Query.AI, Tenchi Security, HelpSystems, CrowdStrike, & Snowcat Scanner for Istio – ESW #247

This article is describing this $50m as an extension to Cybereason's Series F (bringing total company funding to over $700m, yikes!), but Google Cloud isn't a VC, so this isn't a typical raise. It is described as a "strategic partnership", which is fine and all, but we've got to wonder if this might be a downpayment. Cybereason needs an exit - a $3bn valuation is a lot for a company that just does endpoint security, especially considering the humble pie currently being served up to the previous generation of endpoint and platform security vendors (Symantec, McAfee, FireEye).

Black Kite (fka NormShield) raises a $22m Series B to compete in the Security Rating Services (SRS) market. This is a contentious market, with opinions ranging from "total BS" to "necessary evil" to "the ones that work with actual data models are okay". Black Kite doesn't use data models, but rather uses industry frameworks to calculate a score. The general sales model here has been described to me as "they gave us a bad grade due to some false positives and we were forced to work with them to correct it". Security Weekly Labs is planning to assess some of these products in January and we're eager to see what they're like for ourselves.

"the provider of the market's only security investigations control plane for modern enterprises" Decent-sized Series A at $15m. Looks like they're pitching themselves as a SOAR alternative (less engineering/dev effort for same results). Sure enough, they've got the requisite laundry list of integrations on their website for such a claim: https://query.ai/integrations/

$7m is a significant seed round from the latest YL Ventures-backed startup. YL has a solid track record, so we always perk up when a new YL portfolio company hits the scene. In trying to figure out what "Business Application Mesh" means, it sounds like this is primarily a visibility tool highlighting automated workflows leveraging APIs and "enterprise IFTTT"-style services like Zapier and Workato (which are mentioned in the PR). I'm reminded of one of the CASB use cases here, shadow IT discovery, though the other aspect of that is building a catalog of third-party services and how risky they are.

Alexandre Sieira and the rest of the existing team at Tenchi Security by Filipe Bouças, reuniting part of the team that successfully built and sold Niddel to Verizon in 2018. It's early days, but the company is firmly focused on cloud security. It currently appears to offer a mix of services and what sounds like a SaaS cloud security platform that focuses on first and third-party maturity monitoring.

Believe it or not, I found this company accidentally by searching for Tenchi's seed funding press release! This also looks like a similar-sized seed round for another startup focused on cloud security. The ideal customer focus is much further down market, however. Tenacity says they're aiming to build a self-serve service that helps small businesses use the cloud securely.

HelpSystems has been on a tear! Shortly after HGGC became the lead investor in PE-owned HelpSystems started to set its sights on cybersecurity companies. Traditionally, Helpsystems has been big iron-focused, offering automation for AS/400 (iSeries, i, etc) for almost 40 years, so it's no surprise most security folks hadn't heard of them. In fact, they're the world's biggest independent i software vendor. A bit of history first. In 2019, they picked up Core Security from SecureAuth, which was already a combination of Courion, Damballa, and the original Core Security (Courion dropped its own brand in favor of Core Security). Under HelpSystems, the Core Security subsidiary picked up Cobalt Strike. Also in 2019, HelpSystems picked up Clearswift (email security). In 2020, Titus, Boldon James (both data classification), and VERA (DRM) were picked up. In 2021, Digital Defense (vuln mgmt), Beyond Security (vuln mgmt), Agari (email security), and now PhishLabs have been picked up! Despite its name, PhishLabs is a lot more than security awareness training. It describes itself in the Digital Risk Protection (DRP) space along with vendors like RiskIQ (now MSFT) and Zerofox. DRP is all about protection brands and accounts by trying to spot misuse before it becomes a problem (e.g. anyone other than CapitalOne registering the domain capital0ne.com is not a good sign). Since HelpSystems is privately owned, no juicy deal details for us. Is there an S-1 in their future? I'd love to hear Tyler's take.

Halvar Flake's latest startup gets acquired! Optimyze hasn't been around long, and recently just went through a pivot. They started out looking for ways to "optimize" cloud workloads, in order to save organizations significant cloud spend. The pivot focused instead on profiling production cloud application workloads without most of the drawbacks traditional profiling tools would have. While not a pure-play security tool, any tool that offers better visibility into workloads definitely has a solid security use case. Optimize, along with Cmd, build.security, Endgame, and Elastic's native security offerings represent a solid and quickly growing security lineup.

InfoSec veteran, soothsayer, and investor Phil Venables posts a lot of stuff well worth your time, but this one is especially interesting. It's a list of what he considers to be "leading indicators of a great cybersecurity program". Thought exercise: how many of these are data points collected by Security Rating Services? 1. Accountable executive 2. Experience depth 3. High reliability organization 4. Independent challenge 5. Strategic architecture 6. Transparency 7. Preventative maintenance 8. Extended enterprise 9. Contribution 10. Vulnerability reporting process

So Crowdstrike has been avoiding using XDR for a while, but I guess that's over. They've not only started using the term, but leaped out of the gate with the "CrowdXDR Alliance". They say Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight are all members at launch. I guess it makes sense to have a common schema for XDR, but you might be asking, "doesn't something like this already exist for SIEM"? Your hunch is correct - we've already got the Azure Sentinel Information Model, Chronicle Security's Unified Data Model (and Cybereason is hitched up with them, along with their XDR play), and Elastic's Elastic Common Schema. Obligatory XKCD: https://xkcd.com/927/

A neat FOSS, python, web-based tool that aims to speed up the process of generating pen test reports.

TIL that Istio was a thing, AND there was a way to scan it for security issues!

A pen test-focused tool for discovering details about Kubes installs!

Follow Adam Sacks for more great cartoons on his Instagram at https://www.instagram.com/adamsackstoons/