10 Cybersecurity Companies Making Moves: April 2023
We’re taking a look at some of the cybersecurity companies that launched new products and partner programs, announced acquisitions or made key executive hires in April.
Hot Market, Big Moves
For many cybersecurity companies, a major focus last month was the return of the RSA Conference. According to many who spoke with CRN, the four-day event was the first full-throttle RSAC since the start of the pandemic. Tens of thousands turned out to the Moscone Center in San Francisco for face-time with customers and partners, and to pack into keynotes and the massive show floor. Our April roundup, then, is unsurprisingly centered around what happened in connection with RSAC 2023 — but not exclusively. Plenty of top cybersecurity companies made big moves in April that weren’t directly related to the conference, including vendors and solution providers that raised new funding rounds, acquired startups, launched partner programs and made key executive hires.
And while many of the month’s major product announcements were tied to RSAC 2023 — including several that involve bringing new types of generative AI to cyber defense — April also saw the introduction of other notable security tools and services, as well. Key product announcements in April included launches from CrowdStrike, SentinelOne, Cisco and Wiz. The growing demand for better threat detection and improved security operations — such as through XDR (extended detection and response) and next-generation SIEM (security information and event management) tools — was a running theme across many of the new product launches. Other product moves in April included the debut of a new service from Google Cloud to help improve the security of using open source software (OSS).
What follows are the key details on 10 cybersecurity companies that announced big moves in April 2023.
In mid-April, Google Cloud anounced the general availability of its Assured Open Source Software service for two major programming languages, Java and Python. The free service enables users to utilize the same open-source packages that Google uses, which have been tested for security issues and validated by Google. When it comes to open source software, “unless you’re the true builder of the package, it’s very hard to provide and provide your customers with assurance of what actually went into that software,” said Andrew Chang, group product manager at Google, in an interview with CRN.
Using the Assured Open Source Software service, however, would represent the fastest and easiest way for users who “want to have similar security [to what] Google has” on their use of open-source code, Chang said.
Initially, the service includes more than 1,000 packages from the Java and Python ecosystems, and Google Cloud plans to expand it to other programming languages going forward, based on customer demand, he said. “We have a unique opportunity as Google, with a good view of what enterprise software companies use, a good view of how open source software is created — to apply our own expertise around what are the most-risky packages, what are the ones that seem most popular, and hone in on that.”
In early April, Cybereason made a pair of announcements, disclosing that it has appointed an executive from investor SoftBank Corp. as its new CEO, while also raising $100 million in new funding led by the investment firm. Shares in the Series G round were sold at a massive discount to the shares in Cybereason’s previous round in 2021, and the company’s valuation has fallen below the $1 billion “unicorn” level, Axios’ Dan Primack reported.
The new CEO, Eric Gan, takes over for Lior Div, who co-founded Cybereason in 2012 and has served as its chief executive since the beginning. Div is now serving as an advisor for the company, Cybereason said in a news release.
The appointment of Gan, an executive vice president of SoftBank, as CEO comes as Cybereason seeks to “advance its innovation” in its core areas of XDR (extended detection and response), EDR (endpoint detection and response) and endpoint protection, the company said. Gan, who formerly co-founded mobile telecom firm eAccess, has been involved with Cybereason since SoftBank’s original investment into the company in 2015, according to the news release.
SentinelOne unveiled a major new product at RSAC 2023 that shows where the company is going next in its efforts to bring greater automation to cyber defense, SentinelOne co-founder and CEO Tomer Weingarten said during an interview at the conference. The new threat hunting tool, dubbed Purple AI, will be available on its Singularity platform and utilizes a large language model (LLM) in an effort to dramatically improve productivity for security analysts. “I think for us, it’s a whole new way to reimagine cybersecurity,” Weingarten told CRN. “What it can do — even today in the limited preview that we put out there — is astounding. It takes any entry-level analyst and makes them a ‘super analyst.’”
The large language model that’s helping to power Purple AI leverages both open-source and proprietary offerings, including OpenAI’s GPT-4, the company said. Purple AI is the first in a series of planned products that will be powered by generative AI.
