💰 Security, Funded #91 - YABF, RSAC Recap, and Valuation Down Bad

Hey there,

Happy Monday, and I hope you had a great weekend and an eventful RSA Conference Week for all those who attended!

In this week's issue:

• YABF

• RSAC Recap

• Valuation Down Bad

RSAC 2023 was a blast with over 40,000 people in attendance 🤯, the US economy grew at a slower rate than expected last quarter, Cybereason had quite the down round and cut their valuation by 90% (plus Softbank isn’t doing too hot either 👀), Q1 2023 earnings reports for public cyber companies are rolling in, and Yet Another Banking Failure (YABF)™️ over the weekend to continue chipping away at global banking stability.

RSA Vibes

RSA was officially back in full swing this year with 400+ registered vendors (likely 10-20% more on the fringes) and 40,000+ attendees. The expo floor did not disappoint with over-the-top booths, claims, and tactics to draw would-be buyers in.

Every vendor I spoke with was optimistic, hopeful, and focused on unseating competition, saying their solution was the best. Every investor I spoke with was looking for the next big thing, chasing hunches and missed deals from earlier in the year and cementing new relationships that could give them a future edge. Every practitioner I spoke with was curious and cautiously optimistic about the future of AI and cyber but still weary and jaded by the marketing spectacle that is RSA.

In short, everything was feeling back to normal. As Ed Sim said, “Steak dinners are back”:

It was a great time to connect with new people for the first time and reconnect with friends I hadn’t seen since the last RSA. One of the highlights for me, however, was being able to get together with this absolute unit of a brain trust of cybersecurity creators:

For anyone that I didn’t get the chance to connect with at RSA, I’m sorry I missed you but hope to catch you at a future conference this year or next.

Onward to this week's issue.

🗣Sponsor

Prevent Privacy Breaches Using Simulated Attacks

Using anonymized data for development and testing environments has become standard practice. Unfortunately, much of that data can still be identified using linkage attacks.

Research shows 87% of Americans can be uniquely identified using only their zip code, gender, and date of birth. As applications continue collecting detailed personal information from consumers, re-identification becomes even more likely.

With simulated attacks, Privacy Dynamics helps CISOs quickly and easily monitor re-identification risk across their organization.

Learn More

🔮 Earnings Reports 🆕

I’m making this into a separate section now where there are significant earnings reports, let me know what you think!

• Check Point ($CHKP) - beat Q4 earnings by 4% but still missed Q1 estimates leading to a dip in their stock.

• Tenable ($TENB) - beat its Q1 earnings estimate but fell short of its annual revenue forecast, and analysts gave the stock the business. Tenable cited the elongation of approvals for customer spend, challenges with new customer acquisition, and weakness in the North American financial sector for missed targets.

• Juniper Networks ($JNPR) - beat its Q1 2023 earnings estimates by 17% and claims that a push towards digital transformation and leveraging AI drove their growth.

The takeaway: digital transformation at companies, both large and small, is continuing to be a driver for enterprise sales for public cyber companies. The combination of a continued macroeconomic recession, more bank failures, the likelihood of continued rate hikes from the US Fed, the strong labor market driving wages higher (which the Fed is trying to quash), and the rapid development and rise of generative AI are all driving companies to leapfrog and transform their businesses faster. Expect this to be a pattern for the rest of the public cyber companies.

The companies who can come to the table to accelerate this for businesses by way of cyber? These are the ones that will continue to stand out.

🛞 Industry News Roundup

• Cybereason cuts valuation by more than 90%, loses unicorn status (more)

• The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed (more)

• First Republic Bank is taken over by FDIC (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

A sign of how much the world has changed since last year post-RSA, and we see an 89%+ drop in funding from last year. This might just be a deal timing issue, but there were noticeably fewer funding announcements during RSA this year than last year.

