💰 Security, Funded #106 - Punching Up the Fun: From AI Acquisitions to Smart Contract Fiestas!
A review of cybersecurity funding and industry news from the week of August 7th, 2023.

Mike Privette
August 14th, 2023

Hey there,
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the macroenvironment:
🥊 IAM just hits different
🤯 More funding events than ever before
🤖 The first acquisition from a Gen AI Cyber company
💥 A big boom in smart contract transaction protection
To everyone who attended Black Hat and Hacker Summer Camp, it was great to see you again, meet you for the first time, and see what everyone was getting up to.
The general conference vibe was: We are almost so back
And this week’s issue definitely supports that, as this is the issue with the most funding events in one week since I’ve been writing this newsletter.
The second half of the year pipelines are growing again, cyber companies are having record quarters again, and funding rounds and deal volume are ramping up again. Nature is finally healing 🌿 🧘 💰️
Onward to this week's issue.
First time reading? Sign up here. Want to share the newsletter and get rewards? Do that here.

Vibe CheckFor those who attended Black Hat, did any vendor, topic, or meeting help you make a "buying" decision? |
I’m going to start adding in a poll question each week to take a vibe check of the market, how people are feeling, and what’s important to you right now. I’ll post the results from each week in the next newsletter and build from there.
If you’ve got questions you want me to ask or you want to add commentary to your poll answer, just reply back to the newsletter or email me at [email protected].
Shoutout to Nick Sands for the idea to add in a poll!

🗣Sponsor
Automate security and privacy compliance
With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?
Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
CyberArk ($CYBR) - had a strong quarter with 24% YoY growth and an increase in its forward-looking guidance for the rest of the year. Increased SaaS subscriptions and a desire to orchestrate federated identity and secret stores led to a better-than-expected quarter.
As I’ve said before, IAM just hits different because of the cost, implementation burden, and importance. With every new technology hype cycle, spending in the cyber market always 👏 comes 👏 back 👏 to 👏 IAM 👏 because so much in technology starts and ends with “identity.”Rapid7 ($RPD) - Laying off 18% of the company on the same day the earnings report came out, you say? And during Black Hat, no less? Dirty pool.
Regardless of how it may come across to some, the market applauded Rapid7’s revenue and forward-looking guidance growth, and commitment to profitability with the layoffs, and the stock rose >15%.
Also, remember last week when I called out that traditional network security companies like Fortinet were starting to get disrupted by the growing SASE market?
Well, Check Point went out and acquired its own SASE play (details below) this week. That’s reading the writing on the market wall correctly. 👏

📅 YTD Funding
A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

26 funding rounds this week is insane, and now we’re <5% off from matching Q3 2022’s funding total.

Acquisitions remain high, and we’re seeing a lot more than just professional services and MSSP businesses being acquired this year. More companies are realizing they can’t make a traditional go-public run of it anymore and that an acquisition is still a good business outcome.

💰 Funding Summary
26 companies raised $295.5M across 18 unique product categories
7 companies were acquired or had a merger event for $740.0M across 7 unique product categories

🧩 Funding By Product Category

$100.0M for Cyber Insurance across 1 deal
$40.0M for Breach & Attack Simulation (BAS) across 1 deal
$27.3M for Identity and Access Management (IAM) across 2 deals
$25.0M for Data Privacy across 1 deal
$23.4M for Distributed Ledger Technology (DLT) Security across 4 deals
$17.7M for Data Security Posture Management (DSPM) across 1 deal
$15.0M for Data Protection across 1 deal
$12.0M for Attack Surface Management (ASM) across 1 deal
$7.0M for Managed Security Services Provider (MSSP) across 1 deal
$6.0M for Network Detection and Response (NDR) across 1 deal
$5.9M for Professional Services across 4 deals
$5.0M for Infrastructure as Code (IaC) Security across 1 deal
$3.6M for Security Awareness across 1 deal
$3.5M for Security Operations across 1 deal
$3.5M for Cloud Security across 1 deal
$610.0K for Application Security across 2 deals
An undisclosed amount for Network Security across 1 deal
An undisclosed amount for Fraud and Financial Crime Protection across 1 deal

