Weekly Enterprise Security News and Tips on Building Security From Day 1 – Guillaume Ross – ESW #418
The Weekly Enterprise News (segments 1 and 2)
This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments.
This week, we’re discussing:
- Some interesting funding
- Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION
- Interesting new companies!
- On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they’re REALLY making sure that thing never happens again
- Flipping the script
- How researchers rooted Copilot, but not really
- talks to check out at Hacker Summer Camp
- detection engineering tips
- the Cloud Security Alliance has a new AI Controls Matrix
- sending in the National Guard to handle a breach!
- and how to read an AI press release
Interview: Guillaume Ross on Building Security from Scratch
Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms?
Guillaume has been a defender, a consultant, and CISO. He likes securing organizations, clouds, products and more, by refusing to implement the same things that have been tried and failed thousands of times already.
He is currently an IANS faculty member, teaches courses through IANS and Pluralsight, and is owner and consultant at [Caffeine Security](https://caffeinesecurity.com/)
Adrian Sanabria
- FUNDING/M&A – Courtesy of the Security, Funded newsletter, issue #204 – All Gas No Brakes
Black Hat is coming up soon, and that usually means we're in for a TON of announcements, and we're already seeing them roll in.
Last week's vibe check asked, "which of these security efforts has driven the most real impact in your org?"
The options were: reducing user friction, faster detection/response, training engineers/devs, communicating business risk, and 'other'.
The overwhelming winner was reducing user friction!
FUNDING
- Delve, a United States-based security and compliance automation platform, raised a $32.0M Series A from Insight Partners.
- Root Evidence launches with experienced founders and a $12.5M Seed round led by Ballistic Ventures to disrupt the vulnerability management market - This vuln mgmt disruption is just getting started, and it has been a long time coming.
- Command Zero, a self-described 'autonomous and AI-assisted cyber investigation platform', announced a $10 million strategic investment led by Okta Ventures, SE Ventures, and Crosspoint Capital.
ACQUISITIONS
- Palo Alto Networks pens agreement to acquire CyberArk for ~$25B
- Cynerio, a United States-based company securing the Internet of Medical Things (IoMT), was acquired by Axonius for $250.0M. Cynerio had previously raised $37.0M in funding.
- NEW COMPANY: Stealth startup founded by Brandon Dixon
Brandon Dixon founded PassiveTotal, which was acquired by RiskIQ, which was then acquired by Microsoft. After spending a few years at Microsoft focused on the SecOps stack there (Sentinel) and going deep into AI, Brandon has announced a new startup, though he isn't sharing any details yet.
Definitely a founder to keep an eye on.
- UPDATES: Reflecting on Building Resilience by Design
Crowdstrike would like us to know they're still sorry about that thing that happened a year ago and are trying to make it up to everyone.
- ESSAYS: Incentives for Security: Flipping the Script
The latest thoughts from Phil Venables
- ESSAYS: Cyber Resilience by Rick Howard
Some interesting thoughts on resilience and the path forward in security from Rick Howard.
- EVENTS: 2025 Hacker Summer Camp talks to watch
- DFIR: from The DFIR Report: KongTuke FileFix Leads to New Interlock RAT Variant
- LESSONS: Detection Engineering Field Manual #1 – What is a Detection Engineer?
- REPORTS: Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities
This is SUPER exciting to me, because my advice for 0day preparation is typically around broad passive mitigations and hardening. Stuff that makes post exploit activity more difficult for the attacker. But an early warning system is potentially an entirely new tactic for defenders, and a new use case for GreyNoise!
- NON-VULNERABILITY: How we Rooted Copilot
Spoiler: they didn't.
- TOOLS: Introducing the CSA AI Controls Matrix
- SQUIRREL: How to Read an “AI” Press Release — Sonja Drimmer
Ayman Elsawah