💰 Security, Funded #102 - London's Charm, SASE Storm, and AI Reform: A Cyber Saga 🎩

Hey there,

Happy Monday, and I hope you had a great weekend!

🏃‍♂️ The Rundown

A meta roundup of all the important things affecting cybersecurity and the microenvironment:

• 🤙 Answering London’s Call

• 👤 Spotlight on Identity Verification

• ⛈️ Microsoft Making it Rain on SASE

• 💰 Q3's funding and acquisition momentum builds

• 📚 AI against telemarketers, security team harmony

Microsoft just made it rain.

As I’ve said many times, over a long enough time horizon, the hyperscalers and cloud service providers (CSPs) will ultimately win. We see the most recent example of this with Microsoft’s move into the Secure Access Service Edge (SASE) space, taking direct aim at the likes of Zscaler, Palo Alto, and Cloudflare, to name a few. When you look at this offering combined with the rest of Microsoft’s security capabilities, it makes a lot of sense from a buying perspective.

Combine this with an increased focus on identity verification in this AI-driven world where the lines between humans, bots, and agents become more blurry, and you’ll see that securing authorized access (via human or approved agents) will become the most important over the next 6 months. Be on the lookout for a lot more acquisitions and acqui-hires 👀 

Also, for anyone who missed the LinkedIn or Twitter posts I made last week, the Return on Security HQ has been relocated to London, UK!

I’m looking forward to getting to know the cybersecurity and venture capital investing community here in London, not to mention all the great new cybersecurity conferences in my new backyard! If you have recommendations on people I should meet, or you’re in the London area and want to meet up for a coffee or pint, let me know!

Onward to this week's issue.

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

Funding volume is continuing to pick up as we are a few weeks into Q3 2023, with funding in terms of dollars doubling from last week, but we are not nearly at the funding rounds (or valuations) that we have seen in the past.

I expect we will continue to see a lot of earlier-stage deals at the Series A level and below as a lot of new startups emerge, but Series B/C and up will continue to have a bad time. These firms are now potentially looking like prime acquisition targets 🤑 

💰 Funding Summary

• 16 companies raised $114.6M across 15 unique product categories

• 9 companies were acquired or had a merger event across 8 unique product categories

🧩 Funding By Product Category

• $50.0M for Cybersecurity Education & Training across 1 deal

• $22.0M for SaaS Security Posture Management (SSPM) across 1 deal

• $9.5M for Security and Compliance Automation across 1 deal

• $8.5M for Breach & Attack Simulation (BAS) across 1 deal

• $8.5M for Identity Threat Detection and Response (ITDR) across 1 deal

• $5.8M for Trust & Safety across 1 deal

• $5.0M for Cyber Risk Quantification across 1 deal

• $2.7M for Data Privacy across 1 deal

• $2.2M for Data Security Posture Management (DSPM) across 1 deal

• $150.0K for Professional Services across 2 deals

• $150.0K for Data Protection across 1 deal

• $150.0K for Application Security Testing (AST) across 1 deal

• An undisclosed amount for Secure Networking

• An undisclosed amount for Managed Security Services Provider (MSSP)

• An undisclosed amount for Data Access Governance

Here’s a new chart format today. Same data, just displayed differently:

If you’ve got any other data visualization ideas that you think would make the newsletter better, I’m all ears!

🏢 Funding By Company

• Secure Code Warrior, an Australia-based secure coding training platform, raised a $50.0M Series C from Paladin Capital Group. (more)

• SAVVY, an Israel-based SaaS security posture management (SSPM), raised a $22.0M Series A from Canaan Partners. (more)

• Vendict, an Israel-based security questionnaire review and automation platform, raised a $9.5M Seed from Cardumen Capital, Disruptive AI Venture Capital, and NFX. (more)

• SpecterOps, a United States-based breach and attack path management platform, raised an $8.5M Series A from Ballistic Ventures. (more)

• AuthMind, a United States-based identity threat detection and response (ITDR) platform, raised an $8.5M Venture Round. (more)

• Cove, a United States-based no-code trust and safety platform, raised a $5.8M Seed from Thrive Capital. (more)

• Ostrich Cyber-Risk, a United States-based cyber risk quantification platform, raised a $5.0M Seed from EPIC Ventures.

