📡 Cybersecurity Innovation Pulse #12: RSAC x BSides SF; AWS Bedrock; New Threat Actor Naming Taxonomy?; and Tons of Security Product News!
Covering Apr. 12th - Apr. 19th
Welcome to the 12th issue of the Cybersecurity Innovation Pulse newsletter! I'm Darwin Salazar and this newsletter is your personal guide to the ever-evolving world of cybersecurity and all of the innovation happening within. Every week, I bring you the latest updates on product launches, groundbreaking innovations, and strategic collaborations. I also run the Market Pulse newsletter where I cover funding news, earnings, M&A activity, and more. By subscribing, you'll receive all of these valuable insights directly in your inbox, saving you time and helping you stay ahead of the curve. If you love what you read, don't hesitate to share it with a friend or colleague. So, grab a cup of your favorite beverage, and let’s dive into this week's issue. Enjoy!
RSA x BSides SF 2023
Arguably the biggest conference for cybersecurity companies is right around the corner, and if, like me, you’ve been too busy to look at the agenda, then have no fear. CSO Online and DarkReading have published their top startups to watch and most anticipated sessions for RSA. Unsurprisingly, this year's trending topics seem to be Zero Trust, AI/ML, Supply Chain Security, and Cloud Security. There will also be a slew of interesting events held outside of the official conference such as the AWS Cybersecurity Startup Day where start-ups and VC firms we’ve covered before will be presenting. And of course, no cybersecurity conference would be complete without its 100s of happy hours and parties which you can find a list of here.
As for BSides SF, the sessions I’m looking forward to the most are:
NLP for security log analysis: Learning to crawl before you run
Overwatch: A serverless approach to orchestrating your security automation
Detection as Code: The Engineering-Focused Future of Detection and Response
Hacking Policy and Policy Hacking - A Hacker Guide to the Universe of Cyber Policy
First Security Hire: Building a security roadmap and team from scratch
Lastly, shake off some social conference jitters and set your RSA intentions by listening to Hacker Valley Media’s latest episode, “RSA With Purpose”. This episode has many gems whether you’re a salesperson, a startup founder, or someone seeking a new role.
I’ll be at BSides SF soaking up all the latest research and hanging with friends. If you see me, come and say hello!
Amazon Bedrock: Generative AI and Implications for AWS Security
Amazon recently launched Bedrock, a generative AI platform that pours gasoline on the AI Cloud Wars. While AWS dominates the cloud market, Microsoft’s partnership with OpenAI has certainly changed the dynamic of the game. Especially considering Microsoft’s recent launches of Security Copilot and GitHub Copilot.
Not only do I predict that Bedrock's introduction will lead to new advancements in AWS security offerings but the fact that AWS customers now have foundational AI/ML models to build apps on top of is a game changer.
Microsoft's New Threat Actor Naming Taxonomy
Microsoft has announced a new threat actor naming taxonomy, which is aimed at influencing how security practitioners classify and communicate about cyber threats. With the ever-expanding threat landscape, the old taxonomy was becoming too confusing and taxing on already overwhelmed practitioners. This new system aims to provide clearer, more consistent threat information to help organizations better protect themselves. In my opinion, this approach and grouping certainly helps but the key question is, “Will the industry adopt it?”.
For the announcement post, click here.
Product Innovations & News
DataDog enhances security platform with new features and integrations
DataDog has introduced a series of new features, including Datadog Case Management, Application Vulnerability Management, and Automated Security Tasks with Workflows and Cloud SIEM. These additions help streamline security management, remediation and enhance visibility across applications and infrastructure.
ZeusCloud launches platform to democratize cloud security
YCombinator W22 start-up, ZeusCloud, has released its open-source platform which aims at democratizing cloud security. The solution includes attack path graphs, compliance framework mapping, identifying identity and resource misconfigurations, and more. Support for Azure and AWS is on the way. Check out their GitHub repo and feature roadmap here.
I always love seeing new open-source security solutions. They’re cost-effective, highly customizable, the source code is public so it can be audited for security issues by users, and ultimately, it encourages innovation.
