- Return on Security
- Posts
- 💰 Security, Funded #86 - XDR Is Calling, SVB Finds A Buyer, and New Uses For Old Tech
💰 Security, Funded #86 - XDR Is Calling, SVB Finds A Buyer, and New Uses For Old Tech
Hey there,
Happy Monday, and I hope you had a great weekend!
In this week's issue:
XDR Is Calling
SVB Finds A Buyer
New Uses For Old Tech
The US and TikTok have a face-off, SVB finds a buyer, the US Fed and the ECB raised interest rates again, and the Co-Founder of Intel and inventor of “Moore’s Law”, industry legend Gordon Moore, dies at 94.
SVB finally finds a buyer in First Citizens Bank (FCB), based in Raleigh, North Carolina. Many people reading this may have never heard of FCB prior to buying SVB, but FCB is no stranger to acquisitions, having completed more than 20 FDIC-backed bank acquisitions since 2009.
FCB also holds a special place in my own heart. Many (many!) years ago, I got my first job as a security engineer there. I was only a few years into my career, having just been laid off from the last financial crisis in 2008, and I was given the chance to break into engineering. It was the first hands-on role I had in cybersecurity, and it created an unquenchable thirst to learn more about cybersecurity and always improve myself.
I credit my time there, and my experience living through multiple bank mergers, as a breakout period that helped tremendously accelerate my career. Without my time at FCB, I may not be where I am today.
Earnings Reports
Secureworks (SCWX) - beat its earnings estimate for Q4 2022 on the backs of the evolution of the XDR (eXtended Detection and Response) space. A specific focus was spent on replacing legacy SIEM deployments and catering to the MSP/MSSPs businesses.
XDR is now more than just another annoying cyber industry acronym. The cost of log collection, retention, normalization, and detection has dropped significantly.
At the same time, with the rise of detections as code, Detection Engineering as a discipline, security engineers starting to look more and more like software developers, and trust-driven security vendors, and the cost of threat detection has followed suit.
XDR is now making true what the SIEM promised 10+ years ago.
This doesn’t mean the SIEM is dead, however. XDR and SIEM deployments are a piece of the larger puzzle, and there is no one-size fits all model.
Don’t forget that with 3 referrals, you can get my Airtable base with a list of all the public cybersecurity companies mapped to categories, funding data, and market cap information, updated daily. Find your unique referral link below (email-only version)!
Onward to this week's issue.
🗣Sponsor
Lacework is data-driven cloud security
Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environmentsSchedule a meeting to start your cloud security journey today!
🛞 Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
Overall funding volume over the past few weeks has been on par year-over-year, which I think is a good sign. Of course, this year has seen a lot of uncertainty on the macro headwinds and banking industry instability, but this still shows that dry powder is, indeed, getting wet. 🌊
💰 Funding Summary
10 companies raised $89.6M across 9 unique product categories
5 companies were acquired or had a merger event across 4 unique product categories
🧩 Funding By Product Category
$37.1M for Identity and Access Management (IAM) across 2 deals
$15.0M for Passwordless Authentication across 1 deal
$8.0M for Identity Governance & Administration (IGA) across 1 deal
$8.0M for Application Security Testing (AST) across 1 deal
$7.5M for Data Protection across 1 deal
$6.0M for Cloud Security across 1 deal
$5.0M for Managed Security Services Provider (MSSP) across 1 deal
$2.0M for Internet of Things (IoT) Security across 1 deal
🏢 Funding By Company
Britive, a United States-based multi-cloud privileged access visibility and threat monitoring all in one platform, raised a $20.5M Series B from Pelion Venture Partners. (more)
Aembit, a United States-based identity and access workload management platform, raised a $16.6M Seed from Ballistic Ventures and Ten Eleven Ventures. (more)
Clerk, a United States-based no-code passwordless authentication and customer identity building blocks platform, raised a $15.0M Series A from Madrona. (more)
Backslash Security, an Israel-based application security testing and bug prioritization platform, raised an $8.0M Seed from D. E. Shaw & Co., First Rays Venture Partners, and StageOne Ventures. (more)
Oleria, a United States-based identity governance and administration (IGA) platform, raised an $8.0M Seed from Salesforce Ventures. (more)
Turnkey, a United States-based API platform for managing private keys in smart contract and cryptocurrency deployments, raised a $7.5M Seed from Coinbase Ventures. (more)
emma, a Luxembourg-based secure cloud deployment and management platform, raised a $6.0M Seed from RTP Global. (more)
Cerberus Sentinel, a United States-based managed compliance and cybersecurity services company, raised a $5.0M Post-IPO Debtround. (more)
OP[4], a United States-based Internet of Things (IoT) and embedded device security platform, raised a $2.0M Seed.
Guard Dog Solutions, a United States-based network security platform, raised a $1.0M Debt Financing round.
🌎 Funding By Country
$75.6M for United States 🇺🇸
$8.0M for Israel 🇮🇱
$6.0M for Luxembourg 🇱🇺
🤝 Mergers & Acquisitions
Baffin Bay Networks, a Sweden-based web application and API security platform (WAAP), was acquired by Mastercard for an undisclosed amount. (more)
Confluera, a United States-based extended detection and response (XDR) platform, was acquired by XM Cyber for an undisclosed amount. (more)
Lidera Network, a Spain-based managed security services provider (MSSP), was acquired by V-Valley for an undisclosed amount.
Liquid C2, an Egypt-based managed services provider (MSP), was acquired by Liquid Telecom for an undisclosed amount.
Slipstream Cyber Security, an Australia-based managed security services provider (MSSP), was acquired by Interactive for an undisclosed amount.
📚 Great Reads
AI Prompt Injection Threat Model - Using AI prompt injection to reveal that a person is attempting to use an AI prompt to interact with you on LinkedIn is just 👨🍳🤌
Lots of Cybersecurity Companies Are Going to Fail This Year - A hot take from Andrew Morris, CEO of GreyNoise, about how companies should get to a cash flow break-even, consider new strategies, and consider partnering with competitors.
The rise of the technical security leader - Frank Wang thinks we need to establish a foundational security strategy where security is integrated into the engineering process rather than an afterthought.
🐝 Cross Pollinate
Discover something 🆕 this week.
A newsletter that talks about the intersection of AI and cybersecurity, something very top of mind for security professionals today, from Craig Balding:
🗣Sponsor
Discover Bearer, an innovative, open-source SAST engine for lightning-fast security risk assessment, prioritization, and remediation. Seamlessly integrate with GitHub or GitLab, and effortlessly shift data security left.Bearer simplifies privacy reporting, generating detailed reports with information on processed sensitive data, associated risks, data subjects, and third-party services to support your privacy and compliance teams. By focusing on sensitive data flow analysis, Bearer helps protect your business from the rising threats of data leaks and breaches.Elevate your application security game and safeguard your sensitive data with Bearer
🧪 Labs
Improvise. Adapt. Overcome.
For those who say hardware 2FA tokens have no use today. pic.twitter.com/OnNdMUNOwh— Scott Bollinger (@kfalconspb) April 23, 2018
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.
Join the conversation