• PrivacyHawk, a United States-based consumer and business data privacy management platform, raised a $2.7M Seed from ff Venture Capital. (more)

• Teleskope, a United States-based data security posture management (DSPM), raised a $2.2M Pre-Seed from Lerer Hippeau. (more)

• CyDeploy, a United States-based virtual testing platform for measuring the impact of security scanning, patches, and changes, raised a $150.0K Non-Equity Assistance round from Google for Startups Black Founders Fund.

• Kriptos, a United States-based data identification and classification platform, raised a $150.0K Non-Equity Assistance round from Google for Startups Latino Founders Fund. (more)

• Securily, a United States-based professional services firm focused on cloud security, raised a $150.0K Non-Equity Assistance from Google for Startups Latino Founders Fund. (more)

• GoSun, a China-based managed security services provider (MSSP), raised an undisclosed Series B from TopoScend Capital.

• Historage, a China-based data access governance platform, raised an undisclosed Series A from Sichuan Development Holding.

• Lavelle Networks, an India-based Software Defined WAN (SD-WAN) platform, raised an undisclosed Corporate Round from Airtel. (more)

• Zyston, a United States-based cybersecurity advisory services firm, raised an undisclosed Private Equity Round fromSverica Capital. (more)

🌎 Funding By Country

• $50.0M for Australia across 1 deal 🇦🇺

• $33.1M for United States across 10 deals 🇺🇸

• $31.5M for Israel across 2 deals 🇮🇱

• An undisclosed amount for India across 1 deal 🇮🇳

• An undisclosed amount for China across 2 deals 🇨🇳

🤝 Mergers & Acquisitions

• CyVig, a United States-based managed security services provider (MSSP), was acquired by GMI for an undisclosed amount. (more)

• DataJAR, a United Kingdom-based mobile security platform for Apple devices, was acquired by Jamf for an undisclosed amount. (more)

• Forcepoint, a United States-based data loss prevention company, was acquired by TPG for an undisclosed amount. (more)

• Independent Software Solutions Consulting, a South Africa-based professional services firm focused on securing Microsoft services, was acquired by White Pearl Technology Group for an undisclosed amount. (more)

• Oort, a United States-based detection and response platform focused on identity-based threats, was acquired by Cisco for an undisclosed amount. (more)

• ProcessUnity, a United States-based third-party risk management platform, was acquired by CyberGRX for an undisclosed amount. (more)

• RiskLens, a United States-based cyber risk quantification platform, was acquired by Safe Security for an undisclosed amount. (more)

• SCADAfence, an Israel-based operational technology (OT) security platform, was acquired by Honeywell for an undisclosed amount. (more)

• ThinkCSC, a United States-based managed security services provider (MSSP), was acquired by Ideal Integrations for an undisclosed amount. (more)

📚 Great Reads

• Wasting Scam Callers’ Time with AI - Roger Anderson has been fighting telemarketers for almost a decade. His latest tool in his arsenal is a convincing-sounding voice powered by OpenAI’s GPT-4 that can waste and frustrate telemarketers and scammers by roping them into a painfully drawn-out and ultimately pointless conversation.

• How To Be A Security Person That Engineers Don't Hate - Having less friction between security, engineering, and product teams is always beneficial for an organization because the bandwidth wasted on solving this friction can be spent on solving more impactful issues.

• How to securely build product features using AI APIs - Many companies are quickly slapping together new product features leveraging AI platforms like OpenAI, and unsurprisingly, there are a lot of potential security risks.

• *Embedded Security Primer - Securing embedded devices is a challenge. Where do you start? What needs to be secured and how? It can be overwhelming when starting to design security into your device. I wrote this Embedded Security Primer to help guide one through the process. The primer covers basic security concepts, identifying vulnerabilities, cryptographic tools, secure elements, and secure boot.

_{*Sponsored content and/or affiliate link.}

🧪 Labs

Stay safe out there, folks.