The Cybersecurity Pulse (TCP)

The Cybersecurity Pulse (TCP)

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
📡 Cybersecurity Innovation Pulse #22: Secret AI Meetings; Tenable x Ermetic💰; Upwind emerges from stealth; Caldera for OT; NLP FTW; and More!
Copy link
Facebook
Email
Notes
More
User's avatar
Discover more from The Cybersecurity Pulse (TCP)
The insiders’ edge on security innovation, funding, and GTM plays. Be first, not last.
Over 5,000 subscribers
Already have an account? Sign in

📡 Cybersecurity Innovation Pulse #22: Secret AI Meetings; Tenable x Ermetic💰; Upwind emerges from stealth; Caldera for OT; NLP FTW; and More!

Covering Sept. 1st - Sept. 8th of 2023

Darwin Salazar's avatar
Darwin Salazar
Sep 08, 2023
1

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
📡 Cybersecurity Innovation Pulse #22: Secret AI Meetings; Tenable x Ermetic💰; Upwind emerges from stealth; Caldera for OT; NLP FTW; and More!
Copy link
Facebook
Email
Notes
More
Share

Welcome to issue 22 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, your guide to the dynamic world of cybersecurity innovation. Each week, I comb through 1K+ headlines to cover the latest on product launches, groundbreaking innovations, strategic collaborations, and other developments at the intersection of innovation and cybersecurity. If you find value in this type of stuff, consider becoming a subscriber to ensure you receive my insights directly to your inbox, saving time and keeping you ahead of the curve!

MidJourney.

Introduction

This past week has been pretty active in the security landscape with a few public security companies (i.e., ZScaler) sharing their quarterly earnings, some M&A activity; startups emerging from stealth, and of course, a heavy dose of AI.

Top Stories 🗞️

Tenable to Acquire Ermetic

Tenable has officially announced its plans to acquire Ermetic, a Cloud-Native Application Protection Platform (CNAPP) that helped usher in the era of Cloud Identity Entitlements Management (CIEM). When the news was first announced, the deal was said to be worth “up to $350M” while the latest headlines have the deal at $265M. It’s also important to note that Ermetic raised $100M through its latest Series B round. This acquisition will allow Tenable to leverage Ermetic's robust CNAPP tech, including CIEM, Infrastructure as Code (IaC), Cloud Security Posture Management (CSPM), and container security.

In a consolidating market, the acquisition makes a lot of sense as it allows Tenable to augment its vulnerability and attack surface management capabilities with Ermetic’s CNAPP. While Tenable has some cloud security offerings they were nowhere near as robust as Ermetic’s. Tenable recently doubled down on generative AI with their ExposureAI helper so it’ll be interesting to see how they leverage AI as they onboard Ermetic’s capabilities onto their platform.

In a landscape where Wiz and Palo Alto Networks cover everything from code to cloud; where Cisco recently snapped up Lightspin; and where new contenders are popping up every month, this acquisition primes Tenable for the long run.

Source: Tenable

Senate's AI Powwow: No Cameras, No Public

Gentlemen to Evil - Imgflip

In a shroud of secrecy, the U.S. Senate has decided to hold a pivotal meeting called the “AI Insights Forum” with industry leaders behind closed doors on Sept. 13th. The list of attendees includes the CEOs from OpenAI, HuggingFace, Meta, Tesla, Microsoft and Google. Apparently, there will be a “readout” on the takeaways from the event but actions speak louder than words. It’ll be interesting to see how the trajectory of the AI landscape shifts after this meeting, if at all. Part of me also wonders if Elon and Zuckerberg will chirp at each other. I’d love to be a fly on the wall for this meeting.

Source: VentureBeat

Securing AI: A Ship That Has Already Sailed?

Source: Securing AI: state of the market at the beginning of Q3 2023

Are we too late to secure AI and machine learning technologies? In this compelling piece,

Ross Haleliuk
from
Venture in Security
makes a strong case for why we’ve already fallen behind the ball and why companies leading the AI charge see security as an afterthought while prioritizing time to market and mass adoption. Ross picks apart this issue much more eloquently than I ever could so make sure to read his post for a deep dive on the state of AI security.

Source: Venture in Security

Security Product Innovation 🛰️

Upwind Security Emerges Out of Stealth With a $50M Series A to Secure Cloud-Native Infrastructure at Runtime

Upwind’s UI.

Israeli cloud security firm Upwind Security has emerged out of stealth with a $50 million Series A funding round, spearheaded by Greylock Partners, Cyberstarts, and Leaders Fund. This brings its total funding to $80 million within a year.

Upwind, founded by industry veterans from the compute management company Spot.io (acquired for $450 million by NetApp), is carving out a niche in runtime protection for cloud-native infrastructures through Runtime Application Self-Protection (RASP) technology. Their approach integrates security within the application itself, operating during its active "runtime" phase to analyze behavior and context, thereby distinguishing between legitimate and potentially malicious activities.

