CyberCureME - Cyber Security Marketplace’s Post

Last week, I had the pleasure of speaking with Fahmida Y Rashid about Abstract’s emergence from stealth and $8.5M Seed round investment led by Crosslink Capital, Rally Venturesand Liquid 2 Ventures. Thanks Tom Reilly and Matt Bigge for contributing their perspective to the conversation. Every day I wake up feeling grateful to work on solving a problem that I saw developing in the market in 2002, but this conversation especially reignited my purpose, and I look forward to continuing to work closely with our talented team and beta-customers as we refine Abstract’s security analytics platform. Our mission is simple: to deliver on the promise that current offerings fall short of, while lowering costs. By giving security analysts access to the tools they need to correlate data in real-time between streams, separate compliance, and security data to increase detection effectiveness, analysts can focus on the threats that matter. Read the full piece in Dark Reading here: https://bit.ly/4afUVf6 

Congratulations to Abstract Security for raising $15M Series A to Expand Security Data Fabric Platform Abstract Security, a California-based security data fabric and analytics startup founded in 2023, has raised $15 million in a Series A funding round, bringing its total funding to $23.5 million. The round was led by Munich Re Ventures with participation from Crosslink Capital and Rally Ventures. The company provides data fabric, analytics, and data lake solutions designed to enhance threat detection, data management, and routing. Leveraging an AI-powered assistant, the platform centralizes analytics management, delivering actionable insights for compliance and security. Abstract’s solution aims to improve cloud visibility, optimize data streams, streamline SIEM strategies, and reduce operational costs and complexity. Additionally, its Abstract Intelligence Gallery marketplace offers over 100 integrations with leading security vendors, allowing customers to connect security data and threat intelligence seamlessly. With the new funding, Abstract Security plans to accelerate growth and strengthen its position in the security analytics and data fabric space. CEO and co-founder Colby DeRodeff highlighted the company’s focus on linking security analytics to business outcomes, noting its rapid customer growth and ability to integrate both legacy tools and modern solutions. https://lnkd.in/enE6s_bJ

Realm.Security Emerges From Stealth With $5 Million in Seed Funding: Realm.Security has emerged from stealth with $5 million in funding and a solution that helps organizations manage security data.  The post Realm.Security Emerges From Stealth With $5 Million in Seed Funding appeared first on SecurityWeek.

At the risk of once again running up the rumor mill, and this just being two friendly companies pumping each others valuations (watching the conflict of interest Mika R.), this one would actually be very smart. Wiz opened up ingesting results most recently with Checkmarx SAST, and most companies really want one portal to manage all of their scanning and scanner results. This is the single pane of glass we've wanted from "posture management" all along. If Wiz wants to be taken seriously as a vulnerability management player, they have a lot of ground to catch up on. Here are what I see as the main areas they don't currently have: 1. Ingestion integrations. 2. Data normalization from other tools. 3. Support for on-prem and end user endpoints, of which make up a lot of vulnerability scanning budget. 4. Strong Jira/Ticket management capabilities Knowing Wiz also takes acqui-hiring seriously, the Dazz team has done a remarkable job at maximizing the value of ML across data sources to build great remediation advice for different architectures, even when the data cannot be guaranteed. The choice ultimately comes down to if Wiz is willing to accept they can't be the only scanner in an organization or not, a realization many other players have yet to make with their gated internal only "SPM" solutions. A Dazz Acquisition would really mean Wiz being a serious Qualys/Tenable replacement for large diverse environments in about a year, and a lot of pressure on other CNAPPs to open up their platforms for third party data ingestion. https://lnkd.in/gXWwMsWH Also, in case this is just a friendly valuation pump, let me squeeze in other great providers in this space that are more moderns solutions to the vulnerability problem: https://lnkd.in/g8iVFgvW

Proud of the team at Snyk for continued true innovation and empowering the next phase of our disruption of traditional audit and vulnerability centric application security - #developersecurity with Snyk AppRisk. We shifted the industry left by enabling #devsecops - now with our application risk management approach, Snyk's latest application security posture management (ASPM) offering is designed to help enterprises successfully build, manage, and scale their developer security programs. Security needs to be built in, and it is a team sport - by bridging the observability world signals, and runtime security world signals, we are comprehensively enabling security teams to prioritize remediations, developers focusing on what truly matters and together improving productivity while reducing risk. Learn more: https://snyk.co/ugS6G or ready more on this here as I discuss what this means with Michael Vizard at Devops.com: https://lnkd.in/dtyhiup8 Thank you also to our launch partners on working closely with the team in bridging these worlds to benefit our customers - SentinelOne, Dynatrace, Sysdig, Nightfall AI

