Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Product + Marketing at Monad and former detection engineer in big tech. Each week, I dig through all the major headlines to bring you the latest security product innovation and industry news. Subscribe below for weekly updates! 📧

🥇 Chainguard Containers: 98% fewer CVEs compared to OSS alternatives🥇

The status quo in open-source software (OSS) delivery has led to high profile security breaches, compliance failures, and constantly growing CVE backlogs. Security teams need more visibility into the OSS used by dev teams.

Enter Chainguard: Minimal, hardened containers rebuilt daily, so your teams can ship quickly and confidently.

👉 See Chainguard in action!

👋 Welcome back to another issue of TCP! A little late this week, but better late than never, amiright?

Anyhow, it’s never a dull week in cybersecurity so let’s jump in and see what’s been cooking!

Tl;dr

• 💰 EY report finds that security teams generate an average of $36M in business growth per initiative they’re significantly involved in

• 🤦🏽‍♂️CISA could be losing ~$500M in funding and 1,000 head count

• 🏔️Tenable acquires Apex for $105M

• 🧙🏽‍♂️Wiz launches simple yet super impactful Service Catalog feature

• 🦄Microsoft and CrowdStrike team up to map threat actor aliases

• 📈ZScaler and CrowdStrike both report strong financial performance in the past Q

• 🐬Merlin Ventures raises $75M seed-stage cybersecurity fund

Okay cool, let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

Cybersecurity Teams Generate Average of $36M in Business Growth

Historically, it's been difficult to financially measure the value add that security initiatives bring to a business' bottom line. However, a recent E&Y study found that security contributes, on average, $36M in value to each "enterprise-wide strategic initiative it is involved in."

The report finds that security plays a key role in business growth by

• Enabling adoption and building of new technologies like AI which gives a competitive edge in the market

• Improving customer exp + external perception of the brand

• Risk prevention when entering new markets

E&Y surveyed 500+ security leaders for this report and derived the $36M figure from the leader's responses on total enterprise revenue generate and annual cost savings from security initiatives. While it's difficult to determine how much money security efforts may generate or save, this is the most comprehensive report I've come across that looks across multiple industries, enterprise size, etc. Great report by the E&Y team. Worth a read regardless of where you sit at the security table.

Stop breaches before they start.

Too many alerts, not enough clarity? Intruder helps you focus on the vulnerabilities that pose the biggest risk to your business. From cloud to apps to infrastructure, get continuous monitoring, smart prioritization, and full visibility into your attack surface.

One powerful platform. Top rated user experience. Built for busy teams.

Start your free trial

Zscaler reports earnings and revenue beats, raises outlook

Zscaler reported a fairly strong quarter with $678M in revenue, bringing their ARR figure to $2.9B.

For more, check out Strategy of Security's deep dive here.

CrowdStrike earnings beat expectations but revenue outlook weighs on shares

CrowdStrike also had a strong quarter coming in at $1.1B in revenue, bringing their ARR to $4.4B.

For more, check out Strategy of Security's deep dive here.

NSA + CISA Release New Guidance for SecOps and Data Security

• Here's the NSA's Artificial Intelligence Security Center (AISC) guidance on AI Data Security risks and best practices.

• Here's CISA's guidance on procuring, implementing, and maintaining SIEM and SOAR platforms.

Love this.

CISA could lose 1,000 headcount and $495M budget cut in new bill 🫠

The Trump admin's 2026 fiscal year proposal includes a headcount reduction from 3292 positions to 2324.

Other top stories 📰

• Victoria’s Secret delays earnings release after security incident

• SentinelOne: Last week’s 7-hour outage caused by software flaw

• How to Approach Security in the Era of AI Agents

🔮 The Future of Security 🔮

AI Security

Tenable acquires Apex Security

Tenable has entered agreement to acquire Apex Security, a Sequoia Capital and Sam Altman-backed startup for $105M. If done correctly, I think this acquisition sets up Tenable well in the AI security race. This is the 3rd major AI security acquisition in the past 18 months with Cisco and Palo Alto Networks leading the two others. More consolidation to come in this space. Kudos to Tenable for jumping on this.

More AI Security news ⬇️

• Unbound Raises $4 Million to Secure Gen-AI Adoption

Application Security

Impart Security raises $12M Series A

Impart Security, an API Security company founded by Signal Sciences vets, has raised $12M in funding from Madrona and CRV.

More AppSec news ⬇️

• Salt Security Introduces Instant API Security Deployment with Complete Environment Visibility

Cloud Security

Introducing Wiz Service Catalog: Application Service Views

Wiz has recently shipped their 'Service Catalog' feature which in hindsight is obvious and should be tablestakes wherever applicable. The feature groups all cloud assets by the App/Service that they support which gives security teams a ton of context and direction on how they should treat/prioritize security findings.

For example, all assets that support a critical service like the video streaming platform or healthcare patient intake service can now be seen from a single view. This enables a ton of downstream security approaches.

Seems like a simple no-brainer feature, and sure, you can achieve this with proper resource tagging, but trust me, this will help security teams in more ways than one.

More Cloud Security news ⬇️

• ZEST Security and Upwind Partner to Close the Gap Between Cloud Threat Detection and Action

Data Security

Mind raises $30M to help businesses prevent data leaks using AI

Mind, a data security startup, has raised a $30M Series A led by Paladin Capital Group and Crosspoint Capital Partners with participation from Okta Ventures and YL Ventures.

Email Security

Fortinet Unveils New AI-Powered Workspace Security Suite to Protect the Modern Enterprise

Fortinet has launched its FortiMail Workspace Security suite. The press release isn't very clear on what the capabilities actually entail, but I thought its worth covering nonetheless.

Network Security

Zero Networks Raises $55 Million for Microsegmentation Solution

Zero Networks, a microsegmentation sartup, has raised a $55M Series C in a round led by Highland Europe with participation from F2 Venture Capital, PICO Venture Partners, Venrock, and U.S. Venture Partners (USVP).

More Network Security news ⬇️

• Akamai launches DNS Posture Management for real-time monitoring and guided remediation

  Zscaler expands zero-trust and AI capabilities across cloud and branch environments

Security Operations

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names

One of the most perplexing things about our industry has always been how different entities name threat actors. CrowdStrike follows an animal theme, Microsoft follows a weather theme, while Mandiant (now Google) follows an APT# or UNC# format. This makes it difficult to track threat actor updates across different channels as groups may go by different names at different times depending on the publication… talk about a cluster f*ck lol

Anyways, Microsoft and CrowdStrike announced this Monday that they'll be teaming up to map threat actor aliases without imposing a single naming standard. This is great. Hopefully they can maintain the alliance for the long haul.

More SecOps news ⬇️

• ThreatSpike Raises $14 Million in Series A Funding

• Cribl Launches Copilot Editor to Streamline Telemetry Data Transformation for IT and Security Teams

Venture Land

Merlin Ventures secures $75M+ for seed-stage cybersecurity fund

Merlin Ventures, an emerging cybersecurity VC firm out of Tel Aviv founded in 2021, has announced the close of their inaugural fund which was oversubscribed and passed its $75M target. The firm has invested in Dig Security, Talon, Veriti, Oxeye (all acquired) and several others. It'll be fun to see how Merlin continues to grow and where they make their next few bets.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!