raises $5M to Accelerate API Security, Led by Paladin Capital Group
8. FUNDING: Cybersecurity startup SafeHouse raises pre-Series A funding
9. (DE)FUNDING: IronNet’s latest NDR updates provide broader visibility of cyber threats – Help Net Security
10. (DE)FUNDING: IronNet cybersecurity faces delisting threat, potential insolvency – Baltimore Business Journal
11. ACQUISITIONS: Netwrix Acquires Remediant to Provide Customers with Enhanced Privileged Access Security
I'm very curious about the terms of any deal happening after the valuation reset. We'll probably never know with this one though.

The only recent comp is Palo Alto picking up Cider Security for $195m on $38m raised. That's 5.1x on money raised, but no idea what their Series A valuation was back in March, or how much revenue they managed to pick up in the 8-9 months they've been out of stealth.

This is Netwrix's 6th acquisition since getting picked up by TA Associates (PE) back in 2020.
12. LAYOFFS: Cybersecurity unicorn Armis axes 25 employees
13. LAYOFFS: Cybersecurity startup CyCognito cuts 15% of jobs
14. NEW COMPANIES: Zecurity
Where to start? The name? The tagline (Sustainable Cybersecurity)? The description of what they do? "Zecurity's platform is a SaaS-based zero-trust platform to air gap your infrastructure from the Internet."

Everything about Zecurity reads like someone went to ChatGPT and asked for the most clickbaity cybersecurity startup copy ever.
15. NEW COMPANIES: QWERX
16. NEW COMPANIES: Picnic
17. NEW COMPANIES: Gomboc – Cloud Infrastructure Security
18. NEW FEATURES: Raising the bar for software security: next steps for GitHub.com 2FA
We've got quite a few breaches this week that begin and end with GitHub, so it's no surprise they're busy, trying to improve security for users and convince them to use it!
19. OPEN SOURCE: Google releases vulnerability scanner for open-source software, backed by community-editable database
20. BREACHES: Okta’s GitHub source code stolen, company downplays impact
21. BREACHES: Slack’s private GitHub code repositories stolen over holidays
22. BREACHES: Kevin Beaumont’s epic, month-long thread on the Rackspace breach
TL;DR - Rackspace made a big mistake choosing not to patch Exchange when they had a chance, but did an impressive job recovering from one of the worst worst-case scenarios I've seen a business deal with in a while - total destruction of a product line (though one that only accounted for 1% of their $3B revenue).

Still, no word on whether the email belonging to tens of thousands of small and medium-sized businesses were stolen.
23. BREACHES: The LastPass disclosure of leaked password vaults is being torn apart by security experts
And I was one of them! I have some insights to share after tearing apart and examining my own (old, forgotten, I should have deleted it years ago) Lastpass vault.
24. BREACHES: What’s in a PR statement: LastPass breach explained
25. BREACHES: A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
26. BREACHES: Notice of Recent Security Incident – The LastPass Blog
27. DRAMA: Insiders worry CISA is too distracted from critical cyber mission
28. TRENDS: Switzerland Strategy – Digital Switzerland Strategy 2023
Clearly, Switzerland saw episode 299 with Joe Carson and were inspired to put together an all-in-on-digital strategy. They turned around this plan pretty quick, I'm impressed! ;)
29. TRENDS: AI assistants help developers produce code that’s insecure
This is a question I've had for a while. If AI is trained on general human-produced content, and humans are susceptible to mistakes, bias, and myths... How does the AI know the different between good content, or good code, and crap? Isn't it liable to just regurgitate humanity's mistakes?

What I REALLY worry about are folks being okay with this - folks who just want AN answer, and care less about whether it's the RIGHT answer.
30. TRENDS: Non-Compete Clause Rulemaking
https://www.ftc.gov/legal-library/browse/federal-register-notices/non-compete-clause-rulemaking
31. MARKET ANALYSIS: Zombiecorns, by the numbers
32. MARKET ANALYSIS: Welcome to ZOMBIE(corn)LAND!
u can’t do it alone. In the new world of the Zombiecorns, founders and leaders must look to their team to help carry them forward. Lead with passion, be transparent whenever possible, and help others to rally to your cause. If you try to be a hero and lead in silence you will not make it. Remember it took a team of people to get you where you are today, it’s going to take that same team of people to save you from the Zombiecorn fate.
33. REPORTS: NSA Publishes 2022 Cybersecurity Year in Review
34. REPORTS: The State of Cybersecurity in 2022 and Trends and Predictions for 2023
35. CYBERINSURANCE: Ohio Supreme Court Says Ransomware Is Not Physical Damage
36. CYBERINSURANCE: Cyber attacks set to become ‘uninsurable’, says Zurich chief
37. SQUIRREL: Convicted Fyre Festival Fraudster Is Planning Another Bahamas Venture, But the Bahamas Don’t Want Him
38. SQUIRREL: A Startup Founder and an Industry Analyst walk into a bar…
Startup Founder: How can I describe our product in a way that stands out to customers? The cybersecurity market is already saturated.

Industry Analyst: I got you dog, say no more

Katie Teitler-Santullo

Product Marketer and Content Strategist at OX Security

Founder & CTO at Trimarc

https://www.trimarcsecurity.com

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

https://www.90degree.vc/

Related

Vulnerability Management

Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland and More.. – SWN #439

December 20, 2024

Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland, and More, on this edition of the Security Weekly News.

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Vulnerability Management

Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, Aaran Leyland, and More – SWN #438

December 17, 2024

Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, WordPress, Aaran Leyland, and more on the Security Weekly News.