💰 Security, Funded #106 - Punching Up the Fun: From AI Acquisitions to Smart Contract Fiestas!
A review of cybersecurity funding and industry news from the week of August 7th, 2023.
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the macroenvironment:
🥊 IAM just hits different
🤯 More funding events than ever before
🤖 The first acquisition from a Gen AI Cyber company
💥 A big boom in smart contract transaction protection
To everyone who attended Black Hat and Hacker Summer Camp, it was great to see you again, meet you for the first time, and see what everyone was getting up to.
The general conference vibe was: We are almost so back
And this week’s issue definitely supports that, as this is the issue with the most funding events in one week since I’ve been writing this newsletter.
The second half of the year pipelines are growing again, cyber companies are having record quarters again, and funding rounds and deal volume are ramping up again. Nature is finally healing 🌿 🧘 💰️
Onward to this week's issue.
For those who attended Black Hat, did any vendor, topic, or meeting help you make a "buying" decision?
I’m going to start adding in a poll question each week to take a vibe check of the market, how people are feeling, and what’s important to you right now. I’ll post the results from each week in the next newsletter and build from there.
If you’ve got questions you want me to ask or you want to add commentary to your poll answer, just reply back to the newsletter or email me at [email protected].
Shoutout to Nick Sands for the idea to add in a poll!
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
CyberArk ($CYBR) - had a strong quarter with 24% YoY growth and an increase in its forward-looking guidance for the rest of the year. Increased SaaS subscriptions and a desire to orchestrate federated identity and secret stores led to a better-than-expected quarter.
As I’ve said before, IAM just hits different because of the cost, implementation burden, and importance. With every new technology hype cycle, spending in the cyber market always 👏 comes 👏 back 👏 to 👏 IAM 👏 because so much in technology starts and ends with “identity.”
Rapid7 ($RPD) - Laying off 18% of the company on the same day the earnings report came out, you say? And during Black Hat, no less? Dirty pool.
Regardless of how it may come across to some, the market applauded Rapid7’s revenue and forward-looking guidance growth, and commitment to profitability with the layoffs, and the stock rose >15%.
Also, remember last week when I called out that traditional network security companies like Fortinet were starting to get disrupted by the growing SASE market?
Well, Check Point went out and acquired its own SASE play (details below) this week. That’s reading the writing on the market wall correctly. 👏
📅 YTD Funding
A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.
26 funding rounds this week is insane, and now we’re <5% off from matching Q3 2022’s funding total.
Acquisitions remain high, and we’re seeing a lot more than just professional services and MSSP businesses being acquired this year. More companies are realizing they can’t make a traditional go-public run of it anymore and that an acquisition is still a good business outcome.
💰 Funding Summary
26 companies raised $295.5M across 18 unique product categories
7 companies were acquired or had a merger event for $740.0M across 7 unique product categories
🧩 Funding By Product Category
$100.0M for Cyber Insurance across 1 deal
$40.0M for Breach & Attack Simulation (BAS) across 1 deal
$27.3M for Identity and Access Management (IAM) across 2 deals
$25.0M for Data Privacy across 1 deal
$23.4M for Distributed Ledger Technology (DLT) Security across 4 deals
$17.7M for Data Security Posture Management (DSPM) across 1 deal
$15.0M for Data Protection across 1 deal
$12.0M for Attack Surface Management (ASM) across 1 deal
$7.0M for Managed Security Services Provider (MSSP) across 1 deal
$6.0M for Network Detection and Response (NDR) across 1 deal
$5.9M for Professional Services across 4 deals
$5.0M for Infrastructure as Code (IaC) Security across 1 deal
$3.6M for Security Awareness across 1 deal
$3.5M for Security Operations across 1 deal
$3.5M for Cloud Security across 1 deal
$610.0K for Application Security across 2 deals
An undisclosed amount for Network Security across 1 deal
An undisclosed amount for Fraud and Financial Crime Protection across 1 deal
🏢 Funding By Company
Symmetry Systems, a United States-based data security posture management (DSPM) platform, raised a $17.7M Series B from Forgepoint Capital, Prefix Capital, The Syndicate Group, and W11 Capital Management. (more)
heylogin, a Germany-based password manager platform, raised a $328.5K Funding Round.
Hongyu Zhishang, a China-based network security platform, raised an undisclosed Corporate Round from ByteDance.
Valega Chain Analytics, a Finland-based platform for detecting and preventing malicious smart contract transactions, raised an undisclosed Venture Round.
🌎 Funding By Country
$262.0M for United States across 16 deals
$20.2M for Israel across 2 deals
$5.4M for Spain across 1 deal
$3.6M for Norway across 1 deal
$3.5M for Australia across 1 deal
$500.0K for Egypt across 1 deal
$328.5K for Germany across 1 deal
An undisclosed amount for United Kingdom across 1 deal
An undisclosed amount for Finland across 1 deal
An undisclosed amount for China across 1 deal
Is this section still useful?
A quick check to make sure you still want to see this kind of data
🤝 Mergers & Acquisitions
Triaxiom Security, a United States-based professional services firm focused on security compliance auditing and penetration testing, was acquired by Strata Information Group for an undisclosed amount. (more)
📚 Great Reads
Who Will AI Help More—Attackers or Defenders? - A look at who will benefit most from AI in the cat-and-mouse game of security from Daniel Miessler.
*Successful vulnerability management at Lyft and Elastic - Breaking down Lyft and Elastic’s high-scale vulnerability management programs. Their secret is to give engineers maximum context when fixing issues inside the pull request or ticket.
A framework to securely use LLMs in companies - Part 2: Managing risk - In this edition, Sandesh Anand focuses on managing risk for applications leveraging 3rd party LLMs.
"Hot Takes" with CISOs & CyberSecurity Leaders - Caleb Sima - New series by Cloud Security Podcast’s Ashish Rajan in which he interviews CISOs while eating spicy food.
*Sponsored content and/or affiliate link.
Positioning is so important
Montclair, a township within the State of New Jersey, was a victim of ransomware. However, the Mayor reports it had "negotiated a settlement of $450,000" with the attackers.
— vx-underground (@vxunderground)
Jul 31, 2023
How was this week's newsletter?