Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk – ESW #254
This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- 1. TRENDS: The ‘art’ of VC startup valuations is a forgery – TechCrunch - https://techcrunch.com/2021/12/10/the-art-of-vc-startup-valuations-is-a-forgery/
- 2. FUNDING: Noname Security achieves unicorn status, one year after exiting stealth, with $135 million Series C
- 3. FUNDING: Ermetic raises $70M for ‘identity-first’ cloud security
- 4. FUNDING: Dazz, from ex-Microsoft team, gets $60M to automate cloud security - $50m Series A + $10m Seed. Sounds like a CSPM play, and who can blame them with all the money getting raised there? Founding team includes former general manager of Microsoft's cloud business and a few other ex-Microsoft folks with backgrounds in IoT security (Armis and Claroty). Founding crew looks to be mostly Israeli and funding comes from Insight Partners, Greylock Partners, Index Ventures, and Cyberstarts.
- 5. SPIN-OUT: LogMeIn spins LastPass out as an independent company once more - https://blog.lastpass.com/2021/12/lastpass-investing-even-more-in-your-password-security-in-2022/
- 6. VULNS: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
- 7. POST-MORTEM: Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region
- 8. REPORTS: Cisco Secure Outcomes Study Report 2021 - Part 2 of an excellent series funded by Cisco and put together by the excellent Cyentia Labs. It studies security outcomes - I highly recommend reading both!
- 9. TRENDS: Report: 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees
- 10. STANDARDS: SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach - Even NIST is ready to admit the security team can't do all the lifting.
- 11. REGULATIONS: Democrats accuse GOP of scuttling incident reporting in massive defense bill - https://therecord.media/democrats-accused-gop-of-scuttling-incident-reporting-in-massive-defense-bill/
- 12. REGULATIONS: Senate approves cyber-loaded defense bill loaded - https://therecord.media/senate-approves-cyber-loaded-defense-bill-loaded/
- 13. SQUIRREL: What’s the jankiest piece of tech you’ve seen a company depend on? - Brandon Rohrer asks on Twitter: War stories please. What’s the jankiest piece of tech you’ve seen a company depend on?