SEC Proposals, Following Unicorns, Island’s Browser, HUB Security, & Fake Companies – ESW #266

Less than 2 weeks after we discussed Island coming out of stealth with a massive $100M series A, they're announcing a $115 Series B (Insight, Stripes & Sequoia)? At a $1.3B valuation? For a BROWSER? That's based on an existing browser (Chromium)??? I don't disagree that there's some cool stuff you can probably only do at the browser level, but historic trends in this space suggests this will end up being far more niche than the funds raised suggest.

The Series B was led by Insight Partners, with Cyberstarts and Battery also participating. They have an interesting approach to AppSec, where it appears they map out applications to help security teams better understand architecture, dependencies, and data flows. I know you're probably visualizing this product spitting out a Visio diagram, but don't laugh - I can't underscore how valuable something like that could be for a security team. They're using the term ASPM (application security posture management), which joins DSPM as the lastest *SPM acronym we've seen.

Funding is from growth equity firm Mainsail Partners. Apptega "develops an MSSP-friendly platform designed to simplify cybersecurity and compliance", and is based in Atlanta.

Series A led by Anthos Capital with participation from Blu, StoneMill, and Tech Operators. Product is a "single-agent, cloud-first platform that brings together EDR, NGAV, GRC, MXDR, SASE, and SIEM". That's a LOT of stuff to bake into one product platform, especially for an early stage startup! More details on their blog: https://blog.todyl.com/blog/series-a-funding-todyl-security-platform-launch

A very interesting approach to AppSec, ForAllSecure is a decade old, but this is only their Series B, co-led by KDT and NEA. You can check out our interview with ForAllSecure's CEO and founder, David Brumley, here on episode 255: https://securityweekly.com/esw255

This is an odd one. I hadn't heard of Hub Security before. They're apparently currently public in Israel, but will delist there to go public on the NASDAQ through Mount Rainier, a SPAC. They describe themselves as a producer of "confidential computing solutions", which is a fancy way of saying they design technologies that are tamper resistant, so you can physically run systems in locations that aren't fully trusted. The only other company along these lines I can recall was PrivateCore, another Israeli startup that Facebook acquired back in 2014 (you can imagine why Facebook might need technology like this - https://privatecore.com/privatecore-is-joining-facebook/index.html). Looks like they're doing some similar stuff, like encrypting all data in RAM to defend against attacks that directly target RAM to acquire private encryption keys and other credentials. One of their products is named "Quantum Ransomware Cure".

Interesting that DeWalt is interviewed for this piece. The ten unicorns Kyle chooses to focus on here (heavy lean towards cloud security) are: 1. Snyk 2. Lacework 3. Wiz 4. Arctic Wolf 5. Illumio 6. Sysdig 7. Orca 8. Beyond Identity 9. BlueVoyant 10. Aqua Security

https://techcrunch.com/2022/03/16/new-data-shows-how-far-vcs-are-pulling-back-on-us-series-a-b-and-c-valuations/

https://www.scmagazine.com/analysis/compliance/proposed-sec-rule-offers-deeper-insight-into-new-cyber-reporting-requirements-for-publicly-traded-companies

We talk a lot about startups, and you'll find cases of "fake-it-till-you-make-it" culture everywhere. But there's a big difference from pretending like you have a CFO when you're only 5 employees and pretending you have a decade-old business with a full staff and clients when you've got nothing and don't intend to run a real business at any point...