Vulnerability management, Careers, Critical infrastructure

Funding Rounds Rebound, Bitwarden Password Management, Cymulate, & Ethereum’s Merge – ESW #288

In the Enterprise Security News for this week: Funding rounds are back!, Bitwarden rasies $100M for password management

Cymulate raises $70M, and a ton more Series A, Series B, and Seed announcements from vendors just coming out of stealth, Ethereum’s merge completes and moves to proof of stake, Some updates on the Twitterpocalypse, The latest in annoying buzzword innovation, and some Cyber Insurance trends that I promise are interesting!

Full episode and show notes

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: Open source password manager Bitwarden raises $100M - $100M Series B led by PSG, with Battery Ventures. I'm not sure I see enough market for all these password managers to capture. I'd love it if we saw market saturation on both the consumer and enterprise side, but I've been underwhelmed with adoption so far. More and more companies are requiring password database use, so that's a good sign, I think. How does the competition's war chests compare? Let's look at the most recent funding rounds for each: 1Password: $620M Series C in Jan 2022 Dashlane: $110M Series D in May 2019 Keeper Security: $60M PE round in August 2020 LastPass: Recently spun back out of PE-land; $200M revenue in 2021
  2. 2. FUNDING: Cymulate snaps up $70M to help cybersecurity teams stress test their networks with attack simulations - $70M Series D led by One Peak. Total raised is $141M with a ~$500M valuation. 200 employees, 500 paying customers. Sounds like the Breach and Attack Simulation (BAS) term is out and "Extended Security Posture Management" is in.
  3. 3. FUNDING: Reciprocity Announces $60M Growth Investment from Francisco Partners - $60M strategic growth investment from Francisco Partners. The company's ROAR (Risk Observation, Assessment, and Remediation) platform appears to be a GRC tool, estimating risk and tracking compliance activities
  4. 4. FUNDING: Isovalent Raises $40M Series B as Cilium and eBPF Transform Cloud Native Service Connectivity and Security - $40M Series B led by Thomvest Ventures. Creator of the Cilium project, which is apparently the default in several managed Kubernetes offerings from GCP and AWS. Also behind eBPF as well??
  5. 5. FUNDING: Huntress Scores $40M Funding, Plans International Expansion - $40M in debt financing. MDR platform.
  6. 6. FUNDING: Dig Security Secures $34 Million Series A Investment Led By SignalFire to Deliver Real-time Data Security for the Cloud - $34M Series A led by SignalFire. Data Security Posture Management (DSPM).
  7. 7. FUNDING: SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform - $22M Series A (?) led by Insight Partners. SaaS Security (aka CASB v2)
  8. 8. FUNDING: Data Security Company Open Raven Raises $20 Million - $20M Series B led by Pelion Venture Partners. Total funding at $40M. DSPM
  9. 9. FUNDING: Opus Security emerges from stealth to help tackle cloud security threats - $10M Seed from YL Ventures, Tiger Global, and angels. SOAR v2 - the founders are ex-Siemplify. SOAR v1 was difficult to implement and develop for, which led to this second round of automation/orchestration startups. I presume Opus would be competing with the likes of Rapid7 and Tines.
  10. 10. FUNDING: HyperComply raises $6.4m for due diligence service - $6.4M Seed, led by FirstMark Capital and Golden Ventures. Compliance automation, questionnaire assistance, accelerate SOC 2, etc...
  11. 11. FUNDING: Data protection RegTech Codenotary raises $6m
  12. 12. FUNDING: Hornetsecurity Boosts Private Equity Funding; Seeks More Cybersecurity Acquisitions – MSSP Alert - German, PE-backed Hornetsecurity is consolidating MSSPs with at least 5 firms acquired so far, and planning more with this financing.
  13. 13. ACQUISITIONS: Google completes acquisition of Mandiant
  14. 14. TRENDS: PromptBase - The world of AI art feels like it has exploded overnight. The results range from unbelievable to grotesque. As these tools are rapidly adopted and begin to cross over from hobbyist oddities to commercially useful, there are some tough questions. Should for-profit AI art services be required to pay the artists and respect the copyrights of works that their AI models were trained on? Is the output of an AI art tool really "art" and can it be sold as such? What happens when AI art tools are trained on AI art that trained on AI art that trained on AI art? Is the process of creating a prompt for one of these tools an artistic endeavor? At least one website things so: PromptBase is a marketplace where people can sell the prompts they used to create specific images. This marketplace is an eye opening collection of what these tools are truly capable of. Photorealistic people, clipart, icons, logos, stock photos. Redbubble, Shutterstock, Getty, Fiverr, and the rest of the entire media asset and creation industry must either be very nervous or very litigious right now.
