The Cyber Why: What We Read This Week...
... and why you should too! (5/3/24)
T-Minus three days to RSA! It’s time to pack up the swag and datasheets and b-line straight out to Moscone Center for the annual schmoozefest called the RSA Conference. Several members of The Cyber Why team will be there handing out stickers and other swag items, so please grab one of us and say hello!
In this week’s TCW, we wax eloquent regarding the 2024 RSA Innovation Sandbox finalists, get depressed thanks to the 17th DBIR report where nothing got better, debate the natural fit between Aqua (water) and Orca (whales), watch as a Darktrace short gets slapped back to reality, and finally talk about Tyler’s FAT HEAD! All this and more in this weekly The Cyber Why!
RSAC Innovation Sandbox 2024 Cohort
RSAC Innovation Sandbox 2024 - Who to Watch ([Latio Pulse] )
The RSA Conference is just a few days away! Hot press releases, venture funding, acquisition rumors, and product announcements have been flooding the newswire. It’s the time of year that some of us loathe (introverts unite), and many of us cherish (extroverts, I don’t understand you!). It’s a time to analyze where cybersecurity is headed, readdress our strategy and trends, meet up with old friends, and make some new ones as well. One of the hottest discussion items each year at RSA is the Innovation Sandbox finalists. These companies are supposed to be the most innovative, unique, and compelling product offerings in their rookie class. Some go on to become massive publicly traded companies, and many sell for hundreds of millions of dollars to the highest bidder. Either way, it’s a time when analysis of these companies makes a lot of sense and is something we should at least take a glance at.
This year, the companies fall into the following general categories: Identity Innovation, Generative AI Security, Cloud and Kubernetes Security, and Exploit Intelligence. The biggest thing about each of these companies is that their products and technology are unique, elevating them above the category confusion that plagues the rest of the cybersecurity startup world. Good luck to this cohort… it’s going to be fun to watch you grow up!
Aembit - Secure Machine-to-Machine Token Authentication
P0 Security - Just In Time (JIT) Access to APIs, Workloads, and Infrastructure
Harmonic - Generative AI Data Security
Antimatter - Generative AI Security
Rad Security - Kubernetes Security and Cloud Native Threat Detection and Response
VulnCheck - Exploit Intelligence for Vulnerability Prioritization
Antimatter - Make data safe for GenAI, fast!
Bedrock Security - Frictionless Data Security
Reality Defender - Detect Generative AI Threats
Dropzone.AI - AI SOC Analyst
Tyler’s Verizon DBIR Depression Kicks In
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches (Dark Reading)
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways (SC Media)
2024 Data Breach Investigations Report DBIR (Verizon)
This report is one of my favorite reports of the year - yet I’ve stopped reading it cover to cover. It’s not because of a lack of available time that I have given up on the content. Instead, it’s a lack of hope. Maybe this is where my jaded old cyber personality comes out. In the last 17 years of analyzing the DBIR I have seen next to ZERO improvement in the state of cybersecurity. Sure, the goalposts of success have moved, the weapons chosen by the adversaries have changed, and the defensive models have advanced, but in actuality, we are no better off today than we were a decade and a half ago. Please comment below if you are more hopeful about the future of cybersecurity and help me see that a positive future can exist (hit the comments below). In the meantime, here are some of the interesting statistics that jumped out to me in this year’s report:
Primarily thanks to the MoveIT attack, vulnerabilities as the first entry point jumped 180% year over year. Attackers can weaponize their attacks rapidly, making them highly successful.
MoveIT accounted for 8% of all reported breaches.
Extortion attempts occurred in 32% of all reported breaches. The average loss was $46K per successful breach.
The average time to remediate a 0-day is 55 days. The average time to weaponize a new vulnerability is five days. That’s nearly TWO MONTHS of exploitability window, assuming everyone fixes their issues on day one. That’s BAD!
68% of breaches involve a "non-malicious human element"—phishing, misconfiguration, or other human mistakes. To quote the great T. Swift…
Two Formidable Companies Join Forces to Fight Cloud Workload Compromise
Integrating Aqua Security with the Orca Cloud Security Platform (Orca Security)
(Katie pick) I saw this coming, and I think it’s big. These are two powerhouse companies working together to identify and remediate cloud-based compromise in near real-time. With this integration, Orca and Aqua are knocking down the common arguments against each other’s tech approach: “Agents can’t see where they’re not deployed.” “Agentless technologies can’t see into the workload.”
