PeaceNoToWar, NortonLifeLock Pending UK Inquiry, RSA Con, & Space Force Insignia – ESW #265

In 2017, CA Technologies acquired Veracode for $614M in cash. About a year and a half later, when CA was acquired by Broadcom, Veracode was spun out to Thoma Bravo for $950M in cash. This week, TA Associates announced a deal to become majority owner (with Thoma retaining a minority stake). The deal values Veracode at $2.5B, suggesting a continued, healthy growth in value for the AppSec vendor.

PE firm Crosspoint Capital along with STG (who acquired RSA along with McAfee, FireEye and other legacy industry behemoths) will break out the RSA Conference as an independent event company. There aren't a lot of large, independent cyber security event companies out there, so it will be interesting to see how long RSAC remains independent, or whether it considers expanding or making acquisitions of its own.

This is a Big Deal (puns always intended). Attivo Networks is best known as a deception vendor, which will always hold a special place in my heart for using "Decepticons" within their product naming scheme. Though it looks like the company's AD products were a pivot, the company is still heavily focused on detecting attackers after they get in (lateral movement, in other words). As EDR vendors like SentinelOne evolve into XDR vendors, the focus moves from being a point product to a more holistic platform to "detect bad things" happening internally. As part of that larger platform, this deal makes a lot of sense. Attivo lists 7 products now, so SentinelOne gets a lot for their money here. Money raised was $60M - returning 10x to investors isn't too shabby, especially as the number of vendors looking for large exits increases.

The UK has been increasingly flexing its anti-competitive muscles when it comes to big tech, notably giving FAANG companies like Facebook a hard time when it comes to acquisitions. NortonLifeLock, has already been broken into a fraction of the company it once was, so the irony of anti-trust concerns isn't lost on us.

This is a wild ride and well worth reading the full article. The node-ipc maintainer decided to use their position to push protest messaging and then took the step of doing actual damage to systems geo-located as Russia or Belarus. Malicious versions of node-ipc have been deprecated and mostly handled. The larger issue is one of trust between package maintainers and the software dependent on these packages. RIAEvangelist, the node-ipc maintainer, is still the active maintainer of 40 other npm packages. Should we continue to use and trust any other packages RIAEvangelist has access to? What happens when they decide to protest the US? What about any other individual maintainer that could do something like this at any time? At a minimum, organizations need two things: the ability to detect when something goes awry with a project and a plan of action when it does. For example, the addition of a module called "peacenotwar", use of base64 encoding, and other shenanigans gave multiple opportunities to spot this particular incident as it unfolded. As for immediate action, I suspect most folks locked on a known good version of node-ipc as they monitored the situation. Long term decisions are tougher: do you migrate off vue.js? What are the chances the replacement you choose won't run into the same issue?

Headed by Dov Yoran (brother of Amit Yoran, CEO of Tenable), Command Zero is still in stealth, but looks to be assembling most of the crew manning the ThreatGRID ship that was sold to Cisco back in 2014. Aside from Yoran (CEO), this crew so far includes Dean De Beer (CTO), Eric Hulse (Director of Research) and Scott Dunlop (Architect). Other significant hires include Christopher Scott (Senior Director, Technical PM) and Alfred Huger (Co-Founder). Looks like most folks are joining directly from Cisco, so I've got to wonder if Cisco Ventures might be bankrolling the seed round here, or if this is totally removed from ThreatGRID's acquirer.

"he eventually traded his wristwatch for a 15-year-old Toyota that was low on oil and needed duct tape to keep the hood in place"