Their solution leverages real-time network and operating system-level data gathered from its eBPF agent to pinpoint threats within containers, offering a robust solution that encompasses real-time threat detection and blocking, comprehensive API management, and automated protective actions during runtime.

With today’s competitive cloud and app sec market, I think Upwind has their work cut out for them. However, with their recent funding, their veteran leadership team, fantastic venture backing, and fresh approach to cloud and app sec, I think they’ll be able to carve out a good market share. As always, it comes down to speed and execution. Below is a more detailed snapshot of their platform’s capabilities:

Source: SiliconANGLE


MITRE and CISA Release Caldera for OT Attack Emulation

MITRE and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly released Caldera for OT, an open-source tool designed to emulate attacks on operational technology (OT) environments. The tool automates adversary emulation using the MITRE ATT&CK framework as its backbone.

Source: SecurityWeek


PagerDuty Expands Generative AI and Analytics Tools

PagerDuty has announced an expansion of its generative AI automation and analytics tools. The new features aim to help IT teams manage incidents more efficiently, leveraging AI to automate repetitive tasks via Runbooks that are generated using natural language processing (NLP). The NLP use case for security products is something that I covered earlier this year and the trend only seems to be gaining steam. It’s a no-brainer for most security products, in my opinion.

Source: SiliconANGLE


Orca’s AI-powered Cloud Asset Search

Orca Security users can ask a natural language question to discover where vulnerabilities exist in their cloud environment.
Orca’s AI-Powered Cloud Asset Search

Orca Security recently unveiled its AI-powered Cloud Asset Search, a tool designed to streamline the process of managing and identifying at-risk cloud assets. The solution leverages NLP which allows users to ask questions like ‘Do we have any Internet-facing PII?’ or ‘Which assets are not PCI-DSS compliant?’ and receive an output of cloud assets that fit the criteria. As mentioned above, the NLP use case is hot. It’s practical and significantly decreases time-to-value (TTV) for products.

Source: Orca Security


Wiz Innovations at Google Cloud Next '23

Wiz unveiled a series of product enhancements last week at Google Cloud Next '23. The new features sensitive data scanning for Google BigQuery, Vertex AI data leakage and poisoning detection mechanisms, and new threat detection rules for Google Workspace.

Source: Wiz Blog

What Else I Read This Week 🔎

  1. The Audacious Future of Palo Alto Networks

  2. The Team8 Foundry Method for Selecting Investable Startups

  3. Cybersecurity M&A Roundup: 40 Deals Announced in August 2023

  4. Everything You Wanted to Know About AI Security but Were Afraid to Ask

  5. Qualys Top 20 Exploited Vulnerabilities

  6. 5 ways CISOs can prepare for generative AI’s security challenges and opportunities

Conclusion

Aaand that's a wrap for this week, folks! Your feedback is the fuel that keeps this newsletter going, so don't hesitate to let me know what you loved, hated, or would like to see improved. If you found value in this issue, why not share it with a friend or consider becoming a paid subscriber? Each week, I sift through over a thousand headlines to bring you the most impactful stories that are driving innovation in cybersecurity. Your support lets me know that this work is making a difference.

Share

1

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
📡 Cybersecurity Innovation Pulse #22: Secret AI Meetings; Tenable x Ermetic💰; Upwind emerges from stealth; Caldera for OT; NLP FTW; and More!
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

User's avatar
Wiz’s $32B GTM Playbook: Unpacking the Formula (Part I)
From Finding PMF to Nailing Branding
Mar 25 • 
Darwin Salazar
21

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
Wiz’s $32B GTM Playbook: Unpacking the Formula (Part I)
Copy link
Facebook
Email
Notes
More
4
Wiz’s $32B Sales Engine: From Founder-Led to Channel-Led Growth (Part II)
Inside Wiz’s transition to 100% channel sales, global blitzscaling, and how a top-down sales strategy helped them conquer the Fortune 100.
Apr 9 • 
Darwin Salazar
15

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
Wiz’s $32B Sales Engine: From Founder-Led to Channel-Led Growth (Part II)
Copy link
Facebook
Email
Notes
More
2025 RSAC Innovation Sandbox Finalists Announced
A look at this year's RSAC Innovation Sandbox Finalists
Apr 8 • 
Darwin Salazar
5

Share this post

The Cybersecurity Pulse (TCP)
The Cybersecurity Pulse (TCP)
2025 RSAC Innovation Sandbox Finalists Announced
Copy link
Facebook
Email
Notes
More
2

Ready for more?

© 2025 Darwin Salazar
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More

Create your profile

User's avatar

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.