These arguments are used by vendor sales teams all the time, depending on which side of the agent vs. agentless fence they sit on. The reality of any networking is that security teams need both. Without the ability to monitor and control endpoints and the ability to monitor and control traffic, blind spots will remain.
This integration — and similar ones in the future — could threaten cybersecurity asset management (CAM) companies if they’re not careful. I know (as well as anyone) that the message from CAM is, “We aggregate data from these tools and more.” While true, Orca and Aqua have the capital and the brand recognition to spin the narrative in their direction and secure tightening budgets — especially because cloud compromise is something CEOs are being warned about.
Aqua and Orca have repeatedly proven themselves; this looks like it will be a big win for end users. And I wouldn’t be surprised to see an acquisition in the near future.
Editors Note: Is it me, or are Oracs and Aqua totally meant to be together?
Shorting Darktrace Seemed Brilliant. Until It Didn’t.
Thoma Bravo to buy UK's Darktrace for around $5.3 bln (Reuters)
(Adrian Pick) I think there’s a lesson here. In my part of the cybersecurity industry, Darktrace is a bit of a joke. I don’t think I’ve ever encountered someone happy with the product. It seemed clear that it was a small amount of tech (open source, at that), with a lot of window dressing around it. Shades of FireEye.
With the Thoma Bravo take private announcement, suddenly, we were all second-guessing ourselves. Were we wrong about them? Is everything Darktrace marketing has been claiming - the digital immune system stuff - is all that validated now?
It’s not an enormous win, but a solid one - Thoma Bravo’s offer is ~8x on 2023 revenue. FireEye (after it split from Mandiant) exited at a steeply declining 1.2x to Trellix. It makes me wonder how much of a shock this has been for the folks at Quintessential Capital Management, who released a scathing report on Darktrace just over a year ago and announced they were shorting it. If we assume QCM was shorting DARK when they published this report, DARK was around 250 pence on the LSE. After the announcement from Thoma Bravo, DARK leaped from ~450 up to 600 pence. Ouch.
Republicans have FAT HEATS! </clickbait>
AI Can Tell Your Political Affiliation Just by Looking at Your Face, Researchers Find (Gizmodo)
This most definitely qualifies as a story #5. As you know, #5s are supposed to be funny, irreverent, quirky, or just downright weird. This particular story falls into the downright weird bucket. Recent research has shown that just by looking at a person’s still and emotionless face, AI can accurately predict if you are a liberal or a conservative. WTF?! Apparently, the researchers had this to say:
According to this analysis—and, I have to warn you, it’s kinda funny—liberals and conservatives have markedly different facial morphology. Liberals have “smaller lower faces” and “lips and noses [that] are shifted downward,” and chins that “are smaller” than conservatives, researchers write. Researchers repeat the key conclusion later on: “liberals tended to have smaller faces.”
So, according to this theory, if you have a tiny face, you’re probably a progressive. Or, by contrast, if you have a big fat face, there’s a good chance you might be a Trump voter.
Quick Hits and Hidden Gems
Tenable Bolsters Its Cloud Security Arsenal with Malware Detection (Tenable BLog) - And the water gets murkier! Tenable adds CNAPP-style capabilities, including malware detection in workload, to its stable of technologies. The centers of gravity are getting closer day by day!
Microsoft bans US police departments from using enterprise AI tool for facial recognition (TechCrunch) - This could end up being controversial. When the risks of AI impacting privacy become “good for the general population,” we are going to have explosive debates. Watch this one over the next few years.
Apple’s $110 Billion Stock Buyback Plan Is Largest in US History (Bloomberg) - It’s usually a good sign when a company believes enough in themselves to buy back shares. Watch $APPL closely as it moves into the second half of 2024.
Examining the Deception infrastructure in place behind code.microsoft.com (Microsoft Blog) - For over 2 years code.microsoft.com has been a honeypot! The data they collected was incredibly useful to MS and the community at large.
Harvesting Ideas from Questionable People (Dan Meissler) - This resonated with me. Everyone should read this and evaluate how they perceive others and the world and how they are able to learn while maintaining their own moral code.
The Future of SOC Automation Platforms (Francis Odum) - A great report on the modernization of the SOC and the technology stack to go with the updated processes. This research should also be reproduced for Appsec, Cloudsec, Infrasec, and all other *Sec derivatives).
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!