📡 Cybersecurity Innovation Pulse #30: CSA AI Safety; MSFTs Security Product AI Moat; FBI/SEC Breach Notification Delay; Emerging K8s Threats and More!
Covering Dec. 6th - Dec. 13th
Welcome to Issue 30 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a recovering detection engineer. Each week, I distill the latest and most exciting developments + trends in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in the cybersecurity industry, make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox 📩 🚀
Intro🚪
Howdy! On par with the theme for this year, this past week was full of AI-related announcements, more regulatory guidance from 3/4 lettered agencies, and a fair dose of identity product news. That said, the tradecraft section is packed with a bunch of goodies for you to bring back to your security team(s).
However, before we dive in, I do want to express my gratitude for your support for the newsletter. We’ve grown to a community of 1,900+ subscribers since our first issue in February and have so much more in store for 2024. Thank you and Happy Holidays! 🎄
Industry🛰️
AI Safety Initiative by Cloud Security Alliance (CSA)
The CSA recently announced its AI Safety Initiative, partnering with Amazon, Anthropic, Google, Microsoft, and OpenAI, alongside CISA, U.S. allies, academia, and various industry leaders. The group is made up of over 1,500 experts and is led by former Robinhood CISO, Caleb Sima, who will be the Chair of the initiative.
The initiative focuses on providing guidelines for AI safety and security with its initial focus being generative AI. It aims to provide tools and knowledge for deploying AI in a safe, ethical, and secure manner. CSA has been at the forefront of providing cloud security guidance for over a decade so it’s great to see the group leading the charge on AI safety and security.
The group will be hosting a virtual summit on Jan. 17-18, 2024 and you can register here.
Source: CSA
FBI Guidance on Delaying SEC-Required Data Breach Disclosure
In July, the SEC imposed new rules that required publicly traded companies to disclose data breaches within four (4) business days. This was a pretty short-sighted move considering that some organizations deal with matters of national security such as critical infrastructure, supply chain etc., and the premature public disclosure of a breach before the organization contains the threat can have ripple effects not only on that entity but also on public safety and our economy. There are many other cases where the new SEC rules put CISOs in a very tough spot which is why the FBI recently issued new guidance on delaying breach disclosure for up to 120 business days.
The delay request must be for national security or public safety reasons and can be granted in 30, 60, and 120 for the most extraordinary cases.
Source: BleepingComputer
OWASP LLM AI Security and Governance Checklist
The OWASP Top 10 for LLM Apps team recently published a fairly robust and perscriptive checklist covering AI asset inventory, legal, privacy and security training, adversarial risks and more.
Source: OWASP
African Network Cybersecurity Authority (ANCA) Announces Inaugural Chair
17 African countries have come together to form the African Network of Cybersecurity Authorities (ANCA) which will focus on cybersecurity coordination and information sharing across the continent. The group will be chaired by Dr. Albert Antwi-Boasiako, director-general of Ghana's Cyber Security Authority. Very encouraging to see this coordination happening at a continental level✊🏼
Source: DarkReading
Product🛸
The identity space has been on absolute fire this year. From startups coming out of stealth to others receiving follow-on funding from their backers to large incumbents doubling down on solving the cloud identities challenge, it’s been great to watch this space get the attention it deserves. That said, this week’s product section is very identity heavy!
ConductorOne's AI Copilot for Identity Governance
ConductorOne recently announced its new Copilot feature to help provide more context to provide more context and detailed risk analysis across identity data to enhance automation in identity governance. The tool offers AI-generated recommendations based on risk flags, contextual insights, and detailed real-time analysis across all identity data.
This is one of the most seamless and practical implementations of GenAI in an IAM product that I’ve seen come through the tape this year. Kudos to the ConductorOne team.
Source: VentureBeat
Descope's Fine-Grained Authorization Service
Descope launched a Fine-Grained Authorization service, enabling organizations to create detailed authorization models for applications using Relationship-Based Access Control (ReBAC) which focuses on entity relationships. This service integrates with Descope's SDKs and APIs.
Source: SiliconAngle
Opal Security Receives $22M in Series B Funding
Opal Security, an IAM startup, secured a $22 million investment led by Battery Ventures.
Source: SecurityWeek
Microsoft Purview's New AI Features
Microsoft is obviously full steam ahead all the time and everywhere across its entire product portfolio when it comes to AI. They’ve recently added a bunch of AI features to its data protection/DSPM-type solution. Too much to enumerate here but if you dig through this announcement, it’s pretty mind-boggling to see how Microsoft is intertwining the AI capabilities from products across their portfolio with each other and the type of value that unlocks for the end user. For example, they have Security Copilot embedded in Purview which streamlines data security management while enriching with all of the context that Copilot has about your estate through it’s integrations with other products.
This is a compound effect that will be hard to reach for challengers in the security space but easy for incumbents.
Source: Microsoft
Tradecraft🤺
Kubernetes Attacks That Emerged in 2023 + How To Defend Against Them
This post by Jimmy Mesta, CTO and Co-founder of KSOC, takes a look at new Kubernetes attacks that emerged in 2023 and provides practical steps on how security teams can defend against them. The post looks at Scarleteel, Dero + Monero cryptominers and RBAC-buster.
Source: VentureBeat
Cooking Intelligent Detections from Threat Intelligence
In this post, Anton Chuvakin details out the pain points hurting the dynamic between threat intel and detection engineering teams and how they can work together to craft more intelligent detections.
Source: Anton On Security
Permiso's Cloud Identity Threat Briefings
Permiso is offering complimentary threat briefings on attacks against identity provider (IdP) control planes. The briefings demonstrate typical cloud attacks against IdPs and provide strategies for securely configuring cloud environments to better defend against these attacks. The link below includes a video walkthrough of a common identity attack chain that Permiso has come across.
Source: Permiso
Incident Response x Machine Learning
This post dives in on how ML can be used for incident response and why deep neural networks can be trained to outperform current heuristic-based schemes.
Source: DarkReading
Bye For Now!
That's all for this week! I hope you found this issue insightful. Your feedback shapes the future of this newsletter, so drop me a line on what resonated with you or what you'd like to see more of. If you believe others can benefit from the newsletter, share the love and encourage them to subscribe🎄