Secret Double Octopus, Furbies, and Too Much Data! – ESW #347
Oleria, Vicarius, and Secret Double Octopus raise funding (NOTE: Secret Double Octopus is a real company that chose Secret Double Octopus as their name, I’m making none of this up). Rumors about Zscaler’s next 9-digit acquisition, 2 new security vendors and demystifying public cybersecurity companies.
Chrome gets AI features, security teams have TOO much data, and a new threat intel database from Wiz. Is bootstrapping a cybersecurity startup a realistic option? Finally, remember Furbies? NSA’s furby docs just dropped, and they are HILARIOUS. Thanks to Jason Koebler from 404Media for that.
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: Oleria raises $33M Series A to usher in new era of adaptive and autonomous identity security
$33M Series A led by Evolution Equity Partners, bringing total funding to $40M. Salesforce, Tapestry, and Zscaler also participated.
They provide "adaptive and autonomous identity security solutions". AI is also mentioned.
- 2. FUNDING: Vicarius Raises $30M Series B to Fuel AI Innovations in Vulnerability Remediation
$30M Series B led by Bright Pixel, bringing total funding to $56M. Vuln mgmt is still hanging around. It isn't really getting much easier or quicker, but there's still money to be made off Qualys, Rapid7, and Tenable's scraps.
- 3. FUNDING: Secret Double Octopus Secures a Series C Funding Round
$15M Series C, led by BGV. Focused on passwordless tech. Was an innovation sandbox finalist, if I recall correctly.
- 4. ACQUISITION RUMORS: Zscaler in negotiations to acquire cyber startup Avalor for $250-350 million
Avalor does "Next-gen Unified Vulnerability Management". Avalar hasn't even hit my radar - are they really worth this much?
It looks like they do more than just vuln mgmt - perhaps a JupiterOne or Axonius competitor? Is there really room in the market for companies like Vicarius and Avalor? We still have a raft of vuln mgmt laggards (Rapid7, Qualys, Tenable, etc), which, in their neglect, gave rise to a new generation of vuln mgmt startups (Vulcan Cyber, Nucleus). In other words, vuln mgmt is near 100% saturation, but is ripe for disruption, so why isn't it happening? Surely not for lack of startups in the space, new or old.
- 5. NEW COMPANIES: Dapple Security – Putting your digital identity back in your hands.
New passwordless vendor.
- 6. NEW COMPANIES: PRE Security
"PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent™. By introducing PREdictions to your existing cybersecurity toolset, you can preempt and prevent incidents before they happen."
- 7. NEW FEATURES: Chrome is getting 3 new generative AI features
"Turn on these experimental AI features to organize your tabs, create custom themes and get help with writing on the web"
- 8. NEW TOOLS: Real-Time Cybersecurity Company Market Tracker: Public Company Data & Insights
Mike Privette put together a real-time tracker for public cybersecurity companies. It's pretty basic, but works!
- 9. RESEARCH: Demystifying Cybersecurity’s Public Companies
A great discussion about how hard it is to define what qualifies as a "public cybersecurity company". The full list is 71 companies, but with a few caveats...
- 10. RESEARCH: Results from 451 Research’s 2023 Security Analytics and SecOps study
"Despite continued advances in SecOps tech, data overload remains an issue. On average, more than half (54%) of security alerts go uninvestigated in a typical day - the first time since we've been asking the question that this number has gone over 50%. Nearly 30% of respondents tell us they cannot investigate more than three-fourths of alerts."
It's just fundamentally the wrong approach - SecOps folks are set up to fail. SOCs are a symptom of the problem, not a solution.
- 11. THREAT INTEL: Cloud Threat Landscape: A Cloud Threat Intelligence Database
Super useful database of breach information with lots of references. I'll be digging into this for sure!
- 12. DEBATE: Is bootstrapping a cybersecurity startup a real option, or a pipe dream?
Haroon Meer and Ross Haleliuk had an interesting debate on LinkedIn last week - well worth digging through the arguments, counter-arguments, and comments.
- 13. NEWSLETTERS: The Cyber Why: What We Read This Week…
A few things in last week's Cyber Why caught my attention:
- Carta, SaaS for cap table management, appears to have crossed the streams, and shut down part of their business as a result
- Startup Unicorns get redefined as $3B+ valuation???
By my count, there are 44 cybersecurity unicorns right now (I use CBInsight's data). If we move the bar up to $3B, that number goes down to 15. The other problem is that NONE of the unicorns on this list have seen a new valuation since valuations took a beating in mid-2022. We saw Cybereason lose an order of magnitude in value, and Snyk (rumored to) lose 50%, so it's anyone's guess as to which companies are or are not a unicorn on this list.
- 14. ESSAYS: Open, Public Networks are a Misnomer
An essay from me, published on Tyler's substack, The Cyber Why.
Once upon a time, we defined networks we controlled as "private" and thought of them as "trusted". Anything outside our networks was "open", "public", and "untrusted". These days, we know that our private, trusted networks are quite vulnerable.
Because PCI is very slow to evolve, it still embraces this idea of data in transit being more vulnerable on the public Internet than in your private network (or a more secure DMZ within it). Put another way, is Bob from Accounting an easier target than one of Verizon's tier 1 routers?
- 15. ESSAYS: The Margin Crush is Coming in 2024
- 16. ESSAYS: We Must Consider Software Developers a Key Part of the Cybersecurity Workforce
- 17. ESSAYS: Silicon Valley’s Cargo Culting Problem – Wearing A Black Turtleneck Doesn’t Make You Steve Jobs
- 18. ESSAYS: The year of the passkey is still far away
- 19. ESSAYS: The Rise of the Internet of Agents: A New Era of Cybersecurity
- 20. OBITUARIES: Inventor of NTP protocol that keeps time on billions of devices dies at age 85
My girlfriend mentioned to me that we're going to be seeing a lot of these in the near future. The inventors of the Internet and most of the software, standards, protocols, and designs that power today's computing devices are mostly still alive today, but are getting up there in age.
It must be surreal for them, to have created things that seemed niche and ultra-nerdy in the beginning, but became the basis for what is essentially considered an essential utility for much of the world today.
- 21. AWARDS: Hall of Fame – Golden Kitty Awards Winners
This is the result of votes from ProductHunt users/fans, and it's worth a browse. A lot of these tools are worth checking out, just for personal use and productivity.
It's also useful to see what new products are probably being used within your organization right now, or will be in the near future!
- 22. INVESTIGATIONS: The Global Spy Tool Monitoring Billions
First we find out our phones really are listening to us. Now we find out that a lot of those ads that make apps "free" are being used to track our location.
- 23. DUMB IDEAS: Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It
I feel like I've seen this movie already.
- 24. ESSAY: Hero culture in cybersecurity: origins, impact, and why we need to break the toxic cycle
- 25. SQUIRREL: The NSA’s Furby Docs Just Dropped
404 Media is just killing it with funny stuff, serious stuff, and everything in between.
DISCLOSURE: I'm a paid subscriber and have collaborated with most of the 404 Media founders and staff when they were back at Vice Motherboard.