💰 Funding Summary

• 13 companies raised $44.6M across 12 unique product categories

• 3 companies were acquired or had a merger event across 3 unique product categories

🧩 Funding By Product Category

• $12.0M for Privileged Access Management (PAM) across 1 deal

• $8.0M for Internet of Things (IoT) Security across 1 deal

• $7.8M for Managed Security Services Provider (MSSP) across 2 deals

• $6.0M for Secure Remote Access across 1 deal

• $4.0M for Identity Governance & Administration (IGA) across 1 deal

• $3.2M for Continuous Threat Exposure Management (CTEM) across 1 deal

• $3.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

• $621.7K for Threat & Vulnerability Management (TVM) across 1 deal

• An undisclosed amount for Threat Intelligence across 1 deal

• An undisclosed amount for Professional Services across 1 deal

• An undisclosed amount for Blockchain Security across 1 deal

• An undisclosed amount for Anti-Phishing across 1 deal

🏢 Funding By Company

• CyberQP, a Canada-based privileged access management (PAM) platform for managed service providers, raised a $12.0M Series A from Arthur Ventures. (more)

• NetRise, a United States-based Internet of Things (IoT) security monitoring platform, raised an $8.0M Venture Round from Squadra Ventures. (more)

• Sonet.io, a United States-based secure remote access platform, raised a $6.0M Seed from The Hiveand WestWave Capital. (more)

• AaDya Security, a United States-based managed security services provider (MSSP), raised a $5.0M Series A from Left Lane Capital. (more)

• Stack Identity, a United States-based identity governance and administration platform, raised a $4.0M Seed from Benhamou Global VenturesandWestWave Capital. (more)

• BreachBits, a United States-based continuous threat exposure management (CTEM) platform, raised a $3.2M Venture Round.

• Operant, a United States-based runtime application security platform, raised a $3.0M Seed from Felicis. (more)

• Bastion, a France-based managed security services provider (MSSP), raised a $2.8M Seed from Global Founders Capital. (more)

• Melius Cyber, a United Kingdom-based threat and vulnerability management (TVM) platform, raised a $622.0K Seed from Northeast Venture Fund ( NEVF ). (more)

• ARPA, a China-based secure blockchain network, raised an undisclosed Venture Round from DWF Labs.

• Circle Security, a United States-based credential phishing protection platform, raised an undisclosed Seed. (more)

• Enthec Solutions, a Spain-based cyber threat intelligence platform, raised an undisclosed Venture Round from Conexo Ventures.

• PrivaSapien, an India-based professional services firm focused on privacy risk assessments and mitigations, raised an undisclosed Grant from NetApp Excellerator.

🌎 Funding By Country

• $29.2M for United States across 7 deals 🇺🇸

• $12.0M for Canada across 1 deal 🇨🇦

• $2.8M for France across 1 deal 🇫🇷

• $621.7K for United Kingdom across 1 deal 🇬🇧

• An undisclosed amount for Spain across 1 deal 🇪🇸

• An undisclosed amount for India across 1 deal 🇮🇳

• An undisclosed amount for China across 1 deal 🇨🇳

🤝 Mergers & Acquisitions

• Appruve, a Ghana-based anti-fraud and customer verification platform, was acquired by Smile Identity for an undisclosed amount. (more)

• Broadleaf, a United States-based managed security services provider (MSSP), was acquired by ASRC Federal for an undisclosed amount. (more)

• Vonahi Security, a United States-based automated penetration testing platform, was acquired by Kaseya for an undisclosed amount. (more)

📚 Great Reads

• M-Trends 2023: Cybersecurity Insights From the Frontlines - Mandiant's report from the frontlines of incident response with metrics on the types of attacker techniques and how defenders are responding.

• ChatGPT-Themed Scam Attacks Are on the Rise - The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.

• AI for security is here. Now we need security for AI - Despite all the attention AI received in the industry, the vast majority of the discussions have been focused on how advances in AI are going to impact defensive and offensive security capabilities. What is not being discussed as much is how we secure the AI workloads themselves.

🗣Sponsor

Easy SOC 2 compliance + AI-based RFP automation

SOC 2 compliance in weeks, not months

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?

• Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.

• Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.

• Automate responses to RFPs and security questionnaires with AI.

• Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Schedule a personalized demo of Secureframe

🧪 Labs

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🔥 Security, Funded is brought to you by Return on Security.

🤝 Want to partner with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.