Before the COVID-19 pandemic caused a good part of the world’s working population to set up shop at home, the cybersecurity situation was already complicated, to say the least. Security teams were just about coming to terms with a much larger attack surface with containers, distributed environments, multicloud, IoT, and more. What no one was expecting, however, was an attack surface that would span the entire globe, which is pretty much what we see now. The VPN/firewall combo that we have relied on for so long has finally reached its limits, creating a void that startups are stumbling over themselves to try to fill with a slew of cybersecurity innovations.
1. Zero-trust architecture
First on our list of cybersecurity innovations is an Israel-based security firm that raised over $40 million in its Series B funding less than a month ago. Focused on disrupting the traditional VPN/firewall with its secure access service edge offering, Perimeter 81 takes traditional networking and security and rolls it into one easy-to-use software solution. Perimeter 81 provides users with secure remote networks based on zero-trust architecture. As opposed to the VPN/firewall/perimeter approach that assigns trust based on location in the network, the zero-trust model doesn’t believe in IP addresses, and every action is basically unauthorized unless it’s authorized.
What’s interesting is that zero-trust application access was launched and available to Perimeter 81 users as early as July last year, so they effectively had zero trust access to most popular web apps before the pandemic and massive switch to work-from-home. It was later that same month that Perimeter 81 partnered with SentinelOne, an organization that specializes in autonomous endpoint protection. What really got them into “disruption” territory, however, was the partnership with former Dell subsidiary SonicWall earlier this year. The SASE offering is a combination of Perimeter 81’s zero-trust networking and SonicWall’s cybersecurity capabilities.
2. Attack-surface discovery
As we already mentioned, work-from-home has considerably increased the attack surface in a relatively short period of time, not really giving security personnel much time to gear up. The next startup on our list is Cycognito, whose cybersecurity innovations focus on continuous attack service discovery and testing as a way to counteract this gap between growth and development. Cycognito announced it had raised $30 million in its Series B funding in July this year, bringing the total to $53 million. “Proactive” is the keyword here, and unlike a VPN/firewall combination that “stands” guard, the Cycognito platform is always doing something.
When it isn’t dealing with potential breaches, it’s constantly, extensively, and most importantly, proactively mapping and organizing all organizational assets and endpoints that are exposed to the Internet. Founded by national intelligence agency veterans, this platform really has a unique view on the subject of cybersecurity and literally puts you in the “shoes” of your attackers. Similar to how an attacker would look for weaknesses or paths of least resistance, the Cycognito platform uses a combination of big data and machine learning to find such vulnerabilities first. This kind of continuous attack service discovery is key to staying ahead of cybercriminals.
3. Cybersecurity posture assurance
Similar to how a parent corrects a child’s posture by constantly making sure he or she isn’t slouching, Spanugo assesses, and constantly corrects, an organization’s cybersecurity posture. Data protection and privacy are key elements of cybersecurity, and an organization’s ability to be compliant depends greatly on its “posture.” This is another example of an “active” solution that, in addition to constantly validating IT assets, also delivers continuous compliance and risk management. Spanugo’s automated security assurance platform (ASAP) reached general availability in January and is probably what caught Big Blue’s attention.
Earlier in June this year, IBM announced it was acquiring Spanugo, a U.S.-based firm specializing in cybersecurity posture management. While the announcement states the acquisition was to boost Big Blue’s cloud compliance, what’s interesting is that this is the fifth acquisition of a posture management firm since 2019 and IBM’s first acquisition since then, when it bought T-Systems for close to a billion dollars. Misconfigurations and unprotected user accounts are the woes of cybersecurity teams and the usual suspects when it comes to breaches or data leaks. Security posturing not only helps with regulatory compliance in real-time but also helps continually monitor and improve security.
4. Unsupervised machine learning
With smartphones and IoT devices causing the attack surface to spread faster than it can be secured, an organization called DarkTrace is modeling its defenses on the human immune system — a unique cybersecurity innovation. DarkTrace is a UK-based startup valued at $2 billion that uses unsupervised machine learning and artificial intelligence to actively hunt for attackers. The ability to not only spot patterns and trends across distributed environments but also keep learning from every experience makes this a powerful weapon against cyberattacks. In addition to detecting threats, DarkTrace warns against potential future threats and gives valuable insight on steps that can be taken to resolve or avoid such issues altogether.
With attacks becoming more and more sophisticated and many reports of AI being potentially weaponized, the enterprise immune system EIS from DarkTrace is getting a lot of attention. Vanessa Colomar, a member of DarkTrace’s board of directors, was quoted stating how it’s way too much work keeping attackers out, and that it’s “far more effective” to stop them once they’re in. DarkTrace not only scans your public cloud and SaaS systems like Salesforce, AWS, Office 365, and Azure but also emails and IoT devices. In a recent story, DarkTrace’s Antigena email product was successfully used to neutralize COVID-19 related email threats.
5. Behavioral fuzz testing
Similar to Netflix’s Chaos Monkey, which randomly attacks its own services to build resilience, fuzz testing is the process of inputting massive amounts of gibberish (called fuzz) to a computer program in order to make it crash. By throwing random data at a service before it is deployed, DevSecOps teams can learn in advance what the effects of a possible attack could be, and perhaps what countermeasures can be taken in advance. What’s interesting is that Gitlab, best known for its repository solutions, has bought not one, but two fuzz-testing startups in an attempt to double-down on security for DevOps teams.
The two-startups being added to Gitlab’s fuzz arsenal are Seattle-based Peach Tech and Israel based Fuzzit. While Peach Tech’s contribution includes two offerings, Peach Fuzzler and Peach API Security, Fuzzit integrates with CI/CD workflows and provides a hosted fuzzing service to continuously test code for errors and bugs. This double acquisition and integration with Gitlab’s platform will not only make this the first security solution to offer behavioral fuzz testing, but also the first one to shift fuzz testing left. Future updates include integrating Peach Tech’s DAST API security engine and Fuzzit’s crash correlation technology.
Guilty until proven innocent
With cyberattacks at a record high and attackers making use of every vulnerability, including the current situation in the world, security teams have been forced to “grow-up” and put on their big boy pants overnight. This has caused a shift in attitude towards security where unlike traditional solutions that were considered safe by default, every environment is now considered breached unless it’s secured, every action suspicious, and every user unauthorized, sort of like a “don't-trust-anything” policy. While it’s a combination of digital transformation and the current work-from-home scenario that has made perimeter-based network defenses obsolete, it’s the startups that are rolling out cybersecurity innovations for the future. While they all have unique and interesting approaches, the common factor here is that they’re all proactive security measures that take absolutely nothing for granted.
Featured image: Designed by Freepik