Enterprise Security WeeklySubscribe
AI/ML, Attack surface management, Acquisition

The Cybersecurity Market Gets Some New Quirks and Features – ESW #364

We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.

Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.

From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.

To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.

We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.

Full episode and show notes

Announcements

  • Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Announcing Transcend’s $40M Series B to fix privacy for the enterprise

    Oh wow, it's going to be fixed? For all enterprises? Go on, I'll wait.

  2. 2. FUNDING: Lumos Secures Series B to Launch the Unified Access Platform

    $35M Series B, led by Scale Venture Partners. Aims to bring IT and security together, by enabling them to solve app and access related problems through merging the SaaS Management and Identity Management industries into one platform.

    I've never seen anyone THIS excited about their raise (click the link to see what I mean).

  3. 3. FUNDING: WitnessAI Secures $27.5 Million in Series A

    $27.5M Series A, co-led by GV and Ballistic Ventures.

    "WitnessAI specializes in AI safety, privacy, governance, and security. Their Secure AI Enablement platform offers solutions for observability of AI use, policy enforcement, and governance, ensuring data protection and user safety. WitnessAI's platform is deployed as isolated, cloud-based instances for each customer, encrypted with their keys to ensure data privacy and regulatory compliance. Its mission is to give organizations the security and governance controls needed to adopt AI safely."

  4. 4. FUNDING: Patronus AI Raises $17 million To Detect LLM Mistakes at Scale
  5. 5. FUNDING: BforeAI Announces $15 Million in Series A Funding Led by SYN Ventures
  6. 6. FUNDING: Averlon Comes Out of Stealth with $10M in Funding to Advance AI-Powered Cloud Security

    $8M (seed? Series A?) led by Voyager Capital.

    "Averlon’s Foundation is Built on Three Pillars:

    • Panoptic Visibility: Provides CISOs and security teams deep visibility into their cloud environment.
    • Predictive Attack Intelligence: Averlon’s AI model proactively predicts the actions of attackers and identifies end to end attack chains.
    • Rapid Remediation: Helps security and engineer teams to identify and eliminate end-to-end attack chains by deploying surgical fixes."
  7. 7. FUNDING: Zendata raises $2M to redefine AI governance and data privacy with no-code platform

    Though the company name sounds like something that gets transferred when Zendaya migrates to the latest iPhone, Zendata intends to improve AI governance and data privacy using a no-code platform.

  8. 8. ACQUISITIONS: Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure
  9. 9. ACQUISITIONS: Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops

    If I recall correctly, BugCrowd started offering an ASM product that partially leveraged BitDiscovery's ASM platform. Now that BitDiscovery is part of Tenable, it makes sense for BugCrowd to acquire their own ASM vendor (which seem to still be plentiful).

  10. 10. DIVESTITURES: 3 reasons Synopsys is selling its app security business
  11. 11. NEW COMPANIES: Hydrolix seeks to make storing log data faster and cheaper
  12. 12. NEW COMPANIES: Lasso Security brings contextual data protection to generative AI applications – SiliconANGLE
  13. 13. NEW COMPANIES: Brian Markham on LinkedIn: Demoed Inc.

    Demoed is an interesting approach - as a mediator between seller and buyer, the seller doesn't know who they are demoing to. The buyers sign up for a hassle-free experience, though one where they can easily ask the vendor questions.

  14. 14. NEW FUNDS: New Cisco AI investment fund not just ‘another billion dollars,’ CEO says
  15. 15. NEW PRODUCTS: Lacework extends platform capabilities with security service edge product for zero-trust connectivity – SiliconANGLE

    A bit surprising that, after hearing Lacework was prepared to go to Wiz in a fire sale, that they had a new product ready for launch, just weeks later! It makes me wonder how "baked" this new product is.

  16. 16. NEW FEATURES: LastPass is now encrypting URLs in password vaults for better security

    Ugh, FINALLY.

  17. 17. NEW FEATURES: How the new Microsoft Recall feature fundamentally undermines Windows security

    Does it though? Let's discuss.

  18. 18. NEW FEATURES?: Microsoft to start enforcing Azure multi-factor authentication in July – DataBreaches.net

    Ugh, FINALLY.

  19. 19. NEW FEATURES: Dashlane Nudges reduces the risk of credential theft – Help Net Security
  20. 20. NEW FEATURES: Nightfall AI introduces ‘Firewall for AI’ to enhance security in generative AI applications – SiliconANGLE
  21. 21. NEW FEATURES: BigID announces new AI data security features for Microsoft Copilot

    See, to be safe using Microsoft Copilot, you gotta use Microsoft Purview. But to successfully use Microsoft Purview, you need BigID...

  22. 22. NEW FEATURES: PagerDuty Operations Cloud gets a boost with new AI and automation capabilities – SiliconANGLE
  23. 23. NEW FEATURES: Huntress adds Active Remediation and macOS coverage to its EDR solution – Help Net Security
  24. 24. HOT TAKES: Rather Than Measuring Risk, Fix an Interesting Problem
  25. 25. HOT TAKES: UnitedHealth leaders ‘should be held responsible’ for installing inexperienced CISO, senator says
  26. 26. HOWTOS: Automating Incident Triage with Copilot for Security

    THIS is the kind of content I'm here for, and it's unsurprising seeing that it's coming from Brandon Dixon, the founder of PassiveTotal (acq by RiskIQ, which was then acq by Microsoft). He's very much a builder and hands-on tinkerer, so it was nice seeing clear demonstrations of how you can leverage this technology and how it works.

    With that said, it becomes clearer that generative AI won't be revolutionary, it's a quality of life improvement. The ability to use conversational language to program an automated workflow is going to be a big time saver, and also reduces the training effort and time for SecOps employees.

    We don't see a whole lot of results in this article though, so I'm interested to see how it actually performs!

  27. 27. HOWTOS: Doing Stuff with AI: Opinionated Midyear Edition

    I just discovered this Substack, and LOVE this idea of a periodic check-in with a new technology trend (AI, in this case), and suggestions on how you should increase your exposure to it and better understand it.

  28. 28. ESSAYS: Navigating the AI Marketing Copyright Minefield

    There are a number of unresolved issues this essay goes into, like:

    • is it okay that AI models have trained on copyrighted works?
    • what do we do when the output resembles copyrighted works?
    • do we "own" the output of generative AI tools?

    And it includes some guidance for ethical AI use.

  29. 29. INTERVIEWS: An interview with the most prolific jailbreaker of ChatGPT and other leading LLMs
  30. 30. REPORTS: Tech Trends in Enterprise Tech, from CBInsights

    Some VERY interesting insights in this slide deck. If you're in enterprise security, you need to keep up with enterprise tech trends!

  31. 31. TRENDS: Shop Copilot+ PCs: A New Era of Windows AI PCs and Laptops

    What do all these laptops have in common?

    None of them have Intel inside. These are all rocking Snapdragon chipsets.

  32. 32. STANDARDS: NIST unveils ARIA to evaluate and verify AI capabilities, impacts – Help Net Security
  33. 33. SQUIRREL: Russia Has Been Transmitting a Mysterious Radio Signal for 40 Years—And No One Knows Why
  34. 34. SQUIRREL: Rock band’s hidden hacking-themed website gets hacked

    SUCH a cool read, with a weird twist.

Lead Product Manager at Monad
Product Marketer and Content Strategist at OX Security

Related