JupiterOne, Signal Ad Banned, Series F Funding, & Imperva Acquires CloudVector – ESW #226
This week in the Enterprise Security News: Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites, Imperva acquires CloudVector to provide visibility and security for API traffic, ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response, KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature, and some funding and acquisition updates from Thoma Bravo, Proofpoint, Darktrace, JupiterOne, and more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
- 1. Appgate SDP enables clientless, browser-based access to protected resources - "Appgate SDP creates one-to-one connections between users and resource locations and dynamically enforces identity-centric access policies at the network level."
- 2. StackPulse helps enterprises deliver reliable production-grade Kubernetes applications - "The 15-month old company that exited stealth mode in January, with $28 million in funding" and "When an error is detected in a Kubernetes environment, StackPulse automatically executes diagnostic steps to gather information from the clusters, and assists engineers in performing the root-cause analysis. This automation helps them quickly identify how to mitigate and resolve an issue. Additionally, StackPulse has released more than a dozen playbooks built by SRE experts that remediate common Kubernetes problems."
- 3. Code42 enhances Incydr to help identify insider risk related to file uploads to unsanctioned websites - "Incydr Browser Upload Detection is built to detect and alert security teams to unsanctioned browser upload activity, such as employees uploading business documents to personal cloud, email or social media accounts or source code repositories, regardless of the network or internet browser being used." and "The Incydr browser upload detection capability is more efficient for security teams to manage as there is no need to maintain browser plug-ins or proxies, and makes investigation and response quicker and more accurate." - But without a browser plugin or proxy, so via an agent?
- 4. Imperva acquires CloudVector to provide visibility and security for API traffic - "Imperva announced it has entered into an agreement to acquire CloudVector. CloudVector enables customers to discover, monitor, and protect all API traffic in any environment from exploits and breaches."
- 5. Sysdig adds detailed audit logs for runtime detection and response for AWS Fargate - "Runtime detection for AWS Fargate on Amazon ECS based on Falco, Audit trails, rapid response, and capture files for AWS Fargate workloads (Sysdig captures and records all AWS Fargate activity — including commands, network connections, and file activity — and correlates the information with rich context from the cloud and Kubernetes.), Unified view across AWS Fargate security posture, vulnerabilities, and threats" - I love this.
- 6. ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response - "ThreatQuotient announced ThreatQ TDR Orchestrator, a new data-driven automation capability for more efficient and effective threat detection and response. This capability enables users to control what actions are to be taken, when, and why through the use of data."
- 7. Palo Alto Prisma Cloud targets unprotected VMs and container security - "Auto-Detection and Auto-Protection for Hosts: Prisma Cloud now automatically detects unprotected virtual machines (VMs) running on AWS, Microsoft Azure and Google Cloud Platform (GCP). It seamlessly deploys the Prisma Cloud Defender agent to help ensure that VMs are not left unprotected....Anti-Malware Capabilities at Runtime and During Continuous Integration and Delivery (CI/CD) Scenarios, Simplified Compliance for Hosts, Containers and Serverless Applications, Open Source License Analysis and Expanded Software Composition Analysis" Sounds like they are integrating acquisitions: Bridgecrew, Aporeto. PureSec, Twistlock, RedLock
- 8. SecureAuth expands identity-as-a-service options - "SecureAuth's new support for PIN protection for all FIDO2 WebAuthn-compliant portable authenticators such as the YubiKey 5 hardware key is intended to reduce the risk of lost or stolen authenticators being abused. The new SecureAuth Endpoint client enables multifactor authentication at login for Windows, Mac and Linux devices, including support for passwordless login by using – for example – a biometric WebAuthn authenticator and a PIN. Finally, the new SecureAuth Mobile SDK allows organisations to quickly integrate multifactor authentication into their own apps, avoiding the need to use a third-party authenticator."
- 9. IPO values Darktrace at £2.2 billion
- 10. KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature - "The KnowBe4 phishing platform now leverages machine learning to recommend and deliver informed and personalized phishing campaigns based on users' training and phishing history. Using data from KnowBe4's Artificial Intelligence Driven Agent (AIDA), a new recommendation engine enables admins to automate the selection of unique phishing security test templates for their users. It analyzes user data such as the number of failed phishing security tests, the types of attack vectors in those failures, how often suspicious emails are reported through the Phish Alert Button, the frequency and recency of training completions and more."
- 11. Influencing Future of Cloud Security with MITRE ATT&CK® for Containers - https://attack.mitre.org/matrices/enterprise/containers/
- 12. Rapid7 : Kubernetes Security Is Not Container Security - "To complete this analogy, you can think of image scanning as the cloud equivalent of source code scanning, which checks if you have known vulnerabilities in your code. Image scanning is important, but it isn't a replacement for a firewall, antivirus, or proper operating system configuration. In the old days, when containers ran only on top of Docker, container security was enough. Nowadays, make sure you don't overlook the operating system (Kubernetes) and focus only on the apps (containers), because doing so will leave large gaps in your security and compliance."
- 13. Sonatype Helps Organizations Manage Open Source License Obligations and Speed up Legal Compliance with New Tool - "Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times. "
- 14. Sectigo Acquires SiteLock, Solidifying Its Market-Leading Position in Web Security - "Sectigo, a global provider of automated digital certificate management and web security solutions, announced the acquisition of SiteLock, a leading provider of website security protection and monitoring; the transaction also included Patchman, a Netherlands-based provider of automated Content Management System (CMS) vulnerability scanning and patching solutions."
- 15. Thoma Bravo’s $12.3 Billion of Proofpoint
- 16. Cybersecurity firm Acronis pulls in $250m in CVC-led funding
- 17. Cymulate nabs $45M to test and improve cybersecurity defenses via attack simulations
- 1. ACQUISITION: Imperva acquires API security company CloudVector - We're starting to see a lot more focus on API security, as traditional DAST and WAF-focused vendors seek to fill this gap in their product portfolios. Also, I almost forgot Thoma Bravo owns Imperva now (one of 11, sorry 12 now with Proofpoint, cybersecurity companies it has a majority stake in right now!)
- 2. FUNDING: Cigent gets $7.6 million to reimagine data protection at the file level - Protecting data and preventing data leaks is hard. The moment you start putting controls around data, it becomes difficult to use and tends to break workflows, kill productivity, and frustrate users. As the In-Q-Tel investment suggests, Cigent's technology is designed more for environments where secrecy and confidentiality is paramount - this isn't stuff you're likely to see in the average home or enterprise.
- 3. FUNDING: Viso Trust assesses third-party cybersecurity risk with AI, raises $3M - Third-party risk management is insanely time-consuming and it boggles my mind when I try to imagine handling it at a Fortune 100 where there are thousands of third parties to monitor and perform due diligence on. It's a boring, unsexy problem, but the more we can automate the more mundane footwork, the more time security staff will have to focus on the parts of the process that matter the most.
- 4. FUNDING: Sysdig raises $189M to monitor containers and apps in the cloud - Sysdig raises a Series F here, which leaves me wondering what their exit might be. They partially compete with a lot of other cloud security vendors (especially the CSPM folks), but 450 customers doesn't seem like a lot for a unicorn. As if to justify the valuation, they do offer up that the average ARR for their top 50 customers is $500k. A little napkin math has my revenue estimates at $35-50m for Sysdig, suggesting a 30x-22x multiple, which should make investors happy if they have an exit anywhere in that neighborhood. Only time will tell, as the CSPM market and larger cloud security market seem quite saturated.
- 5. IPO: Darktrace shares soar by 40% on London stock market debut