📡 TCP #68: Automating Detection Engineering; Salt Typhoonski; and Product News
Security Product News | Dec 4th - Dec.11th, 2024
Welcome to Issue 68 of The Cybersecurity Pulse! I'm Darwin Salazar, PM at Monad and former Detection Engineer. Each week, I explore the latest security product innovations and industry news. Stay ahead of security trends and themes by subscribing below to receive weekly digests directly to your inbox. Share with a friend if already sub’d! 📩
As you know, it’s never a dull week in the security space. This past week came with a strong dose of APTs, more funding for AIxSecurity startups, and a fair amount of innovation in the SecOps space.
If the detection engineering title dragged you in, feel free to skip to that announcement here as it’s nestled deep in this week’s issue.
Aside from that, thank you for your continued support and sharing this newsletter with your friends and colleagues! If you ever have any feedback on how I can improve TCP to bring more value to you, hit me up! Drop a comment or holler via Substack or LinkedIn DM!
That said, let’s cyber! 🕺🏽
Interested in sponsoring The Cybersecurity Pulse and connecting with over 4,600 security professionals across 100+ countries? 🌎
Picks of the Week🎯
Salt Typhoon breaches 8 U.S. Telcos
A China-linked Advanced Persistent Threat (APT) group, Salt Typhoon, has breached dozens of Telecommunication companies in recent months. Salt Typhoon infiltrated the world's largest telco networks, compromised wiretapping systems used by law enforcement, and used that access to steal customers' call records and metadata.
It's said that Verizon, AT&T, Lumen Technologies and 5 other U.S. Telcos were among those hit by the group. T-Mobile CSO, Jeff Simon, says that their initial access tactic is something he's never seen in his 15+ years in security.
This is cyber warfare in broad day light and it's a key area to watch. Telco's are critical infrastructure and hopefully these incidents continue to light a fire under the ass of policy makers to prioritize national cybersecurity.
For more:
China-linked APT Salt Typhoon has breached telcos in dozens of countries
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'
White House Says at Least 8 US Telecom Firms, Dozens of Nations Impacted by China Hacking Campaign
How CISOs Are Spending Their New Budgets
Identity, GenAI, and Data Security are the top 3 areas of focus for CISOs in '24 based on a survey that YL Ventures did of 218 "CISOs or equivalent".
Another key finding from the report was that 42% of CISOs reported a budget increase. Security remains a top investment area for enterprises.
Google says its new quantum chip indicates that multiple universes exist
"Google Quantum AI founder Hartmut Neven wrote in his blog post that this chip was so mind-boggling fast that it must have borrowed computational power from other universes." - Julie Bort, TechCrunch
🤯 Huge if true. If true, what could it mean for security?
Snyk hits $300M ARR but isn’t rushing to go public
“We’ve got $435 million in the bank and are very close to break-even. In 2025, we won’t burn any cash, so I can pick the time when I go public. I don’t need to rush,” Peter McKay, Snyk CEO
Going public is not all that it's cracked up to be. Of course, it thrusts the company into public markets allowing everyday investors to acquire shares-- potentially increasing company valuation-- but that also comes with lots of scrutiny. The IPO roadshow is daunting, balance sheets become public, quarterly earning reports, leadership gets heavily interviewed, and much more daunting shenanigans come with being a public company.
Great call not to rush an IPO if not ready. Especially given that financial markets will be loosening up over the next 4-5 years.
Big reminder that just because you could, doesn’t mean you should.
Apple Patent Using Facial Recognition and Body-Associated Data
Apple has been granted a new U.S. patent that pairs facial recognition with "body-associated" data such as body shape, clothing, gait, and gestures. Is Apple gearing up for a push into the home security space? 👀
Product News 📰
Product news. My favorite kind of news.
Data Security
Wald.ai Raises $4M in Seed Round
DLP for AI chat bots.
More data security product news ⬇️
Identity and Access Management (IAM)
CrowdStrike Announces Falcon Identity Protection for AWS IAM Identity Center
Last week during AWS re:Invent, Crowdstrike announced that they've added support to their identity security module for AWS IAM Identity Center.
Read the full announcement here.
More IAM product news ⬇️
Security Operations
System Two Security raises $7M to automate detection engineering with AI
By now, we're all familiar with the idea of AI applied to SOC analyst tier 1 tasks like triaging alerts. However, we haven't seen many, if any, products come to market that are refining + automating the way that detection engineering (DE) is done.
If you've been a DE, you know there are many common pitfalls like detection drift, migrating detections, fine-tuning to filter out false positives etc. System Two recently raised a $7M seed in a round led by Costanoa Ventures to tackle these exact challenges. I love this idea on a conceptual level and can't wait to see the product in action.
More SecOps product news ⬇️
Elastic expands cloud detection and response capabilities from a single SIEM
Cribl taps into Amazon S3 to power smarter operations and sharper threat intelligence
Software Supply Chain Security
Datadog open sources Supply-Chain Firewall
PyPi and npm packages are key targets for threat actors due to their wide availability and use by developers. Datadog recently released a tool, Supply-Chain Firewall, aimed at preventing the installation of malicious/vulnerable PyPI and npm packages. Huge win for software supply chain security and should be shared across the broader security community! Kudos to Datadog Security Labs for another open-source security tool! 👏🏽
More Software Supply Chain Security product news ⬇️
Let's Grow Together!🫱🏽🫲🏻
Are you looking to boost your brand's visibility? Partner with us! Sponsoring TCP not only helps us continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of over 4,600 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Bye For Now!
That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