At RSAC 2023, SentinelOne also unveiled its Singularity Security DataLake. The offering promises to ingest data from security products — including a number of third-party tools — and unify it in one place for automated analysis. The data lake also works in tandem with Purple AI, which “sits on top of the data lake so that it has access to all the data that you put in,” Weingarten said.
SentinelOne / Wiz
SentinelOne had a third major announcement at RSAC 2023, as well, with the disclosure that early availability has begun for the company’s “exclusive” integration with Wiz, a fast-growing cloud security vendor that recently became the top-valued cybersecurity unicorn at $10 billion.
The integration is between SentinelOne’s cloud workload protection platform and complementary capabilities from Wiz, including its widely used cloud security posture management technology. The move is “really about creating a more-seamless experience” for partners and customers, through simplifying management and creating “compounded value by joining two separate parts of cloud security into one cohesive fabric,” Weingarten said.
Assaf Rappaport, co-founder and CEO of Wiz, told CRN that this type of tight integration between two widely deployed cybersecurity vendors can help meet the rising demand for tool consolidation from customers and partners.
“Everybody talks about consolidation,” Rappaport told CRN, but it doesn’t necessarily need to be vendor consolidation. Instead, SentinelOne and Wiz are working together to create “platform consolidation [around] how these things work together” to achieve the same improved outcome for partners and customers, he said.
In April, Akamai Technologies unveiled an agreement to acquire a startup in the API security space, Neosec, to bolster its portfolio of offerings in application and API security. Terms of the deal weren’t disclosed.
Neosec has raised $20.7 million in funding since it was founded in 2020. The startup’s team, including founders Giora Engel and Ziv Sivan, are expected to join Akamai, the company said in a news release. Neosec has 40 employees, located in Israel and the U.S., the startup said in an email to CRN.
Security threats to APIs have emerged as a major new area of focus in the cybersecurity industry amid the growth in usage of APIs by the increasing number of organizations that offer their own software. Gartner has reportedly predicted that by 2025, more than half of data theft incidents will be attributable to insecure practices around APIs.
In April, CrowdStrike unveiled Falcon Complete XDR, a new managed XDR (extended detection and response) offering that aims to make the technology applicable to more customers and partners than it has been to date. As a managed XDR offering, Falcon Complete XDR follows the model of CrowdStrike’s popular managed detection and response (MDR) service. CrowdStrike’s MDR offering has provided 24/7 management of the vendor’s EDR technology to customers that lack the resources to do so themselves. In the same way, the CrowdStrike MXDR aims to offer around-the-clock management of the vendor’s XDR platform.
CrowdStrike’s managed XDR offering also integrates tools from vendors in the CrowdXDR Alliance in key segments such as security service edge (Cloudflare, Netskope, Zscaler, Skyhigh Security, Menlo Security); identity security (Okta, ForgeRock, Microsoft Azure Active Directory, Ping Identity); email security (Mimecast, Proofpoint, Microsoft 365, Cisco Secure Email, Abnormal Security); network detection and response (Corelight, ExtraHop, Vectra); and firewalls (vendors including Palo Alto Networks and Cisco).
In addition to 24/7 management of the XDR platform, the MXDR service also includes threat hunting, monitoring and remediation, CrowdStrike said.
Optiv announced a new partner program in April that brings a heightened focus on using data to drive growth along with improved cybersecurity for customers, executives told CRN. The program — which provides the basis for Optiv’s partnerships with other companies, predominantly cybersecurity vendors — aims to provide a clear roadmap for working with the company to serve end customers, said Alan Mayer, senior vice president of partners, alliances and ecosystems at Optiv. The Denver-based security solutions and services provider powerhouse said it currently works with more than 450 partners.
The program brings a “data-driven approach that allows us to give unprecedented value back to our partners, which in turn drives better outcomes,” Mayer said. Security vendors mentioned by Optiv in a news release about the new partner program are CrowdStrike, Palo Alto Networks and Proofpoint.
In an interview with CRN, Optiv CEO Kevin Lynch said that the new program provides “an ability for us to actually — commonly with our partners — look for spots to break from convention and do something different, and materially better for our clients and for obviously the economic interest. For instance, the program helps to provide the basis for Optiv to deliver more solutions and services that deliver a “managed outcome” with “multiple technology partners,” instead of just one, he said. “That’s breaking convention. No one has ever done that.”
