2023 Begins - So Much To Do
So much to do, so many opportunities, amidst volatility
2022 was certainly an interesting year. The tech frenzy of 2021 carried into 2022 promptly turned into dizzying valuation drops and evaporated enthusiasm. The days of fast decisions without due diligence and the seeking-growth-at-all-cost mindset are things of the past.
Heading into 2023, one thing is certain - we are going back to basics. Differentiated tech, strong teams, and a reasonable valuation will be how investments are made.
With that in mind, a new article in Fortune recognized Rain Capital as one of the top 13 Cyber investors in the industry.
Amongst the funds recognized in the article, Rain Capital is the only woman-founded fund and one of the few emergent funds that did not come from a long finance background.
Even though the global economy remained volatile, Cybersecurity continues to be a robust sector. Looking back in 2022, the amount of investments in Cyber M&A and financing reached $127 B by the end of Q3 in 2022, compared to $106 B for the entire year of 2021.
Five Year Cyber M&A & Financing Trends in Billions 1
With this outlook and a renewed focus on business fundamentals, the Rain Capital team is pumped for the new year and ready to partner with exceptional teams to build sustainable businesses.
Rain Capital I is four years in the making: 10 investments, 2 unicorns. ~40% women founders, and many robust businesses.
Rain Capital II: Just starting, backing exceptional entrepreneurs.
CircleCI Incident - Cover All Stages Of Kill Chain
Earlier this month, CircleCI, a widely deployed dev tool platform with over one million users, suffered a security breach. The company published a detailed blog on the incident, describing how their CI/CD (Continuous Integration and Continuous Delivery) platform was breached and enabled attackers to steal credentials stored in the service to attack their customer’s services/products.
What is interesting about this incident is that, the breach was first discovered by one of CircleCI’s customers via the use of a Canary Token. In this since deleted tweet, security researcher Daniel Huckmann stated that he had been investigating an improperly accessed Canary token over the holidays. Early January, CircleCI confirmed the breach.
Those of us in the industry all know that CircleCI has a fairly robust security practice. But even with that, you may not immediately know that you are breached. This is a perfect example that you need to cover all stages of the Kill Chain - Canary tokens indicate a possible “credential access” event, which comes at one of the later stages in the Kill Chain framework.
Many organizations deploy technology to cover earlier stages of the Kill Chain, but ignore signal detection for the later parts, which has proved to be problematic. Threat hunting, Canary detection, and Red Teaming are some of the techniques that you should incorporate to have a fully robust Detection & Response program that span the entire Kill Chain.
Mitiga has a nice blog about the CircleCI incident and what it means and what you should do about it. (Mitiga is a Rain investment)
A few tools worth noting here
SOC Prime’s threat hunting tool: One of the easiest tools to help you hunt for possible threats in your environment. (A Rain investment)
Thinkst Canary: Canary tools that help you spot breaches that have happened.
Red teaming tools: A good list of red teaming tools, including many open source ones.
Team8 CISO Summit
The Team8 CISO summit recently returned to New York City with a focus on exploring the “Human Side” of the CISO role. The event was over-subscribed and extremely dynamic with continued engagement with the “unconference” discussions as well as the insights shared in the numerous panels and sessions.
Rain Capital was strongly represented in many sessions, panels and technology drill downs. Dr. Chenxi Wang led a star panel of CISOs to discuss CISO’s future career path and David B. Cross co-created and led the first CISOs vs Sharks for discussing ideas for emergent technology, projects for cybersecurity and the feasibility for approaches in this challenging cybersecurity world.
The Perils of CIRCIA
This topic came up at the end of 2022, but we thought it was worth a mention here.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is raising not only interest in the security leadership community, but also alarms. The ITI organization (community) published a public response on the concerns for reporting, immunity, and anonymity.
The overall CISO community has also been organizing and discussing on the potential legal risks, liability and fears of such reporting that may actually delay and harm the ability to quickly report information with known safety.
The industry needs to be able to quickly report information as soon as possible, but we need to do so without fear of retribution or lack of validation of the initial indicators or evidence. We all want to grow, seek assistance and defend together, but it must be possible with safety and lack of legal overhead that could hobble the efforts.
Momentum Cyber reports: https://momentumcyber.com/intel/
Looking forward to seeing what's next from Rain Capital and you Chenxi