💰 Security, Funded #82 - Selling SASE, Funding About Face, and Emails About Security Vendors

Hey there,

I hope you had a great weekend!

In this week's issue:

• Selling SASE

• Funding About Face

• Emails About Security Vendors

JPMorgan will restrict employees from using ChatGPT (good luck with that), China doesn’t want any tech with ChatGPT in their country (they will have better luck), January inflation in the US rose more than expected, Dish Network is down so bad with their latest breach that employees might not get paid, earnings report from Palo Alto, emailing email security vendors about security vendors, and the US Supreme Court declined to hear a case about NSA mass surveillance programs.

Earnings Report

Last week was a week that many folks have been waiting for with Palo Alto announces its earnings report. Palo Alto is arguably the heavyweight champ in the public cybersecurity company world, and it carries a lot of momentum for investing in this space.

• Palo Alto Networks (PANW) - beat its revenue earnings estimate with strong demand for SASE products citing a single $40.0M SASE deal in the last quarter alone, and over $1.0B in SASE deals over the last six quarters. Increased customer demands for zero-trust architectures also propelled growth, as well as PANW’s ability to consolidate vendors and offer a lower total cost of ownership (TCO).

The current macro themes in the cybersecurity industry I’ve called out over the past few issues continue to be reinforced through these earnings calls.

Cost saving and simplification reign supreme for customers.

That may even mean that customers are willing to spend more now to save more later if it helps them simplify their stack and the operational burden of running the program.

What is not being said, is that while spending for cybersecurity tools and platforms seems to be only marginally affected by the macroeconomic headwinds, there is so much more to running cybersecurity programs than just buying tools. 😱

That’s a shocker I know (somewhere right now VCs and founders alike are shedding small tears 🥲), but there are more actual costs and opportunity costs to contend with when running a security program aside from tool spend. That’s why these earnings reports need to be looked at through an operational filter to give them a fair shake and why I feel it’s important to share.

In other news, last week I learned that apparently, a few email security vendors have been regularly blocking my emails… about security vendors. 🤦🏽‍♂️

I’m looking at you Check Point, Proofpoint, and Barracuda.

There are probably others I don’t know about yet. My current hunch is that it may have something to do with the sheer number of links I have per issue. If you talk to your email security admin today, tell them to help ya boy out and smash that allowlist button for my domain. 🆗

If anyone knows someone who can put me in touch with some product or support folks to troubleshoot at these companies, I would greatly appreciate it! 🙏🏽

Onward to this week's issue.

🗣Sponsor

Lacework: Security for DevOps, Container, and Cloud

Lacework is data-driven cloud security

Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environmentsSchedule a meeting to start your cloud security journey today!

🛞 Industry News Roundup

• CISA Urges Increased Vigilance One Year After Russia's Invasion of Ukraine (more)

• TikTok Banned From European Commission Phones Over Cybersecurity (more)

• Cybersecurity Label for Consumer IoT Devices Coming Soon to the US (more)

📅 YTD Funding 🆕

In this section, I'll be showing a running total and evolving series of charts for the year-to-date (YTD) funding and by the week or month of the year.

Funding took an about-face this week and came in significantly lower than last week. My guess is that this is just an off week on timing and nothing more. I expect to see some big numbers popping up soon.

💰 Weekly Funding Summary

• 17 companies raised $101.2M across 14 unique product categories

• 2 companies were acquired or had a merger event across 2 unique product categories

🧩 Funding By Product Category

• $27.2M for Distributed Ledger Technology (DLT) Security

• $20.0M for Data Security Posture Management (DSPM)

• $15.4M for Managed Security Services Provider (MSSP)

• $15.0M for Identity Governance & Administration (IGA)

• $9.8M for Email Security

• $7.5M for Continuous Compliance

• $3.8M for Hardware Security

• $2.2M for Internet Security

• $200.0K for Cybersecurity Education & Training

• $75.0K for Software Supply Chain Security

• $34.2K for Data Privacy

• $10.0K for Blockchain Security

• An undisclosed amount for Identity and Access Management (IAM)

