Today DataTribe released the firm’s Q1 2023 Insights report, which assesses how the cybersecurity funding market compares to other tech, as well as how cyber funding compares to prior years.
John Funge, Managing Director at DataTribe provided this commentary:
Big picture, while the slowdown is painful in some cases, we see it as an overall healthy thing. The investing pace and valuations in cyber over the last few years have been overheated. With the economic headwinds, we are seeing a flight to quality where fewer funding transactions are happening with a higher bar for startups to meet.
For enterprises, there are a number of potential implications that the market headwinds will have:
- Financial strength of vendors becomes a more prominent consideration: The balance sheet of vendors may be more of a consideration in looking at existing and new relationships. If a vendor that is burning cash has difficulty raising a next round of financing, that risk can flow onto customers.
- Consolidation and M&A activity: Larger cybersecurity companies will likely take advantage of the market environment to make acquisitions as valuations come down. There will likely also be consolidation through weaker companies not surviving — as well as less compelling product ideas not getting funded. The medium to long term benefit of this will be some rationalization of the highly-fragmented tech stacks that enterprises depend on. A potential drawback is that beloved products may end up in the hands of larger vendors that are less agile, harder to deal with, and not aligned with the enterprise vendor’s strategy.
- New products will promise to do the work of multiple current products: In an environment where cyber spending is more closely scrutinized, startups will adapt and align value propositions to focus on cost reduction. Security leaders can expect new products promising to replace multiple current products.
- Marketing budgets in cyber will pull back: CISOs and security leaders are the focus of a torrent of enterprise marketing firepower. Marketing budgets are often one of the first areas to be trimmed in a cost cutting environment. For enterprise security leaders, this may bring a welcome reduction in the intensity of cyber marketing. However, there’s some much marketing activity aimed at enterprise cyber leaders, it may not be easy to notice.
Currently, seed stage cybersecurity is largely buffered from the broadened economic forces. Entrepreneurs will continue to innovate, and we are seeing a continuous flow of great founders and ideas at the seed stage. As is often said, some of the greatest companies are born during the worst economies. We don’t see it any differently this time around.
You can find the live DataTribe Insights Q123 report here: https://datatribe.com/dt-insights-q123/.
Crowdstrike Encourages The Use Of AI To Target Malwareless Attacks
Posted in Commentary with tags CrowdStrike on April 27, 2023 by itnerdAt this year’s RSA Conference, CrowdStrike’s Joshua Shaprio said this:
In short, Crowstrike has been dealing with about one malwareless cyber issue a week during the last couple quarters reaffirming data reported earlier this year that 71% of cyberattacks were carried out without malware and highlighting the challenges cybersecurity teams face trying to combat such compromises.
Using a case study, the two illustrated the “layer A problem” involving the bad actor’s in-depth reconnaissance and use of dedicated machines to hide identities and avoid detection resulting in the threat actors set up with their own users on the network, free to exfiltrate data, compromise the cloud, and add themselves as a SQL server admin.
During their RSA keynote, both CrowdStrike CEO George Kurtz and President Michael Sentonas used a case study to illustrate the “layer A problem” involving the bad actor’s in-depth reconnaissance and use of dedicated machines to hide identities and avoid detection resulting in the threat actors set up with their own users on the network, free to exfiltrate data, compromise the cloud, and add themselves as a SQL server admin. More on that in a moment.
From an Akamai report on that attack:
“The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users. By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database. A ransom note is left in a table named WARNING, demanding a ransom payment of up to 0.08 BTC.”
During their RSA keynote both Kurtz and Sentonas highlighted that without the standard malicious code to detect, companies need to consider strategies with robust telemetry gathering activities from the endpoint to the cloud, and to manage identity data with greater granularity, and, with the use of AI and machine learning, find anomalous activity among that data.
CrowdStrike CEO George Kurtz spoke about this to Bloomberg:
Dave Ratner, CEO, HYAS:
“Increasing an organization’s visibility into the real-time activities inside the network is quickly becoming critical for business resiliency against modern attacks. The ability to identify anomalous outbound communications from both the IT and OT networks can dramatically reduce the elapsed time from infection to detection and remediation and may be the only signal that allows organizations to get ahead of an attack before data exfiltration, encryption, and other actions that impact business continuity.”
Clearly the use of AI by those who defend against attacks is growing. Just look at Google and the announcement that they made at RSA. This is something that defenders need to consider in order to keep our digital assets safe.
Leave a comment »