Enterprise Security WeeklySubscribe
Cloud Security, Asset Management, Industry Regulations

Healthy Funding, $3.6B Imperva Acquisition, New SEC Rule, Death of Infosec Twitter – ESW #325

This week, we discuss the state of the market as OneTrust announces a round, one year after they laid off nearly 1000 employees. We also note that we continue to see more and more non-US cybersecurity vendor activity - France and India specifically this week. An IBM report tries to tie security spending to breach costs, but we disagree. We discuss the impact of InfoSec leaving Twitter, and the odds of whether or not the Las Vegas Sphere will get hacked during DEF CON.

Full episode and show notes

Announcements

  • Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.

    We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.

    Visit securityweekly.com/cybersecuritysummit to learn more and register today!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: OneTrust Secures $150M Investment Led by Generation Investment Management
  2. 2. FUNDING: Cybercrime detection company Netcraft raises $100M to drive growth – SiliconANGLE
  3. 3. FUNDING: Protect AI raises $35M to build a suite of AI-defending tools

    $35 million in a Series A round led by Evolution Equity Partners. Building tools to harden the security around AI systems.

  4. 4. FUNDING: Wing Cloud is building an open source, unified cloud programming language

    $20M Seed: $15M Seed raised last year, and $5M extension closed in April. Led by Battery Ventures, Grove Ventures, and StageOne Ventures.

    One lang to bring them all, and in the darkness, bind them.

  5. 5. FUNDING: Adaptive Shield Secures Strategic Investment from Blackstone

    $10M "venture round" that's definitely not a down round. Nope. Brings the company's total funding to $44M after a $30M Series A in October 2021. One of the larger vendors in the SaaS Security/SSPM space.

  6. 6. FUNDING: Cyclops raises $6.4M in seed funding to launch AI-powered cybersecurity search platform

    Built on "cybersecurity mesh architecture (CSMA)".

    Quoting the CEO, "“CSMA is similar to zero trust, but more mature and advanced."

  7. 7. FUNDING: More Than 30 Leading CISOs Personally Invest in Gem Security’s Industry-Leading Cloud Detection and Response Platform
  8. 8. FUNDING: Cranium AI Security
  9. 9. FUNDING: Cyber Security Startup PingSafe Raises $3.3 Million In Seed- Fund Round
  10. 10. ACQUISITIONS: Thales enters app security market with $3.6B Imperva acquisition
  11. 11. REPORTS: IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
  12. 12. BREACH: VirusTotal apologizes for data leak affecting 5,600 customers

    Whoopsie daisy.

  13. 13. TRENDS: The Death of Infosec Twitter
  14. 14. CYBERCRIME: Umbreon Unplugged: Unraveling the Sequel to Failures

    An interesting interview with a young Dutch serial cybercriminal that has been in and out of ineffective (hacking) rehab programs.

  15. 15. ESSAYS: How You Respond to Security Researchers Says Everything About You – Dhole Moments
  16. 16. REGULATIONS: Attorneys on alert for cybersecurity threats: New York’s new CLE training requirement

    As of July 1st, every NY attorney has to complete an hour of cybersecurity training before they can renew their law license.

  17. 17. REGULATIONS: SEC approves new cyber reporting regulations for public companies

    TL;DR - 4-day reporting timeline (begins when a company determines "incident materiality", not the initial discovery

    • 2 30-day delay options if necessary (e.g. national security concerns)
    • technical details of incidents not required
    • companies also must disclose cybersecurity risk management, strategy and governance in annual filings
  18. 18. REGULATIONS: Final Rule – Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

    All glorious 186 pages of the final rule.

  19. 19. HACKING: Will the MGM Sphere get hacked during DEFCON?
  20. 20. HACKING: The Las Vegas Sphere is about to weather its first DEF CON

    No bug bounty, no vulnerability disclosure program, no information about security precautions taken, and tons of speculation online about when this thing is going to get hacked.

  21. 21. SQUIRREL: Researchers find deliberate backdoor in police radio encryption algorithm

    So THAT'S what that feels like.

Product Marketer and Content Strategist at OX Security
Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

Modernizing AppSec – Melinda Marks – ASW #307

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and ev...