💰 Security, Funded #108 - Policymakers' Playbook, Budgets in Mayday, & Cash Parade 🎉

Hey there,

Happy Monday, and I hope you had a great weekend!

🏃‍♂️ The Rundown - A meta roundup of all the important things in this issue:

• 🤔 AI threat modeling for policymakers

• 😱 The tale of shrinking security budget

• 📊 Supply & demand can drive risk conversations

• 💰 16 companies raise $213.2M, 8 companies acquired

The cyber industry continues with forward momentum on the funding and acquisition front. Whether you're pinching pennies on your security budget or riding the wave of Q3's booming funding, this issue has insights that cater to every stripe.

Onward to this week's issue. First time reading, or was this email forwarded to you? Sign up here.

Last week’s poll:

Vibe Check #2 - Budgets up or down?
If you are a practitioner, has your security budget gone up, down, or stayed flat in the second half of the year? Bonus points if you tell me why!

As I expected, most budgets are either going down or staying flat for the second half of the year. This isn’t surprising because many companies are not out of the woods yet and are still struggling for better profitability. Some are turning to open-source tools to save money with budget (and people) reductions, while others are on a buying and hiring spree because their industry is turning up.

_{If you want to add commentary to your poll answer, leave an answer when you cast your vote or email me at [email protected]. All responses will be kept anonymous} 🤫 

📅 YTD Funding

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

And with this week, Q3 2023 has now passed Q2 2023 in funding and is up ~50% YoY from Q3 2022 when interest rates went sky-high and the market froze. 🥶 

Q3 2023 acquisitions are now up >25% from Q3 2022 continuing the healthy appetite for the M&A market this year.

💰 Funding Summary

• 15 companies raised $213.2M across 12 unique product categories

• 8 companies were acquired or had a merger event for $200.0M across 6 unique product categories

🧩 Funding By Product Category

• $110.2M for Threat Intelligence across 3 deals

• $41.0M for SaaS Security Posture Management (SSPM) across 1 deal

• $20.5M for Extended Detection and Response (XDR) across 1 deal

• $17.0M for Identity and Access Management (IAM) across 1 deal

• $15.0M for Continuous Compliance across 2 deals

• $4.0M for Mobile Device Security across 1 deal

• $3.0M for Professional Services across 2 deals

• $1.6M for Secure Access Service Edge (SASE) across 1 deal

• $900.0K for Data Privacy across 1 deal

• An undisclosed amount for Security Orchestration and Automated Response (SOAR) across 1 deal

• An undisclosed amount for Machine Learning (ML) Security across 1 deal

• An undisclosed amount for Cybersecurity Performance Management across 1 deal

🏢 Funding By Company

• SpyCloud, a United States-based cybercrime and threat intelligence platform, raised a $110.0M Series D from Riverwood Capital. (more)

• Grip Security, an Israel-based SaaS data security and access management platform, raised a $41.0M Series B from Third Point Ventures. (more)

• Stellar Cyber, a United States-based extended detection and response (XDR), raised a $20.5M Venture Round. (more)

• Cerby, a United States-based platform focused on identity security and standardization across applications, raised a $17.0M Series A from Bowery Capital, TAU Ventures, and Two Sigma Ventures. (more)

• Cypago, an Israel-based automated compliance monitoring and security platform, raised a $13.0M Seed from Axon Ventures, Entrée Capital, and Jump Capital and a $2.0M Seed. (more)

• iVerify, a United States-based mobile threat-hunting platform, raised a $4.0M Seed from Mischief. (more)

• Pribit Technology, a South Korea-based professional services company focused on cloud security, raised a $3.0M Seed from DSC Investment, Korea Credit Guarantee Fund, and SW Investment.

• BBT.live, an Israel-based secure access service edge (SASE) platform, raised a $1.6M Seed from Tzvi Neta Holdings. (more)

• Syntonym, a Turkey-based platform that lets you anonymize visual data in a GDPR-compliant way, raised a $900.0K Seed from Simya VC.

• GroupSense, a United States-based threat intelligence platform, raised a $225.0K Seed.

• Bleach Cyber, a United States-based cybersecurity assessment and program maturity platform, raised an undisclosed Non-Equity Assistance from Techstars. (more)

• Cynotect, a United States-based security platform for protecting AI & ML workloads in Jupyter Notebooks, raised an undisclosed Non-Equity Assistance from the Tampa Bay Innovation Center. (more)

• Hunt.io, a United States-based network threat intelligence and threat hunting platform, raised an undisclosed Seed from The Intelligence Fund.

• ORNA, a Canada-based security orchestration, automation, and response (SOAR) platform, raised an undisclosed Grant from the Business Development Bank of Canada, and Startupfest.

• TechJutsu, a Canada-based professional services firm focused on identity and access management (IAM), raised an undisclosed Grant from the Business Development Bank of Canada, and Startupfest.

🌎 Funding By Country

• $151.7M for United States across 8 deals

• $57.6M for Israel across 4 deals

• $3.0M for South Korea across 1 deal

• $900.0K for Turkey across 1 deal

• An undisclosed amount for Canada across 2 deals

🤝 Mergers & Acquisitions

• Sealing Technologies, a United States-based professional services firm focused on security operations, was acquired by Parsons Corporation for $200.0M. (more)

• Big Bad Wolf Security, a United States-based professional services firm focused on cloud infrastructure security, was acquired by Owl Cyber Defense for an undisclosed amount. (more)

• Cyrus Security, a United States-based personal cybersecurity company, was acquired by Malwarebytes for an undisclosed amount. (more)

• Herrod Tech, a United States-based managed services provider (MSP), was acquired by The Purple Guys for an undisclosed amount. (more)

• Hypergiant, a United States-based operational technology (OT) and critical infrastructure security platform, was acquired by Trive Capital for an undisclosed amount. (more)

• Integral Partners, a United States-based value-added reseller (VAR) focused on identity and access management (IAM) solutions, was acquired by Xalient for an undisclosed amount. (more)

• iVerify, a United States-based mobile threat-hunting platform, divested from Trail of Bits to form a new company. (more)

• WellTeck IT, a United States-based managed services provider (MSP), was acquired by VC3 for an undisclosed amount. (more)

📚 Great Reads

• Security Budgets - Supply and Demand - Phil Venables talks about how thinking of security budgeting as a supply and demand problem can help to make your budgeting process a risk management exercise that’s more accepted by the business.

• *Learnings on how to make GPT-4 helpful for Security - 3 months ago, the Semgrep team set out to integrate GPT-4 in their SAST tool. The TLDR is that with GPT-4 users were more likely to fix true positives and ignore false positives.

• The CyberBytes Podcast - BlackHat Edition with Chris Sestito from HiddenLayer - Chris Sestito, CEO & founder of HiddenLayer, talks about how their fast-paced mindset is helping them become a leader in the Machine Learning security space.

• An AI Threat Modeling Framework for Policymakers - A framework from Daniel Miessler for thinking about harms and impacts that can come from AI systems.

_{*Sponsored content and/or affiliate link.}

🧪 Labs

It’s called innovation, sweety, look it up! 😏