Discover more from The Cybersecurity Pulse 🖥️
📡 Cybersecurity Innovation Pulse #25: Security and GRC People Using Data Lakes; Self-Driving Cars Hallucinating; CISA HBOM; and Security Product News!
Covering Sept. 21st - 28th
Welcome to Issue 25 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, your compass to the dynamic world of cybersecurity innovation. Each week, I deliver the latest on product debuts, groundbreaking innovations, strategic collaborations, and other developments at the intersection of innovation and cybersecurity. Digging these updates? Subscribe and get the intel delivered straight to your digital doorstep, ensuring you're always in the loop 🚀
🏾🏿 Intro 🏼🏽
Howdy! Not much on the product front this week but a fair amount on data-driven security approaches and on the M&A front. You may have also noticed that we went from issue #14 for the Innovation Pulse to #25, this is because I’ve merged the 10 issues from the Market Pulse with the Innovation Pulse giving us 25 total issues. Pretty crazy that at one point I thought I could run two newsletters at once LOL. That said let’s jump into all of the juicy shenanigans and discussions that’ve taken place over the past week!
🗞️Emerging Trends and Security Innovation News 🗞️
The Modern Security Data Stack
In recent years, the cybersecurity industry has recognized the growing limitations of traditional SIEM (Security Information and Event Management) solutions in scalability and functionality, especially as organizations' digital footprints continue to expand. Historically, SIEMs have served as the security command center for detecting and investigating anomalous activity, visualizing environment activity, and storing security logs, among other critical functions. However, this paradigm is shifting.
This post byfrom dives into this transformation, highlighting the challenges faced by traditional SIEMs like Splunk in handling the increasing volume and diversity of security data and their high costs for long-term data retention. The piece explores the emergence of Next-Gen SIEM (i.e., Panther and Hunters) and security data lake solutions (i.e., Amazon Security Lake, Snowflake, Databricks) designed to address these shortcomings. The post also picks apart all of the peripheral solutions (i.e., security data ETL + content providers) that aim to make this transition smoother.
While we’re still in the early innings, as an industry, of adopting a more data-driven approach to how we do security and GRC (Governance, Risk, and Compliance), the future is promising. The appeal of a centralized hub for conducting security operations, crafting sophisticated dashboards for leadership and auditors, training AI/ML models, and consolidating security data from various solutions—all in a cost-effective manner—is undeniable. The growing frequency of public and private discussions and billions in investments in this area underscore its significance. However, as we've countless times, executing digital transformation is never as simple or easy as it seems on paper.
Building and sustaining the necessary data infrastructure is a continuous challenge, one that many security teams are not well-equipped to achieve. Ensuring the consistent, high-fidelity transfer of terabytes of data is a formidable task, and normalizing this data into a unified schema for practical use adds another layer of complexity. Without solving this core problem, it’s difficult to make this modern approach a reality. This is something that LinkedIn CISO, Geoff Belknap, recently highlighted in the Defense in Depth episode of “How to Prime Your Data Lake”.
Shameless plug - This is the problem that we’re solving at Monad; we handle the intricate data plumbing and data normalization, liberating your security teams to focus on actual security matters.
All in all, adopting a data-driven security approach unlocks a myriad of use cases that weren’t possible before, particularly for large enterprises. Watching how this all unfolds and playing a part in it is going to be pretty cool. If you’d like to stay up to date on these matters, make sure to follow Jonathan Rau, Omer Singer, Ross Haleliuk, Jacolon Walker, Christian Almenar, and me on LinkedIn!
GRC Data Lakes
Charles Nwatu, Head of Security, Technology Assurance & Risk at Netflix and a recognized industry visionary, recently shed light on a significant yet often overlooked use case unlocked by a data lake. By aggregating all security (consider DSPM, CSPM, ASM, etc.) and compliance findings, along with log activity for heavily regulated workloads and environments in one location, GRC teams gain a substantial advantage in visibility, continuous compliance enforcement, and audit readiness.
