Cybersecurity Innovation Pulse #43: UnitedHealth Ransomware Cost $1.5bn; MLBOMs; PCI v4; Simbian; Knostic; Miggo and Much More!
Apr. 11th - 18th, 2024
Welcome to Issue 43 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products, attacker techniques, and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
RSA is around the corner so expect these newsletters to be a longer over the coming weeks. Tons of startups emerging from stealth, funding + M&A activity, new products, features, partnerships, you name it! But no worries, I’ve got you covered ✊🏼
That said, if you’ll be at BSidesSF/RSAC, feel free to drop me a DM or reach out on LinkedIn. Happy to chat over some coffee!
Before we jump into things, I wrote up a piece on demystifying security data fabrics and why Zscaler paid $350m for Avalor. Check it out here.
Now let’s jump into the fun stuff⬇️
Industry🛰
Change Healthcare Ransomware Attack to Exceed $1.5b in Total Costs
UnitedHealth reported their Q1 earnings recently and it shed light on the Change Healthcare ransomware attack which easily the most devastating breach this year. So far the attack has cost United Healthcare Group $872m, with an expected total cost of $1.35b to $1.6b for the year. Not to mention, the attack caused tremendous downstream disruption to healthcare providers including issues with prescription refills and lack of payouts jeopardizing hundreds of healthcare practices.
In comparison, MGM's costs to restore their systems after an attack are around $100 million.
The ordeal doesn’t seem to be over either. Earlier this month, a second ransomware group surfaced mentioning it has 4TB of PHI and PII and will sell to the highest bidder if they don’t receive ransom payment.
This is a big one ladies and gents. My prayers go out to everyone involved and impacted by this one.
Source: The Register
Importance of MLBOMs
AI and ML require a different security approach than securing traditional apps. In this post, DIana Kelley, CISO at Protect AI and Fmr. Field CTO at Microsoft, details:
The need for Machine Learning Bill of Materials (MLBOMs)
How MLBOMs differ from traditional BOMs (e.g. help w/ hunting down poisoned data sets)
Practical guidance for building and leveraging MLBOMs
Source: DarkReading
PCI DSS v4.0 Deep Dive
Full enforcement for PCI DSS v4.0 starts on March 31st, 2025. This is the first major update since v3.2.1 was release in May of 2018. If your org. needs to be PCI compliant, perform PCI audits or if you just want to catch up on the major changes, this pod is the one you want to listen to!
Also, shoutout to Paul on the United Healthcare jersey lmao 🫠
Datadog’s State of DevSecOps 2024 Report
Given Datadog’s visibility across thousands of enterprise environments and the pragmatic approach taken by their research team, this is a great report to dig into if application security and DevSecOps are in your wheelhouse. Biggest standout findings for me is that 90% of Java services running in a production environment are vulnerable to one or more critical or high severity vulnerabilities introduced by a third-party library, versus an average of 47% across the other programming languages assessed.
Source: Datadog
Product🛸
Golden Advice for the Platform Race
To no surprise, Ross from
has dropped another gem of a post. In this post, he unpacks strategies and tactical advice for building a successful cybersecurity platform, discusses the challenges encountered along the way, and highlights how some vendors have successfully built world-class platforms.Check it out and if you haven’t already, purchase his best-selling book “Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup”.
Source: Venture in Security
Simbian Emerges from Stealth w/ $10m to Build Fully Autonomous Security
Last year, I published a post on fully autonomous cyber-defense agents and how we’re getting closer to that reality. Last week, Simbian, a startup focused on making security fully autonomous, came out of stealth. In my opinion, this is not just another security copilot.
I research and pick apart hundreds of startups every year and this one has very strong signals for success. Everything from their approach to their patent-pending TrustedLLM (claimed to be hallucination-free) to their founding team to their team of investors and advisors is on point. That said, we’re a VERY long way from security teams handing off full trust to AI.
I’ll spare you the details since I think it’s worth digging into yourself⬇️
Source: SecurityWeek + Simbian
Knostic Emerges from Stealth w/ $3.3m Seed
Two security vets and imo, legends, Gadi Evron and Sounil Yu, have teamed up to create Knostic. A startup focusing on access control for enterprise GenAI apps. They recently came out of stealth w/ a $3.3m seed round which was joined by notable folks like Travis McPeak and Bryson Bort. Given the founder’s track record, this is definitely one to watch.
Source: DarkReading
Miggo Security Emerges from Stealth w/ $7.5m Seed
Miggo Security has introduced a novel “Application Detection & Response” (ADR) solution which takes a holistic approach to AppSec. It plugs into the app and automatically generates a map of its components, interactions, and chains of trust. It establishes baseline standards of behavior between different services, data flows, and authentication mechanisms, allowing it to identify and prevent malicious activities in real-time.
Miggo can terminate the session or use the customer's other tools to prevent continuing execution of malicious behavior. The startup is backed by YL Ventures and founded by IDF vets.
Source: SecurityWeek
New Descope Features
Remember that passwordless auth. startup that raised a $53m seed early last year? Well they, Descope, now have 100+ customers and recently added some cool features including one I don’t see very often in security products, the capability to A/B test user journey flows and assess impact + results.
Passwordless is obviously the future and it’s good to see a product that makes it easy to make it a reality.
Source: SiliconAngle
Wiz x Cado Partnership
The Wiz Integration (WIN) platform continues to grow. They’ve recently welcomed Cado Security. The integration enables mutual customers to streamline incident response and perform investigations.
What’s interesting to me is that Wiz recently acquired Gem Security which, in my opinion, is a direct competitor to Cado. I think this is a great example of Wiz putting the customer first and playing it down the middle 👏🏽
Source: HelpNetSecurity
Google Chrome Enterprise Gets New Features
Source: BleepingComputer
Funding + M&A📈
Simbian Emerges from Stealth with $10 Million to Build Autonomous AI-Based Security Platform
Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology
Nightvision Raises $5.4 Million for Application Security Testing
Extras🎬
Bye For Now!
Nos vemos la próxima semana! 🚀