💰 Security, Funded #77 - Funding Is Down, Thoma Bravo's Still Got It, and Threat and Risk Prioritization

Hey there,

I hope you had a great weekend!

In this week's issue:

• Funding Is Down

• Thoma Bravo's Still Got It

• Threat and Risk Prioritization

Thoma Bravo is at it again buying more cybersecurity companies, T-Mobile got hacked (yet again), the UK Royal Mail suffered a cyber attack, overall funding activity continues to be down, and more than 55K tech workers have been laid off this year (2023!) alone.

While overall funding volume is down, particularly in the US these past few weeks, Thoma Bravo's still got it with Yet Another Private Equity Leveraged Buyout (YAPELB™️) of a cybersecurity firm (details below).

The year of private equity has begun, and many believe that we will see even more strategic cybersecurity rollups and consolidations from the mountain of capital sitting behind the PE giants like Thoma Bravo.

Every time Thoma Bravo makes a cybersecurity acquisition I am inclined to repost this Tweet:

Video source for context: Living Dead Girl by Rob Zombie

Who here can help me get this retweeted by @thomabravo account on Twitter? 🧐

Also, shoutout to my friends over at RankedRight who got acquired this past week (details below)! These guys were very early supporters of Return On Security even before the Security, Funded newsletter started and that early support meant the world to me! I'm "absolutely chuffed" (as they say) that they made an exit. 👏

It's rare these days in cybersecurity that you see a company solving an old problem in a unique way, but that is exactly what I saw with RankedRight. For the folks following along at home, I called out that platforms that help you have a more "threat-informed" and effort-to-value approach to your cybersecurity program would be important in 2023. I think this is just one example of many for this evolving space.

Onward to this week's issue.

🗣️ Sponsor

ISO 27001:2022 — What’s changed, and what it means for your businessWhether you have ISO 27001 and want to learn more about these updates, or are pursuing ISO for the first time, this webinar is for you.ISO 27001. It’s the international gold standard for information security management. It proves the strength of your security posture to prospects and customers in global markets. In late 2022, ISO 27001 rolled out changes to the Annex A controls, minor updates to the clause language, modernized controls, as well as 12 new controls. Join the webinar on Feb 1 with security experts from Vanta and Insight Assurance to dive into these changes and what they mean for your businessRegister to save your spot

📊 Industry News

• Amazon S3 Encrypts New Objects By Default (more)

• More than 55,000 tech workers have been laid off this year alone. (more)

• UK Royal Mail Suffers a Cyber Attack (more)

💰 Funding Summary

• 7 companies raised $49.7M across 7 unique productcategories

• 8 companies were acquired or had a merger event across 7 unique product categories for $1.3B

🧩 Funding by Product Category

• $17.0M for Fraud and Financial Crime Protection

• $15.0M for Professional Services

• $10.5M for Secure Access Service Edge (SASE)

• $5.0M for Business Continuity / Disaster Recovery

• $2.2M for Application Security Testing (AST)

• An undisclosed amount for Secure Networking

• An undisclosed amount for Secure Infrastructure

🏢 Funding By Company

• NsKnox, an Israel-based fraud protection platform for B2B transactions, raised a $17.0M Series B from Link Ventures. (more)

• Blackpanda, a Singapore-based professional services firm focused on Digital Forensics and Incident Response (DFIR), raised a $15.0M Series A from Primavera Capital Group. (more)

• Hypori, a United States-based secure remote access platform for Android mobile devices, raised a $10.5M Series B from Hale Capital. (more)

• AccSenSe, an Israel-based disaster recovery and business continuity service for your identity and access management (IAM) platforms, raised a $5.0M Seed from Joule Ventures. (more)

• Aikido Security, a Belgium-based application security testing platform, raised a $2.2M Pre-Seed. (more)

• Nucleus, a United States-based secure composable infrastructure building blocks for microservices platform, raised an undisclosed Pre-Seed from Lombardstreet Ventures, Soma Capital, and Y Combinator. (more)

• Zhongke Zhiyun, a China-based secure infrastructure and networking company, raised an undisclosed Seed from ZSVC.

🌎 Funding By Country

• $22.0M for Israel 🇮🇱

• $15.0M for Singapore 🇸🇬

• $10.5M for United States 🇺🇸

• $2.2M for Belgium 🇧🇪

• An undisclosed amount for China 🇨🇳

🤝 Mergers & Acquisitions

• Magnet Forensics, a Canada-based digital forensics and incident response (DFIR) platform, was acquired by Thoma Bravo for $1.3B. (more)

• Gotham Security, a United States-based professional services company focused on threat intelligence and penetration testing, was acquired by Abacus Group for an undisclosed amount. (more)

• GoVanguard, a United States-based managed security services provider (MSSP) and parent company of Gotham Security, was acquired by Abacus Group for an undisclosed amount. (more)

• Immue, an Israel-based bot detection platform, was acquired by Forter for an undisclosed amount. (more)

• Passwordless.dev, a United States-based passwordless authentication platform, was acquired by Bitwarden for an undisclosed amount. (more)

• RankedRight, a United Kingdom-based threat and vulnerability prioritization platform, was acquired by Lansweeper for an undisclosed amount. (more)

• Trum & Associates, a United States-based professional services firm focused on data loss prevention strategies, was acquired by ProArch for an undisclosed amount. (more)

• Trustpage, a United States-based platform that lets companies share the maturity of their security programs, was acquired by Vanta for an undisclosed amount. (more)

Don't forget, if you've been following along for a while, I've spun off the jobs section that was previously in this newsletter and made it a separate newsletter that you can find here:

📚 Great Reads

• A retrospective on public cloud breaches of 2022 - Rami McCarthy and Houston Hopkins look back on the cloud data breaches that were publicly disclosed in 2022, specifically focusing on breaches of companies using large cloud providers like AWS, Azure, and Google Cloud.

• Cyber Insurance Themes to Look Out for in 2023 - The dawn of a New Year provides a great opportunity to pause and consider where the cyber insurance industry is heading in 2023.

• Understanding Why Israel Produces So Many Cybersecurity Companies - Nowhere is the entrepreneurial spirit better demonstrated than in the quantity and quality of contemporary cybersecurity firms that have come from Israel.

🗣️ Sponsor

More Data for Engineers, Less Risk for CISOsAre your engineering teams using Prod data in Dev+Test?Privacy Dynamics makes it easy to create PII-free copies of Prod data, making it readily available for development, testing, analytics, machine learning, and more, while eliminating security and compliance risks. Explore the benefits of de-identified data with Privacy Dynamics by getting started today with a free account, or scheduling time with us to learn more.Schedule a Demo

🧪 Labs

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🤝 Interesting in a sponsor partnership with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.