  15. 15. TRENDS: How it Works — Yondr
  16. 16. TRENDS: World’s Biggest Ether Mining Firm to Shut Down After the ‘Merge’
  17. 17. TRENDS: North America is seeing a hiring jump in medical industry cybersecurity roles
  18. 18. TRENDS: Portabl – Universal Financial Identity for All
  19. 19. TWITTERPOCALYPSE: Ten Points from Peiter “Mudge” Zatko’s Twitter Testimony - 1. No dev environment - engineers test in PROD 2. No one knows what data they have or where it is 3. No central logging capabilities 4. Management is aware of issues, but prioritizes growth over security anyway 5. FTC is being misled 6. 80% of Twitter's user base is outside the US, but has no ability to monitor or review non-english tweets 7. Foreign agents are active in Twitter, but Twitter looks the other way 8. Twitter is reactionary & trails 10 years behind industry best practice 9. Twitter doesn't and can't remove user data, because they don't understand how it's all stored (potential violation of GDPR and CCPA) 10. Twitter employees can manipulate bank account info for large 3rd party advertisers
  20. 20. WINS: Twitter Agreed to Pay Whistleblower Roughly $7M in June Settlement - He also stands to profit from the actual whistleblowing complaint, if it results in fines against Twitter. It is all worth having yourself and family come under attack by armies of lawyers and investment advising firms?
  21. 21. WINS: The Reformed Analyst - Our very own Katie Teitler has a new newsletter on Substack that you should check out!
  22. 22. FAILS: Patreon security team layoffs cause backlash in creator community - We covered this over on Business Security Weekly episode 276, so we won't duplicate the effort here. You should go check that episode out though! https://securityweekly.com/bsw276
  23. 23. FAILS: £6bn Darktrace takeover collapses after US buyers walk away
  24. 24. FAILS: As Ex-Uber Executive Heads to Trial, the Security Community Reels
  25. 25. FAILS: Shiba Inu cloud credentials leaked on a public repository!
  26. 26. REPORTS: Momentum Cyber’s Market Review for August 2022 - Always worth a scroll, Momentum Cyber has some great stats and information on the latest market happenings.
  27. 27. BUZZWORDS: Votiro’s new messaging: Zero Trust Content Security - Votiro sanitizes files, messages, and other content. As they've expanded beyond file sanitization, they needed a term that was more inclusive of the new ground they're covering: Zero Trust Content Security. I understand the attraction - Zero Trust is one of the hottest buzzwords right now (https://swagitda.com/blog/posts/infosec-buzzword-bingo-2022/). They're using Zero Trust as a metaphor though, which will only further dilute and confuse literal uses of the Zero Trust term. Good work for industry analysts though, as buyers will turn to them to translate all the latest vendor-speak. I suppose Zero Trust Content Security is better than the long version: API-First Content Disarm and Reconstruction (CDR) Software-as-a-Service.
  28. 28. LEADERSHIP: Security for growth companies - A nice read from Bessemer on security recommendations for high growth startups, with some commentary from seven well known security leaders (Lenny Zeltser, Kathy Wang, Cassio Goldschmidt, Erik Bataller, Emilio Escobar, Talha Tariq, and Jason Chan). The five security principles proposed are: 1. Build a cybersecurity culture 2. Invest in identity 3. Secure your cloud and development environment 4. Manage your data assets and environment 5. Monitor your third-party risk
  29. 29. CYBERINSURANCE: Cyber Insurance Coverage & Policy Highlights - This is just one cyber insurance provider I stumbled across the other day, but I found their coverage highlights interesting and revealing. Probably should have occurred to me sooner that the latest cyber insurance product updates can provide a window into trends in attacks and breaches, but here we are. Some of the more notable highlights include: - Cryptojacking coverage - Bricking coverage - Invoice manipulation coverage - Social engineering coverage Their cyber insurance calculators are interesting as well, and a lot of fun to play around with: https://www.at-bay.com/cyber-risk-calculators/
  30. 30. SQUIRREL: Breaking: Linux company SUSE sold to Taco Bell
  31. 31. SQUIRREL: USB-C naming to somehow get worse with USB4 Version 2.0 - https://arstechnica.com/gadgets/2022/09/usb-c-naming-to-somehow-get-worse-with-usb4-version-2-0/
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad