- Return on Security
- Posts
- 💰 Security, Funded #140 - Cyber Consolidation Chaos
💰 Security, Funded #140 - Cyber Consolidation Chaos
Insights for the week of April 15, 2024
Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Subsalt, Anvilogic, and MineOS.
Hey there,
I hope you had a great weekend! Last week was exciting, with many interesting transactions and a busy week on the cyber events front. Cyber conference season and all that it entails is upon us.
Remember last week when I told people to cool it with comparing past ZIRP valuations with present-day realities? The Lacework potentially being sold for 2% of its valuation to a competitor story is the most egregious example of this. The one-stop cloud security platform is one place in the industry where consolidation can happen in a fast and furious manner.
Also, a shoutout to Josh Nauta from Nauta Capital and Ollie Bone from Evolution Equity Partners for inviting me and pulling this crew together for a great event in London!
And finally, a shoutout to one of today’s sponsors, Anvilogic, for also being IN the newsletters for raising their latest round! 👏
Onward to this week's issue.
Submit a deal here: [email protected]
TOGETHER WITH
Subsalt: The Query Engine for Regulated Data
Live Webinar on May 2nd: The Frontlines of Data Privacy and Security
Join David Epperson, former CISO for the Cybersecurity and Infrastructure Security Agency and current CISO at H2O.ai, along with Ben Winokur, CEO of Subsalt, for a live webinar on Thursday, May 2nd, at 12 PM ET as they discuss the convergence of data privacy and cybersecurity in an AI-driven world.
You will hear more about:
The untapped power of privacy in cybersecurity
The critical role of anonymization in data security
How CISOs can best prepare their organizations to operate in this new paradigm.
Table of Contents
😎 Vibe Check
Do you think we have seen the bottom of down rounds, valuations, and cheap M&A in cyber yet?Tell me why! |
Last issue’s vibe check:
What area of security feels more important than ever right now?
🟨🟨🟨🟨⬜️⬜️ 📀 Data Protection (13)
🟩🟩🟩🟩🟩🟩 🖥️ Application Security (18)
🟨⬜️⬜️⬜️⬜️⬜️ 🤐 Data Privacy (4)
🟨🟨⬜️⬜️⬜️⬜️ ⛈️ Cloud Security (8)
🟨🟨🟨🟨⬜️⬜️ 🆔 IAM (13)
🟨⬜️⬜️⬜️⬜️⬜️ 3️⃣ Third-Party Security (5)
61 Votes
Last week’s vibe check shows that AppSec is top of mind these days, with a two-way tie between data protection and IAM. This probably isn’t a surprise to anyone, but it’s always interesting to see the data in front of us. Most interesting to me is actually what people didn’t vote for with Data Privacy. A large language model says ‘what’? 👀
Some of the top comments last week were:
“IAM issues are overrepresented in most breaches - stolen, leaked, or weak passwords; session/cookie theft; over-provisioned accounts. There's no immediate end in sight given the sprawl.”
“Third-party security is a very close second, especially the application security programs of our firewall vendors and other forward-facing security tooling. A long time ago, Ivan Arce said Security Software is not the same as Secure Software, and that is really becoming apparent now.”
💰 Market Summary
8 companies raised $104.9M across 8 unique product categories in 3 countries
5 companies were acquired or had a merger event across 5 unique product categories
88% of funding went to product-based cybersecurity companies
No notable public cyber companies had an earnings call
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
The last few weeks of funding have been more about announcement timings than anything else. That’s exactly why I like charts like this: they allow you to zoom out to see trends. Looking at just Q2 numbers, so far, we see a ~13% drop in funding and a ~26% drop in deal volume compared to last year. With conference season ramping up and two weeks left in April, I suspect these numbers will look a lot closer to last year’s.
On the M&A front, it’s the same story as with funding but with different data. The only real difference so far this year is that the transactions are for higher-profile companies reaching the end of ZIRP-itude™️.
🤙 Earnings Reports
Here are notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies. This section is Powered by Quartr.
