Funding, acquisitions, AI, CES, and dumpster fires kick off security for 2024! – ESW #345
The year kicks off with TWELVE funding announcements and NINE acquisitions! Several new companies have merged, we already have a few dumpster fires burning and there is plenty of AI news to kick off the year.
The annual Consumer Electronics Show gives us previews of the invasive and insecure horrors that will be unleashed upon us this year, New Yorkers get right to repair, and Polish trains don’t. (see the show notes for more)
Finally, we talk Apple Vision Pro, Tetris, and skydiving iPhones.
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: ExtraHop Secures $100M in Growth Capital from Existing Investors and Strengthens Leadership Team to Accelerate NDR Market Growth
- 2. FUNDING: Carlyle and Insight Partners invest in Exiger at reported $1.2B valuation
We don't know the funding amount, but the valuation is well into unicorn territory, so it's probably one of the larger ones we'll see this week.
Exiger does supply chain SaaS.
- 3. FUNDING: Hakluyt Capital announces three of its first investments, into Interos, CalypsoAI and Viz.ai
We again, don't get the funding amounts for this one. Odd trend...
Interos' AI-powered platform is helping the world's leading multinational corporations, governments, and other organisations map, monitor and pre-empt emerging and systemic risks hidden deep in manufacturing and cyber supply chains to protect brand, reputation and profitability.
CalypsoAI is a leading AI Security company empowering international organisations to leverage generative AI and Large Language Models (LLMs) safely and confidently. The company's platform is designed to mitigate the risks posed by generative AI models, providing industry-leading safeguards that prevent the leakage of sensitive data and block malicious attacks.
Viz.ai's software platform harnesses AI to accelerate the diagnosis and treatment of serious illnesses. Its algorithms, which have been cleared by the US Food and Drug Administration (FDA), analyse medical imaging data such as CT scans and electrocardiograms to support medical professionals with real-time insights and assessments.
- 4. FUNDING: Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn
- 5. FUNDING: Cyber Firm SimSpace Secures $45 million in Funding from L2 Point Management to Fuel Continued Growth
- 6. FUNDING: Link11 Raises €26.5M in Funding
- 7. FUNDING: Digital identity company Yoti receives £12.5 million funding from HSBC · Yoti
- 8. FUNDING: Base Operations raises $9.1 million to boost global threat intelligence – Help Net Security
- 9. FUNDING: Cybersecurity firm Strike Graph raises $8.5M
- 10. FUNDING: Salvador Technologies Raises $6M to Empower Cyber Resilience in Operational Technologies and Critical Infrastructures
- 11. FUNDING: Turngate Raises $5M in Seed Funding
$5M Seed funding, led by Paladin Capital Group. In a continued trend we're seeing to deconstruct the SIEM into more manageable and effective components, Turngate focuses on enterprise identity activities and entitlements.
Founded by Bruce Potter, well known for his work in the security industry, as well as the founder and organizer of the popular security conference, Shmoocon. As with Shmoocon, Bruce's wife Heidi has a founding role with Turngate as well.
- 12. FUNDING: Arcanna.ai Announces $3.5M Investment to Advance Decision Intelligence Platform
$3.5M Seed led by Lytical Ventures. "...setting an industry-first path toward autonomous decision-making in cybersecurity." Arcanna describes their product as a "decision intelligence platform". The explanation of how it works looks like every SIEM ever: 1. ingest data 2. magic happens (or not) 3. output goes to Splunk, SNOW, SOAR, Slack, etc
- 13. ACQUISITIONS: SentinelOne® to Expand Cloud Security Capabilities with Acquisition of PingSafe
- 14. ACQUISITIONS: SonicWall acquires Banyan Security to boost cloud security portfolio for remote work
- 15. ACQUISITIONS: Mimecast Acquires Elevate Security
- 16. ACQUISITIONS: Defining the Future of Multicloud Networking and Security: Cisco Announces Intent to Acquire Isovalent
- 17. ACQUISITIONS: Delinea acquires Authomize to detect and mitigate identity threats
- 18. ACQUISITIONS: Mend.io acquires cyber startup Atom Security
- 19. ACQUISITIONS: Okta snatches up security firm Spera, reportedly for over $100M
- 20. ACQUISITIONS: Mimecast Announces Acquisition of Elevate Security, Strengthens Commitment to Managing Human Risk
Good on Elevate for getting an exit, though Mimecast is private, so we don't know if it was a good one. The bad news is that most folks I'm hearing from seem to have had negative experiences with Mimecast, which is the opposite of Elevate's reputation.
- 21. ACQUISITIONS: Juniper Networks’ stock spikes 22% on report it could be soon acquired by HPE
More recent reports put the deal amount at $14B. Still not great - less than $2.5B multiple. Not FireEye bad, but still not a multiple you'd expect to see for a healthy business.
- 22. FAILURES: Remembering the startups we lost in 2023
Out of the 11 companies featured, one was a cybersecurity vendor (IronNet) and one was killed by a breach (CloudNordic)
- 23. TRENDS: VCs are entering 2024 with ‘healthy paranoia’
- 24. NEW COMPANIES: Tracecat
SIEM + Threat Hunting + SOAR from what I can tell? But with something called "ThreatGPT". Backed by Y Combinator, and also closed an undisclosed seed round recently.
