Welcome to Issue 57 of the The Cybersecurity Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
Picks of the Week🎯
Palo Alto Network's Q4 '24 Earnings Are Good
Before we kick off, I’d like to state that TCP does not condone any form of misogyny, or racism. This is in regards to Palo Alto Networks and CyberRisk Collaborative’s horrendously tasteless decision to use women as lampshades at one of its “happy hours”. It’s 2024, stuff like this sets the industry back by decades and I can’t even imagine how it makes the women in our field feel.
PANW 0.00%↑ CEO has since apologized but how the hell did they even let this happen in the first place??? I have spent a huge portion of my professional career elevating and mentoring people from underrepresented backgrounds. Heinous acts like these really have a chilling effect on the group of people targeted. Huge shame on PANW conference marketing team.
You can read more about their huge slip up here and the CEO’s response here.
Now onto Q4 FY ‘24 earnings.
“I know there was significant consternation around our platformization strategy six months ago. All I want to say is, I wish we had started down that path sooner. The amount of interest and activity around it has certainly been hardening and shows promise. After a strong addition of approximately 65 new platformizations in Q3, we added over 90 new platformizations in Q4, now have well over 1,000 total platformizations…” - Nikesh Arora, CEO at Palo Alto Networks
2 quarters ago, PANW 0.00%↑ announced it's pivot to hyper focus on the platform approach to cloud security, security operations and network security — 3 platforms. Given that PANW is the largest pure-play security company, this obviously sent ripples through the market and spooked investors… A 28% decline in the stock price at the time and tons of folk speculating whether PANW had lost its marbles.
Well, fast forward 6 months and PANW 0.00%↑ is back near all-time highs. The platform play is still very much intact and, as I stated in February, there is room for both the best-of-breed and platform approaches.
Palo is a very solid company with the best partner ecosystem in the game. They reported $4.22 billion in Next-Gen Security (NGS) ARR in FY ‘24 (+43% from ‘23) and $2.19 billion in revenue in Q4. Up 12% from Q4 ‘23.
I haven't fully dug into the earnings call transcript but if you'd like to check in on how the security giant performed last quarter, its a good place to start:
Congrats to everyone who bought the dip.
Fun fact: Platform/platformization was mentioned over 60 times on the earnings call.
$450M Spent on Ransomware in First Half of 2024
The title says it all.
For more, see here.
Catch Up on BlackHat/DEF CON News w/ ESW Ep. 372
In last week’s episode of Enterprise Security Weekly,
, , and I discuss some highlights/lowlights from hacker summer camp, more critical Microsoft vulnerabilities, and the state of cyber marketing. Check it out here!Product News 📰
Relatively light week on the product front as all Product and GTM teams recover from the madness that is Hacker Summer Camp. That said, still a few noteworthy things coming through the tape which we cover below!
Application Security
CodeRabbit Raises $16M Series A
CodeRabbit raises $16M Series A from CRV and others. The founders will use the funding to double down on go-to-market (GTM) and its product offerings including security vulnerability analysis capabilities.
Read more here.
Cloud Security
Orca users can now generate Azure Policies w/ GenAI
Azure Policy is a powerful resource governance tool within the Azure cloud. It allows users to apply guardrails that deny the deployment of misconfigured resources. Though Azure provides hundreds of Azure Policies out-of-the-box (OOTB), security teams can get creative and create custom policies that are fine-tuned to their environment which is something OOTB content (rules, policies, detections etc.) cannot do.
With Orca adding this GenAI capability, it makes it easier for teams to build more tailored guardrails and resource checks for their Azure environments.
Read more here.
Wiz Achieves FedRAMP Moderate Authorization
U.S. public sector entities with FedRAMP Moderate requirements can now procure Wiz through the FedRAMP marketplace. This means that Wiz can now sell to more govt. agencies like the DoD, DoE, DHS, and all the other agencies within scope of FedRAMP Moderate requirements. As I understand it, before this authorization, selling to these agencies was not possible.
In other words, this is a huge revenue unlock for Wiz 💰
Notably, Wiz is the fastest to have achieved this feat.
Read more here.
Mobile Security
Zimperium Partners with Okta
Zimperium is a mobile security provider that has recently partnered with Okta to enable security teams to better secure managed and unmanaged mobile devices. More on the integration below:
The integration provides real-time mobile threat and risk intelligence for managed and unmanaged devices—a core component of a zero trust architecture. By sharing continuous risk posture data with Okta, organizations have the necessary insights required to enforce strong identity and access controls and to configure the service to automatically respond to threats. This represents a modern and necessary requirement for a strong zero-trust architecture. - DarkReading
Open-source Tools
aws-lint-iam-policies by WellDoneCloud
Performs security checks and policy analysis on IAM configs. This can be done for an individual AWS account or across multiple member accounts within an AWS Organization structure.
Github here.
Grimoire by Datadog
Generate datasets of cloud audit logs for common AWS attack techniques. Check out the companion blog post here.
TTPForge by FacebookIncubator
A framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
Github here.
Bye For Now!
That’s all for this week. Nos vemos la próxima semana! 🚀