Return on Security
Posts
💰 Security, Funded #138 - Total Eclipse of the IPO Spark 🌝

💰 Security, Funded #138 - Total Eclipse of the IPO Spark 🌝

Insights for the week of April 1, 2024

Mike Privette
April 08, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Prowler and Subsalt.

Hey there,

I hope you had a great weekend!

There will be a total solar eclipse visible across North America today, but not even an eclipse can cast a shadow on the uncorked cyber IPO market. In what was not an April Fool’s joke, Rubrik filed for IPO last week, marking the potential first cyber IPO of 2024.

“Our business is indexed to business data growth. Our customers’ need for our solutions grows in lockstep with their business data growth and their need for additional data security capabilities.”
_{-- Rubrik S1 filing}

The growth of data and the growth of security needs have long been tightly correlated in business. In the last 18 months since AI has become accessible to everyday consumers and businesses alike, the pedal has been put to the proverbial metal.

Right now with the explosion of Generative AI and LLM applications, all businesses are experiencing an exponential growth of their business data. What became a truism in the early 2010s that "every business is a tech business" has a new framing:

Every business is now an AI business.

It's good news for the cyber industry, as you cannot have "AI" without "AI Security."

Onward to this week's issue.

_{Submit a deal here:}_{[email protected]}

_Sponsor_or_Upgrade

😎 Vibe Check
Market Summary
📸 YoY Snapshot
🤙 Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
Great Reads
🧪 Labs

😎 Vibe Check

How much time are you spending educating your executive team on AI and Security?

Last issue’s vibe check:
What is your security program's top priority going into Q2?
🟩🟩🟩🟩🟩🟩 👩🏽‍💻 AppSec (16)
🟨🟨⬜️⬜️⬜️⬜️ 🤖 AI Security (7)
🟨🟨🟨🟨⬜️⬜️ 🌩️ Cloud Security (11)
🟨🟨🟨⬜️⬜️⬜️ 3️⃣ Third-Party Risk (8)
🟨⬜️⬜️⬜️⬜️⬜️ 👩🏻‍🔧 Patch All The Things (3)
45 Votes

Interesting! Despite what the media and click-bait articles might tell you, most practitioners do not have AI Security as their current top priority. Obviously, “AI Security” is a broad option, but it is still surprising to see, given all the hype. Application Security and Cloud Security dominate still, and AI and the security thereof will be “baked in” to those other large buckets. Not to mention third-party risk continuing to move up on the risk radar.

Some of the top comments from last week were:

“There's no escaping the increase in cloud and SaaS adoption, coupled with the complex web of interconnected APIs.”

“You can never patch everything, therefore, it would be more cost efficient to keep an eye on third party apps and services. Third parties will influence appsec, AI security, and cloud security.”

💰 Market Summary

10 companies raised $58.9M across 8 unique product categories in 3 countries
4 companies were acquired or had a merger event across 4 unique product categories
90% of funding went to product-based cybersecurity businesses
No notable public cyber companies had an earnings call

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

The first week of April and Q2 came in quiet as a mouse compared to last year, being down ~82% from this time last year. This is likely just a timing thing on when rounds are announced, and I fully expect the momentum from Q1 to show into Q2.

On the M&A front, we’re still moving at a healthy clip relative to last year. Likewise, I expect Q1 momentum to show up in full force for Q2.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies. This section is Powered by Quartr.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: No notable earnings calls.

_{TOGETHER WITH}

Transform Your AWS Security Landscape with Prowler SaaS

Unlock unparalleled visibility and control over your AWS security posture with Prowler SaaS. Our platform goes beyond traditional security measures to provide:

In-depth Analysis: Dive deep into your AWS environment to uncover and prioritize vulnerabilities with precision.
Actionable Intelligence: Equip your team with the insights needed to fortify your cloud infrastructure against the latest threats.
Effortless Compliance: Navigate the complexities of compliance with our automated tools, ensuring your AWS resources meet industry standards.

Join the ranks of organizations that trust Prowler for comprehensive cloud security. Experience the difference with a free trial and take the first step towards a more secure and resilient AWS environment.

_Sponsor_or_Upgrade

🧩 Funding By Product Category

$19.4M for Identity and Access Management (IAM) across 2 deals
$10.0M for Security and Compliance Automation across 1 deal
$10.0M for Anti-Phishing across 1 deal
$8.0M for Confidential Computing across 1 deal
$6.3M for Artificial Intelligence (AI) Security across 2 deals
$4.0M for Managed Security Services Provider (MSSP) across 1 deal
$1.3M for Identity Threat Detection and Response (ITDR) across 1 deal
An undisclosed amount for Fraud and Financial Crime Protection across 1 deal

🏢 Funding By Company

Permiso Security, a United States-based identity and access runtime visibility platform for the cloud, raised a $18.5M Series A from Altimeter Capital and Point72 Ventures. (more)
Allure Security Technology, a United States-based anti-phishing solution, raised a $10.0M Series A from Curql. (more)
Scrut Automation, a United States-based security and compliance automation platform, raised a $10.0M Private Equity Round from Lightspeed Venture Partners, MassMutual Ventures, and Endiya Partners. (more)
HUB Security, an Israel-based confidential computing platform, raised a $8.0M post-IPO debt round. (more)
TrojAI, a United States-based platform for protecting artificial intelligence (AI) applications, raised a $5.8M Seed from Flying Fish Partners. (more)
Ostra Cybersecurity, a United States-based managed security services provider (MSSP), raised a $4.0M Series A from Rally Ventures. (more)
Arch0, a United States-based identity threat detection and response (ITDR) platform, raised a $1.3M Pre-Seed from Leo Capital. (more)
Plurilock, a Canada-based identity and access management (IAM) platform using biometrics and machine learning, raised a $900.0K post-IPO debt round. (more)
PromptArmor, a United States-based threat detection platform for GenAI and LLM applications, raised a $500.0K Pre-Seed from Y Combinator.
CertifID, a United States-based wire fraud protection and recovery service, raised an undisclosed Private Equity Round from CIBC Innovation Banking. (more)

🌎 Funding By Country

$50.0M for the United States across 8 deals
$8.0M for Israel across 1 deal
$900.0K for Canada across 1 deal

🤝 Mergers & Acquisitions

CIP Cyber, a United States-based cybersecurity training and education platform focused on OT/ICS security, was acquired by OPSWAT for an undisclosed amount. (more)
Longbow, a United States-based threat and risk prioritization platform, was acquired by Veracode for an undisclosed amount. (more)
Protega, a Brazil-based managed security services provider (MSSP), was acquired by Stefanini for an undisclosed amount. (more)
Q1 Group, an Australia-based professional services firm focused on cloud security and incident response, was acquired by Seisma Group for an undisclosed amount. (more)

📚 Great Reads

Efficient Security Principle (ESP) - Daniel Miessler shares a way of explaining why security's baseline is so low in places and why it's so hard to raise.
Rubrik IPO: S1 Breakdown - CJ Gustafson does the best breakdown of the Rubrick S1 filing for going public.
*The Anonymization Paradox: When Data Privacy Fails - a look at high-profile failures of data anonymization and the evolving strategies on advancements in data privacy and security practices.
Lucky vs. Repeatable - In business and investing, you want to learn the big lessons about why things behave the way they do without assuming the past is a direct guide to the future because it’s not.

_{*A message from our sponsor.}

🧪 Labs

Ba-da-ba-da-ba-be bop bop oh no! 😵

— Lina (@d0rkph0enix)
Apr 3, 2024

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after we first publish the issue.
If you spot any errors, let us know, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.