Return on Security
Posts
💰 Security, Funded #134 - 🌟 A Week of Cyber Wonders: Investments & M&A Surge!

💰 Security, Funded #134 - 🌟 A Week of Cyber Wonders: Investments & M&A Surge!

Insights for the week of March 4, 2024

Mike Privette
March 11, 2024 • Reading Time: 14 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Subsalt.

Note: Corrections were made to the data after the initial publishing of the newsletter. I incorrectly tagged Coalition and SimSpace as having raised rounds last week, but that was not correct Thanks to everyone who sent me a message about it. 🤝

Hey there,

Happy Monday, and I hope you had a great weekend! In this issue, we’ve got:

🏀 Triple Threat
🙌 We Are So Back (or are we?)
🌏️ Funding From All Over The World

Wow, we haven’t seen a week of investments and M&A activity like last week in a long time in the cyber industry! Last week’s events, as you’ll see below, used to be an average week in the industry but are now few and very far between.

Giphy - This is how long it’s felt since the peaks of cyber in 2021 and 2022.

Also, the firsts just keep on happening here. This week’s issue has not one, not two, but three (3!) appearances of companies I’ve personally invested in across the newsletter. We’ve got one at the sponsor, one raising another round of funding, and one being acquired for a triple-threat full-court press! March Madness has truly arrived. 🏀

This has never happened before in one issue, and I bring all of this up to be open, as some of the guiding principles of Return on Security is being transparent and data-driven.

Onward to this week's issue.

_{Submit a deal for the newsletter here:}_{[email protected]}

_Sponsor_or_Upgrade

Vibe Check
Market Summary
YoY Snapshot
Earnings Reports
Funding By Product Category
Funding By Company
Funding by Country
Mergers & Acquisitions
Great Reads
Labs
About Return on Security
Data Methodology and Sources

😎 Vibe Check

Which area of security stands to gain the most from using AI?

Tell me your thoughts!

Last issue’s vibe check:
How do you think the usage of AI will affect Insider Threats?
🟨🟨🟨🟨⬜️⬜️ 🤷‍♂️ It won't be as bad (14)
🟩🟩🟩🟩🟩🟩 😑 It won't really change that much (19)
🟨🟨🟨⬜️⬜️⬜️ 😱 It will get worse (12)
45 Votes

The only thing that seems consistent when it comes to AI and insider security threats is sensationalized hype. Yes there are plenty of things to worry about when it comes to AI and security, but considering just how far behind most companies are with doing the basic blocking and tackling for the cyber program, this really isn’t a concern for most practitioners. Just add it to the laundry list of other mid-level concerning things to look into.

The top comment I liked this week:

“External threats and mundane issues like configuration & vulnerability management are far higher priorities than insiders for almost any org. I don't see AI changing that, in any way.”

💰 Market Summary

16 companies raised $581.1M across 14 unique product categories in 9 countries
7 companies were acquired or had a merger event across 6 unique product categories
~81.5% of funding went to product cybersecurity businesses
1 public company had an earnings call

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

As this is a new year, this chart will be building over the next 12 weeks and then roll forward.

What a week for funding announcements (we are so back)! Last week was not only the largest week in funding dollars since the start of 2024, but it was also the largest week in terms of total transactions. This week was ~151% higher than the same time last year, and the last time we saw a number higher than this was back in August 2023, when Akamai raised over $1B.

Not to be outdone, M&A also had a strong week with some high-profile acquisitions and high volume. 2024 continues on its strong track record of M&A and take-privates.

🤙 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

See the tracker I published here. It shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

CrowdStrike ($CRWD)

CrowdStrike crushed it with its Q4 2023 earnings report. Net new ARR grew 27% year over year to $282 million, and the operating margin increased significantly to 25%.
Much of the success came from increased growth in next-gen SIEM and Identity offerings, driven by an increase of identity-centric breaches against, well… pretty much everyone.
CrowdStrike, never one to waste a good crisis, took every chance to pounce on perceived weakness in its competitor, Pal Alto. CrowdStrike likened Palo Alto’s strategy to McAfee, which had a disjointed and sometimes haphazard approach to M&A, and CrowdStrike said the word “platform” 77 times on the call.
CrowdStrike also announced a strategic acquisition in data protection: the acquisition of Flow Security, a DSPM player (see below). As the year goes on, look for CrowdStrike to continue building on the data and identity layers.

