Twitterpocalypse 2022, Wiz, Awesome Free Tools, & News Catch Up – ESW #286
In the Enterprise Security News: We discuss Twitterpocalypse 2022! The Biggest Winner? Security startup Wiz reaches $100M ARR in 18 months??? Tons of funding we probably won’t get to, sorry in advance, we’ve got 2 weeks of news to catch up on! Awesome free tools, free training and DIY tips! Third party attacks and supply chain attacks continue to ramp up, John Deere’s security deficiencies get exposed again, Cyber insurers reduce coverage… again, ESPN8 the Ocho, explained, and more, on this episode of Enterprise Security Weekly!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
- 1. UNICORNING: Cloud security startup Wiz reaches $100M ARR in 18 months – TechCrunchUnicorns gone wild - do we really think Wiz has hit $100M in 18 months??? Let's dive in. The Timeline: the company was founded in Jan 2020, so it wasn't zero lines of code to 100M in 18 months - they've existed for 32 months now, so it's likely the first line of code was written LONG before they started generating revenue (which is where the clock begins for the 18 month figure) Their Past: These same founders built, grew and sold Adallom to Microsoft for $320M in ~3 years on $49.5M of funding. That was long before funding rounds and valuations went crazy. Public indicators: They're private, so they could say anything, but I've generally found the amount of funding and employee count on LinkedIn to be decent indicators of growth and size. I can't recall a case where I saw these factors off by an order of magnitude or anything like that in the ~10 years I've been using them to estimate size and growth. They raised $600M in 22 months. That's bonkers and would certainly enable them to pull off some crazy growth (as much as money alone can, I guess?!?) They've got ~500 employees on LinkedIn and nearly doubled their employees in the last 6 months. I don't even know how you do that, but when you do the revenue per employee math, it comes out a bit low, if anything, based on what I'm used to seeing for security startups ($200k per employee) In conclusion, I wouldn't be surprised to hear that this $100M took some creative work and squinting to produce, but hell - they've got experience building and growing fast and the rest of the numbers are equally crazy but back up the claim, so maybe they really are at $100M? ¯_(ツ)_/¯ If we knew net new ARR and burn, we could REALLY form an opinion though. Is this a PR stunt? Absolutely - why else share private revenue numbers? There are some interesting startup growth metrics out there, and one we can calculate with the info they've given us is Dave Kellogg's Hype Factor Capital Raised / ARR = Hype Factor $600M / $100M = 6 Kellogg suggests the following scale: A hype factor of 1-2 is target A hype factor of 2-3 is good, particularly well before an IPO A hype factor of 3-5 is not good, too much hype and too little ARR A hype factor of 5+ suggests there is very little “there there” at all. Dave’s take is that some hype can be good, as it creates a halo effect that can help increase ARR (e.g. ”they’ve raised a ton of capital, must be worth checking out!”) But too much (5+) might be a negative indicator
- 2. FUNDING: ICS Cybersecurity Leader TXOne Networks Raises $70 Million in Series B Funding
- 3. FUNDING: ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market
- 4. FUNDING: ThreatX Raises $30M to Build Out API Capabilities, Hire
- 5. FUNDING: Wire grabs $24M for secure messaging that’s big with the G7 – TechCrunch
- 6. FUNDING: Spin Technology raises $16M to protect SaaS apps against attacks – TechCrunch
- 7. FUNDING: SynSaber Raises $13M in Series A Funding – FinSMEs
- 8. FUNDING: Safe-T Group Secures Up to $4 Million in Strategic, Non-Dilutive Funding to Boost Consumer Privacy Business
- 9. FUNDING: Defendify Raises $3.35 Million to Expand its Comprehensive Cybersecurity Solution and Accelerate Growth
- 10. FUNDING: EasyDMARC Closes $2.3 Million in Seed Round
- 11. FUNDING: Brookstreet Announces Its Investment in CyberOwl (Maritime Cybersecurity Specialist) — Brookstreet Equity Partners LLP
- 12. CRYPTO: US Treasury Sanctions Tornado Cash
- 13. FREE TRAINING: The Technical Building Blocks of Zero TrustHands on training that demystifies Zero Trust? Yes please!
- 14. FREE TOOLS: BlueHound: Community Driven Resilience. – Zero NetworksFree attack mapping tool, very cool!
- 15. FREE TOOLS: Introducing Threatest, A Go Framework For End-to-end Testing Of Threat Detection Rules
- 16. NEW TOOLS: Seraphic, another browser security startuphttps://seraphicsecurity.com/seraphic-data-sheet/
- 17. NEW TOOLS: Nightfall AIDLP 2.0
- 18. THIRD PARTY ATTACKS: Mailchimp compromise used to target crypto exchanges through DigitalOceanHard to attack your target directly? Go after their third parties!
- 19. THIRD PARTY ATTACKS: Twilio compromise allows attackers to go after Signal usersHard to attack your target directly? Go after their third parties!
- 20. STUNT HACKING: Sick Codes’ John Deere research presented at DEF CONFrom the desk of Cory Doctorow "This weekend, I watched a hacker jailbreak a John Deere tractor live on stage"
- 21. HOT TAKES: How a Former Sequoia Capital Partner Cornered the Israeli Security Startup MarketReads a lot like a puff piece to me - one tiny exit does not translate into "cornering the market", even a niche one.
- 22. REGULATIONS: slightly unrealistic DOD spending billFrom Jerry Gamblin on Twitter: "The House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it."
- 23. LEGAL: SEC Charges Three Chicago-Area Residents with Insider Trading Around Equifax Data Breach Announcement
- 24. SUPPLY CHAIN: Snyk finds 12 malicious Python libraries in PyPiCatalin Cimpanu on Twitter: "Snyk finds 12 Python libraries that steal Discord and Roblox credentials and payment info"
- 25. DIY TIPS: Introducing Google Workspace DLP: How Compass scales security data leak prevention automationRoll your own DLP for GDrive/Google Workspace!
- 26. DIY TIPS: How to detect suspicious activity in your AWS account by using private decoy resourcesDIY AWS honeypots and decoys!
- 27. TWITTERPOCALYPSE 2022: Former security chief claims Twitter buried ‘egregious deficiencies’
- 28. TWITTERPOCALYPSE 2022: Twitter whistleblower won hacker acclaim for exposing software flaws
- 29. TWITTERPOCALYPSE 2022: Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
- 30. TWITTERPOCALYPSE 2022: Twitter engineer still has commit rights 18 months after being laid offAl Sutton on Twitter: "If you are wondering if the stuff about Twitter security being lapse is just one person complaining, you might be interested to know that, 18 months after being let go from the company, I've not been removed from their employees GitHub commiters group."
- 31. TWITTERPOCALYPSE 2022: Endpoint Security: Intuition around the Mudge Disclosures
- 32. TRENDS: Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance CoverageWhat about collateral damage from state-sponsored attacks, like NotPetya?
- 33. SQUIRREL: Anonymous poop gifting site hacked, customers exposed
- 34. SQUIRREL: Janet Jackson had the power to crash laptop computers
- 35. SQUIRREL: Excel esports on ESPN show world the pain of format errors