Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Absolutely incredible momentum. There's a lot to talk about here, we're likely to spend a good chunk of the news segment just on this huge Series C extension, discussing what it means for Orca and the market as a whole.
$20.5m Series A in May 2020
$55m Series B in December 2020 (7 months later)
$210m Series C in March 2021 (4 months later, $1.2bn valuation)
$550m Series C extension in October 2021 (7 months later, $1.8bn valuation)
We pondered this merger months ago after the FireEye/Mandiant breakup was announced and STG acquired the FireEye products business and portfolio. We envisioned this merger as a threesome that included RSA, but alas, it seems our rebranding brainstorming was all for naught: https://twitter.com/sawaba/status/1443968096356773889
Not surprising, as we've seen some heavy consolidation in the IAM space. What's interesting is that this space doesn't seem to be following the traditional expand/contract patterns we see in the market. There are IAM vendors at every stage in the startup cycle and there's a lot of ground to cover. Worth a reminder that, while One Identity is operating under its own name, it's still part of the larger Quest Software group, which spun out of Dell a few years back.
Took me a minute to figure out the deal rationale on this one, but Akamai's Soha acquisition 5 years ago is the key clue. What is now called ZTNA, leaves off where Guardicore picks up - it's a natural extension. It's also as full-footed into the internal enterprise network as Akamai has ever been.
$600m on $106m raised isn't great, but it's not a trash fire either. I suspect microsegmentation/network isolation has joined app whitelisting and NAC on the pile of tools that are "useful in small doses", but were priced and designed to rearchitect the whole enterprise.
Begs the question - Illumio has raised 5x more and their latest round was a Series F at a $2.75bn valuation. Math works out, but where would they go? PE shop smooshes them together with a Firemon? If a Check Point or Palo Alto was interested, I feel like they would have pulled that trigger long ago.
Another ISO to purchase (ISO 5962:2021 - https://www.iso.org/standard/81870.html), though I'm sure folks will still use CycloneDX and SWID tags. However, many orgs are likely to follow the one that Intel, Microsoft, Siemens, Synopsys, and the Linux Foundation are endorsing.
A bit of welcome levity during the Facebook outage, Twitter nails the moment and sets up every digital marketing manager everywhere to have a good day. You could spend hours sifting through the replies of this one tweet, cataloging winners and losers. We'll share a few of our favorites.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code...
Information Security is often seen as a cost center and drain on the revenue of a company. It may be seen as necessary to protect the company, but the value is not always understood by leadership and peers to the CISO. Taken from personal experience, in this talk, we will explore some suggestions on how CISOs can bring and show value to their compa...
In the leadership and communications section, Is Your Board Prepared for New Cybersecurity Regulations?, 32% of cybersecurity leaders considering quitting their jobs, 40 Jargon Words to Eliminate from Your Workplace Today, and more!