Zombie APIs, Morphisec IR Service, “New Product Jeopardy”, & Risk Scoring – ESW #238

This is a $56m series B led by Crosspoint, with Prelude and ForgePoint participating. The total raised is $81m. The aim is to spend this on sales and marketing to expand global reach (a pretty typical Series B/C goal). Interestingly, they're Cambridge-based and have been around since 2009. They got an investment from In-Q-Tel in 2011, but nothing after that until their Series A in 2017. This suggests they must have been fairly bootstrapped and self-sufficient but then decided to take funding and scale, or just have eyes on an exit. ReversingLabs is best known for scanning files for threats, from many different sources, at a massive scale.

This isn't directly cybersecurity-related, but with so much ML in use in our market - smaller ML models could open up new use cases, especially on endpoints. Also notable is Google's upcoming Pixel 6 having more on-device hardware assistance with ML. Could we see more dynamic ML models on-device in the near future if this trend spreads to laptops?

Basically taking the guardrail approach we see a lot of CSPM vendors tackling (DisruptOps, for example), but open source in this case.

10 or even 5 years ago, this might be huge news, but it seems like this is less about dominance in 2021 and more about survival, as the market share for traditional AV companies continues to wane. According to OPSWAT's monthly market share reports (which does have a limited sample size, so take with a grain of salt), AVAST was tops back in 2017, McAfee took the top spot in 2019 as Symantec was going through changes and splitting up into NortonLifeLock, with the rest of the company going to Broadcom (I'm assuming the also recently-acquired Computer Associates would absorb the Symantec assets and staff). These days, Symantec and AVAST seem to have almost equal market share, which combined is only about 26%. But that's 26% of what OPSWAT can SEE, and they have a few HUGE blind spots: Microsoft and all the NGAV companies (SentinelOne, Blackberry Cylance, Carbon Black, Crowdstrike, etc.).

No deal size reported, but very exciting! This is the third Attack Surface Management vendor acquired (after Expanse and RiskIQ) and won't be the last.

"ThreatX’s API Catalog gives enterprises visibility into legitimate, suspicious and malicious requests that hit their APIs. By analyzing and profiling actual traffic, ThreatX discovers and profiles API endpoints, providing users with enhanced visibility into legitimate, rogue and zombie APIs in production." - Zombie APIs sound awesome, do you kill them with a headshot?

"Teaming with Red Hat, Qualys is offering a unique approach providing a containerized Qualys Cloud Agent that extends security to the operating system. The Cloud Agent for Red Hat Enterprise Linux CoreOS on OpenShift combined with the Qualys solution for Container Security provides continuous discovery of packages and vulnerabilities for the complete Red Hat OpenShift stack. Built on the Qualys Cloud Platform, Qualys’ solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk." - Great enterprise feature.

So much this: "Who is responsible for security when everyone is responsible for security,” Wyler said, in reference to the platform vendors....I heard this sentiment echoed numerous times in different briefings throughout the show, and it definitely isn’t the first time I’ve heard this during my relatively short time in the industry. Without a definitive answer to the question, “whose job is security?,” we’re left to determine what the answer is for our own organizations."

Huh? "Optiv MXDR brings simplicity, transparency and automation to clients' environments, enhancing existing defenses to counter known and emerging threats with confidence and speed," said David Martin, chief services officer for Optiv. "What's more, we can seamlessly leverage the power of Optiv to extend and layer the offering with a full suite of complementary services like remediation, incident response, threat hunting, and beyond."

"Morphisec's new IR services aims to assist these organizations with containing in-progress incidents, reducing damage, providing recommendations for long-term risk reduction, and auditing critical infrastructure to ensure the lowest possible risk exposure to a cyberattack. The company's highly experienced and on-demand IR team will be led under the direct supervision of the CTO's office."

I really like this concept: "By automatically executing thousands of attacks, safely and continuously, SafeBreach helps identify high-priority weaknesses in your security defenses. The data-driven simulation results are mapped to an interactive heat map of the MITRE ATT&CK? framework for automated remediation of high-priority exposures with Cortex XSOAR. Following remediation, Cortex XSOAR triggers SafeBreach to rerun the attack simulations to validate that hardening of your defenses was successful across your network and endpoint controls."

I'm not big on industry comparisons, but the rest is sound: "Impact – If this vulnerability was to be exploited, how severe would it’s impact be? Likelihood – How likely is it that an attacker can and will attack this space? Environmental Modifiers – Think broadly about the asset and the environment in which the vulnerability is located. Temporal Modifiers – Focuses on exploit code maturity, confidence, and remediation requirements. Temporal modifiers bring your risk score to life. Industry Comparisons – How does your risk compare to other organizations or peers in your sector? Threat Actors – Are threat actors actively exploiting vulnerabilities present in your environment? Remediation Risk – Using the remediation SLAs available through PTaaS, all vulnerabilities are automatically assigned customizable due dates. Use remediation risk to determine your aggregates that require attention from a compliance perspective."