Return on Security
Posts
💰 Security, Funded #119 - Navigating the Cyber Seas: Funding Ebb, M&A Flow 🌊

💰 Security, Funded #119 - Navigating the Cyber Seas: Funding Ebb, M&A Flow 🌊

A deep dive on cybersecurity funding and industry news from the week of November 6th, 2023.

Mike Privette
November 13, 2023 • Reading Time: 12 minutes

Hey there,

Happy Monday, and I hope you had a great weekend. In this week’s issue, we’ve got:

📉 Funding's Dip, M&A's Grip
💰 $93.5M raised from 15 companies
🌍 Global Cyber Moves: From USA to UAE
📚 From Cyber Caricatures to AGI Futures: A Reading Adventure

The cybersecurity landscape continues to evolve in the face of global macroeconomic shifts.

While some companies wrap up their spending for the year, others are actively seeking year-end deals. This cautious spending behavior suggests a mindful approach in a recovering economy. The industry is also witnessing a notable decline in funding compared to previous weeks, yet mergers and acquisitions remain strong, indicating a strategic consolidation in the market.

Even still, as the industry navigates through these changes, the focus remains on adopting advanced technologies like AI, balancing security needs with economic realities. Let’s get this bread 🥖

Onward to this week's issue.

🗣Sponsor

Close more enterprise deals

Automate security and privacy compliance

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process end-to-end. What makes Secureframe different?

Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Schedule a personalized demo of Secureframe

_{Learn more about sponsoring}

Vibe Check - Hiring Santa Rally?

Has hiring for cybersecurity talent rebounded for your company yet?

Last week’s vibe check:
As the year winds down, are you looking to spend excess budget now, or are you already pushing to next year?

Last week 60% of people said that they were done spending for the year, but that still leaves a healthy 40% that is still looking for year-end deals. Companies are still spending cautiously and need to make sure their investments are worth the trouble, but there are signs of a broader economic rebound(ish) coming into 2024. Your move cyber vendors 😤

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

No public earnings calls to report on from last week. 🫡

📸 YTD Snapshot

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

Last week marked a ~61% drop in the previous 12-week rolling average in funding. This is quite a stark change from the high-flying numbers from the last few weeks.

Still a relatively strong with on the M&A front last week, and we are currently ~14% shy of the total M&A activity from 2022.

💰 Funding Summary

15 companies raised $93.5M across 12 unique product categories
6 companies were acquired or had a merger event across 5 unique product categories

🧩 Funding By Product Category

$35.0M for Data Protection across 1 deal
$20.1M for Software Supply Chain Security across 3 deals
$8.0M for Managed Security Services Provider (MSSP) across 1 deal
$6.8M for Threat Detection and Response (TDR) across 2 deals
$5.0M for Threat Informed Defense (TID) across 1 deal
$4.3M for Brand Protection across 1 deal
$4.0M for Artificial Intelligence (AI) Security across 1 deal
$4.0M for Artificial Intelligence (AI) Privacy Assurance across 1 deal
$3.6M for Attack Surface Management (ASM) across 1 deal
$2.4M for Threat Intelligence across 1 deal
$336.3K for Hardware Security across 1 deal
An undisclosed amount for Professional Services across 1 deal

🏢 Funding By Company

CAST AI, a United States-based AI-driven cloud cost optimization and disaster prevention platform, raised a $35.0M Series B from Creandum, Uncorrelated Ventures, and Vintage Investment Partners. (more)
Sequretek, an India-based managed security services provider (MSSP), raised an $8.0M Series A from Omidyar Network India. (more)
Risk Ledger, a United Kingdom-based third-party supply chain security platform, raised a $7.7M Series A from Mercia Ventures. (more)
TestifySec, a United States-based software supply chain security platform, raised a $6.4M Seed from Mucker Capital. (more)
Myrror Security, an Israel-based software supply chain security platform, raised a $6.0M Seed from Blumberg Capital and Entrée Capital. (more)
Tidal Cyber, a United States-based threat-informed defense (TID) platform, raised a $5.0M Seed from Squadra Ventures. (more)
Method Security, a United States-based threat detection and response (TDR) platform, raised a $4.5M Seed. (more)
GREYSCOUT, an Ireland-based brand infringement protection platform, raised a $4.3M Seed from Act Venture Capital and Tribal.vc. (more)
HydroX AI, a United States-based artificial intelligence (AI) security and safety platform, raised a $4.0M Seed from Vitalbridge Capital. (more)
Protecto, an India-based platform focused on data privacy for AI workflows and training pipelines, raised a $4.0M Seed from Together Fund. (more)
Cavelo, a Canada-based attack surface management (ASM) platform, raised a $3.6M Seed from Inovia Capital. (more)
Intrusion, a United States-based cyber threat intelligence platform, raised a $2.4M post-IPO equity round. (more)
Cognna, a Saudi Arabia-based threat detection and response (TDR) platform, raised a $2.3M Seed from Impact46. (more)
SecurWeave Research, an India-based hardware enforced security solution provider, raised a $336.3K Seed from the Indian Angel Network. (more)
Synergy ECP, a United States-based professional services firm focused on software engineering and cybersecurity for the US intelligence community, raised an undisclosed Private Equity Round from Falfurrias Capital Partners. (more)

