Welcome to Issue 44 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products, attacker techniques, and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀

We’re back with another issue of TCP! I always love the weeks leading up to RSA and BlackHat because its when we see a massive spike in product releases, startups coming out of stealth, tons of M&A activity etc. It’s like the trade deadline in any major sports league. The dynamics in the industry can really change with just one move 👀

That said, I’ll be at both BSides and RSAC, reach out if you wanna grab coffee ☕ or get a lift in 🏋🏽‍♂️

Before we jump into this week’s issue, check out Part II of the Data Engineering for Cybersecurity blog series I’ve been writing and last week’s Enterprise Security Weekly episode. I also have something major coming out with Impart Security and DryRun Security tomorrow so keep your eyes peeled for that as well. *Hint:* It has to do with AppSec and LLMs!

Now, let’s jump into things!

Industry🛰

Verizon DBIR 2024 is Out

The Verizon Data Breach Investigations Report (DBIR) is one of our industry’s most reputable and longest running reports that shine a light on the threat landscape. This year’s report was published this morning and while I haven’t had the time to dig in, the high-level takeaways shown above are not that surprising.

Kelly Shortridge’s write up on this year’s report if you just want the tl;dr!

Source: Verizon

NSA Launches Guidance for Secure AI Deployment

The NSA’s Artificial Intelligence Security Center (AISC) recently released guidance and best practices on deploying secure and resilient AI systems. Though its pretty simple (e.g., Harden deployment env configs), its extremely practical and if followed correctly can defend against ~85% of risks and threats. It also covers more specific AI/ML risks such as model behavior and model weights.
Source: NSA

NIST Updates AI RMF as Mandated by the White House Executive Order on AI

NIST recently updated its AI Risk Management Framework (RMF) as was mandated by a White House Executive Order. This framework, which was last updated in Jan. 2023, is a voluntary framework (no legal bearing) designed to provide companies with guidance on developing safe, secure, and “trustworthy” AI. According to The National Law Review, this framework is one of the most frequently cited risk management frameworks in the US these past two years.

Source: National Law Review

Product🛸

With over 20 product-related announcements, this week’s product section won’t include as many deep dives. I’ll cover a few that I’m most excited about and link the rest of the announcements!

Torq Launches HyperSOC

HyperSOC seems like a staff augmentation play to help analysts streamline key SOC activities like case management, investigations etc. To this day, this is one of the most practical uses of AI for security. Kudos to Torq on the launch!

Source: SiliconAngle

Dropzone AI Raises $16.85 Million Series A

Dropzone AI is another SOC staff augmentation contender that I’m pretty keen on. Their solution leverages AI/ML to analyze logs + other security data to map the scope of incidents and generate detailed incident reports with remediation recommendations. While many startups in the same space have recently come out stealth, Dropzone has been at it for over a year. Looking forward to watching their pitch at the RSA Innovation Sandbox!

Source: SiliconANGLE

Prophet Security Emerges with $11 Million Funding

Prohpet Security, backed by Bain Capital Ventures. Another AI for SecOps play. This is the way.

Source: SecurityWeek

Binary Defense Adds New Features to BDVision

Updates include new deception technology (🔥), AI-based threat detection, and EDR bypass detection. Productizing deception is a pretty huge accomplishment and I think the folks at Binary Defense (e.g., David Kennedy, Jason Vest) are well equipped to do so. More deception tech please!!!!

RunReveal Debuts Correlated Alerting and Raises $2.5M Seed

RunReveal recently added correlated alerting capabilities that allow for stacking of detections to only alert when multiple anomalous conditions or activities are detected. Following this model compared to single-source detections can help reduce noise (e.g. false positives) and surface higher fidelity alerts.

RunReveal also announced in $2.5M seed funding today. They’re doing some pretty cool work in the detection and response + SIEM space. Excited to see their continued growth.

Source: RunReveal

Amplifier Security Raises $3.3 Million in Pre-Seed Funding

Amplifier Security is a security data fabric + AI Copilot for workforce security. What does this actually mean? What problem are they solving? Idk it was tough for me to make sense of the problem they’re actually solving.

However, this is further confirmation that data fabrics are powering security copilots as I called out in this post.

Source: FinSMEs

Nagomi Security Emerges from Stealth w/ $30M in Funding

Nagomi Security is another solution that plugs into an enterprise’s existing security solutions and aims to help security team’s leverage their security investments better. “The Proactive Defense Platform, as it’s called, can map out the online threats facing an organization. It then determines whether the organization’s cybersecurity systems can effectively block those threats.” - Maria Deutscher, SiliconAngle

Zafran ($30 through series A) and Gutsy ($51M seed) are two other startups leveraging existing security tools to solve security challenges. However, they’re tackling different problems.

I wonder what this category of security tools should be called lol 🤔

Also, one key thing to note about Nagomi is that they hit $1M ARR while in stealth which is pretty uncommon in our space.

Source: SiliconAngle

The Rest of Products News 📰

1. Amazon introduces new safety features for Bedrock with Guardrails

2. Snyk Adds Second ASPM Tool to Portfolio

3. Deep Instinct’s Artificial Neural Network Assistant (DIANNA) for malware analysis

4. GRC startup LogicGate promises faster and safer AI deployments

5. Aqua Security and Orca partner up to launch integration

6. Adaptive Shield's new SaaS security features to mitigate AI risk

7. JFrog unveils MLflow integration to enhance machine learning model management

8. Tenable Bolsters Its Cloud Security Arsenal with Malware Detection

9. BalkanID Copilot: Supercharge identity security and lifecycle management

10. CrowdStrike Enhances Identity Security to Thwart Cloud Attacks

11. Trend Vision One Unveiled by Trend Micro

12. AWS Security Hub announces the AWS Resource Tagging Standard

13. GitLab GAs Duo Chat AI chatbot for DevSecOps

Funding + M&A📈

1. IBM acquires HashiCorp for $6.4B

2. Darktrace to be acquired by Thoma Bravo for $5.3B

3. Secure browser Island raises $175M, doubling valuation to $3B

4. Network security startup Corelight reels in $150M

5. Endpoint Security Firm ThreatLocker Raises $115 Million in Series D

6. Oasis Security reels in $35M more to secure nonhuman identities

7. Traceable AI Raises $30 Million to Safeguard Cloud APIs

8. Sublime Security Raises $20M Series A

9. Apptega secures $15M in funding to expand its cybersecurity compliance platform

10. French security startup BforeAI raises $15M for US expansion

11. DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding

12. VulnCheck Closes $8M Seed Financing

13. BreachRx Raises $6.5M to Revamp Incident Response Reporting

14. StepSecurity $3M seed

15. Resonance Security Closes $1.5M in Pre-Seed Funding

Extras🎬

1. Rethinking How You Work With Detection and Response Metrics

2. CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST

3. Lessons for CISOs From OWASP's LLM Top 10

4. Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Bye For Now!

I’ll be back with a post after RSA capturing all the biggest innovation-related announcements. Looking forward to catching up with some of the TCP community there. Ping me if you’ll be around! Nos vemos la próxima semana! 🚀

Share