📡 Cybersecurity Innovation Pulse #35: CISOs AI Capabilities Wishlist; Autonomous SOCs; Cloud Threat Landscape DB; 26B Records Leaked; And More!
Covering Jan. 18th - Jan. 25th
Welcome to Issue 35 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments + trends in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in the cybersecurity industry, make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
Industry🛰
AI Technologies Desired by Security Experts
Wanted to start out with this one because it’s what we’re all about here at TCP. The great team at SecurityWeek recently interviewed a few CISOs, VCs, and researchers on what AI-related advancements they’d like to see in security products. There is SO MUCH gold in this post for product builders and investors. Happy digging! 💎💎💎
Source: SecurityWeek
Vulnerabilities in Open-Source AI and ML Tools
Protect AI recently released their January 2024 Vulnerability Report detailing the top open-source AI/ML vulnerabilities they’ve discovered through their huntr bug bounty program. Each vuln. is linked and provide solid deep-dives which are great to read even if you’re not securing AI. This space will obviously continue to explode and getting acclimated with the technologies + vuln. types will be key whether you’re practitioner, investor, product builder or in GTM.
In my opinion, Protect AI is the market leader for AI security today. It’s been awesome watching their growth and level of execution. They open-sourced 3 AI/ML security tools several months ago which is also pretty rad of them. Kudos to the Protect AI team!
Source: Protect AI
OpenAI's Response to Misuse of GPT-4 in Political Impersonation
Last week, we covered OpenAI’s approach to election security and this week, we saw the first takedown of a startup impersonating presidential candidate Dean Phillips. Election Security will be in the spotlight all year 🍿
Source: SiliconANGLE
The Rise of Autonomous SOC Platforms
Intezer, an autonomous SOC company, reports that customers using their platform last year grew by 400%. In this article, they take a look at their platform usage metrics and the core capabilities of an autonomous SOC solution.
Source: Intezer
Increase in Cyberattacks Impact on Insurance Rates
After a wild surge in cyber insurance premiums caused by the COVID attack boom, insurance rates plateaued to close out 2023. However, industry experts from Marsh expect to see an increase in 2024 as cyberattacks continue to increase.
Source: DarkReading
Record-Breaking Increase in Ransomware Attacks
The number of ransomware victims increased by 128% in 2023.
Most targeted country: USA 🇺🇸
Most active group: LockBit
Most targeted entities: Stanford University, Volt, and CoinBase
Source: SecurityAffairs
Product🛸
Prompt Security Emerges From Stealth To Secure GenAI
Prompt Security emerges from stealth and aims to be a one-stop shop for all things GenAI security 👌🏼
Source: Prompt Security
Wiz Adds Support For Terraform Run Tasks
Mutual Wiz x HashiCorp customers can now add security checks and guardrails to their Terraform pipelines to detect misconfigurations, leaked secrets and more.
Source: Wiz
Tenable Adds Pull Request Capabilities for Remediation
As part of their ‘cloud-to-code’ module, Tenable has added the capability of generating pull requests to remediate IaC misconfigurations. This helps security + infra teams streamline communications + remediation.
Source: Tenable
Salt Security Introduces Its API Posture Governance Engine
Salt introduces their API posture governance solution which provides capabilities to author corporate standards for API posture, assess compliance with those standards + industry best practices, and regulatory requirements. They’ve also added new API filtering + querying capabilities.
Source: DarkReading
Zscaler Zeroes in on Avalor Acquisition
Zscaler, which has a full-fledged suite of security products, is set to acquire Avalor for $250-350M. Avalor is a data fabric play that will enable Zscaler to connect the dots across its products and bring more context and visibility to their customers. Context + visibility may seem like buzzwords, but they’re the cornerstone of strong vulnerability management and security operation programs.
Great pickup and great exit.
Source: CRN
Funding💰
Rarely do I give funding activity its own section, but this past week saw a fair amount of capital raised for cutting-edge startups so I had to make an exception!
Torq, a security automation startup, raises $42M in their extended Series B.
Kusari, a software supply chain security startup, raises $8M seed.
Doppel, an AI-powered digital risk protection startup, raises $14M Series A.
RagaAI, an AI testing startup, emerges from stealth with a $4.7M seed round.
If you’re interested in funding activity, earning reports and things of that nature, Return on Security is a great newsletter to follow.
Tradecraft🤺
Wiz Introduces ‘Cloud Threat Landscape’ Database
The interactive database provides a solid look at previous cloud incidents, most targeted technologies, top threat actors, and over 100 cloud attack techniques. This is a powerful resource for detection and threat hunting teams. Kudos to the Wiz research team! 🙌🏼
Source: Wiz
DataDog Security Labs Observes Novel AWS Attacker Activity
Source: DataDog Security Labs
Google Cloud Incident Response Cheat Sheet
Full poster here.
Source: Google Cloud Medium
Extras
EFF adds Street Surveillance Hub so Americans can check who's checking on them - The Register
Mother of All Breaches - A Historic Data Leak Reveals 26 Billion Records - SecurityAffairs
The Margin Crush is Coming in 2024 -
@
Bye For Now!
Nos vemos la próxima semana! 🚀