Google picks up a Wiz kid, GitHub’s malicious actions, Agentic AI is sus – ESW #399
This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future
Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering.
In the enterprise security news,
Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly.
Announcements
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Hosts
- 1. FUNDING: brought to you by the Security, Funded newsletter
"Cybereason, a United States-based endpoint detection and response (EDR) platform, raised a $120.0M Venture Round from Liberty Strategic Capital and SoftBank Vision Fund."
With the CEO gone, the deal happened pretty quickly. I haven't seen a public drama like this with the exec team at a security startup since Norse Networks!
"Pentera, an Israel-based automated security validation platform, raised a $60.0M Series D from Evolution Equity Partners."
- 2. ACQUISITIONS: Google to acquire cloud security startup Wiz for $32 billion
Sure, this is the largest security acquisition ever, even larger than Cisco's $28b deal for Splunk, which arguably, wasn't pure play security.
What really makes it remarkable is the speed and confidence with which Wiz grew and gobbled up the cloud security TAM. The company has been putting out mind-blowing press releases since the beginning.
Remember when they claimed $100M ARR after being out of stealth for only 18 months? We racked our brains to even conceive of how the company could add headcount quick enough to grow at this rate.
Meanwhile, the company's research team was regularly churning out incredible research, finding vulnerability after vulnerability in cloud security platforms. Research that made everyone safer, not just Wiz customers.
They rejected a $23b offer from Google and stated IPO as their goal, but IPOs aren't what they used to be, and I'd argue that a cloud security company isn't a good fit for the risk-adverse public market. This seems like a great outcome, but some folks aren't so sure. Will Wiz's support for non-Google platforms degrade post-acquisition? Only time will tell, but Ian Iamit has some thoughts on this over on LinkedIn.
- 3. NEW PRODUCTS: Introducing EPSS Version 4
The savior of the vuln management market, or no?
Adrian has some thoughts.
- 4. ATTACKS: GitHub supply chain attack prints out everyone’s secrets
Man, what's the best practice here? Should customers be looking for signs of compromise across all their third parties? Do we want to risk waiting for GitHub to send out a notice?
The shared responsibility model has never been so stressed.
- 5. ATTACKS: Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts
It's rough out there for developers and GitHub users. Whether it's vulnerabilities or social engineering, attackers know that the world's largest repo is the watering hole that puts food on the table (sorry for the very bad predator/prey metaphor).
- 6. TRENDS: A brief history of mass hacks
And this truly is brief! It only goes back a few years, but there have been a shocking number of attacks on vulnerable tech/security providers. The supply chain is really where attackers are focusing these days (also see our two GitHub stories!)
- 7. ESSAYS: Why you should most definitely wait out the current “Agentic Security” wave
Even this self-proclaimed futurist, and some of the most AI-bullish folks I know are raising a few eyebrows at claims of "full autonomy", and agentic AI.
- 8. ENTROPY: Chaos in Cloudflare’s Lisbon office: securing the Internet with wave motion
- 9. DUMPSTER (literally): Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
How disposable should tech be? How long should it last? Who should be responsible for decommissioning it?
Should Zyxel pull a Spotify and brick their old devices once they reach end-of-life?
- 10. STUFF NO ONE ASKED FOR: HP Launches Printers With Quantum Resilient Cryptography
Any guesses as to how large the 2D printing on ink/tree pulp industry is?
Larger or smaller than what Google just paid for Wiz?
- 11. SQUIRREL (RAT?) – Carolina the giant rat retires as a hero after saving many lives