Pulumi leverages generative AI for cloud infrastructure code
Pulumi, a leading infrastructure-as-code (IaC) platform, announced the launch of Pulumi Insights, a powerful new set of tools and features designed to enhance observability and management for modern cloud infrastructure. This release adds tons of new powerful capabilities and is easily one of my favorites from this week’s issue.
IAMbic simplifies multi-cloud IAM management with GitOps workflows
Another open-source security solution that has recently emerged is IAMbic (IAM, but in code). Former Netflix security engineer, Curtis Castrapel, describes it as “It’s like Terraform for Cloud IAM, but way easier” so of course I was intrigued. Check out IAMbic’s GitHub repo and the creator’s announcement for more.
Veracode announces GPT-powered find & fix solution
Veracode has unveiled a GPT-powered find & fix solution for software developers, streamlining the process of identifying and addressing vulnerabilities in applications.
Microsoft debuts Threat Intelligence Search
Microsoft has unveiled a new Threat Intelligence Search tool, designed to help security teams efficiently search for threat indicators and related information.
LinkedIn and Microsoft introduce new workplace verification
LinkedIn and Microsoft have introduced a new way to verify workplaces, enhancing the security and accuracy of professional information on the platform.
Microsoft and Talon launch enterprise-grade ChatGPT
Microsoft has partnered with Talon to launch an enterprise-grade ChatGPT, designed to facilitate improved conversational AI experiences in business settings.
Google Cloud reorganizes professional service offerings
Google Cloud has reorganized its professional service offerings into a new portfolio. The new structure aims to better serve clients and address their diverse needs.
D3 Security launches SOAR platform
D3 Security has introduced a Security Orchestration, Automation, and Response (SOAR) platform, designed to improve security management and response.
Slim.AI optimizes and secures containers
Slim.AI has launched a new solution that helps developers optimize and secure their containers, enabling more efficient and secure application development.
Wiz achieves CIS SecureSuite Vendor Certification
Wiz has become the first agentless cloud security vendor to attain CIS SecureSuite Vendor Certification. This certification showcases Wiz's commitment to providing top-tier cloud security services.
Sumo Logic adds predictive analytics to observability platform
Sumo Logic has added predictive analytics to its observability platform, enabling better insights and proactive issue identification.
SpinOne enhances SaaS security capabilities
SpinOne has added new capabilities to secure SaaS applications and data, providing better protection for cloud-based services.
TrueFort integrates with SentinelOne for Zero Trust security
TrueFort has announced a SentinelOne Zero Trust integration, improving endpoint security and protection.
Lacework adds risk-based vulnerability management
Lacework has added risk-based vulnerability management to its flagship offering, enhancing threat detection and remediation capabilities.
Securonix introduces Unified Defense SIEM platform
Securonix has launched a Unified Defense SIEM platform to enhance security information and event management capabilities for organizations.
CrowdStrike announces Managed XDR
CrowdStrike has announced Managed XDR, an expansion of its industry-leading MDR portfolio aimed at closing the cybersecurity skills gap.
Logicalis US launches private network services powered by Cisco
Logicalis US has launched private network services powered by Cisco, enabling secure wireless connectivity for businesses.
Inside Out Defense launches privileged access abuse detection platform
Inside Out Defense has launched a platform for detecting and remediating privileged access abuse, strengthening security for organizations.
Cohesity expands collaboration with Microsoft
Cohesity has expanded its collaboration with Microsoft to help businesses protect their data, further enhancing their joint security offerings.
SearchLight Cyber unveils virtual browser for secure dark web access
SearchLight Cyber has unveiled a virtual browser designed for secure dark web access, providing a safer way to explore hidden areas of the internet.
Metomic free scanning tool to discover exposed sensitive data in Google Drive
Metomic has launched a free scanning tool to help users identify and manage exposed sensitive data in their Google Drive accounts, enabling better data protection and compliance with privacy regulations.
Cymulate extends coverage for attack surface management solution
Cymulate has extended the coverage for its attack surface management solution, enhancing organizations' ability to identify and remediate vulnerabilities in their IT environments.
Conclusion
And that’s a wrap for our third issue of the Cybersecurity Innovation Pulse! If you have any feedback or questions, never hesitate to drop a comment or reach out via LinkedIn. Subscribe and stay tuned for more!