🚀 Exciting Times Ahead at BugBase! As we venture deeper into the realms of cybersecurity, our team is embarking on an incredibly thrilling journey. The blueprint for our latest venture - a testament to innovation and cutting-edge technology - is coming to life, and I couldn't be more excited to share a glimpse of the groundwork. 🔍 Crafting the Blueprint Designing the architecture for our upcoming project has been both challenging and exhilarating. We're meticulously planning every detail, from considering enterprise deployments to understanding SOC whitelisting. The choice between graph and SQL databases, the integration with ASMs, the design of lightweight agents, data communication and security, and the intricacies of multi-tenant database deployments - each decision is pivotal. Our aim? To bring unparalleled contextual efficiency to the offensive security domain, facilitated by AI. The journey involves navigating through complex terrains of technology, but the destination promises to redefine the standards of red team operations and pentesting automation. 🤖 A Glimpse into the Future While I can't reveal too much yet, the attached architecture diagram (though a bit blurred for now) symbolizes our forward-thinking approach and our commitment to innovation. It's a sneak peek into the future we're building - one that empowers businesses to fortify their defenses like never before. Stay tuned for more updates as we continue to push the boundaries of what's possible in cybersecurity. #CyberSecurity #Innovation #Technology #AI #ArchitectureDesign

Securing the Future of GenAI: Prompt Security's Series A Milestone 🎉 I couldn’t be prouder to announce that Prompt Security has secured $18 million in Series A funding, led by Jump Capital with participation from Hetz Ventures, Ridge Ventures, and tech giants Okta and F5. This milestone is a testament to the dedication of our team, now 30 employees strong, the trust of our customers, the collaboration with our partners, and the unwavering support of our investors. Just 10 months ago, we emerged from stealth with a clear mission: to enable enterprises to harness the power of Generative AI safely and securely. In this short time, we've witnessed exponential growth in both GenAI adoption and its associated risks, underscoring the urgent need for comprehensive GenAI Security. At Prompt Security, we've risen to this challenge, and our growth has been remarkable: We’ve quadrupled revenue and grown our customer base fivefold, including Fortune 500 companies. But we’ve also achieved recognition beyond our core business, whether it was with the Prompt Fuzzer - the first open-source vulnerability assessment tool for GenAI Apps -, winning the CPX Innovation Sandbox, gaining recognition in a dozen Gartner Hype Cycles, or being part of the seventh cohort of Deloitte Launchpad. The urgency of our mission is clear: almost 30% of enterprises deploying AI have experienced an AI security breach. This new funding will help us expand our geographic footprint and presence across industries, protecting more enterprises from GenAI threats while offering clear visibility into and governance over GenAI tools. Security should be a catalyst for innovation. I look forward to reaching new heights as Prompt Security builds a secure future for GenAI, one enterprise at a time. Yours, Itamar Read more >> https://lnkd.in/d2f-J7fQ

Fortunate to have Christopher Hertz as a new MissionOG advisor and especially appreciate the wisdom shared during this session. A sampling: "The future of application security shouldn’t solely revolve around evolving remediation strategies; this narrow focus is part of the problem. Instead, the emphasis should shift towards building resilient software from the outset. With the increasing integration of automation and AI, the goal is to empower developers to proactively incorporate security measures into their workflows from day one." https://lnkd.in/eSH2S27e

How much do you trust your #AppSec program? Verify your software builds and organizational portfolio with ReversingLabs #SpectraAssure for #softwaresupplychainsecurity. The short of it: Complex binary analysis + reproducible builds = trust.

Acquisition hot takes: 1. Wiz acquiring Gem Security makes both a lot of sense and no sense at all. It makes sense theoretically because both tools leaned heavily into agentless, and Gem has some amazing content/alerting from an agentless perspective. It makes no sense because there's nothing Gem was doing that Wiz didn't already have the capabilities of doing themselves with their existing data ingestion points. I'm interested if Wiz is going to double down on the idea of agentless CDR while continuing to build on their endpoint agent. 2. Zscaler buying Avalor Security (a Zscaler company) - I can't even begin to guess what the plan is there, is ZScaler going to get into the vendor neutral vulnerability and asset management space? Somehow it's helping with AI? 3. GitLab acquiring Oxeye sorta makes sense, but also doesn't - Gitlab's in house security scanning is basically non-existent because it relies on orchestrating third party tools, so bolstering that makes sense. But Oxeye's runtime view from the agent is what made them unique, and I don't see a GitLab security agent coming any time soon. What really matters: some small teams made great money and now other founders can use these big numbers to justify their next funding rounds 😉