Torq, a self-described “hyperautomation” cybersecurity startup, today announced that it raised $42 million in an extension to its Series B funding round from investors including Bessemer Venture Partners, GGV Capital, Insight Partners, Greenfield Partners and Evolution Equity Partners.
“Torq’s approach to a hyperautomation platform works across multiple pillars of the organizational cybersecurity platform, making the organization more resilient.”Smadari co-founded Portland, Oregon-based Torq alongside Ofer Smadari, Leonid Belkind and Eldad Livni in 2020.
To that end, Torq lets IT teams create and deploy security workflows designed to integrate with existing cybersecurity infrastructure.
Smadari asserts, however, that Torq gives customers the ability to choose which parts of their data are accessible to the Torq platform and where that data’s stored — e.g.
According to Smadari, Torq, which makes money by charging an annual subscription, has grown revenue 300% in 2023 on 500% client base growth.
startup, takes an all-in view when it comes to identity security in an organization.
So the best way to protect against malicious exploits is to secure identity authentication between any and all of them.
“We believe we can actually be that focused identity security layer that covers all the silos,” CEO and co-founder Hed Kovetz said in an interview.
As those familiar with security technology know, the space can be sliced and diced into many different domains and approaches.
Each point of interactivity essentially involves authentication between apps and therein lies the challenge: each of these can become a potential vulnerability.
Not uncommonly, KYC authentication involves “ID images,” or cross-checked selfies used to confirm a person is who they say they are.
There’s no evidence that gen AI tools have been used to fool a real KYC system — yet.
But the ease with which relatively convincing deepfaked ID images is cause for alarm.
Feeding deepfaked KYC images to an app is even easier than creating them.
The takeaway is that KYC, which was already hit-or-miss, could soon become effectively useless as a security measure.
SentinelOne’s deal to acquire PingSafe valued the Peak XV-backed young startup at over $100 million, two sources familiar with the matter told TechCrunch, in one of the strongest and fastest deals emerging from India.
The New York Stock Exchange-listed AI security firm disclosed the cash and equity deal last week, but didn’t reveal the financial terms.
Founded in 2021, PingSafe is a relatively new and small security company with <100 employees and ~50+ customers, mostly in India.
The British bank also estimated the size of the deal to be about $100 million.
PingSafe is “among the fastest ‘seed to significant exits’ Indian ecosystem has ever seen,” Rajan Anandan, who leads Surge at Peak XV, tweeted last week.
An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims.
San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 data breach victims from a file share on its network during an intrusion in March 2023.
Orrick also said it notified health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon) and the U.S. Small Business Administration that their data was also compromised in Orrick’s data breach.
The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.
The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.
Log4j, maybe more than any other recent security issue in recent years, thrust software supply chain security into the limelight, with even the White House weighing in.
Some of those may be in libraries that aren’t even used when the container is in production, but they are vulnerabilities nevertheless.
According to Slim.ai‘s latest Container Report, the average organization now deploys well over 50 containers from their vendors every month (and almost 10% deploy more than 250).
Yet only 12% of the security leaders who responded to Slim.ai’s survey said they were able to achieve their own vulnerability remediation goals.
Most companies see some disruptions multiple times a week because they detect a vulnerability in a production container, for example.
Called Articul8 AI (an awkward abbreviation of “Articulate AI”), the new entity builds off a proof-of-concept from an Intel collaboration with Boston Consulting Group (BSG) early last May.
Reuters reports that Intel, using its hardware and a combination of open source and internally-sourced software, created a gen AI system that can read text and images — running inside BCG’s datacenters to address BSG’s security requirements.
“Articul8’s gen AI software product was built from the ground up to address the needs of enterprises and is optimized for speed of deployment, scalability, security and sustainability — including costs,” the spokesperson told TechCrunch via email.
“The Articul8 platform delivers AI capabilities that keep customer data, training and inference within the enterprise security perimeter.
“Intel and Articul8 will remain strategically aligned and Intel plans to leverage Articul8’s enterprise gen AI software for internal use cases as well as offer it to end customers as part of a joint go-to-market partnership,” the spokesperson said.
Crypto losses declined over 50% in 2023 Hackers and scammers laid back on the weekends, CertiK report findsWhile hackers continue to hack the crypto industry for a cash grab, the dollar amount is down substantially compared to the previous year.
The total amount “lost” during 2023 from security incidents was almost $2 billion, down 51% from 2022, according to security-focused CertiK’s annual 2023 web3 security report.
The report defines losses in this context as the value of digital assets stolen by malicious actors.
During the past year, 10 incidents, including the $200 million Mixin Network and $197 million Euler Finance hacks, accounted for $1.11 billion of losses.
One bit that wasn’t featured in the report is that there was a “marked decline” in hacks and scams over the weekends during 2023.
Bangladesh thanked a security researcher for citizen data leak discoveryWhen a security researcher found that a Bangladeshi government website was leaking the personal information of its citizens, clearly something was amiss.
TechCrunch verified that the Bangladeshi government website was leaking data, but efforts to alert the government department were initially met with silence.
The data was so sensitive, TechCrunch could not say which government department was leaking the data, as this might expose the data further.
Florida’s Lee County took the heavy-handed (and self-owning) position of threatening the security researcher with Florida’s anti-hacking laws.
Several state CISOs and officials responsible for court records systems across the U.S. saw the disclosure as an opportunity to inspect their own court record systems for vulnerabilities.
Cisco announced this morning that it intends to acquire Isovalent, a cloud-native security and networking startup that should fit well with the company’s core networking and security strategy.
Tetragon is the company’s open source security visibility component.
Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco said that it is essential for companies to work together where security is concerned.
And we need to make sure that we stay open in this market and co-innovate, and I think open source is probably one of the best models to co-innovate with,” Patel said.
Cisco has been extremely acquisitive this year with this representing the 11th acquisition by the company, the fifth related to security.
