Hello and welcome to Runtime! Today: F5 CEO François Locoh-Donou on zombie APIs, the MOVEit vulnerability finds a ransomware gang alive and well, and the latest funding rounds raised by enterprise tech startups.
The hidden side of supply-chain security
The companies that built the first round of internet infrastructure didn't all make the transition to the cloud computing era. F5 did, and CEO François Locoh-Donou, now in his seventh year running the Seattle networking and security company, is steering it through yet another transition.
F5 began a pivot toward application software and security around the time he joined in 2017, after making a name for itself with networking hardware that was used widely inside the data centers of the dot-com bubble. Now its goal is to be an "infrastructure agnostic" provider of software that helps companies manage and protect applications spread across the cloud and on-premises systems.
In a recent interview with Runtime, Locoh-Donou discussed several topics.
On global tech spending:
FLD: We saw quite a sudden shift — I would say late in the fall — in the spending patterns of our customers, and then I would say it deteriorated and continued to get worse into the first calendar quarter of the year. Generally, it's deflated to what it was a year ago. We don't think it's getting worse. We don't think it's getting better yet.
Customers don't know what the next six months look like, so they've tightened their budgets. They don't want to make big spending commitments unless they absolutely have to.
On SBOMs (software bill of materials):
FLD: SBOMs are going to continue to drive more awareness at most large enterprises around what needs to be done. When you have applications that are using a lot of open-source code, for a long time I think a lot of companies did not know what went into their code and where it came from. Log4j was a huge wake-up call to a lot of people, and it's causing people to be more disciplined around managing their open-source code.
And applications now interact with a lot of third-party applications, so API security is a massive issue. A lot of people don't have the ability to discover shadow APIs and zombie APIs and third-party APIs. And so you will see more and more focus going to API security at F5.
On "zombie APIs":
FLD: APIs are an entry point for attackers to attack an application. They can pretend to be a legitimate API call and when they're not, they can detect vulnerabilities in APIs and exploit those vulnerabilities (and) they can inject malicious code through APIs. And the challenge for a lot of companies is they don't actually know how many APIs they have in their environment, either because developers have not updated all the libraries to say, "here's all the APIs we're dealing with," or because there are APIs that were legacy and not maintained — we call those zombie APIs, or shadow APIs — or because there are third-party APIs that you are not aware of.
Part of the domain of API security is first to be able to discover all the APIs you have, manage them, and make sure you have an inventory of all your APIs. Doing that requires strong application fluency. API attacks require strong Layer 7 understanding; the people who attack APIs have a strong understanding of application logic.
A tempest in the file server
Reports began to emerge late last week of a new ransomware attack exploiting a vulnerability in Progress Software's MOVEit file-transfer software. As victims began to come forward over the weekend Microsoft attributed the attack to the Clop ransomware gang, which has been operating for several years but was thought to have been hobbled by a series of arrests two years ago.
Under its new head-scratching security-threat attribution nomenclature, Clop is now known as "Lace Tempest" to Microsoft security researchers, who use the "Tempest" suffix to designate a group that's basically just in it for the money. The group has stolen more than $500 million from various companies and organizations over the last few years, but investigators had hoped that several arrests carried out in Ukraine in 2021 had slowed down the group.
The cross-border nature of ransomware groups — especially groups like Clop known to be affiliated with Russian cybercriminal elements — makes this problem increasingly difficult to solve. Progress Software released patches and remediations that customers should employ sooner rather than later, as the group began making extortion demands Tuesday afternoon.
Instabase raised $45 million at a $2 billion valuation to expand its arsenal of document-processing tools for vertical industries such as healthcare and financial services.
Lightmatter raised $154 million as the AI boom spurs demand for its prototype optical computing hardware and software, which can accelerate machine-learning tasks.
The Runtime roundup
HR SaaS giant UKG acquired Immedis, a payroll management company based in Ireland, for "well over €500 million ($534M)," according to RTE.
GitLab beat Wall Street expectations and raised guidance for the year, throwing in an announcement for generative AI plans just to make the traders happy.
Microsoft announced plans for a new cloud region in Italy, which would be the 17th current or planned cloud region it operates in Europe.
Techcrunch profiled Evroc, a new startup with a lofty mission to build "Europe’s first truly hyperscale cloud" and reduce the continent's reliance on American cloud providers.
Thanks for reading — see you Thursday!