๐ Cybersecurity Innovation Pulse #3 - Deep Dive on Palo Alto Networks' Earnings, Intuitive AI Defender Agents, and the Cryptopocalypse!
Week of Feb. 16th - 23rd, 2023.
Welcome to the third issue of the Cybersecurity Market Pulse newsletter. Outside of my role as a Detection Engineer @ Datadog, I track the latest events impacting the security industry including new product releases, the innovation intersection, partnerships, funding, earnings, M&A, and more. If you think the content is helpful and worth supporting, subscribe to the newsletter to get it sent to your inbox every week. If youโre already subscribed, share it with a friend!
Thank You!
Before we get started, I wanted to express my gratitude to all of you who have provided feedback, purchased a subscription, and those who have shared the newsletter with your network. In just two weeks, weโre nearing the 100-subscriber milestone mark! My hope is that you continue to find this newsletter valuable and continue to share your thoughts on how we can improve it.
The Innovation Intersection ๐ด
Product Releases and Partnerships
DataDog releases ASM Protect capabilities as part of its Application Security Management (ASM) solution. The new set of functions enables teams to take action against attackers by blocking any and all IPs associated with a signal. ASM Protect features a couple more capabilities you can learn about here.
Dynatrace partners with Snyk to help customers enhance security across the software development lifecycle (SDLC). The Dynatrace AppEngine is designed to connect Snyk container scans pre-production with Dynatrace's runtime insights. The integration also leverages AI to help prioritize software vulnerabilities and provide guidance on how to remediate them. Snyk also partnered with and received a $25M investment from ServiceNow in January.
OpenAI has launched a developer platform, Foundry,ย that will allow customers to run their latest machine learning models such as GPT-3.5 A lightweight instance running GPT-3.5 will run for about $78K for a 3-month contract or $264K for a full-year.
Orca Security partners with ThreatOptix to leverage their agent-based cloud workload protection solution which will be integrated with Orca's Cloud Native Application Protection Platform (CNAPP).
Orca Security introduces Cloud Cost Optimization capabilities into their cloud security platform to help customers manage orphaned resources, reduce unnecessary resource consumption, and reduce their attack surface.
Binary Defense deepens its partnership with ExtraHop to deliver a Managed Network Detection and Response (MNDR) service.
Drata released their Open API solution to provide customers more flexibility in how they consume and action their Drata platform compliance findings and reports. Another step towards the Security Data Lake.ย
Lacework releases its Composite Alerts feature which leverages multiple detections and sources to deliver high-fidelity alerts.
U.S. Researchers Build an AI Security Agent to Defend Against Attackers in Real-Time ๐ค

Researchers from the Department of Energy's Pacific Northwest National Laboratory (PNNL) built an "abstract simulation of the digital conflict between attackers and defenders in a network and trained four different Deep Reinforcement Learning (DRL) neural networks to maximize rewards based on preventing compromises and minimizing network disruption." Samrat Chatterjee who presented the team's work at the Advancement of Artificial Intelligence conference on Feb. 14th says "We wanted to first demonstrate that we can actually train a DRL successfully and show some good testing outcomes before moving forward."
Peeling back the layers and looking at how the researchers trained and tested their model is pretty eye-opening. They created attacker entities with the ability to use a subset of 7 tactics and 15 techniques from the MITRE ATT&CK Framework. Defender agents were equipped with 23 mitigation actions to choose from to counter attacker activity. Their model is also not focused on preventing initial access but rather it assumes breach and tries to prevent lateral movement, execution, defense evasion, exfiltration, and more.
The Deep Q-Network (DQN) variant of their agent performed best out of the 4 DRL algorithms they tested. For the least sophisticated attacks, DQN stopped 79% of attacks midway through the attack stages while stopping 93% by the final stage. For the most sophisticated attacks, it stopped 57% midway and 84% by the final stage.
Chatterjee says that the team's goal is to "create an autonomous defense agent that can learn the most likely next step of an adversary, plan for it, and then respond in the best way to protect the system,โ
I would love to see their system at work in real-time because I do think that it has the potential to augment security teams and continue shifting the security industry to a more proactive approach as opposed to the traditional reactive model. That said, we're probably a couple of years away from such a solution being robust enough to hit the market and gain adoption.
You can access the published research paper here.
The Cryptopocalypse?
Researchers from the KTH Royal Institute of Technology in Sweden have cracked the NIST-recommended post-quantum cryptography CRYSTALS-Kyber encryption and encapsulation mechanism using โDeep learning-based side-channel attacksโ ๐คฏ This has led to many cryptography experts wondering whether we're focusing too much on quantum-based attacks before addressing AI-based attacks. This article has more spicy takes and reactions from the cryptography community.ย
The Market Beat ๐
Palo Alto Networksโ Q2โ23 Financial Results
Revenue: Palo Alto Networks reported total revenue of $1.66B, which represents a 26% increase compared to the same period last year. Product revenue grew 15%, service revenue grew 29%, subscription revenue grew 32% and support revenue grew 25%.
Gross margin: The company's non-GAAP gross margin for the quarter was 75.5%, which is up from 1.5% in the same period last year. Palo Alto Networks attributed the increase in gross margin to higher subscription and support revenue, which carries higher margins.
Product portfolio expansion: Palo Alto Networks announced several product updates during the quarter, including the launch of its Prisma Cloud 2.0 platform and enhancements to its Cortex XSOAR security orchestration and automation solution.
Security products consolidation:ย Palo Alto Networks saw an increase of 144% Y/Y in the number of $10M+ contracts and a total value increase of 196%. Their CEO, Nikesh Arora, mentioned that they continue to see existing customers looking for opportunities to consolidate their product portfolio.
Artificial Intelligence: This stood out to me the most. Nikesh Arora highlighted the company's focus and R&D efforts to leverage AI to enhance its security offerings. By using machine learning algorithms to analyze vast amounts of data they have access to, Palo Alto Networks aims to provide more proactive and effective threat detection and prevention.
It's also key to note that their CFO, Dipak Golechha, mentioned that he believes that they now meet the criteria for inclusion in the S&P 500. In all, Palo Alto Networks continues it's blistering growth trajectory and establishing itself as the market leader for security solutions. Itโs great to see and even better to learn from their playbook.
For more insights from their earnings call, visit here.
Funding News
Entitle, a cloud permissions management startup comes out of stealth with a $15M seed round led by Gilot Capital Partners. Their solution aims to tackle the manual access management problem, identity entitlements sprawl, and integrates with over 100 SaaS, PaaS, and IaaS solutions. Entitle is different from Cloud Identity Entitlement Management (CIEM) solutions in that it provides much more than just visibility into risky cloud identity permissions.ย Entitle was founded by a team of former Israel Defense Forces (IDF) Unit 8200 security engineers and you can learn more about their solution in this video.
Scrut Automation raises a $7.5M round led by MassMutual Ventures. The APAC-based company is a regional leader in the Continuous GRC space and its main goal is to help its customers become and stay compliant.
Metomic raises a $20M Series A round led by Evolution Equity Partners to continue building out their data protection solution. Metomic leverages AI and security policies to detect data leaks.
Sublime Security emerges out of stealth with a $9.8M round led by Decibel. Their solution is an email security platform leverages crowd-sourced rules to protect against phishing, ransomware, and VIP impersonation.ย