Hey there,
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown - A meta roundup of all the important things in this issue:
🤔 AI threat modeling for policymakers
😱 The tale of shrinking security budget
📊 Supply & demand can drive risk conversations
💰 16 companies raise $213.2M, 8 companies acquired
The cyber industry continues with forward momentum on the funding and acquisition front. Whether you're pinching pennies on your security budget or riding the wave of Q3's booming funding, this issue has insights that cater to every stripe.
Onward to this week's issue. First time reading, or was this email forwarded to you? Sign up here.
Vibe Check #3 - Tool Consolidation
Last week’s poll:
Vibe Check #2 - Budgets up or down?
If you are a practitioner, has your security budget gone up, down, or stayed flat in the second half of the year? Bonus points if you tell me why!
As I expected, most budgets are either going down or staying flat for the second half of the year. This isn’t surprising because many companies are not out of the woods yet and are still struggling for better profitability. Some are turning to open-source tools to save money with budget (and people) reductions, while others are on a buying and hiring spree because their industry is turning up.
If you want to add commentary to your poll answer, leave an answer when you cast your vote or email me at [email protected]. All responses will be kept anonymous 🤫
🗣Sponsor
Have you ever wondered what your organization or potential investments look like to a potential hacker?
Arctonyx Scout is your low-friction SaaS solution for both continuous monitoring and on-demand due diligence scanning and reporting of your expanding attack surface. Integrated with leading XDR and EDR providers and built with an API-first strategy, Scout is easier than ever to incorporate into existing workflows.
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
None to report on this week, but come back next week for a big round of cyber heavyweights like CrowdStrike, SentinelOne, and more! 🫡
📅 YTD Funding
A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.
And with this week, Q3 2023 has now passed Q2 2023 in funding and is up ~50% YoY from Q3 2022 when interest rates went sky-high and the market froze. 🥶
Q3 2023 acquisitions are now up >25% from Q3 2022 continuing the healthy appetite for the M&A market this year.
💰 Funding Summary
15 companies raised $213.2M across 12 unique product categories
8 companies were acquired or had a merger event for $200.0M across 6 unique product categories
🧩 Funding By Product Category
$110.2M for Threat Intelligence across 3 deals
$41.0M for SaaS Security Posture Management (SSPM) across 1 deal
$20.5M for Extended Detection and Response (XDR) across 1 deal
$17.0M for Identity and Access Management (IAM) across 1 deal
$15.0M for Continuous Compliance across 2 deals
$4.0M for Mobile Device Security across 1 deal
$3.0M for Professional Services across 2 deals
$1.6M for Secure Access Service Edge (SASE) across 1 deal
$900.0K for Data Privacy across 1 deal
An undisclosed amount for Security Orchestration and Automated Response (SOAR) across 1 deal
An undisclosed amount for Machine Learning (ML) Security across 1 deal
An undisclosed amount for Cybersecurity Performance Management across 1 deal
🏢 Funding By Company
SpyCloud, a United States-based cybercrime and threat intelligence platform, raised a $110.0M Series D from Riverwood Capital. (more)
Grip Security, an Israel-based SaaS data security and access management platform, raised a $41.0M Series B from Third Point Ventures. (more)
Stellar Cyber, a United States-based extended detection and response (XDR), raised a $20.5M Venture Round. (more)
Cerby, a United States-based platform focused on identity security and standardization across applications, raised a $17.0M Series A from Bowery Capital, TAU Ventures, and Two Sigma Ventures. (more)
Cypago, an Israel-based automated compliance monitoring and security platform, raised a $13.0M Seed from Axon Ventures, Entrée Capital, and Jump Capital and a $2.0M Seed. (more)
Pribit Technology, a South Korea-based professional services company focused on cloud security, raised a $3.0M Seed from DSC Investment, Korea Credit Guarantee Fund, and SW Investment.
BBT.live, an Israel-based secure access service edge (SASE) platform, raised a $1.6M Seed from Tzvi Neta Holdings. (more)
GroupSense, a United States-based threat intelligence platform, raised a $225.0K Seed.
Bleach Cyber, a United States-based cybersecurity assessment and program maturity platform, raised an undisclosed Non-Equity Assistance from Techstars. (more)
Cynotect, a United States-based security platform for protecting AI & ML workloads in Jupyter Notebooks, raised an undisclosed Non-Equity Assistance from the Tampa Bay Innovation Center. (more)
Hunt.io, a United States-based network threat intelligence and threat hunting platform, raised an undisclosed Seed from The Intelligence Fund.
ORNA, a Canada-based security orchestration, automation, and response (SOAR) platform, raised an undisclosed Grant from the Business Development Bank of Canada, and Startupfest.
TechJutsu, a Canada-based professional services firm focused on identity and access management (IAM), raised an undisclosed Grant from the Business Development Bank of Canada, and Startupfest.
🌎 Funding By Country
$151.7M for United States across 8 deals
$57.6M for Israel across 4 deals
$3.0M for South Korea across 1 deal
$900.0K for Turkey across 1 deal
An undisclosed amount for Canada across 2 deals
🗣Sponsor
Shift Left: How to Turn Security into Revenue
In the competitive landscape of software business, optimizing processes and leveraging efficiencies can make a big difference in building a strong pipeline and closing revenue faster.
In this free eBook from Vanta, you’ll learn how to:
Apply the DevOps principles of “shifting left” to position security as a differentiator
Center security in your sales conversations at every stage to proactively remove roadblocks to revenue
Invest in your security story by making it easy for buyers to access security-related information
🤝 Mergers & Acquisitions
Sealing Technologies, a United States-based professional services firm focused on security operations, was acquired by Parsons Corporation for $200.0M. (more)
Big Bad Wolf Security, a United States-based professional services firm focused on cloud infrastructure security, was acquired by Owl Cyber Defense for an undisclosed amount. (more)
Cyrus Security, a United States-based personal cybersecurity company, was acquired by Malwarebytes for an undisclosed amount. (more)
Herrod Tech, a United States-based managed services provider (MSP), was acquired by The Purple Guys for an undisclosed amount. (more)
Hypergiant, a United States-based operational technology (OT) and critical infrastructure security platform, was acquired by Trive Capital for an undisclosed amount. (more)
Integral Partners, a United States-based value-added reseller (VAR) focused on identity and access management (IAM) solutions, was acquired by Xalient for an undisclosed amount. (more)
iVerify, a United States-based mobile threat-hunting platform, divested from Trail of Bits to form a new company. (more)
WellTeck IT, a United States-based managed services provider (MSP), was acquired by VC3 for an undisclosed amount. (more)
📚 Great Reads
Security Budgets - Supply and Demand - Phil Venables talks about how thinking of security budgeting as a supply and demand problem can help to make your budgeting process a risk management exercise that’s more accepted by the business.
*Learnings on how to make GPT-4 helpful for Security - 3 months ago, the Semgrep team set out to integrate GPT-4 in their SAST tool. The TLDR is that with GPT-4 users were more likely to fix true positives and ignore false positives.
The CyberBytes Podcast - BlackHat Edition with Chris Sestito from HiddenLayer - Chris Sestito, CEO & founder of HiddenLayer, talks about how their fast-paced mindset is helping them become a leader in the Machine Learning security space.
An AI Threat Modeling Framework for Policymakers - A framework from Daniel Miessler for thinking about harms and impacts that can come from AI systems.
*Sponsored content and/or affiliate link.
🧪 Labs
It’s called innovation, sweety, look it up! 😏
✅ Let’s Work Together
Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.
Schedule a 1:1 call for your company’s product strategy or GTM approach, reaching CISOs and security leaders, or anything else.