Vendor Failures Coming, MDM Confusion, Cyberinsurance Mess, Tines, & an AI Camera – ESW #322
This week, for the enterprise security news, we discuss the continuing impact of the market downturn and how it might affect late stage startups. We also discuss the state of cyber insurance - is it improving? SEC is starting to get traction with new and proposed cyber rules. Enterprise browsers not living up to the hype isn't even a hot take anymore, it's merely smoldering. Valence Security's state of SaaS report is out, and finally - how much would you pay for an AI camera that has no lens?
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: Cyera Secures $100 Million Series B Investment to Become the Data Security Platform Enabling the AI Revolution
In an environment where we're seeing hardly any funding, Cyera somehow pulls a $100M series B out of a hat, led by Accel. $100M is more than we've seen across ALL investments over the past 2 weeks, which come to $96.7M across 13 separate startups.
- 2. FUNDING: Venn Secures Patent for First Technology to Make MDM for Laptops a Reality; Reveals $29 Million in Series A Funding led by NewSpring Capital
$29M Series A. I have no idea what the heck this press release is talking about. They're trying to make MDM for laptops sound like it's a thing they invented? We've had MDM for laptops for well over a decade! They apparently think all remote workers use VDI???
Did ChatGPT or Bard hallucinate this press release? The "Venn diagram" between this company and reality has no overlap, I'm thinking.
- 3. FUNDING: Astrix Security, which uses ML to secure app integrations, raises $25M
- 4. FUNDING: Trust Lab Closes $15 Million Investment Led by U.S. Venture Partners
- 5. FUNDING: Oso sees huge opportunity in simplifying authorization for developers
$15M series B? They don't call it a Series B, but it's coming after their Series A, and is nearly twice the size, so...
- 6. FUNDING: CrowdStrike Invests In and Partners With Prelude Security – CrowdStrike
Not a lot of details, but a notable transaction/partnership.
- 7. FUNDING: Blackbird.AI – Narrative & Risk Intelligence Platform
- 8. ACQUISITIONS: Thales proposes to acquire Tesserent in a recommended transaction, expanding its global cybersecurity leadership
Tesserent is apparently one of the largest cybersecurity companies in New Zealand and Australia. They're an MSSP.
- 9. ACQUISITIONS: HashiCorp acquires BluBracket to add secrets scanning
- 10. TAKE PRIVATE: C5 Looks to Take IronNet Private, Oust Gen. Keith Alexander
IronNet has been on shaky ground for a while. I don't understand the dynamics at play here, but apparently the company has to oust its founder and CEO in order to get bailed out of their current situation.
- 11. NEW COMPANIES: Bearer
My friend Nipun Gupta's new startup!
- 12. NEW COMPANIES: Kodem Security
- 13. NEW COMPANIES: Silent Push Threat Intelligence
- 14. NEW PRODUCTS: Amazon launches AWS AppFabric to help customers connect their SaaS apps
AWS AppFabric pulls data from SaaS apps, normalizes it, and hands it off for analysis, auditing, archiving, etc.
- 15. CYBERINSURANCE: U.S. cyber insurance growth continued in 2022 with direct premium up 50% – Reinsurance News
- 16. CYBERINSURANCE: 5 Reasons Cyber Insurance is a Mess
The latest from fellow host Katie Teitler on what's going on with Cyber Insurance!
- 17. LEGISLATION: SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack
- 18. LEGISLATION: Who’s Afraid of the SEC?
- 19. GOOD PRACTICES: Good Practices for Supply Chain Cybersecurity
The EU shares good practices for supply chain security. Not best, mind you. Good. GOODEST, even.
- 20. CRIME TRENDS: Service Rents Email Addresses for Account Signups – Krebs on Security
- 21. RESOURCES: Tines Labs (@tines_labs) / Twitter
The Tines Labs Twitter account is an excellent resource for ideas on automating cybersecurity tasks, SOAR/SOC/Detection engineering folks should check it out!
- 22. TOOLS: Shopping for DSPM tools – What to know and where JupiterOne fits in
- 23. AI TOOLS: TakedownGPT
- 24. AI ESSAYS: AI Canaries
- 25. SHAMELESS SELF PROMOTION: Destroyed by Breach
Everyone else has been covering the Destroyed by Breach dataset I maintain, so I guess I should as well? Spotted this first on Clint Gibler's TLDRSec, then on Daniel Miessler's Unsupervised Learning, and finally on Mike Privette's Security, Funded newsletter.
This is a list of all the companies I've been able to find (with considerable assistance from journalists and the cybersecurity community!) that have been destroyed by a cyber incident.
- 26. HOT TAKES: We have left the cloud
- 27. HOT TAKES: Emerging Tech: Security—The Future of Enterprise Browsers
This isn't a new hot take from me, but I'm still pushing back on all this enterprise browser hype. I think they're a niche product at best and don't justify the levels of hype or funding they're receiving.
- 28. REPORTS: Introducing the Valence 2023 State of SaaS Security Report
A bit more self-promotion. I spent a lot of time putting this report together, along with the Valence Security Labs team and our CEO. Lots of interesting insights about SaaS breaches and risks. We've got recommendations and predictions for you as well.
- 29. SQUIRREL: Paragraphica
A camera without a lens. Interesting statement/tech, or bullshit stunt?