For instance, the ability to identify all cloud assets handling credit card information subject to PCI requirements, and then constructing dashboards to answer intricate questions about the security and compliance of these assets based on findings from various security solutions, was nearly unattainable before. With a data lake approach, not only can this be achieved, but it also dispels the false sense of security that passing a PCI audit might provide. Instead, it ensures that those assets are genuinely secure, offering a comprehensive view of their security posture based on the multitude of security solutions monitoring them.
I’m not sure if Charles coined the term “GRC Data Lake” but he’s the first person I’ve ever seen using the term so I’ll attribute it to him.
Making Self-Driving Cars Hallucinate 😬
Kevin Fu, a cybersecurity researcher and professor at Northeastern University has discovered a new kind of attack that manipulates the perception of self-driving cars and drones.
Poltergeist attacks.. create deceptive visual realities, similar to optical illusions, for machines employing machine learning for decision-making processes. - Jace Dela Cruz, TechTimes
New CISA Framework for HBOMs
The U.S. Cybersecurity and Infrastructure Agency (CISA) has introduced a new Hardware Bill of Materials Framework (HBOM) to enhance hardware supply chain risk assessments.
“With the increase in demand for IoT products, the synergy between SBOMs and HBOMs is becoming increasingly essential to achieve a holistic supply chain risk management strategy,” - Javad Hasan, Lineaje Inc.
PANW Targets Dig Security for $300M+ Acquisition
Palo Alto Networks is reportedly eyeing Dig Security, a Data Security start-up, for an acquisition valued between $300 million and $400 million. This comes a week after the announcement to acquire Talon for ~$600 million and Cisco’s announcement to acquire Splunk for $28 billion. Things have been hot but they continue to heat up!
🛰️Security Product Innovation 🛰️
CrowdStrike Introduces Falcon Raptor with GenAI-Powered Incident Investigation
CrowdStrike unveiled enhancements to its Falcon product featuring generative AI-powered incident investigation and extended detection and response (XDR) capabilities, designed to operate at "petabyte scale" for enhanced data collection, search, and storage. The release, announced at the Fal.Con event, includes Charlotte AI Investigator, Crowstrike’s generative AI cybersecurity analyst, and offers native XDR to all CrowdStrike EDR customers. Additionally, CrowdStrike introduced Falcon Foundry, a no-code application development platform, and enhancements focusing on data protection, exposure management, and IT automation.
Source: MSSP Alert
Baffle Launches Data Protection for AI
Data security startup, Baffle Inc., has introduced Baffle Data Protection for AI, a solution designed to secure private data in generative AI projects. This service addresses the risks associated with sharing private data through publicly available generative AI services like ChatGPT. It encrypts sensitive data as it enters the data pipeline and ensures that this data remains encrypted throughout the generative AI process, preventing unauthorized access to private information in cleartext. This no-code, data-centric approach allows companies to meet compliance requirements and safeguards against the exposure of private data, fostering innovation in generative AI projects securely.
Microsoft Unveils New Security Tools
Microsoft has announced a series of security innovations aimed at enhancing protection for both businesses and individuals. The upcoming Windows 11 update, available on September 26, 2023, introduces several key security features, including advancements towards a passwordless future and new tools for IT teams such as Custom App Control for Business policies and Config Refresh. Additionally, Microsoft 365 Personal, Family, and Basic subscribers will benefit from advanced security features, including credit monitoring and privacy protection through Microsoft Defender, as well as enhanced OneDrive security.
Source: Microsoft Security Blog
What Else I Read/Listened To This Week 📚
Researchers Uncover New GPU Side-Channel Attacks - The Hacker News
How the Okta Cross-Tenant Impersonation Attacks Succeeded - Dark Reading
On Software Supply Chain Security
Detection Engineering and SOC Scalability Challenges Part 2 - Anton on Security
That's all for this week! I hope you found this issue insightful. Your feedback shapes the future of this newsletter, so drop me a line on what resonated with you or what you'd like to see more of. If you believe others can benefit from these insights, share the love and encourage them to subscribe. Every week, I dive deep into a sea of headlines to curate the most pivotal stories in cybersecurity innovation just for you. Your continued support is a testament to the value this brings. Catch you in the next issue!