🗣Sponsor

The Secret’s Out: Announcing Semgrep Secrets Public Beta

We're excited to announce the Public Beta for Semgrep Secrets. Semgrep Secrets scans your code and identifies secrets while ignoring things that look like secrets – regardless of their syntax. And to help you prioritize triaging vulnerabilities, we validate if the secret is still live.

Here's what we're excited about with Semgrep Secrets:

Semantic Analysis - Go beyond grep and entropy and use Semgrep’s data-flow engine for detecting Secrets accurately
Custom rules - Write your own rules to detect and validate secrets specific to your internal services and databases
Entropy Analysis - Detect whether a string is entropic/random enough to be a secret
Validation - Detect secrets and validate whether they are active
Eliminate developer friction: Get secrets-related findings as PR comments for validated secrets

Read the Blog

_{Learn more about sponsoring}

🌎 Funding By Country

$57.3M for United States across 7 deals
$12.3M for India across 3 deals
$7.7M for United Kingdom across 1 deal
$6.0M for Israel across 1 deal
$4.3M for Ireland across 1 deal
$3.6M for Canada across 1 deal
$2.3M for Saudi Arabia across 1 deal

🤝 Mergers & Acquisitions

4it, a United States-based managed security services provider (MSSP), was acquired by Thrive for an undisclosed amount. (more)
ActiveState, a Canada-based secure open-source library management platform, was acquired by VERTU Capital for an undisclosed amount. (more)
Krebs Stamos, a United States-based professional services firm focused on cybersecurity advisory, was acquired by SentinelOne for an undisclosed amount and formed a new company named PinnacleOne. (more)
Spade Technology, a United States-based professional services firm focused on , was acquired by IT Solutions Consulting for an undisclosed amount. (more)
ThreatDown (formerly Malwarebytes for Business), a United States-based threat detection and response (TDR) platform, was divested from Malwarebytes to be run as a separate entity. (more)
Trustmatic, a Slovakia-based identity verification and Know Your Customer (KYC) platform, was acquired by Certn for an undisclosed amount. (more)

📚 Great Reads

Caricatures of Security People - Phil Venables provides a tongue-in-cheek exploration of different caricatures within the security industry, outlining 16 distinct types of security roles, from a self-appointed thought leader to a cyber-savvy board member, each with its own humorous descriptions and typical sayings.
*The Critical Interplay of Cyber Resilience and IAM Resilience - In an age of increasing digital threats, understanding and differentiating between Cyber Resilience and Identity and Access Management (IAM) Resilience becomes paramount.
Why We'll Have AGI by 2025-2028 - Daniel Miessler talks about why he believes we will have Artificial General Intelligence (AGI) much sooner than many people think and what it may mean.
The Importance of Key Rotation - Olivia Gallucci talks about how key rotation enhances the security of application programming interfaces (APIs)—emphasizing the necessity of key rotation alongside the conventional practice of identifying and deleting leaked secret keys—to mitigate security risks and ensure the long-term integrity of digital systems.

_{*Sponsored content and/or affiliate link.}

📆 Events

VantaCon - San Franciso, CA on December 5th, 2023 - See the future of trust in an AI world at Vanta’s annual user conference - use code VC23100 for early bird pricing

🧪 Labs

It’s Harry Potter DNS outage szn

— ᴉpᴉǝH 🐐💕 (@summer__heidi)
Nov 8, 2023

How was this week's newsletter?

Join the conversation

or to participate.