• An undisclosed amount for Artificial Intelligence (AI) Security

🏢 Funding By Company

• Chaos Labs, a United States-based risk management and security platform for distributed ledger technology (DLT) protocols, raised a $20.0M Seed from Galaxy Venture Capitaland PayPal Ventures. (more)

• Metomic, a United Kingdom-based data security posture management (DSPM), raised a $20.0M Series A from Evolution Equity Partners. (more)

• CyberSmart, a United Kingdom-based managed security services provider (MSSP), raised a $15.4M Series B from Oxx. (more)

• Entitle, a United States-based identity governance and administration (IGA) platform, raised a $15.0M Seed from Glilot Capital Partners. (more)

• Sublime Security, a United States-based email security platform, raised a $9.8M Seed from Decibel Partners. (more)

• Scrut Automation, an India-based continuous compliance platform, raised a $7.5M Seed fromMassMutual Ventures. (more)

• KEKKAI, a Japan-based risk management platform for cryptocurrency transactions, raised a $7.2M Pre-Seed from Skyland Ventures.

• Radical Semiconductor, a United States-based hardware security platform for credit card chips, raised a $3.8M Venture Round.

• SafeToNet, a United Kingdom-based B2C secure web filtering platform, raised a $2.2M Grant from the European Commission.

• CTFGuide, a United States-based cybersecurity education platform, raised a $200.0K Grant from Google Cloud.

• Karambit.AI, a United States-based software supply chain security platform, raised a $75.0K Grant from Virginia Innovation Partnership Corporation. (more)

• 6pillars.io, an Australia-based continuous compliance platform for AWS, raised a $34.2K Pre-Seed from CyRise. (more)

• Onqlave, an Australia-based data privacy API for applications processing sensitive data, raised a $34.2K Pre-Seed from CyRise. (more)

• UNSNARL, an India-based smart contract auditing platform, raised a $10.0K Grant from Antler India.

• Evidian, a France-based suite of identity and access management (IAM) tools, raised an undisclosed Private Equity Round from Airbus Ventures. (more)

• SmartLockr, a Netherlands-based email security platform, raised an undisclosed Series A from Round2 Capital Partners. (more)

• TrojAI, a Canada-based artificial intelligence (AI) platform to help protect against cyber attacks, raised an undisclosed Grant from Google for Startups Accelerator Canada.

🌎 Funding By Country

• $48.9M for United States 🇺🇸

• $37.5M for United Kingdom 🇬🇧

• $7.5M for India 🇮🇳

• $7.2M for Japan 🇯🇵

• $68.3K for Australia 🇦🇺

• An undisclosed amount for The Netherlands 🇳🇱

• An undisclosed amount for France 🇫🇷

• An undisclosed amount for Canada 🇨🇦

🤝 Mergers & Acquisitions

• Anlyz, a United States-based security orchestration and automated response (SOAR) platform, was acquired by Trend Micro for an undisclosed amount. (more)

• Valtix, a United States-based cloud security platform, was acquired by Cisco for an undisclosed amount. (more)

📚 Great Reads

• Forthcoming SEC rules to change how corporate boards treat cybersecurity - The SEC’s proposal would require public companies to openly report serious cyberattacks, as well as explain who on their boards is responsible.

• NIST Artificial Intelligence Risk Management Framework (PDF) - I’ve been saying for a while now, especially with the recent introduction of generally available Large Language Models (LLMs) and AI prompts, that AI and cybersecurity are on a collision course more than ever now. Apparently, NIST and others agree. Here is a resource to help organizations manage the many risks of AI and promote trustworthy and responsible development and use of AI systems.

• Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content - Cybercriminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT´s barriers and limitations.

🐝 Cross Pollinate

Discover something 🆕 this week.

This newsletter combines current events, philosophy, technology, and security tools all into one from one of the OGs of the security industry (and a friend and mentor!)

Unsupervised Learning from Daniel Miessler - a newsletter finding the patterns in security, tech, and society in 10 minutes or less each week.

🗣Sponsor

Advancing in the Cyber Workforce

Cybersecurity professionals spend so much of their time defending, but not always enough time advancing their own careers. This short, 55-minute video course and field guide changes that.

Stop your career lateral movement.

🧪 Labs

You hate to see it 😭

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🤝 Interesting in a sponsor partnership with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.