- Return on Security
- Posts
- 💰 Security, Funded #105 - Cloudy with a Chance of Earnings: A Wild Week of Wallets & Workloads ☁️💸
💰 Security, Funded #105 - Cloudy with a Chance of Earnings: A Wild Week of Wallets & Workloads ☁️💸
A review of cybersecurity funding and industry news from the week of July 31st, 2023.
Mike Privette
August 07, 2023 • Reading Time: 16 minutes
Hey there,
Happy Monday and Happy Hacker Summer Camp week to all those who celebrate!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the macroenvironment:
🤯 Crazy YTD funding and acquisition stats
🎩 Happy Black Hat and Hacker Summer Camp Week
🏢 18 companies secure $408.2M, 11 companies acquired
🤖 AI incidents, ChatGPT prompt attacks, federal regulations
⛈️ Fortinet missed earnings and new cloud workload yearnings
This week’s issue is coming live and direct from Black Hat in Las Vegas! 🎲 🎲
Me trying to do this newsletter in my hotel room after a 10-hour flight with no WiFI
I fully expect generative AI to be the main theme of this year’s conference, but I think we’ll see a lot more than just the standard “AI-enabled chatbot” features (not that any of those are bad, just common now). Will report back what the vibe and themes were like in next week’s issue.
Coming into this week we’ve got another large traunch of funding and acquisitions as the year continues to accelerate.
If you see me around, feel free to come up and say hello. I’d love to meet you! I’ve also got a super low number of Security, Funded stickers left to hand out, so find me if you want one.
Onward to this week's issue.
🗣Sponsor
Automate security and privacy compliance
With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?
Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
Fortinet ($FTNT) - stock got clapped ~26% after it missed its Q2 revenue estimate and lowered forward-looking guidance for the rest of the year. Fortinet did see growth in the US federal sector, one of the “required spend” categories, but saw negative growth in the retail sector.
Fortinet, and other traditional network firewall vendors, are starting to get eaten by the SASE (Secure Access Service Edge) that takes on a whole different architecture, cost model, and lends itself to a more distributed workforce. Even still, investor haven’t counted Fortinet out just yet and the stock is making a rebound.
Also of note - Amazon ($AMZN) smashed its Q2 earnings report. Why include this, you ask? Because what the cloud heavyweights do or don’t do is a leading indicator of enterprise software sales overall, including security. Amazon saw less cost-cutting and more new business models driven by AI.
Less cloud cost savings + new business models driven by AI = new cloud workloads ☁️ and more things to secure 🧠
📅 YTD Funding
A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.
Another huge week of funding in terms of volume. Want to know what’s crazy? At only 6 weeks into Q3, total funding for this quarter is only ~11% less than ALL of the funding for Q3 2022 and there is still 8 weeks left to go.
Huge week for acquisitions as well, and we’re continuing to see the buy vs. build strategy play out for 2023. 2023 acquisitions have already surpassed all of 2022 acquisitions year to date. 🤯
It’s a great time to go get acquired or do some acquiring.
💰 Funding Summary
18 companies raised $408.2M across 15 unique product categories
11 companies were acquired or had a merger event across 7 unique product categories
🧩 Funding By Product Category
$175.0M for Secure Networking across 1 deal
$90.0M for Software Supply Chain Security across 2 deals
$38.0M for Breach & Attack Simulation (BAS) across 1 deal
$24.0M for Threat Intelligence across 1 deal
$15.0M for Cyber Insurance across 1 deal
$14.2M for Network Security across 1 deal
$12.5M for Threat and Risk Prioritization across 1 deal
$10.2M for Data Protection across 2 deals
$10.0M for Professional Services across 1 deal
$8.0M for Application Security across 1 deal
$5.3M for Identity and Access Management (IAM) across 1 deal
$3.0M for Security Orchestration and Automated Response (SOAR) across 1 deal
$3.0M for Cybersecurity Education & Training across 1 deal
$100.0K for Managed Security Services Provider (MSSP) across 1 deal
An undisclosed amount for Threat & Vulnerability Management (TVM) across 2 deals
🏢 Funding By Company
Nile, a United States-based secure networking platform, raised a $175.0M Series C from March Capital and Sanabil. (more)
Endor Labs, a United States-based software supply chain security platform, raised a $70.0M Series A from Dell Technologies Capital, Section 32, Lightspeed Venture Partners, and Coatue Management. (more)
Horizon3.ai, a United States-based breach and attack simulation platform, raised a $38.0M Venture Round. (more)
Cyble, a United States-based AI-powered darkweb and cybercrime monitoring platform, raised a $24.0M Series B from Blackbird Ventures and King River Capital. (more)
Socket, a United States-based supply chain software security platform, raised a $20.0M Series A from Andreessen Horowitz. (more)
Converge, a United States-based cyber risk insurance company, raised a $15.0M Series A from Forgepoint Capital. (more)
Zhongzhiwei Technology, a China-based network security platform, raised a $14.2M Series A from Security Capital.
