The Cyber Why: What We Read This Week...
... and why you should too! (4/28/23)
This week’s Cyber Why pairs well with a glass of Blantons and my beloved Carolina Hurricanes hockey team winning yet another playoff game. Dust off those bottles, pour a sip and get ready to read. I know I will!
In this week’s TCW - AI is the big buzzword at the RSA conference, and companies are throwing it into their products left and right. I mean, why not? It's 2023, and you gotta 2023, right? The second half of the “year of AI” is morphing into an M&A dream season or a cybersecurity startup bloodbath. Either way, it’s going to be eventful. Gadi Evron and Team8 put out some awesome research on the impact of AI on cybersecurity (top read of the week). And last but certainly not least, we talk about Fluffy Dancing Snuggle DUCKS!
AI News Dominates RSA Conference 2023
SentinelOne sticks generative AI into its stuff because 2023 gotta 2023 (The Register)
JupiterOne Enters RSA 2023 With Innovative AI Capability (PR Newswire)
GitLab’s new security feature uses AI to explain vulnerabilities to developers (TechCrunch)
IBM launches AI-powered security offering QRadar Suite (TechTarget)
Torq unveils Hyperautomation Security Platform infused with GPT (Security Blvd)
Google brings generative AI to cybersecurity (TechCrunch)
Supercharge security with generative AI (Google)
10 hot generative AI products and companies at RSAC 2023 (CRN)
I wasn’t on the ground in SF this week. Instead, I followed the news and attempted to build some vision of significance from all of the tweets, articles, and press releases. From an external perspective, RSAC is exactly what I thought it would be - an amazing time to rekindle face-to-face friendships and take in the latest marketing BUZZ in the cybersecurity universe. AI announcements dominated this year's news coverage, with vendors trying to cash in on the latest GPT/AI craze.
I read each announcement in detail, and it appears there are two specific themes this year. One - threat hunting over mountains of data using GPT to find, predict, analyze, and summarize issues. Two - automating security engineering tactics and taking action after a vulnerability is discovered.
Assuming it’s not all marketing smoke and mirrors, the news is exciting as it appears to help lessen specific pains for the customer. This generation of security AI is focused on the low-hanging tactical fruit, such as automating repetitive tasks and obtaining predictive discovery using threat and event data that the security team already collects. AI-driven security will get REALLY interesting when we add global asset data to the mix and automate the fixes in near real-time. If I polish up my crystal ball, the future looks like cyber AI may be the unifying technology that brings all security tools under one umbrella. (I dare to DREAM!)
I’m most excited about the Google and Microsoft announcements. They aren’t taking a siloed approach to their technology. Instead, they are really looking holistically at how massive data sets can be analyzed and automatically remediated to create a self-healing system. The announcements you see linked above are just the opening act to what those two companies will eventually deploy.
I don’t think we’re sitting on a heap of marketing fluff. In my opinion, we’re about to embark on a massive evolution in cyber security capabilities. Buckle up - the next two years are going to be insane!
Mass Compromise and Offensive AI Innovation
Sans reveals top 5 most dangerous cyberattacks for 2023 (Dark Reading)
Let’s play a quick game. What do the following list of attack terms all have in common (hint there are two separate concepts):
Malvertising, SEO Boosted Attacks, Developers As a Target, Offensive Uses of AI, Weaponizing AI for Social Engineering.
The attacks are either AI-based or use a force multiplier for mass compromise. You can regard the AI-based attacks as the innovation center of an evil corp empire. The attackers are experimenting and learning how this class of AI attacks can result in massive compromises and financial windfalls. On the other hand, force multiplier-style attacks are designed and executed today to compromise as many targets as possible to make MONEY. One is the business cash cow, and one is the innovative next style of attacker business model.
Does 2023 Mark The End of Days For Startups?
These 4 Charts Show That Slowly But Surely, Startup Funding Deal Sizes Are Shrinking (Crunchbase)
M&A Exits For VC-Backed Cyber Startups Continues To Sputter (Crunchbase)
US VC trends in 5 charts for Q1 2023 (Pitchbook)
If you believe everything you read, we are entering the end of days for many cash-strapped startups. The cybersecurity startup world is in the same boat as everyone else as valuations are overinflated, M&A has stalled, and funding is dried up, leaving little option but to become self-sufficient or lower your valuation into the new reality and hope someone agrees with you. However, I am not nearly as “doom and gloom” as these articles are. H2 2023 should bring with it an onslaught of cybersecurity M&A as larger vendors gobble up smaller ones at (compared to 2021) fire sale prices. It looks like buy one get one free time at the cybersecurity company store this fall!
A CISO’s View - Generative AI and ChatGPT
Generative AI and ChatGPT Enterprise Risks (Team8 CISO Village)
If you don’t know who Team8 is, you probably live under a rock. Team8 is one of the most prolific and successful cybersecurity investors on the planet. Not only do they consistently pick winners, but they also understand market and technology analysis at a level many only aspire to. So when they dropped this CISOs view into the risks of AI, I instantly rated it a must-read. Authors Gadi Evron and Bobi Gilburd, with the assistance of 8 top-end CISO leaders, wrote a pragmatic opinion on what they perceive to be today’s enterprise risk from generative AI. If you want to know the meat behind the AI hype, this one is a good piece to read.
Fluffy Dancing Snuggle Duck - OH NOES!
Hacker Group Names Are Now Absurdly Out of Control (Wired)
I mean seriously. This article hits it right on the nose (no, not the noes). The names of hacker groups today have gone full ludicrous mode. They have moved past the “funny haha zone” and entered the “WTF WHY?!” seating area in the arena. Check out the list of names referenced in this article alone (I’ve bolded the funniest). This list is about as stupid as naming your twin children: Twina and Twinb!
Fancy Bear, Refined Kitten, Sea Turtle, Pawn Storm, Iron Twilght, Kimsuky, Emerald Sleet, Velvet Chollima, Phosphorus, Mint Sandstorm, Iriduim, Sandworm, Seashell Blizzard, Barium, Brass Typhoon, Periwinkle Tempest, Pumpkin Sandstorm, Spandex Tempest, Gingham Typhoon, Telebots, Voodoo Bear, Hades, Iron Viking, Electrum, EvilCorp, Charming Kitten, Candiru, and Caramel Tsunami.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!