📡 TCP #64: Crowdstrike v. Delta; Wiz Eyes $1B ARR; VulnHuntr; and Product News
Security Product News | Oct 23rd - Oct. 30th, 2024
Welcome to Issue 64 of The Cybersecurity Pulse! I'm Darwin Salazar, Founding PM at Monad and former Detection Engineer. Each week, I explore the latest security product innovations and industry news. Stay ahead of security trends and themes by subscribing below to receive weekly digests directly to your inbox. Share with a friend if already sub’d! 📩
Hi! Feels like it’s a big week here in the US for some reason. Might be something important happening soon? Maybe it’s Halloween🎃 tomorrow? Lol jk, if you’re in the US, please go exercise your vote. It matters now more than ever! 🇺🇸
Aside from that, we’ve got a jam-packed issue this week including the huge news that we’re slowly opening our doors at Monad for users to come test and use the product. We’ve built a powerful ETL solution that will change the game for security teams and vendors. If you’re a detection engineer, vulnerability management person, or a founder that is interested in learning more or testing the product, hit us up at product@monad.com or drop me a DM.
Okay, now, let’s cyber 🕺🏽
This week’s sponsor 🎉
Security operations teams face the daunting task of being both meticulous and swift, even as the number of threats, security tools, and alerts increase rapidly. This growing complexity slows teams down with manual and tedious processes, leading to analyst burnout and alert fatigue. It pulls attention away from true security analysis and increases risk.
This is exactly the problem Prophet Security solves, offering a hyper-efficient AI Analyst for SecOps that combines the scale and speed of AI with the thoroughness of an expert security analyst. If you’re looking to streamline your SecOps and lower your risk, you should check them out for a demo.
Picks of the Week🎯
Delta Launches $500M Lawsuit Against CrowdStrike
The saga continues. Delta is suing Crowdstrike for $500M for the outage in July. Delta canceled ~7K flights impacting 1.3M customers throughout a 5-day span.
There's a lot of finger pointing in this one with Crowdstrike saying they're not responsible for more than $10M in damages. Regardless of the final verdict, this case and lawsuit will set legal precedence similar situations in the future.
The discussions and final ruling will send ripple effects throughout the cyber insurance, customer and security vendor realms. Should be interesting 🌶️
Scaling trust to unicorn status with Vanta CEO Christina Cacioppo
Founder + CEO of Vanta, Christina Cacioppo, talks about her journey in scaling Vanta to unicorn status. Lots of nuggets for founders on doing manual, unscalable things when starting, how to build trust with the market, financial management, and on Vanta’s early mistakes. Worth a listen!
Wiz hopes to hit $1B in ARR in 2025 before an IPO
Wiz co-founder and VP of R&D, Roy Reznik, says that Wiz plans to double their ARR to $1B by EoY 2025. Reading between the lines, it sounds like that $1B ARR figure would be a catalyst for Wiz to kickstart their IPO roadshow and process. Cloud security spending hit $30B this year so it's certainly do-able, especially as they chart new territories with their Wiz Code modules 🔥
How to Improve the Security of AI-Assisted Software Development
A Github survey reported that 92% of US-based developers are using AI coding tools. While this is great for innovation + developer productivity, it's not so great for security for multiple reasons: 1) with the velocity of shipped insecure code comes an influx of vulns and other security issues to remediate 2) Shadow AI - security teams don't have visibility or knowledge of some of the AI in use 3) sensitive data risks.
So how can CISOs and their teams get a grasp on shadow AI? Bring Your Own AI (BYOAI) - aka using vetted, fine-tuned, and approved customized AI - is one answer to this question and this post dives in on what that can look like. And yes, of course, there's a lot more security teams should be doing to secure AI use.
28th October – Threat Intelligence Report
Checkpoint's weekly threat intel report. Worth subscribing to if you're in an operational security role or work for a SecOps vendor.
Product News 📰
Product news. My favorite kind of news.
This Halloween, Ghost Security Unleashes Reaper: The Ultimate Vulnerability Hunter Built for AI 👻
Reaper is more than just a security tool—it blends human expertise with Agentic AI for precise and rapid vulnerability detection tailored to your application’s unique architecture. Reaper's context-aware AI strategically attacks targets and produces comprehensive reports, enabling your AppSec and Dev teams to quickly pinpoint, comprehend, and address vulnerabilities. Ready for intelligent, autonomous testing?
AI Security
Protect AI open sources VulnHuntr
VulnHuntr is a Python static code analyzer that uses LLMs to find vulns in the AI ecosystem. The tool has found multiple vulns in popular AI model code repos and seems like a great addition to any LLM testing arsenal. Kudos to Protect AI for continuing to open-source their amazing tools 💜
Zenity Raises $38 Million to Secure Agentic AI
$38M Series B raised on the back of securing Agentic AI whose enterprise traction seems inevitable. Kudos to the Zenity team!
Application Security
Wiz x Jit launch bi-directional integration 🤝
This is huge for mutual Wiz x Jit customers considering Jit’s extensive ASPM coverage and Wiz’s market-leading CNAPP. The integration brings in Wiz runtime context into Jit’s Risk Graph and also sends Jit findings into Wiz as shown above. Big win for mutual customers as the integration allows for end-to-end app + cloud sec visibility and remediation powers.
More AppSec product news ⬇️
Cloud Security
Wiz Runtime Sensor adds coverage for serverless containers at runtime
Coverage includes support for AWS Fargate and Azure Container Apps services. Their sensor uses ptrace to monitor serverless container processes at runtime. Above is an example of the process tree for a process running within a Fargate instance.
More cloud security product news ⬇️
Data Security
The space remains HOT AF (🔥🚒) in terms of funding and M&A activity. Tenable x Eureka, Crowdstrike x Flow, Palo Alto Networks x Dig, Rubrik x Laminar, Fortinet x DLP, NetSkope x Dasera and this week Proofpoint acquires Normalyze + $45M Series B by Concentric AI.
I’m sure I’ve missed some of the activity but wow, what a wild past 18 months for data security.
IoT Security
Cyber Startup Armis Security Raises $200M At $4.2B Valuation
Armis is a behemoth in the IoT security space and recently forayed into the vulnerability prioritization and remediation game with their acquisition of Silk Security. Well, the PE-held company has just raised $200M at $4.2B valuation. Sounds like they’re targeting IPO for 2026. Kudos to the leadership team over there. Snipers.
Security Operations
Abstract Security Raises $15M in Series A Funding
Socure Acquires Risk Decisioning Company Effectiv for $136M
Let's Grow Together!🫱🏽🫲🏻
Are you looking to boost your brand's visibility? Partner with us! Sponsoring TCP not only helps us continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of over 4,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Bye For Now!
That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