Friday Tech News - Interview with Merav Bahat

8/4/2023

Good morning and Happy Friday!

We’re a week away from #Blackhat2023 and I hope everyone is excited!

Thank you so much for making this a part of your Friday morning coffee time. I'm Phil Moroni, and I'm an Account Executive in the Information Technology Services Industry here with another edition of Friday Tech News!

What is this? This is a newsletter that provides updates and insights on the latest trends and developments in the technology industry. I am a professional who specializes in supporting IT leaders in evaluating, investing, and managing people, processes, and technology tools that support their businesses.

Each week, I summarize relevant industry updates from popular Original Equipment Manufacturers (OEM's), software publishers, and managed providers. The goal of my research and newsletter is to keep you informed about current trends and events that may impact your business from a trusted and reputable source. It's just information I'm sharing, and, I follow and work with hundreds of partners in the industry, keeping track of their growth, changes, and evolution so that you don't have to.

Bottom Line: As you focus on improving your business through digital initiatives, my commitment is to keep you informed of the fast-paced changes and trends taking place so that you can plan ahead and stay ahead of the game.

Key areas of focus for me are:

  1. Cloud Computing, Security, Trends

  2. Developer & Security Tools

  3. Networking & Infrastructure Tools

  4. End User Tools & Workspace Tech

  5. Emerging Technologies and Future Concepts

If you have any questions, would like information about any specific vendors I follow, or would like to have a conversation about any topic that is challenging you, I invite you to engage with me! I value feedback immensely and would love to know what you find valuable about this newsletter so feel free to reach out!

Thank you for reading, and stay digitally and physically safe!

Phil

$.02 Observations 🔭 

Two cent observations is a section that frequents tech news every so often. I was beyond honored to spend time with Merav Bahat, CEO and co-founder of Dazz this week to discuss where she’s at, and a lot more!

Dazz is a well funded cloud security remediation startup that uses AI to automate the fixing of cloud security issues. Merav was formerly the general manager of Microsoft’s cloud security business and deputy general manager of the Microsoft Israel R&D Center so to say she’s got insight into cloud security programs would be something of an understatement.

I’ve been following her since late 2021 and what she is aiming to do is simply next level for cloud security practitioners. Dazz aims to solve a problem that many are facing today which is identifying root cause of security issues in the cloud.

I sat down virtually with Merav to ask her some questions and gain some new perspective on what she feels is important as we head toward the back half of 2023. Here are the questions we discussed.

  1. What are the main challenges and opportunities in Cloud Security for 2023 and beyond? What impacts are you having on customers today?

    Recent studies show a direct and clear connection between organizations that have transferred their services to the cloud and the number of attacks and threats directed against them. Attacks that have become more effective, more frequent, and faster than ever before. Customers are approaching us with flat to down budgets, and they face a reality where they know that if a big incident happens, they don’t have the FTEs to contain it. The bigger the cloud environment and the more detections you have, the more people you need for cloud security. It’s not sustainable.

    To stay on top of the vast cloud attack surface and all the issues being detected by CNAPP and AppSec investments companies need to replace manual processes with automation for orchestrating, triaging, prioritizing, and fixing issues across both security and development teams. There are significant impacts in doing so. IDC recently reported that Dazz customers spend 38% less time researching and fixing issues and 44% less time finding issue root causes and owners. Getting time back wasted on manual efforts enables them to focus on more strategic issues such as improving their overall security program, evaluating how security controls are performing, and improving productivity in both security and development teams.

  2. How does Dazz use AI to automate cloud security remediation? What truly differentiates you in the market today?

    The Dazz Remediation Cloud uses AI to automate the biggest pain points in remediation from detection to resolution. Our platform automatically orchestrates, triages, prioritizes, and consolidates data coming from the entire code-to-cloud pipeline including applications, security controls, and cloud and development environments. We view remediation as a data problem and have built our solution on patented technology to quickly discover shared root causes, then automatically suggest steps to fix them — along with the suggested code-fix — based on generative AI. We track the whole resolution process and deliver business insights in natural language.