At RSAC 2023, Google Cloud unveiled its Security AI Workbench offering that’s powered by a new, security-specific large language model (LLM) known as Sec-PaLM. The model utilizes Google Cloud’s security intelligence via Google’s broad visibility into threat data and Mandiant’s esteemed threat intel around vulnerabilities and malware, as well as threat actors and threat indicators, according to Google Cloud.
“Rather than just say we’re using a Google version of the large language model, we’ve actually built a new security LLM,” said Sunil Potti, vice president and general manager for Google Cloud’s security business, in an interview. While Sec-PaLM is based on Google’s LLM, “it’s customized and purpose-built—custom-trained—using security-related data coming from all of our sources that we have currently,” Potti told CRN.
The Google Cloud Security AI Workbench is aimed at helping to reduce the overload from threat data and the large number of security tools in use, the company said. Customers will be able to provide their private data to the Security AI Workbench platform only at inference time to enhance privacy, Google Cloud said.
The first place Google Cloud will be implementing Security AI Workbench is with a new offering, VirusTotal Code Insight, that uses the technology to analyze potentially malicious scripts and explain their behavior, ultimately helping to improve the detection of which scripts are a real threat, Google Cloud said. The offering is now in preview. Other offerings using Security AI Workbench “will be available in preview more broadly this summer,” the company said in a post.
At RSAC 2023, Accenture announced that it’s expanding its partnership with Google Cloud around cybersecurity, with the launch of new Managed Extended Detection and Response (XDR) service powered in part by the Security AI Workbench offering. The service is also built on the cloud-native SIEM platform from Google Cloud, Chronicle Security Operations, and leverages threat intelligence from Mandiant.
Accenture expects to see strong demand from customers for the service going forward, due to the fact that “this is something that is not really available in the market,” said Paolo Dal Cin, global head of Accenture Security, in an interview. The Accenture partnership is a chief example of how Google Cloud is working to “democratize access” to security-focused generative AI in tandem with its partners, Google Cloud’s Potti told CRN.
The Security AI Workbench provides Accenture’s security analysts with improved productivity and faster access to Mandiant threat intelligence, which is embedded in the offering and can be leveraged through the generative AI interface, according to the companies.
In a second announcement from Accenture at RSAC, the company announced an expansion of its partnership with cybersecurity giant Palo Alto Networks, focused around delivery of secure access service edge (SASE) technology. The joint SASE solutions from the two companies will be powered by Palo Alto Networks’ Prisma SASE platform, and will be delivered with a number of integrated services. Those include diagnostic and advisory services, implementation services and managed services — with a “SASE-as-a-Managed-Service” option for end customers, according to Accenture and Palo Alto Networks.
Cisco revealed at RSAC 2023 that it’s launching a new extended detection and response (XDR) platform that’s been built from the “ground up” and goes beyond the prior XDR capabilities that have been available in the tech giant’s SecureX offering, according to Jeetu Patel (pictured), executive vice president and general manager of security and collaboration at Cisco. The new Cisco XDR platform fuses network detection and response (NDR) and endpoint detection and response (EDR), providing “cross-domain telemetry” in a way that no one else in the market is doing, Patel said. The offering also stands out from security information and event management (SIEM) products by being “near real-time” when it comes to delivering threat detection and prioritization, he said.
In addition, Cisco XDR is differentiated by providing “high-fidelity data” from across the company’s various first-party security tools, such as Cisco Secure Client (formerly AnyConnect) for endpoint, he said. The XDR platform integrates a significant number of major third-party security products as well. Those include EDR tools (Microsoft Defender, Cybereason, Palo Alto Networks Cortex XDR, SentinelOne Singularity and Trend Micro Vision One); email security (Microsoft Defender for Office, Proofpoint); next-generation firewall from Palo Alto Networks; SIEM from Microsoft Sentinel; and NDR from ExtraHop Reveal(x).
“This one is one of the biggest security product launches we’ve had in a while,” Patel said, and represents a major step on Cisco’s journey to fulfill its Security Cloud vision of providing a comprehensive, unified platform for modern security.