See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.
Earnings reports this week: No notable earnings calls.
TOGETHER WITH
Anvilogic Closes $45M Series C to Enable Security Data Lakes in the SOC
The Industry’s First Multi-Data Platform SIEM
Data is the new oil for security operations, and monolithic SIEMs are expensive to scale, leaving security operations teams grappling with detection gaps and high costs.
Anvilogic decouples security analytics from logging platforms, allowing seamless adoption of scalable and cost-effective data lakes without the need to rip-and-replace your existing SIEM.
Detect, hunt, and investigate threats across the data platforms you choose.
🧩 Funding By Product Category
$45.0M for Security Analytics across 1 deal
$20.0M for Cybersecurity Program Management across 1 deal
$15.7M for API Security across 1 deal
$7.5M for Application Security across 1 deal
$6.5M for Security and Compliance Automation across 1 deal
$5.4M for Web Application and API Protection (WAAP) across 1 deal
$4.8M for Threat Intelligence across 1 deal
An undisclosed amount for Managed Detection and Response (MDR) across 1 deal
🏢 Funding By Company
Anvilogic, a United States-based security operations and analytics platform, raised a $45.0M Series C from Evolution Equity Partners. (more)
Cynomi, a United Kingdom-based virtual CISO (vCISO) platform that helps establish security programs and risk reduction strategies for mid-market companies, raised a $20.0M Series A from Canaan Partners. (more)
Vorlon, a United States-based third-party API security and monitoring platform, raised a $15.7M Series A from Accel. (more)
Miggo Security, an Israel-based application security detection and response platform, raised a $7.5M Seed from YL Ventures. (more)
BreachRx, a United States-based platform for managing the process of cyber incident response for organizations, raised a $6.5M Seed from SYN Ventures. (more)
NightVision, a United States-based web application and API protection platform, raised a $5.4M Seed from Danu Venture Group. (more)
VulnCheck, a United States-based threat intelligence platform for exploits, vulnerabilities, and initial access brokers, raised a $4.8M Seed from Sorenson Capital. (more)
Silversky, a United States-based managed detection and response (MDR) platform, raised an undisclosed Venture Round from SQN Venture Partners. (more)
🌎 Funding By Country
$77.4M for the United States across 6 deals
$20.0M for the United Kingdom across 1 deal
$7.5M for Israel across 1 deal
🤝 Mergers & Acquisitions
Silk Security, a United States-based threat and risk prioritization platform, was acquired by Armis Security for $150.0M. (more)
Airgap Networks, a United States-based secure remote access platform, was acquired by Zscaler for an undisclosed amount. (more)
Appranix, a United States-based cloud resiliency and ransomware recovery platform, was acquired by Commvault for an undisclosed amount. (more)
Entitle, a United States-based identity governance and administration (IGA) platform, was acquired by BeyondTrust for an undisclosed amount. (more)
Netreo, a United States-based security observability and monitoring platform, was acquired by BMC Software for an undisclosed amount. (more)
📚 Great Reads
Threat Wire: The Most Secure Networking Cable - For when you can't take any risks and need more physically secure network connections and data transfers.
*Intro to the American Privacy Rights Act - With data protection and security as important as ever to the public and government alike, here's a breakdown of what's inside the new proposed US federal privacy bill, how it would affect companies and individuals, and the chances the bill passes at all.
Cybersecurity Market Update: March 2024 Insights & Trends - Dive into March 2024's cybersecurity market trends, cybersecurity investments, major acquisitions, and global insights from Return on Security.
You can't teach someone to swim when they're drowning - This topic has come up quite a bit in conversations I've been having, and Chris Hughes makes the case for a Secure-by-Design paradigm shift.
*A message from our sponsor.
🧪 Labs
It’s called double encryption, sweaty, look it up. 🥴
#Ransomware
— Florian Roth (@cyb3rops)
Mar 8, 2023
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
If you spot any errors, let us know, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.
Join the conversation