Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Absolutely incredible momentum. There's a lot to talk about here, we're likely to spend a good chunk of the news segment just on this huge Series C extension, discussing what it means for Orca and the market as a whole.
$20.5m Series A in May 2020
$55m Series B in December 2020 (7 months later)
$210m Series C in March 2021 (4 months later, $1.2bn valuation)
$550m Series C extension in October 2021 (7 months later, $1.8bn valuation)
We pondered this merger months ago after the FireEye/Mandiant breakup was announced and STG acquired the FireEye products business and portfolio. We envisioned this merger as a threesome that included RSA, but alas, it seems our rebranding brainstorming was all for naught: https://twitter.com/sawaba/status/1443968096356773889
Not surprising, as we've seen some heavy consolidation in the IAM space. What's interesting is that this space doesn't seem to be following the traditional expand/contract patterns we see in the market. There are IAM vendors at every stage in the startup cycle and there's a lot of ground to cover. Worth a reminder that, while One Identity is operating under its own name, it's still part of the larger Quest Software group, which spun out of Dell a few years back.
Took me a minute to figure out the deal rationale on this one, but Akamai's Soha acquisition 5 years ago is the key clue. What is now called ZTNA, leaves off where Guardicore picks up - it's a natural extension. It's also as full-footed into the internal enterprise network as Akamai has ever been.
$600m on $106m raised isn't great, but it's not a trash fire either. I suspect microsegmentation/network isolation has joined app whitelisting and NAC on the pile of tools that are "useful in small doses", but were priced and designed to rearchitect the whole enterprise.
Begs the question - Illumio has raised 5x more and their latest round was a Series F at a $2.75bn valuation. Math works out, but where would they go? PE shop smooshes them together with a Firemon? If a Check Point or Palo Alto was interested, I feel like they would have pulled that trigger long ago.
Another ISO to purchase (ISO 5962:2021 - https://www.iso.org/standard/81870.html), though I'm sure folks will still use CycloneDX and SWID tags. However, many orgs are likely to follow the one that Intel, Microsoft, Siemens, Synopsys, and the Linux Foundation are endorsing.
A bit of welcome levity during the Facebook outage, Twitter nails the moment and sets up every digital marketing manager everywhere to have a good day. You could spend hours sifting through the replies of this one tweet, cataloging winners and losers. We'll share a few of our favorites.
In the leadership and communications section, A Letter from the CISO to the CEO, The High Cost Of Ignoring Cybersecurity: Why Your Business Needs Protection, The Art of Speaking Cadence: Unleashing a Powerful Leadership Tool, and more!
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t...
Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into.
Fitzgerald, T. 2019. Chapter 14. CISO ...