_Sponsor_or_Upgrade

🧩 Funding By Product Category

$233.0M for Attack Surface Management (ASM) across 2 deals
$100.0M for Operational Technology (OT) Security across 1 deal
$73.0M for Data Protection across 1 deal
$50.0M for Insider Threat across 1 deal
$39.4M for Managed Security Services Provider (MSSP) across 1 deal
$27.0M for Identity Verification across 1 deal
$22.5M for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal
$20.0M for Security Operations across 1 deal
$4.0M for Blockchain Security across 1 deal
$3.8M for Hardware Security across 1 deal
$3.4M for Autonomous Product Security Engineering (APSE) across 1 deal
$3.0M for Trust & Safety across 1 deal
$1.4M for Professional Services across 2 deals
$641.4K for Mobile Device Security across 1 deal

🏢 Funding By Company

Axonius, a United States-based attack surface management (ASM) platform, raised a $200.0M Series E from Accel and Lightspeed Venture Partners. (more)
Claroty, a United States-based operational technology (OT) security platform, raised a $100.0M Private Equity Round from AB Private Credit Investors. (more)
Zama, a France-based data protection platform focused on homomorphic encryption, raised a $73.0M Series A from Multicoin Capital and Protocol Labs. (more)
Dtex Systems, a United States-based insider threat and risk management platform, raised a $50.0M Series E from CapitalG. (more)
Eye Security, a Netherlands-based managed security services provider (MSSP), raised a $39.4M Series B from JP Morgan Chase. (more)
Sweet Security, an Israel-based cloud runtime attack surface management (ASM) platform, raised a $33.0M Series A from Evolution Equity Partners. (more)
IDfy, an India-based customer identity verification platform, raised a $27.0M Venture Round from Elev8 Venture Partners. (more)
Cayosoft, a United States-based disaster recovery and business continuity service for Active Directory platforms, raised a $22.5M Private Equity Round from Centana Growth Partners. (more)
Reach Security, a United States-based security operations AI copilot platform, raised a $20.0M Series A from Ballistic Ventures. (more)
GoPlus Security, a Singapore-based blockchain security platform, raised a $4.0M Venture Round. (more)
Crypto4A, a Canada-based quantum-resistant hardware security module platform, raised a $3.8M Non-Equity Assistance from FedDev. (more)
Nullify^† , an Australia-based autonomous product security engineering (APSE) platform, raised a $3.4M Seed from Two Sigma Ventures and Root Ventures. (more)
PeakMetrics, a United States-based trust and safety platform aimed at combatting misinformation and disinformation, raised a $3.0M Seed from York IE. (more)
CyberQ Group, a United Kingdom-based professional services firm focusing on optimizing security analytics platforms, raised a $1.3M Venture Round from the Midlands Engine Investment Fund. (more)
Nuke From Orbit, a United Kingdom-based mobile device security platform, raised a $641.4K Pre-Seed from angel investors. (more)
HackBook, a United States-based professional services firm focused on Industrial IoT (IIoT) and operational technology (OT) security services, raised a $150.0K Pre-Seed.

^† I invested in this company.

🌎 Funding By Country

$395.7M for the United States across 7 deals
$73.0M for France across 1 deal
$39.4M for the Netherlands across 1 deal
$33.0M for Israel across 1 deal
$27.0M for India across 1 deal
$4.0M for Singapore across 1 deal
$3.8M for Canada across 1 deal
$3.4M for Australia across 1 deal
$1.9M for the United Kingdom across 2 deals

🤝 Mergers & Acquisitions

Bearer^†, a United States-based static code analysis platform that focuses on sensitive data risks in code, was acquired by Cycode for an undisclosed amount. (more)
Cyber Defense International, a United States-based professional services firm focused on threat intelligence and vulnerability management, was acquired by American Technology Services for an undisclosed amount. (more)
Flow Security, an Israel-based data security platform that categorizes and protects data-in-motion, was acquired by CrowdStrike for an undisclosed amount. (more)
Moot, a United States-based professional services firm focused on cybersecurity and automation, was acquired by SHI International for an undisclosed amount. (more)
ReachFive, a France-based identity and access management (IAM) platform, was acquired by Purse for an undisclosed amount. (more)
StackPath, a United States-based web application and API security platform, was acquired by Gcore for an undisclosed amount. (more)
Vade Secure, a France-based email security platform, was acquired by Hornetsecurity for an undisclosed amount. (more)

^† I invested in this company.

📚 Great Reads

The Shifting Landscape of Application Security - Discussing the evolution of Application Security, highlighting the industry's history, responses to new attack types, and the emergence of new security companies in this space.
The Untapped Power of Privacy in Cybersecurity - Learn why integrating privacy controls into your security strategy is not just beneficial but essential for safeguarding sensitive data. From dissecting historical barriers to unveiling cutting-edge privacy tools like data minimization and anonymization to fortify your data against insider threats. ^*†
Cybersecurity Market Update: February 2024 Insights & Trends - Dive into February 2024's cybersecurity market trends, cybersecurity investments, major acquisitions, and global insights.
Pushing Innovation with Apology Budgets - Andy Ellis discusses the concept of "apology budgets" to encourage risk-taking and innovation within cybersecurity teams and garner the support of your partner teams.

_{*A message from our sponsor.}
† I invested in this company.

🧪 Labs

Product Management is my passion.

i love jira
i love confluence
i love atlassian products
— terminally onλine εngineer 🇺🇦 (@tekbog)
Feb 16, 2024

How was this week's newsletter?

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. Our goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the backstory here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to tip your hat to Return on Security when you do.

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.
Sometimes, the details about deals, like who's in, how much they're giving, or the deal stage, might get updated after we first share the news.
If you spot any errors, just give us a shout, and we'll sort them out.

Join the conversation

or to participate.