  3. You’ve seen a lot of Cloud Security & Cloud Strategy programs - what makes the successful ones successful? 


    The best cloud security programs have empathy baked into them. They are run by cybersecurity leaders who listen to the frustrations of their own team and their colleagues and who build processes that will make security easier for everyone. Successful programs are built to support the app-dev teams, and help accelerate the business, instead of slowing it down.

  4. How did your experience at Microsoft shape your vision and approach for Dazz?

    When I was a General Manager Cloud Security at Microsoft, we built the business from zero dollars to more than $2.5 billion by the time I left. I had the honor of leading and working with a team of talented people, including Dazz co-founder Tomer Schwartz, one of the founders of the cyber unicorn Armis, who founded Microsoft’s Security Response Center in Israel. We saw the massive adoption of cloud computing and application development, but also an increasingly complex attack surface. We joined forces with Yuval Ofir from industrial cybersecurity unicorn Claroty as our third co-founder to solve one of the biggest cloud security pain points for customers — remediation. From our time at Microsoft, we saw that detecting issues was relatively easy for customers, but fixing them was painful, manual, and time consuming. Dazz was born to solve “DevSecOps A 2 Z” (Dazz!)

  5. What’s on the horizon for Dazz in 2024?

    Today, we are proud to be working with an amazing group of 30+ enterprise customers including Ally Financial, BHG Financial, Emerson, Flex, JLL, NielsenIQ, and Takeda Pharmaceutical. In 2024, we plan to scale our customer base in both Fortune 2000 and cloud-native growth companies to 250 accounts around the world. We’ll expand our GTM team from North America to Europe and Asia Pacific, and double our headcount to support all functions — R&D, sales, marketing, operations, customer success, HR, G.A. — as we extend our leadership position in cloud security orchestration and remediation.

    If you follow Gartner, you know we’ve been recognized for our innovation and value in DevSecOps, CNAPP, and ASPM. In July alone, we were included in six Gartner Hype Cycles for our transformational role in both ASPM and DevSecOps, which Gartner expects to be mainstream within the next two years. In response to the growing need for improved application security efficiency and risk management, we will continue to drive innovation in our multi-cloud, multi-pipeline platform, providing comprehensive code-to-cloud visibility and orchestration for both cybersecurity and development teams. We’ll expand our core and advanced remediation capabilities, including generative AI, LLM, and machine learning to help companies efficiently address vulnerabilities and misconfigurations and ultimately enhance their security posture.

    By staying focused on listening to our customers and helping them securely embrace cloud computing, you’ll see Dazz establish a prominent presence in the global cybersecurity landscape.

I’m grateful to Merav for taking the time to respond to these questions and, if you’re looking for additional content on how to secure and fix cloud issues, check out their latest guide, co-authored by Dazz co-founder Tomer Schwartz. Here’s a link to Cloud Security Remediation for Dummies. I highly recommend clicking that one and reading through.

If you’re attending #BlackHat this year, swing by their booth (booth #2060) and learn more about how they could help you with root cause analysis and cloud security. They’re also having a great get together with CyberStarts - some of the biggest names in tech will be there! Surely you don’t want to miss out on this one.

OEM News & Updates 📰

  • Big news from Microsoft. This concession enables customers to access and use Office applications in AWS virtual desktop environments which provide more flexibility, scalability, and security for their workloads and data. It’ll also simplify licensing management by avoiding paying for duplicative licensing.

  • Love what J1 is doing. They’re expanding their platform with new integrations for hybrid infrastructure such as Azure, AWS, GCP, K8s, and VMware…plus adding AI driven usability improvements with natural language processing and graph visualization. Slick stuff.

  • Great integration announcement. This will enable customers to leverage CS’s threat intel and detection capabilities to enhance Legit Security’s vulnerability scanning and remediation features. It’ll also correlate application and endpoint data for faster and more accurate IR.

