Quantum threats, SOC automation, funding trends – ESW #377

• Picus Security $45M Series C - was once BAS, is now "Adversarial Exposure Validation"!?
• Intezer $33M Series C for AI-enabled SOC automation
• EasyDMARC $20M Series A for email authentication security
• Eclypsium $19.7M Series B extension (?)

Funding info courtesy the Security, Funded newsletter. Sign up for free!

Open Security is a Swiss SASE vendor. This move reminds me a bit of Mastercard picking up cybersecurity, and older examples of AT&T picking up companies like Alienvault.

I'm really curious to hear how well this works. This could be a potential holy grail to help security teams limit how much they get distracted by tools OR it could be the opposite and could lead to them obsessing over filling meaningless gaps and getting TOO focused on tools.

OpNova is the latest startup from Sinan Eren, who previously sold Fyde (ZTNA) to Barracuda, and before that, Remotium (secure remote apps) to Avast.

I love that there are more automation vendors popping up. I'm eager to check out what they're going to do in this space, and it makes me happy to see products getting refined and polished. We've come a long way from the early Phantom and Demisto years!

In this interview (recorded shortly before Cisco axed most of the folks I know over there, including the folks in this video), Wendy remarks on some of the distractions affecting CISOs, including:

1. the pandemic (hybrid work models and remote employees in particular)
2. AI concerns - AI is coming into the enterprise regardless of whether anyone wants it or is ready for it! In particular, generative AI tends to highlight data hygiene and governance issues.
3. supply chain security - this also connects to AI, as everyone tries to profit off their customers' data (often without explicitly telling customers or partners this!
4. breaches and CISO liability

Burnout: The constant pressure, distractions, and personal risks are contributing to high levels of burnout among CISOs, compounding the already demanding nature of the role.

This is an excellent summary of the state of security, and the challenges getting in the way. It's about a lot more than tools, but concludes that tools are often a distraction. Coincidentally, this pairs well with the Wendy Nather interview we're discussing this week!

This story also pairs well with the new company we're discussing this week, ESPROFILER.

A great post from occasional co-host Guillaume Ross. It hadn't even occurred to me that enterprises might want some control over Apple Intelligence on employee devices. Guillaume did the work and put it together in a handy little post.

Don't let the .ZIP domain scare you off, you can safely click this link, I promise ;-)

We just did a webcast with Quantum Xchange, and it was a great discussion on exactly this: https://www.scworld.com/cybercast/what-the-nist-post-quantum-cryptography-pqc-standard-means-to-enterprises

My main concern is that post-quantum encryption projects are never going to be important enough to get the attention or resources they need to happen. So 10 years from now, we'll be talking about post-quantum crypto tech debt.

One thing that gave me hope, however, is that this webcast was super well attended and attendees were engaged, active in the chat, and asking tons of questions!

John Mulaney ROASTS Salesforce employees, customers, and partners at their own event. On their dime. Strap in.