Will AI allow us to finally scale vuln mgmt and threat detection? – ESW #353

$73M Series A led by Multicoin Capital and Protocol Labs. Aiming to "make the internet end-to-end encrypted using Fully Homomorphic Encryption", which doesn't make a lot of sense. The investors are tied to blockchain, which makes me a bit worried. The company is French, but I don't have enough experience with French startups or investments to know where that should move my confidence slider.

Still, back to the earlier statement that doesn't make sense. Homomorphic encryption was designed to protect data in such a way that it remains structured enough to be useful. Think, performing a lookup on encrypted data without decrypting the data to perform a keyword match.

This is a VERY specific use case, so I'm not sure why someone would want to apply it to the entire Internet. It compromises the strength of the encryption in exchange for utility - a compromise you'd only want to make if the use case justified it. Definitely not something you'd want to apply with a broad brush.

$33M Series A led by Evolution Equity Partners. The company's "Cloud Runtime Security" aims to actively disrupt cloud-focused attacks.

$27M Series E led by Elev8 Venture Partners. Mumbai-based IDfy combats fraud by providing secure identity verification.

The $22.5M Private Equity round from Centana Growth Partners is Cayosoft's first round of funding. The 6 year old company specializes in "Microsoft active directory management, monitoring, and recovery."

$20M Series A led by Ballistic Ventures. The company is aiming to use "advanced AI" to "reinvent security operations". Sounds like a Security Copilot competitor, in other words!

$7.5M round from the Regional Quantum Initiative in Canada, includes a $3.75M repayable contribution from the Canadian Government (FedDev Ontario). The company designs, develops, and manufactures quantum-ready hardware security products, QxHSM and QxEDGE, in Canada.

$3.4M seed round co-led by Two Sigma Ventures and Root Ventures. The Australian company is planning a US launch in June. The product is an AI-driven appsec bot, aiming to aid and automate human work in detecting and fixing vulnerabilities in code.

Stackpath launched with a $180M Series A and four acquisitions in 2016. Seemed aimed at competing with Akamai, Fastly, Cloudflare right out of the gate. Raised another $216M in 2020 and I never heard from them again.

Looks like they lost a third of their workforce in the last 18 months, so I'm guessing this is a fire sale. No deal amount that I can find, as Gcore appears to be a private EU-based company (based in Luxembourg).

The latest market analysis from Mike Privette!

I'm not sure why it's being described as a fintech, but it raised 500 pounds in pre-seed funding to address the problem of fraud resulting from stolen phones. It aims to "instantly" cancel bank cards and SIM cards; secure digital accounts; and more.

Looks like a similar focus/value prop to CardinalOps, who we just spoke with last episode. Folks have the people, the budget, the tools, but actually detecting stuff is really hard, so there's still a missing piece in the market here.

As always, it should be SIEM/XDR vendors filling this need, but the security market has a way of producing submarkets when they fail to build a complete product (e.g. vulnerability management giving birth to the RBVM market).

The very hotly anticipated Security Copilot product is being released on... April Fools? Start getting your jokes ready for social media now, folks.

Microsoft's marketing: "With Copilot, you can protect at the speed and scale of AI and transform your security operations."

Real Life Expectations: "Hey Copilot, What protocol runs on TCP 25 again?"

There's a lot of hype and hubris here. First off, the marketing description makes it sound like one SOC analyst could do the work of five! But then they share these underwhelming stats:

• Experienced security analysts were 22% faster with Copilot.
• They were 7% more accurate across all tasks when using Copilot.
• They were 1% more accurate at the incident report task used in the study.
• They were 1% more accurate at the response task used in the study.
• And, most notably, 97% said they want to use Copilot the next time they do the same task.

Okay, so the improvements were marginal, but enough that pretty much everyone liked them and want to continue using them. That's fine, just say that! Enough with the "machine speed" and "speed and scale of AI" fluff. Ultimately, it looks like the majority of the positive benefits were due to the LLM's ability to accurately summarize text data.

Some other details

• Licensing will be pay-as-you-go, which likely means that Copilot will be billed and available via Azure.
• It is multilingual (a nice bonus feature of LLMs, which can seemingly effortlessly switch between languages)
• Will be able to reference data from Sentinel, Defender XDR, Intune, Defender Threat Intelligence, and Entra
• Already has over 100 partners?!? These include both MSSPs and security software vendors
• can integrate with your existing knowledgebase and playbooks, and can supposedly perform actions based on existing step-by-step instructions (I'm a bit nervous about this)

NOT ONLY is this sudo for Windows, it's also going to be open sourced. They already have the repo ready: https://github.com/microsoft/sudo

This is Darwin's newsletter!

The latest from Katie Teitler!

An interesting technical study on using entropy to better detect Linux-based malware. (based on my very brief skim of the report!)

So many questions.

• It passed the House, will it pass the Senate?
• Will it also ban WeChat? (it doesn't seem to affect Alibaba Cloud)
• How many hours until a video is uploaded to YouTube and Instagram, telling folks how to bypass restrictions?
• It won't be in US-based app stores anymore, but what about overseas app stores? Can I just use those by firing up NordVPN?
• Most of the content on TikTok finds its way onto YouTube and Instagram anyway, so will anyone care?
• How many US-based TikTok creators are out there, and how much income will they lose if the app gets pulled? Some get as much as $20k for a short, sponsored video.

A proof-of-concept GenAI worm. While the proof-of-concept involves some fictional tooling that doesn't really currently exist (at least to my knowledge), it's important guidance for folks doing product design and architecture work.

TL;DR - fully automating anything with GenAI is probably a bad idea right now.

To be fair, the timeline is unclear. We don't know if CISA published the advisory before or after the attack against its own Ivanti products exposed to the public Internet.

What a mess. I don't even know where to start.

If only someone in USGov knew how disruptive this might be and took steps to avoid it...

Coffee AND beer is under attack?? This cannot stand.