Imperva Updates WAAP, SonicWall Confirms 0-Day, & Arista Zero Trust – ESW #215

This is a surprisingly low number for a Series B, unless you consider that the OT security market is also relatively small when compared to the IT security market.

Thoma Bravo, well known for turning around some handy 2-3 year profits on many well-known security brands is handing off Centrify to TPG, who is probably best known in recent years for helping Intel divest McAfee and take it public.

Zero Trust? That could mean 50 different things! First off, it's great to see good exits for Montreal-based companies - last year, Montreal-based vuln mgmt startup Delve Labs got picked up by SecureWorks. Interestingly, it looks like Inverse is basically an acqui-hire, but not your typical acqui-hire. It looks like, instead of developing a commercial product, they specialize in creating and maintaining open source products (specifically, Akamai is likely interested in Packetfence here). Instead of making money on commercial software licensing, they get paid to handle all the integration work. This is interesting, because this is likely one of the most common places where product deployments fail and purchases become shelfware. The average customer doesn't have 5 python experts sitting around, waiting to work on the latest SIEM, threat intel or, in this case, NAC.

Another CSPM getting acquired here - I guess CSPM wasn't part of one of the four acquisitions that went into Prisma Cloud already? Aporeto was microsegmentation, CloudGenix was SD-WAN, Twistlock was container security and PureSec was serverless security, so yeah, I guess they needed a CSPM acquisition. Also, in researching this story, I discovered that Lacework has an absolutely BRUTAL anti Prisma marketing campaign. It's so aggressive, it's kinda funny.

This story is here just as context for the news that Microsoft's security revenue is $10bn annually. With the industry product revenue TAM at ~$60bn, that means Microsoft accounts for one sixth of ALL security product revenue!

Huge, if true. If Microsoft's security business is $10bn... that could put them in the number one spot as the largest security company in terms of product revenue, and ignoring the fact that Microsoft Security isn't a separate pure play company. By comparison, Cisco's security business is only doing ~$3bn annually and they've done a TON of security acquisitions in the past decade - SourceFire, OpenDNS, Duo, CloudLock, Threatgrid...

Another container/Kubernetes-inspired acquisition! They picked up DivvyCloud less than 10 months ago, but from what I can tell, that was more of a broad CSPM play, whereas Alcide seems to be more specifically focused on Kubernetes. We'll probably continue to see Kubes-related acquisitions for a while.

While not a security company, I think we should always have an eye out for big data/data-related companies, as they tend to have an impact on the data-hungry (and alert-fatigued) security space.

HelpSystems, the parent company that also acquired Core Security and Cobalt Strike, picked up Digital Defense. It makes a lot of sense as an acquisition, as (unless I've missed something), Core never had its own scan engine and depended on customers owning other tools to do the actual vulnerability scanning. While many might not know Digital Defense's name, they're a longtime IBM partner, providing the vulnerability scanning engine for QRadar.

"This acquisition unites three best-of-breed products focused on delivering world-class services, as shown in the excellent customer ratings we all have collectively earned." Except, there is no mention (or even a hint) at what all these products ACTUALLY do!

Okay, but like what does it do? Also important: What does it do that my existing solutions don't do? "Using a democratized approach to threat hunting, IRONSCALES makes anti-phishing effortless and seamless for both security professionals and end users."

I have no idea what this means, what problem it solves, or why it may be better than anything else: " Arista Multi-Domain Macro-Segmentation Service is a suite of capabilities for integrating security policy with the network through an open and consistent network segmentation approach across network domains."

I like the honest marketing: "Cymulate, one of the only SaaS-based Continuous Security Validation platform to operationalize the entire MITRE ATT&CK® framework" I'm also a huge fan of testing this way: "Cymulate correlates EDR findings with hacking techniques, behavior-based attacks and malware launched from the Cymulate platform to validate endpoint protection efficacy against new threats and accurate detection and alerts of possible attacks."

"Tenable®, Inc. announced an enhanced Managed Security Service Provider (MSSP) portal to supercharge partners’ cloud-based vulnerability management offerings with Tenable.io®. The updated portal will enable MSSPs to self-provision and self-service their own Tenable.io instances, up to 1,000 assets, empowering partners to build and launch vulnerability management services in the cloud within minutes."

"StackPath Direct Connect for StackPath content delivery network (CDN), providing dedicated network connections from customers’ private networks to the StackPath edge platform. Traffic from customers’ on-premises origin servers can travel to and from the StackPath CDN without using the public internet." Also, not so sure it does this: "decrease exposure to malicious activity and threats"

"Barracuda announced the latest version of Barracuda Cloud-to-Cloud Backup with a new platform that delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Compared to traditional backup and recovery solutions, a cloud-native solution provides scale and resiliency, fast performance, and wide global coverage to protect Office 365 data born in the cloud."

"these acquisitions will enhance Rapid7’s ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments...Alcide’s industry leading cloud workload protection platform (CWPP) provides broad, real-time visibility and governance, container runtime and network monitoring, as well as the ability to detect, audit and investigate known and unknown security threats."

Sounds like some re-packaging of existing products.

"SonicWall has confirmed a zero-day vulnerability affecting its SMA 100 Series. Its disclosure arrives as NCC Group researchers report an observation of attacks exploiting a SonicWall flaw." - No details have been published, other than "watch for IPs connecting to the management interface".

"Available on EOS-based switches, MSS-Group implements security policy enforcement based on logical groups rather than traditional approaches based on interfaces, subnets or physical ports. "