Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

1. PerimeterX Raises $57M in Growth Capital Funding to Fuel Expansion Into New Geographies and Verticals – This is a series D for PerimeterX and brings total funding to nearly $150m. Like most late-stage funding, this round is all about growing into new markets and onto new continents.
2. SailPoint Announces Intent to Acquire Intello to Identify, Secure, and Govern Access to SaaS Applications for Today’s Digital Enterprise – At first glance, this looks like a CASB play, but it looks more focused on monitoring SaaS use than doing any kind of enforcement or the man-in-the-middle javascript hacks that CASB tends to be associated with. I guess you’d still categorize it as SaaS, even if it’s entirely API-dependent. The acquisition makes sense for SailPoint, as SaaS management is a nice feature-add on top of SailPoint’s existing SSO/IAM offerings.
3. SPHERE Secures $10 Million in Series A Funding – A women-founded/owned security startup! We don’t see these nearly often enough. SPHERE appears to be a natural evolution of products like Varonis and Stealthbits. It looks like SPHERE can not only identify privileged access and data governance issues but can enforce policies and take action on infractions. They appear to be particularly focused on cloud-based platforms like Office 365, which is smart – that’s where everyone has moved and… O365 can get really messy!
4. CrowdStrike to Acquire Humio to Deliver Index-Free XDR – We’ve all heard complaints about Splunk costs and many suspect this $400m deal is about (at least partially) alleviating Crowdstrike customers’ Splunk budget. The acquisition totally makes sense, especially for customers that might only be using Splunk to manage Crowdstrike data. I’d expect that Humio would continue to be able to pull in non-Crowdstrike data, as the promise of correlation will only increase the value of the data overall.
5. Palo Alto Networks Announces Intent to Acquire Bridgecrew – In show #215, we reported the rumor that this acquisition was going down for a number north of $100m. That reporting appears to be accurate, with the final deal value reported as $156m in cash. It’s an amazing return for a company that had only raised $18.1m to date. The acquisition was announced days before the company’s second anniversary from its founding. Bridgecrew is in the rapidly expanding CSPM (cloud security posture management) space. “Highlight all my cloud config mistakes” is another way of thinking of this space.
6. Security Operations Firm Red Canary Raises $81M To Grow R&D – This brings Red Canary to a total of $125m in funding and I’m honestly glad to see it. Red Canary is one of the few managed security vendors that I consistently hear positive things about. Managed SOC has exploded in recent years, but in my experience, most MSSPs and MDR firms don’t do a great job with detection (or at least, don’t do any better than companies did before they outsourced the function).
7. How data breaches affect stock market share prices – Comparitech – Big thanks to Gabe Bassett from the Verizon DBIR team for bringing this one to my attention. We know that companies are rarely destroyed by breaches. The ones that do go out of business following a breach tend to be very small. However, the assumption many have (myself included) that big companies always fully recover from a breach seems to be false. This study shows that, from a stock market perspective, nearly all publicly-traded companies that suffer a public breach do worse in the market when compared to market performance before the breach.
8. John Scott-Railton on Twitter – This is one of the LastPass hot takes from John Scott-Railton, a senior researcher for Citizen Labs.
9. Changes to LastPass Free – The LastPass Blog – A lot of folks got ruffled by the recent changes to LastPass’s free tier, which has led to some hot takes on where parent company, LogMeIn, might be headed with its new-ish private equity owners. These owners apparently have a history of backing surveillance tech, which doesn’t sit well with folks trusting LastPass with all their passwords.
10. 1Kosmos Secures $15 Million in Series A Funding from ForgePoint Capital – Quick note: Forgepoint also contributed to two other funding stories this week: Strata and SPHERE! 1Kosmos appears to be trying to solve the complex, frustrating state of authentication. They have both an enterprise-employee-facing and enterprise-customer-facing product. Looks like they’re leveraging passive methods (certs, device identity) and smartphone biometrics to enable MFA and passwordless use cases. Looks like an evolution of the ubiquitous Duo push method, but uses biometrics instead of tapping “accept”?

Paul Asadoorian

Founder at Security Weekly

1. CircleCI announces privacy enhancements for engineering teams –
2. Nutanix announces additional ransomware protections in its cloud platform –
3. SecurityHQ Response: A mobile app that tracks the status of security incidents at any time –
4. CrowdStrike Delivers Advanced Threat Protection for Cloud and Container Workloads –
5. Kaseya acquires RocketCyber –
6. Tenable Launches Exposure Platform for Risk-Based Vulnerability Management of Dynamic Assets –
7. CrowdStrike Global Threat Report Highlights Key Trends in eCrime and Nation-State Activity –
8. Improve Your SecurityScorecard Security Rating with Score Planner –
9. PerimeterX bags $57M to shield enterprise websites from hackers and bots –
10. Trend Micro launches new XDR Trend Micro Vision One –
11. Imperva launches Sonar for unified enterprise security analytics –
12. Cisco AppDynamics Launches New Research, Revealing Unprecedented Demand for Full-Stack Observability –

Tyler Shields

CMO at JupiterOne

1. Datadog Signs Definitive Agreement to Acquire Sqreen –
2. The Briefing: Bumble Raises IPO Range, SentinelOne Buys Scalyr, And More –

Christopher Crowley – Consultant at Montance LLC

Christopher Crowley has been working in computers since he was fifteen years old. He currently operates a boutique consulting firm focusing on security operations. Montance LLC is a trusted independent Information Security partner providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Paul Asadoorian

Founder at Security Weekly

Tyler Shields

CMO at JupiterOne

Amit Malik – Principal Researcher at Uptycs

Amit is a Principal Researcher at Uptycs. He has specialization in threat detection, threat intelligence and security architecture. Prior to Uptycs, he has worked with leading cyber security companies like Mcafee, Fireeye and Netskope. He holds multiple patents in the area of threat detection and analysis. He actively contributes in security communities through blogs, trainings and tools.

Ganesh Pai – Founder and CEO at Uptycs

Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist (formerly Akamai, Verivue, NetDevices) and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Paul Asadoorian

Founder at Security Weekly

Tyler Shields

CMO at JupiterOne