Privacy Engineering Firms, Facebook Outages, Orca Series C, & Gravwell – ESW #245
In the Enterprise Security News for this week:
Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. FUNDING: Temasek leads $550M Series C extension into Orca Security, which aims for further international foothold – TechCrunch - Absolutely incredible momentum. There's a lot to talk about here, we're likely to spend a good chunk of the news segment just on this huge Series C extension, discussing what it means for Orca and the market as a whole. $20.5m Series A in May 2020 $55m Series B in December 2020 (7 months later) $210m Series C in March 2021 (4 months later, $1.2bn valuation) $550m Series C extension in October 2021 (7 months later, $1.8bn valuation)
- 2. FUNDING: Salesforce and Atlassian double down on developer security with $75M Snyk investment
- 3. FUNDING: We (Tonic.ai) raised a $35M Series B. Here’s what’s next for fake data. - Privacy engineering is hot right now!
- 4. FUNDING: Duality Technologies Raises $30M Led by LG Technology Ventures to Accelerate Market Adoption of Privacy-Enhanced Data Collaboration - Privacy Engineering is hot right now!
- 5. FUNDING: Adaptive Shield lands $30M Series A to build out its SaaS security platform – TechCrunch
- 6. FUNDING: Gravwell Emerges From Stealth With Data Fusion Platform and $3m in seed funding
- 7. MERGER: McAfee Enterprise-FireEye Products To Merge Into $2B Titan - We pondered this merger months ago after the FireEye/Mandiant breakup was announced and STG acquired the FireEye products business and portfolio. We envisioned this merger as a threesome that included RSA, but alas, it seems our rebranding brainstorming was all for naught: https://twitter.com/sawaba/status/1443968096356773889
- 8. ACQUISITION: One Identity has acquired OneLogin, a rival to Okta and Ping in sign-on and identity access management – TechCrunch - Not surprising, as we've seen some heavy consolidation in the IAM space. What's interesting is that this space doesn't seem to be following the traditional expand/contract patterns we see in the market. There are IAM vendors at every stage in the startup cycle and there's a lot of ground to cover. Worth a reminder that, while One Identity is operating under its own name, it's still part of the larger Quest Software group, which spun out of Dell a few years back.
- 9. ACQUISITION: Akamai to Acquire Guardicore To Extend Its Zero Trust Solutions To Help Stop Ransomware - Took me a minute to figure out the deal rationale on this one, but Akamai's Soha acquisition 5 years ago is the key clue. What is now called ZTNA, leaves off where Guardicore picks up - it's a natural extension. It's also as full-footed into the internal enterprise network as Akamai has ever been. $600m on $106m raised isn't great, but it's not a trash fire either. I suspect microsegmentation/network isolation has joined app whitelisting and NAC on the pile of tools that are "useful in small doses", but were priced and designed to rearchitect the whole enterprise. Begs the question - Illumio has raised 5x more and their latest round was a Series F at a $2.75bn valuation. Math works out, but where would they go? PE shop smooshes them together with a Firemon? If a Check Point or Palo Alto was interested, I feel like they would have pulled that trigger long ago.
- 10. ACQUISITION: NetApp to Acquire CloudCheckr and Expand its Spot by NetApp CloudOps Platform to Enable Organizations to Better Optimize and Secure Their Multi-Cloud Infrastructure - A late acquisition, as most of CloudCheckr's competition got picked up years ago.
- 11. STANDARDS: SPDX Becomes Internationally Recognized Standard for Software Bill of Materials - Another ISO to purchase (ISO 5962:2021 - https://www.iso.org/standard/81870.html), though I'm sure folks will still use CycloneDX and SWID tags. However, many orgs are likely to follow the one that Intel, Microsoft, Siemens, Synopsys, and the Linux Foundation are endorsing.
- 12. TOOLS: GitOops! Attacking and defending CI/CD pipelines.
- 13. TRENDS: Principles – Trusted Cloud Principles
- 14. DEVOOPS: Details on how Facebook Thanos snapped itself - TL;DR, fat-finger oopsie cascades into a full-blown kerfuffle that was challenging to recover from.
- 15. SQUIRREL: Twitter says hello, digital marketing managers everywhere smell opportunity - A bit of welcome levity during the Facebook outage, Twitter nails the moment and sets up every digital marketing manager everywhere to have a good day. You could spend hours sifting through the replies of this one tweet, cataloging winners and losers. We'll share a few of our favorites.