🏢 Funding By Company
Resilience, a United States-based cyber risk insurance company, raised a $100.0M Series D from Intact Ventures. (more)
Horizon3.ai, a United States-based breach and attack simulation platform, raised a $40.0M Series C from Craft Ventures. (more)
ConductorOne, a United States-based identity and access posture management platform, raised a $27.0M Series A from Felicis. (more)
Osano, a United States-based data privacy platform that helps websites be compliant with privacy laws, raised a $25.0M Series B from Baird Capital. (more)
Symmetry Systems, a United States-based data security posture management (DSPM) platform, raised a $17.7M Series B from Forgepoint Capital, Prefix Capital, The Syndicate Group, and W11 Capital Management. (more)
Veza, a United States-based data protection platform focused on identity and authorization, raised a $15.0M Venture Round from ServiceNow Ventures and Capital One Ventures. (more)
Sweet Security, an Israel-based cloud runtime attack surface management (ASM) platform, raised a $12.0M Seed from Glilot Capital Partners. (more)
SphereX, an Israel-based platform for detecting and preventing malicious smart contract transactions, raised a $8.2M Seed from Aleph, Fabric Ventures, Mensch Capital Partners, and Pillar VC. (more)
Cube3.ai, a United States-based platform for protecting smart contracts against malicious transactions, raised an $8.2M Seed from Blockchange Ventures. (more)
Trava Security, a United States-based managed security services provider (MSSP), raised a $7.0M Venture Round. (more)
Spearbit, a United States-based Web3 security auditor marketplace, raised a $7.0M Seed from Framework Ventures. (more)
Stamus Networks, a United States-based network threat-hunting platform, raised a $6.0M Series A from First Analysis. (more)
BeDisruptive, a Spain-based professional services firm focused on cybersecurity advisory, raised a $5.4M Debt Financing from Cofides. (more)
Gomboc.AI, a United States-based cloud infrastructure security and remediation platform, raised a $5.0M Seed from [Glilot Capital Partners, and Hetz Ventures. (more)
Pistachio, a Norway-based security awareness training platform, raised a $3.6M Seed from Signals Venture Capital. (more)
Dropzone AI, a United States-based AI-agent-enabled security operations analyst platform, raised a $3.5M Seed from Decibel Partners. (more)
Kivera, an Australia-based cloud workload protection and posture management platform, raised a $3.5M Seed from Round13 Capital and General Advance. (more)
Saltworks Security, a United States-based application security management and reporting platform, raised a $610.0K Seed. (more)
Buguard, an Egypt-based professional services firm focused on penetration testing and cyber advisory, raised a $500.0K Seed from A15.
heylogin, a Germany-based password manager platform, raised a $328.5K Funding Round.
Analytical AI, a United States-based fraud and financial crime protection platform, raised an undisclosed Grant from Innovate Alabama.
CovertSwarm, a United Kingdom-based professional services firm focused on cybersecurity advisory and penetration testing, raised an undisclosed Venture Round. (more)
Hongyu Zhishang, a China-based network security platform, raised an undisclosed Corporate Round from ByteDance.
SemanticGuard, a United States-based runtime application security platform, raised an undisclosed Grant from Innovate Alabama.
Summit Information Solutions, a United States-based professional services firm focused on technology and cybersecurity consulting, raised an undisclosed Grant from Innovate Alabama.
Valega Chain Analytics, a Finland-based platform for detecting and preventing malicious smart contract transactions, raised an undisclosed Venture Round.

🌎 Funding By Country

$262.0M for United States across 16 deals
$20.2M for Israel across 2 deals
$5.4M for Spain across 1 deal
$3.6M for Norway across 1 deal
$3.5M for Australia across 1 deal
$500.0K for Egypt across 1 deal
$328.5K for Germany across 1 deal
An undisclosed amount for United Kingdom across 1 deal
An undisclosed amount for Finland across 1 deal
An undisclosed amount for China across 1 deal
Is this section still useful?A quick check to make sure you still want to see this kind of data |

🗣Sponsor
Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.

🤝 Mergers & Acquisitions

Perimeter 81, an Israel-based secure web gateway and service edge platform, was acquired by Check Point Software Technologies for $490.0M. (more)
Laminar, an Israel-based cloud data security posture management platform, was acquired by Rubrik for $250.0M. (more)
Complyify, a United States-based continuous compliance platform, was acquired by Zyston for an undisclosed amount. (more)
Fidelis Cybersecurity, a United States-based extended detection and response (XDR) platform, was acquired by Partner One for an undisclosed amount. (more)
Helixera, a United States-based big data security analytics platform, was acquired by Seceon for an undisclosed amount. (more)
huntr, a United States-based bug bounty program for open-source software, was acquired by Protect AI for an undisclosed amount. (more)
Triaxiom Security, a United States-based professional services firm focused on security compliance auditing and penetration testing, was acquired by Strata Information Group for an undisclosed amount. (more)

📚 Great Reads
Who Will AI Help More—Attackers or Defenders? - A look at who will benefit most from AI in the cat-and-mouse game of security from Daniel Miessler.
*Successful vulnerability management at Lyft and Elastic - Breaking down Lyft and Elastic’s high-scale vulnerability management programs. Their secret is to give engineers maximum context when fixing issues inside the pull request or ticket.
A framework to securely use LLMs in companies - Part 2: Managing risk - In this edition, Sandesh Anand focuses on managing risk for applications leveraging 3rd party LLMs.
"Hot Takes" with CISOs & CyberSecurity Leaders - Caleb Sima - New series by Cloud Security Podcast’s Ashish Rajan in which he interviews CISOs while eating spicy food.
*Sponsored content and/or affiliate link.

🧪 Labs
Positioning is so important
Montclair, a township within the State of New Jersey, was a victim of ransomware. However, the Mayor reports it had "negotiated a settlement of $450,000" with the attackers.
— vx-underground (@vxunderground)
Jul 31, 2023

How was this week's newsletter? |

✅ Let’s Work Together
Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.
Schedule a 1:1 call for your company’s product strategy or GTM approach, reaching CISOs and security leaders, or anything else.