📡 Cybersecurity Innovation Pulse #22: Secret AI Meetings; Tenable x Ermetic💰; Upwind emerges from stealth; Caldera for OT; NLP FTW; and More!
Covering Sept. 1st - Sept. 8th of 2023
Welcome to issue 22 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, your guide to the dynamic world of cybersecurity innovation. Each week, I comb through 1K+ headlines to cover the latest on product launches, groundbreaking innovations, strategic collaborations, and other developments at the intersection of innovation and cybersecurity. If you find value in this type of stuff, consider becoming a subscriber to ensure you receive my insights directly to your inbox, saving time and keeping you ahead of the curve!
Introduction
This past week has been pretty active in the security landscape with a few public security companies (i.e., ZScaler) sharing their quarterly earnings, some M&A activity; startups emerging from stealth, and of course, a heavy dose of AI.
Top Stories 🗞️
Tenable to Acquire Ermetic
Tenable has officially announced its plans to acquire Ermetic, a Cloud-Native Application Protection Platform (CNAPP) that helped usher in the era of Cloud Identity Entitlements Management (CIEM). When the news was first announced, the deal was said to be worth “up to $350M” while the latest headlines have the deal at $265M. It’s also important to note that Ermetic raised $100M through its latest Series B round. This acquisition will allow Tenable to leverage Ermetic's robust CNAPP tech, including CIEM, Infrastructure as Code (IaC), Cloud Security Posture Management (CSPM), and container security.
In a consolidating market, the acquisition makes a lot of sense as it allows Tenable to augment its vulnerability and attack surface management capabilities with Ermetic’s CNAPP. While Tenable has some cloud security offerings they were nowhere near as robust as Ermetic’s. Tenable recently doubled down on generative AI with their ExposureAI helper so it’ll be interesting to see how they leverage AI as they onboard Ermetic’s capabilities onto their platform.
In a landscape where Wiz and Palo Alto Networks cover everything from code to cloud; where Cisco recently snapped up Lightspin; and where new contenders are popping up every month, this acquisition primes Tenable for the long run.
Source: Tenable
Senate's AI Powwow: No Cameras, No Public
In a shroud of secrecy, the U.S. Senate has decided to hold a pivotal meeting called the “AI Insights Forum” with industry leaders behind closed doors on Sept. 13th. The list of attendees includes the CEOs from OpenAI, HuggingFace, Meta, Tesla, Microsoft and Google. Apparently, there will be a “readout” on the takeaways from the event but actions speak louder than words. It’ll be interesting to see how the trajectory of the AI landscape shifts after this meeting, if at all. Part of me also wonders if Elon and Zuckerberg will chirp at each other. I’d love to be a fly on the wall for this meeting.
Source: VentureBeat
Securing AI: A Ship That Has Already Sailed?
Are we too late to secure AI and machine learning technologies? In this compelling piece,
from makes a strong case for why we’ve already fallen behind the ball and why companies leading the AI charge see security as an afterthought while prioritizing time to market and mass adoption. Ross picks apart this issue much more eloquently than I ever could so make sure to read his post for a deep dive on the state of AI security.Source: Venture in Security
Security Product Innovation 🛰️
Upwind Security Emerges Out of Stealth With a $50M Series A to Secure Cloud-Native Infrastructure at Runtime
Israeli cloud security firm Upwind Security has emerged out of stealth with a $50 million Series A funding round, spearheaded by Greylock Partners, Cyberstarts, and Leaders Fund. This brings its total funding to $80 million within a year.
Upwind, founded by industry veterans from the compute management company Spot.io (acquired for $450 million by NetApp), is carving out a niche in runtime protection for cloud-native infrastructures through Runtime Application Self-Protection (RASP) technology. Their approach integrates security within the application itself, operating during its active "runtime" phase to analyze behavior and context, thereby distinguishing between legitimate and potentially malicious activities.
Their solution leverages real-time network and operating system-level data gathered from its eBPF agent to pinpoint threats within containers, offering a robust solution that encompasses real-time threat detection and blocking, comprehensive API management, and automated protective actions during runtime.
With today’s competitive cloud and app sec market, I think Upwind has their work cut out for them. However, with their recent funding, their veteran leadership team, fantastic venture backing, and fresh approach to cloud and app sec, I think they’ll be able to carve out a good market share. As always, it comes down to speed and execution. Below is a more detailed snapshot of their platform’s capabilities:
Source: SiliconANGLE
MITRE and CISA Release Caldera for OT Attack Emulation
MITRE and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly released Caldera for OT, an open-source tool designed to emulate attacks on operational technology (OT) environments. The tool automates adversary emulation using the MITRE ATT&CK framework as its backbone.
Source: SecurityWeek
PagerDuty Expands Generative AI and Analytics Tools
PagerDuty has announced an expansion of its generative AI automation and analytics tools. The new features aim to help IT teams manage incidents more efficiently, leveraging AI to automate repetitive tasks via Runbooks that are generated using natural language processing (NLP). The NLP use case for security products is something that I covered earlier this year and the trend only seems to be gaining steam. It’s a no-brainer for most security products, in my opinion.
Source: SiliconANGLE
Orca’s AI-powered Cloud Asset Search
Orca Security recently unveiled its AI-powered Cloud Asset Search, a tool designed to streamline the process of managing and identifying at-risk cloud assets. The solution leverages NLP which allows users to ask questions like ‘Do we have any Internet-facing PII?’ or ‘Which assets are not PCI-DSS compliant?’ and receive an output of cloud assets that fit the criteria. As mentioned above, the NLP use case is hot. It’s practical and significantly decreases time-to-value (TTV) for products.
Source: Orca Security
Wiz Innovations at Google Cloud Next '23
Wiz unveiled a series of product enhancements last week at Google Cloud Next '23. The new features sensitive data scanning for Google BigQuery, Vertex AI data leakage and poisoning detection mechanisms, and new threat detection rules for Google Workspace.
Source: Wiz Blog
What Else I Read This Week 🔎
Cybersecurity M&A Roundup: 40 Deals Announced in August 2023
Everything You Wanted to Know About AI Security but Were Afraid to Ask
5 ways CISOs can prepare for generative AI’s security challenges and opportunities
Conclusion
Aaand that's a wrap for this week, folks! Your feedback is the fuel that keeps this newsletter going, so don't hesitate to let me know what you loved, hated, or would like to see improved. If you found value in this issue, why not share it with a friend or consider becoming a paid subscriber? Each week, I sift through over a thousand headlines to bring you the most impactful stories that are driving innovation in cybersecurity. Your support lets me know that this work is making a difference.