The end of the road for some cyber startups & making detection actually work! – ESW #373
This week, in the enterprise security news,
- A funding that looks like an acquisition
- And two for-sure acquisitions
- Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year
- Speaking of rumors, Crowdstrike did NOT like last week’s Action1 acquisition rumor!
- Shortening detection engineering feedback loops
- HoneyAgents
- More reflections on Black Hat 2024
- The attacker does NOT just have to get it right once
- and the defender does NOT have to get it right every time
- Remember BEC scams? Yeah, they’re still enterprise enemy #1
All that and more, in the news this week on Enterprise Security Weekly!
Announcements
Don’t lose access to the Security Weekly content you know and love - make sure that you subscribe to your favorite podcasts feeds on an alternative platform like Spotify, YouTube Music, Amazon Music, Apple Podcasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now! We love to see your ratings and feedback so make sure to tell us what you think of the latest episodes.
Hosts
- 1. FUNDING: Kiteworks Private Content Network (“PCN”) Vision Validated by $456M Growth Equity Investment From Insight Partners and Sixth Street Growth
Funding, or acquisition? A $456M round led by Insight Partners and Sixth Street Growth values Kiteworks at just over $1B. We can't be sure, but those numbers don't make sense unless a LOT of equity just traded hands. Like, the majority of ownership in the company.
- 2. ACQUISITIONS: Mimecast acquires Aware
- 3. ACQUISITIONS: DigiCert to Acquire Vercara, Strengthening Its Position as a Leader in Digital Trust
- 4. ACQUISITION RUMORS: VP CorpDev at Crowdstrike calls out Action1 M&A rumors
These Action1 M&A rumors struck a nerve with Gur Talpaz, VP of Corporate Development at Crowdstrike. He claims that Crowdstrike had one 45 minute conversation with Action1, nothing more. No execs on that call, no senior folks at all, no NDA, no due diligence activities.
Then he says, months later, this rumor emerges. I think he takes it a bit far when he says, "this behavior destroys trust and undermines the credibility of our industry." I think this says more about the credibility of the organizations reporting the rumors, personally. And these rumors pop up so often, I don't think anyone is taking them too seriously.
- 5. OPEN SOURCE: Shorten your detection engineering feedback loops with Grimoire
This is a very cool project, but also struck me as a bit odd. This open source project simulates attacks to help you understand what an attack might actually look like - what events you should expect to see in your logs when an attack occurs.
But shouldn't this be well documented, institutional knowledge in our industry? Shouldn't this be baked into every SIEM? Shouldn't this be the very heart of every XDR and MDR service?
This story came from Darwin's newsletter, The Cybersecurity Pulse (TCP), issue 57. Check it out!
- 6. NEW FEATURES: Orca Simplifies Azure Policy Creation With Generative AI
But can't you just do this with a $20/mo ChatGPT subscription?
This story came from Darwin's newsletter, The Cybersecurity Pulse (TCP), issue 57. Check it out!
- 7. OPEN SOURCE: mrwadams/honeyagents: HoneyAgents
"HoneyAgents is a PoC demo of an AI-driven system that combines honeypots with autonomous AI agents to detect and mitigate cyber threats. Features include intelligent threat analysis, automated deny list updates, and detailed natural language threat reports."
Lots of folks saying that autonomous AI agents will be the next big AI breakthrough.
- 8. CONFERENCES: Reflections on Black Hat 2024 – Francis Odum
Some interesting insights here:
- "AI buzz was subdued compared to RSA"
- Companies' booths look better than their products
- Undeployed capital
- Israelis not slowing down
- Lots of high quality security leaders present
- Buyer's market
- Highest spending on SOC and identity
- New wave of founders
- and more!
- 9. ESSAYS: Transform the Defender’s Dilemma into the Defender’s Advantage
Preach!
- 10. ESSAYS: Azure outages should spark new urgency for a multi-cloud approach
- 11. REPORTS: EPSS A Visual Exploration of Exploits in the Wild – Cyentia Institute
One of two new reports from the always excellent Cyentia Institute.
- 12. REPORTS: IRIS Ransomware – Cyentia Institute
One of two new reports from the always excellent Cyentia Institute.
- 13. AI THREATS: Slack AI can leak private data via prompt injection
We definitely saw this coming! It won't be the last case of this, either.
- 14. BREACHES: BEC scam costs Orion nearly $60M
Just a reminder that BEC scams are still a thing, they involve little to no hacking, and still do more direct damage than ransomware.
- 15. REPORTS: Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
The always excellent source of DFIR wisdom and details has a new post out.
- 16. TRENDS: AI will create a tidal wave of vulnerable software, researcher predicts
Will it though? Will we even notice? After all, AI is just emulating existing levels of software dev quality, right?
- 17. SQUIRREL: Apple Pushes Ahead With Tabletop Robot in Search of New Revenue
In the search for new markets to dominate, Apple has a lot of weird stuff going on behind the scenes.