  • New feature from Cycode using machine learning and NLP to scan code for potential secrets and validate them against various sources such as cloud providers, identity providers, password managers, to determine if they are valid and active. If a secret is found, the feature alerts customers and provides remediation options…great announcement.

  • With all the startups that come out of Israel, I’m sure this is a welcomed announcement for many. It’ll have three availability zones and support many AWS services immediately.

  • Big announcement from ServiceNow. Some of the new features included in the capabilities include:

    • AI Search - find relevant info and answers across different sources and systems such as documents, knowledge bases, chatbots, and more.

    • AI Content - generate high-quality content such as summaries, reports, emails, or articles based on input and preference.

    • AI Code - generate code snippets or scripts that can automate or enhance workflows.

    • AI Insights - generate insights and recommendations that can improve decision making and performance and probably way more.

  • Can’t wait to see how this works in the wild. LMK if you’re down to show me.

  • Remotely provision, configure, monitor, and troubleshoot their edge devices from a single dashboard using an intuitive interface.

  • Interesting partnership here…cool to see, if you’re a box customer I’m sure this will be interesting.

  • Some of the new AI solutions and services include:

    • AI Studio - cloud based platform that helps customers access and use NVIDIA tools and models for GenAI such as GPT 3, DALL-E, etc…

    • AI Services - pro services to design, implement, and optimize their GenAI projects and workflows.

    • AI Solutions - pre-configured hardware and software bundles that help customers deploy and run their GenAI applications and workloads on Dell Infrastructure (if you’re still doing that).

  • Big fan of LogicMonitor. Great announcement to cover more than 100 AWS services including major ones (compute, storage, DB, networking, security…etc…) 

  • Impostor syndrome, burnout/fatigue, and other mental health issues plague the average cyber worker. This partnership is awesome as it enables customers to access and use Cybermindz’s platform and features from within Devo’s platform and applications.

  • Leverage the power of ChatGPT within Securonix platform to drastically reduce incident response times. I’d be interested to speak to anyone who would leverage this to see how well it performs.

  • New and cool stuff - these new features aim to help customers improve their API development and consumption efficiency and quality by providing more visibility, collaboration and feedback opportunities.

  • DASH, Datadogs annual conference was this week and they made some huge announcements. Definitely check out their blog for a recap on all the announcements that went down. This is just one of them.

  • Sonar announced a significant advancement to it’s Clean Code offering. Developers can now automatically discover and fix code security issues between user source code and third-party open source libraries. Taken directly from the article.

  • New capability from this platform. I’m super interested to see how they unfold their product line in the coming years and they already have some huge logo's using their products. Their founder has a track record of success and I see them coming after the likes of APM vendors and SIEM vendors too.

Articles I Liked This Week 💡

Tech Funding & M&A 💸

  • Nile is a San Jose based network as a service (NaaS) provider focusing on secure wired and wireless products for businesses.

  • Silk Security is an Israeli based cybersecurity platform that provides solutions such as cyber risk resolution and compliance for businesses.

  • Cyble is a Georgia based cyber threat intelligence platform that offers solutions such as dark web and cybercrime monitoring for businesses and government agencies.

  • Rookout is an Israeli based developer first observability platform that provides solutions such as live debugging, security and compliance for enterprises.

  • New Relic is a California based data observability platform that enables developers to monitor, debug, and improve their code

  • Endor Labs is a California based cybersecurity platform that offers solutions including open-source governance, code security, and compliance for software developers.

  • Hushmesh is a Virgina based cybersecurity platform that offers solutions such as identity theft detection and data breach prevention for enterprises.

Meme of the week 🤣

Recommendations 👉🏻

This is a section that I intend to build out more! Know fantastic newsletter resources for information? Please let me know so I can start linking appropriate reads here!

Return on SecuritySave hours of research with a weekly review of the economics of the cybersecurity market in 5 minutes

Reply

or to participate.