Zombies, Gen Z VS Boomers, ICMs, & Australian Breach Fines – ESW #294

"The firm is currently fundraising a vehicle of $145 million which is designed to invest in cybersecurity and infrastructure software companies across Europe, Israel, and the U.S. It is understood that it will target investments at Series A and B, with an average ticket size of around $9.7 million."

$50M debt financing round via Ghost Tree partners and Aon. Product aims to protect PII by anonymizing it (sounds similar to tokenization?).

The amount of this Series B extension (from Okta Ventures) wasn't shared, but will be added to the $140M raised so far. Self describes as "the world’s fastest growing multi-cloud and hybrid IT data protection as a service company."

Appears to be playing in the firewall orchestration space. This is the company's second Series D extension since 2019, with all three led by Roadmap Capital.

Adrian's Take: "Corsa means 'Race' in Italian and is the most performance mode in most modern Lamborghinis. Less clear is the company's structure and history. Corsa has three co-founders, though one joined the company in 2011, one in 2019, and one in 2021?"

$10M Seed led by AlbionVC, describes itself as a "cybersecurity human risk management platform"

$10M Seed round. Israel-based data security startup. Self describes as an "AI-driven data protection and access permissions platform."

$4.2M seed round led by IOSG Ventures. Services firm that focuses on blockchain-related audits and penetration tests.

If at first you don't succeed, try, try again.

Apiiro is going to raise money instead.

Market conditions claim another victim? The Wall Street Journal reported in June that the company laid off 140 employees.

The first major layoff announcement since August, this is a relatively big one.

"The company said at the time that the changes were being made in order to accelerate its plans by a full year to become free cash flow positive in 2024."

1. At-Bay - Cybersecurity Insurance MGA - $292M raised
2. Salt Security - API Security - $271M raised
3. Noname Security - API Security - $220M raised
4. Drata - Compliance Automation - $128M raised
5. Veza - Data Security - $113M raised
6. Securiti - AI stuff? - $81M
7. Chainguard - Software Supply Chain Security - $55M
8. Auditboard - Compliance software - $43M
9. R2C - SAST (maker of Semgrep) - $43M
10. Tines - SOAR - $42M
11. Hummingbird - Anti-Fraud - $38M
12. Incident.io - Automated Incident Reporting - $38M
13. FireHydrant - Incident Response and Management - $32.5M

Adrian's take: "An intriguing approach, Nudge Security detects SaaS apps in use by monitoring Google Workspace and Microsoft 365. As new SaaS apps show up, the company's software will 'nudge' employees to configure these SaaS apps more securely. It seems similar to CSPM, but for SaaS apps (I'm sure Gartner is working on an acronym)."

TL;DR: DHH says, "Renting computers is (mostly) a bad deal for medium-sized companies like ours with stable growth. The savings promised in reduced complexity never materialized"

Check out the accompanying podcast to dig deeper and hear more details: https://www.rework.fm/leaving-the-cloud/

Is this a surprise to anyone?

TL;DR - confidential computing solves a non-problem unless you're dropping computing hardware into hostile, untrusted territory.

TL;DR - put your eggs in many baskets.

TL;DR - Microsoft apparently left a bucket open with highly confidential customer data. It was open long enough for search engines to index the contents. Bit of a mess.

Use case that combines the capabilities of Thinkst Canary, Tines, GreyNoise, and runZero.

Adrian's Take: "An interesting look at how a group of highly functional early stage security products can be used to create compelling automations with minimal effort."

No more giving access to ALL YOUR REPOS for a simple, narrowly scoped integration!

"I'm proud to announce that we've open-sourced our #osquery detection & response ruleset: https://github.com/chainguard-dev/osquery-defense-kit

It contains 130+ production-ready queries we found useful for detecting malware & other anomalous behavior on our endpoints, designed with alerting in mind."

Catalin Cimpanu reports that Australia plans to increase the breach fine from AUS$2.22M to whichever is the greater of the following three options: - $50M - 3x the value of any benefit obtained through the misuse of info - 30% of a company's adjusted turnover in the relevant period