- 25. NEW COMPANIES: Launch of Sleuth Kit Labs – Sleuth Kit Labs
- 26. NEW COMPANIES: Observa – Trusted and trustworthy security programs for startups
Security program outsourcing for early stage startups.
- 27. DUMPSTER FIRES: How Rebellion Defense, The $1 Billion Military AI Startup Hyped By Silicon Valley, Wound Up In A Nosedive
Honestly, not even the spiciest startup dysfunction story we've seen recently, but interesting in that it's focused on US and UK defense contracts AND is partly cybersecurity-focused, and partly AI-focused.
- 28. DUMPSTER FIRES: 23andMe tells victims it’s their fault that their data was breached
Very badly handled by 23andMe. Technically, 23andMe is not wrong. Practically, they just jabbed themselves in the eye with a thumb. Imagine: if banks just let customers do whatever they wanted with their accounts and didn't put measures in place to protect them, there'd be no money in banks. This was clearly the wrong PR move and no one in their right mind should have let this statement come out of the company.
- 29. CYBERINSURANCE: Pharma giant Merck settles $1.4 billion cyberattack case
- 30. AI ESSAYS: AI’s Predictable Path: 7 Things to Expect From AI in 2024+
Mostly focused on the potential future of digital assistants. As with much of Daniel's work, a must-read.
- 31. AI ESSAYS: Today’s AI funding rush reminds me of the fintech investing hype of 2021
- 32. AI NEWS: Microsoft’s new Copilot key is the first big change to Windows keyboards in 30 years
- 33. AI ASSISTANTS: The Rabbit R1
An interesting pitch. Doesn't replace the smartphone, but does duplicate some of what a smartphone currently does. The inability to replace a smartphone hurts it, while the $200 price tag and lack of subscription model helps it quite a bit. You can teach it how to do custom tasks and workflows by recording website and app use, much like you'd train an old school keyboard macro.
- 34. CES 2024: Will the Coolest New AI Gadgets Protect Your Privacy?
- 35. CES 2024: Baracoda Unveils BMind, the World’s First Smart Mirror for Mental Wellness
- 36. TRENDS: Quantum Computing’s Hard, Cold Reality Check
Buying us more time for pivoting to post-quantum encryption standards, I suppose!
- 37. NEW VULNERABILITIES: Hackers can infect network-connected wrenches to install ransomware
- 38. NEW VULNERABILITIES: Barracuda Email Security Gateway Appliance (ESG) Vulnerability
Yet more basic vulns affecting Barracuda customers. It makes me wonder how many of these could possibly still exist in their products. This is the company that told customers to just stop using one of their products, rather than try to fix and recover it.
- 39. LEGAL: Hacker behind GTA 6 leak will be confined to “a secure hospital for life” due to his “intent to return to cybercrime as soon as possible”
One of the LAPSUS$ members is acutely autistic, perhaps has some adjacent or unrelated mental ailments and is to be confined to a hospital until he no longer seems determined to immediately return to cybercrime ASAP.
- 40. TRENDS: The eternal struggle between open source and proprietary software
- 41. RANSOMWARE: Would you pay off a ransomware crew? Should you?
A great discussion among Register journalists on the dilemma of paying ransoms.
- 42. RIGHT TO REPAIR: New Yorkers Get Their Right To Repair Today. Here’s What You Need to Know.
- 43. RIGHT TO REPAIR: Polish Hackers Say Manufacturer’s Repair DRM Killed Train’s Power, Broke Compressor
- 44. BEST PRACTICES: New Microsoft Incident Response team guide shares best practices for security teams and leaders
[side eye] SURE, TELL US ALL ABOUT YOUR IR BEST PRACTICES MICROSOFT [/side eye]
- 45. RISK ANALYSIS: Is It Raining Risk? What Data says about Cyber Risk in the Cloud
Wade Baker waxes about risk based on the research Cyentia Institute has been doing for the last 6-7 years.
- 46. SQUIRREL: Apple Vision Pro available in the U.S. on February 2
- 47. SQUIRREL: A 13-year-old in Oklahoma may have just become the 1st person to ever beat Tetris
Watching his reaction as he becomes the first person to crash Tetris is so delightful and wholesome. He dedicated the record-setting win to his father, Adam Gibson, who died last month.
- 48. SQUIRREL: iPhone survives 16,000-foot fall after door plug blows off Alaska Air flight 1282
There are people that don't get their iPhones back after leaving them in the back seat pocket on the plane. This person is going to get it back after losing it out the side of an airplane AT 16,000 FEET!
Of course, a phone surviving from a drop that high isn't the incredible bit - phones probably reach terminal velocity before they hit the floor from your kitchen countertop (which is why there are so many cracked screens out there)
What's incredible is that someone spotted it with their eyes shortly after it happened, AND it was unlocked, AND it was open to an email that included the owner's email address, flight number, and airline!
It was still in airplane mode, so finding it digitally (like, with Find My) would have been impossible. Incredible it landed in a soft spot, right next to a sidewalk and was spotted.
