Welcome to Issue 66 of The Cybersecurity Pulse! I'm Darwin Salazar, Founding PM at Monad and former Detection Engineer. Each week, I explore the latest security product innovations and industry news. Stay ahead of security trends and themes by subscribing below to receive weekly digests directly to your inbox. Share with a friend if already sub’d! 📩

Share

Picks of the Week🎯

Reco provides a snapshot at the State of SaaS Security in 2024

SaaS Security is one of the biggest challenges facing security teams today. It's impossible to argue with that. In this TCP x Reco collab, we take a look at current trends, risks, and provide guidance on how to get SaaS Security under control. Below are some compelling findings from the report:

• Organizations are using an average of 490 SaaS apps with 261 of those being unauthorized - or not vetted by security teams.

• 30.7% increase of GenAI app usage from July - Sept. 2024. Without a solid governance around GenAI use, organizations could be leaving themselves open to serious data leak risks.

• Things have gotten better with MFA adoption with only 9.5% of surveyed accounts across 6,600 apps lacking MFA 🙌🏽

Download the full report here to see the rest of the findings and guidance for building a strong SaaS security program!

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Digital forensics require very careful handling of assets and data throughout the lifecycle of the investigation and chain of custody of related assets and data. It's a matter I've always been interested in due to its' close tie in with national security.

Under the court of law, any mistakes or gaps in the process could bring into question the integrity of the findings and investigation. This is why I found it so bizarre that recently some iPhones awaiting inspection in police labs were randomly rebooting and losing their pristine 'After First Unlock' (AFU) status.

Losing AFU status makes it tougher to perform forensics even with using tools like Cellebrite. Some are hypothesizing that the random reboot is an iOS 18.0 security feature. Apple hasn't commented. I sure do imagine that this is causing a major stir up in the law enforcement, forensics, and legal communities. The article has more theories and details on the observed behavior.

The ROI of Security Investments: How Cybersecurity Leaders Prove It

When you look at a balance sheet or read out an earnings call transcript, security is never mentioned as a revenue generator -- unless it's a security vendor. That said, security is certainly a business enabler but how do security leaders prove the value and return on investment of security tooling? It's a tall task. This Q&A with Shawn Baird, Associate Director of Offensive Security & Red Teaming at DTCC, highlights how to use security validation to help discover and prove the ROI of security investments.

The Power of AI-Native SOCs

Threat Vector podcast with Unit42 director, David Moulton, and Kieran Norton, Principal at Deloitte.

Product News 📰

Product news. My favorite kind of news.

AI Security

CrowdStrike Launches AI Red Team Services

Crowdstrike now offers security assessments for AI apps + systems. Given Crowdstrike’s lead in services + product, this should be a great addition for customers.

More AppSec product news ⬇️

1. F5 AI Gateway secures and optimizes access to AI applications

2. Fortinet expands GenAI capabilities across its portfolio with two new additions

Application Security

Snyk Acquires Probely

Snyk has acquired Probely, a Porto, Portugal-based dynamic application security testing (DAST) startup. Some of Probely’s features and capabilities are highlighted in the graphic above.

This is Snyk’s 9th or 10th acquisition since inception. Their CEO mentioned in an interview last year that IPO is the goal 👀

More AppSec product news ⬇️

1. Symbiotic Security Launches Scanning Tool to Help Fix Flaws in Code

Cloud Security

Permiso launches three open-source tools to enhance cloud security detection

Permiso has done it again with the release of 3 more dope open-source cloud security tools:

1. DetentionDodger: Scans CloudTrail logs to detect failed policy attachments and lists identities with a quarantine policy, highlighting users whose privileges could be compromised.

2. BucketShield: Designed to monitor and alert on Amazon Web Services Inc. S3 buckets and CloudTrail log activities. The tool ensures the consistent flow of logs from AWS services into S3 buckets to mitigate the risk of misconfigurations that could disrupt log collection.

3. CAPICHE Detection Framework: Designed to streamline the process of creating cloud application programming interface detection rules.

More cloud security product news ⬇️

1. Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace'

SaaS Security

AppOmni partners with Cisco to extend zero trust to SaaS

The partnership combines AppOmni's Zero Trust Posture Management (ZTPM) with Cisco's Security Service Edge (SSE) offering.

Security Operations

Embed Security Raises $6 Million to Help Overworked Analysts

Using AI to help the SOC. We know that this is a huge opportunity to solve on of security's toughest problems but who will be the winners in the next wave of innovators? While there are some early leaders like Prophet Security, the answer is not clear yet and it's why we continue to see so much VC money pour into the space.

Last week, Embed Security came out of stealth with $6M seed with an 'Agentic Security Platform' aimed at helping lighten the investigative burden from the SOC. What's most compelling to me is Embed's founding team. Seth Summersett (CEO) and Jeffrey Johns (CTO), have held leadership roles at Meta, Google, FireEye, Mandiant and have served at the NSA.

The product still seems to be in beta and you can request early access via their site. Excited to see what this great group builds!

Bye For Now!

That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽

Share