At a glance.
- NSO accused of involvement in clients' hacking operations.
- NSO employee hacked a love interest.
- Amazon buys temperature-monitoring thermal cameras from Chinese company.
- Facebook restructuring and FireEye layoffs.
Mergers and acquisitions.
Boston-headquartered security visibility and analytics firm Rapid7 will acquire Virginia-based cloud security posture management company DivvyCloud for $145 million, SiliconANGLE reports. Rapid7 stated that "DivvyCloud has built a great product and vision around exactly what our customers want: the ability to accelerate innovation without the loss of control....Rapid7 will continue to build on the strong foundation DivvyCloud has created. Together, we look forward to accelerating our customers' efforts to securely migrate to the cloud and speed their ability to innovate."
New York-based technology services firm Orion Innovation has acquired New Jersey-headquartered technology and telecom solutions provider Tekmark Global Solutions. Orion stated that "[t]he acquisition of Tekmark brings 40 years of deep client relationships across a broad spectrum of industries with a heavy concentration in financial services and telecommunications. Tekmark adds over 850 experienced technology engineers deployed to Orion's US-based delivery team, bringing Orion's global strength to over 4000 associates."
London-based private equity firm Apax Partners has completed its acquisition of Colorado-headquartered risk assessment provider Coalfire from The Carlyle Group and The Chertoff Group for an undisclosed amount. A press release from The Chertoff Group explains that Coalfire's Federal unit will remain a wholly owned subsidiary: "Coalfire Federal will operate independently as a pure-play cybersecurity company under the continued leadership of Bill Malone, Coalfire Federal President, and continue to support its clients in enabling and protecting their critical missions. Among other focus areas, Coalfire will continue to provide services to help the United States Department of Defense suppliers prepare for and meet new CMMC (Cybersecurity Maturity Model Certification) regulations."
Investments and exits.
Boston-headquartered red teaming company Randori has raised $20 million in a Series A round led by Harmony Partners, with participation from existing investors Accomplice, .406 Ventures, and Legion Capital. Randori says it will "use the investment to expand its award-winning Attack Platform and bring a continuous red team experience to the mass market." Additionally, the company will "invest in expanding its engineering, go-to-market, and customer success teams."
Tel Aviv-based computing performance optimization company Granulate has secured $12 million in a Series A funding round led by led by Insight Partners, with participation from TLV Partners and Hetz Ventures. Granulate will use the funding "to expand globally, opening offices overseas," as well as expanding "all departments from sales and marketing to R&D."
India-based application security startup Indusface has raised $5 million in funding from Tata Capital Growth Fund II. Indusface will use the investment to "accelerate global customer acquisition and product innovation plans."
Fortress Information Security has hired Tobias Whitney as Vice President of Energy Security Solutions. Whitney was previously a Technical Executive at EPRI, and prior to that, he served as Senior Manager of Critical Infrastructure Protection at NERC.
Coalfire Federal has promoted Bill Malone to President following Coalfire's acquisition by Apax Partners. Coalfire Federal is a wholly owned subsidiary of Coalfire, but "will now operate independently with its own executive leadership and Board of Directors."
AttackIQ has appointed Ross Brewer as a strategic advisor focusing on sales and marketing in Europe, the Middle East, and Africa (EMEA). Brewer previously served as LogRhythm's vice president and managing director of EMEA.
Cybrella has added Moshe Ferber and Yoni Ramon to its Advisory Board. Ferber serves as Chairman of the Cloud Security Alliance's Israeli Chapter, while Ramon is Tesla's Red Team Manager, Staff Security Engineer, and Senior Information Security Engineer.
Security companies in the news.
In new court filings, WhatsApp has accused NSO Group of being "deeply involved" in hacking 1,400 WhatsApp users, including journalists and activists, the Guardian reports. A WhatsApp engineer testified that in 720 of the cases, the spyware contained the IP address of a server belonging to a company whose data centers were used by NSO. WhatsApp further claimed in its filing that "NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus." NSO has maintained that it only sells its products to governments and that it doesn't have any visibility into who those governments are targeting.
In an unrelated incident, Motherboard reports that an NSO Group employee in 2016 abused the company's Pegasus hacking tool to target a love interest. The employee was providing support for a customer in the United Arab Emirates and broke into the customer's office outside of working hours to access the system. The intrusion was detected by the customer, and NSO fired the employee.
Amazon bought 1,500 thermal cameras from Dahua Technology, a Chinese company that's been blacklisted by the US government, Reuters reports. The purchase of nearly $10 million was legal since the US blacklist only applies to exports and US government contracts, although Reuters notes that the US Department of Commerce "considers that transactions of any nature with listed entities carry a 'red flag' and recommends that U.S. companies proceed with caution." At least five hundred of the cameras will be used to monitor the temperatures of Amazon employees in the US.
Unisys announced that it's signed a $140 million contract with "a major commercial defense contractor," as well as expanding an existing contract with California State University (CSU). The company also signed a new contract with a "large, global frozen-food company," bringing its Q1 2020 contract valuation to $200 million.
The New York Times reports that Facebook has been laying off cybersecurity employees in favor of automated systems. Former Facebook security employees told the Times that the company is hiring software engineers to build automated security systems that use artificial intelligence. A Facebook spokesperson told the Times, "To stay ahead of evolving security threats, we’re investing more in automated detection and bringing in new skills as we continue to grow our security team over all. This also means we are restructuring a portion of our team and helping the people affected by this change find other roles at Facebook." The Daily Caller notes that the employees who were replaced held highly specialized roles, so they may struggle to land another position at the company.