Silk Security, a United States-based threat and risk prioritization platform, raised a $12.5M Seed from Hetz Ventures and Insight Partners. (more)
Plerion, an Australia-based professional services firm focused on cybersecurity consulting, raised a $10.0M Seed from Prosus Ventures. (more)
Tromzo, a United States-based developer-first appsec management platform, raised an $8.0M Seed from Venture Guides. (more)
Abbey Labs, a United States-based infrastructure access management and automation platform, raised a $5.3M Seed from Point72 Ventures. (more)
Hushmesh, a United States-based automated encryption key management platform, raised a $5.2M Venture Round from Paladin Capital Group. (more)
Steg AI, a United States-based digital file watermarking and intellectual property protection platform, raised a $5.0M Series A from Paladin Capital Group. (more)
Jericho Security, a United States-based cybersecurity training and education platform, raised a $3.0M Pre-Seed from Era and Lux Capital. (more)
Tenzir, a Germany-based security orchestration and automated response (SOAR) platform, raised a $3.0M Seed from eCAPITAL ENTREPRENEURIAL PARTNERS. (more)
Is7-Intel, a United States-based managed security services provider (MSSP), raised a $100.0K Seed.
Guyuan Technology, a China-based threat and vulnerability management (TVM) platform, raised an undisclosed Seed.
MITRE Corporation, a United States-based non-profit behind the Common Vulnerabilities and Exposures (CVE) scoring system that catalogs publicly disclosed cybersecurity vulnerabilities, raised an undisclosed Grant from the U.S. Department of Energy.
🌎 Funding By Country
$381.0M for United States across 14 deals
$14.2M for China across 2 deals
$10.0M for Australia across 1 deal
$3.0M for Germany across 1 deal
🗣Sponsor
In the dynamic world of cybersecurity, are you an investor, startup, or entrepreneur seeking expert insights? Here's a golden opportunity to:
Navigate your investments wisely
Validate your startup's direction
Confirm if your solution truly addresses a critical security issue
Discover tips on reaching CISOs, crafting newsletters, monetizing with sponsors, and using no-code tools effectively.
🤝 Mergers & Acquisitions
Cyber Cloud Technologies, a United States-based professional services firm focused on cybersecurity consulting, was acquired by T-Rex Solutions for an undisclosed amount. (more)
CyberlinkASP, a United States-based managed services provider (MSP), was acquired by Seaport Capital for an undisclosed amount. (more)
Fultura, a Guernsey-based managed security services provider (MSSP), was acquired by Sigma IT for an undisclosed amount. (more)
Inerva Technology, a France-based cyber risk assessment platform, was acquired by The 20 MSP for an undisclosed amount. (more)
ParaFlare, an Australia-based managed detection and response (MDR) firm, was acquired by Deloitte Australia for an undisclosed amount. (more)
Quantum, a Singapore-based managed security services provider (MSSP), was acquired by Armor for an undisclosed amount. (more)
RAD Computing, a United States-based managed security services provider (MSSP), was acquired by BrightWorks IT for an undisclosed amount. (more)
Rookout, a United States-based observability and security analytics platform, was acquired by Dynatrace for an undisclosed amount. (more)
The Mako Group, a United States-based professional services group focused on penetration testing and security advisory services, was acquired by Centric Consulting for an undisclosed amount. (more)
Waterfront Technical Services, a United States-based professional services firm focused on cybersecurity consulting, was acquired by Sentar for an undisclosed amount. (more)
WeHackPurple, a Canada-based application security training and education community, was acquired by Semgrep (formerly r2c) for an undisclosed amount. (more)
📚 Great Reads
AI Incident Database - The AI Incident Database is dedicated to indexing the collective history of harms or near harms realized in the real world by the deployment of artificial intelligence systems.
Promptmap - By Utku Sen: A tool that automatically performs prompt injection attacks on ChatGPT instances by analyzing ChatGPT rules and generating creative attack prompts tailored to the target.
*SBOM & the Software Supply Chain - EdgeBit’s take on federal regulation around supply chain security on the Cloudcast podcast. Background on why the government is stepping in and how their actions will likely change SOC2/ISO standards in the future.
MITRE ATLAS - A knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research.
*Sponsored content and/or affiliate link.
🧪 Labs
The attacker is logging in from inside the building 😱
weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
— mRr3b00t (@UK_Daniel_Card)
Aug 3, 2023
How was this week's newsletter? |
✅ Let’s Work Together
Whenever you’re ready, I’ve got a few ways I can help support you:
Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.
Schedule a 1:1 coaching call on your company’s product strategy or GTM approach, the world of cybersecurity investing, reaching CISOs and security leaders, or anything else.
Join the conversation