Return on Security
Posts
💰 Security, Funded #110 - Cents, Sensibility, & Cyber: Your Mixed Earnings Bag 🛒

💰 Security, Funded #110 - Cents, Sensibility, & Cyber: Your Mixed Earnings Bag 🛒

A review of cybersecurity funding and industry news from the week of September 4th, 2023.

Mike Privette
September 11, 2023 • Reading Time: 10 minutes

Hey there,

Happy Monday, and I hope you had a great weekend. This week, we’ve got:

🔮 Mixed bag in cyber earnings
☁️ LLM hype mirrors early cloud rush
⚙️ Prompt Engineering & AI Self-Study
💰 $444.5M raised, 7 companies acquired
🏃‍♂️ Post-Labor Day: Investors scrutinize AI pitches

Now that Labor Day is behind us and Burning Man is over, the deal flow engine is beginning to hum again. However, unlike pre-2022, VCs aren’t going to be making it rain ⛈️ 💰 like they used by just throwing around the term “AI” in your pitch deck. The second half of the year is going to bring more scrutiny around value-add vs. a commodity feature set. The shiny object syndrome is over for investors and customers.

Onward to this week's issue.

🗣Sponsor

Close more enterprise deals

Automate security and privacy compliance

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?

Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Schedule a personalized demo of Secureframe

Vibe Check - MSSPs

Are you currently using an MSP or MSSP as a part of your security program?

Last week’s poll:

Vibe Check #4 - AI Security Tools
Are you starting to evaluate or purchase this new wave of tools focused on the security or privacy of AI or LLM usage? Bonus points if you tell me why!

I suspect many of these answers were driven by businesses reacting to the growth and popularity of LLMs. I liken this part of the hype cycle to the early days of cloud computing. Some businesses were “all in” to get to the cloud before they had a real business need. They just knew they “had to get there” and that the business cases and revenue would start to flow.

_{If you want to add commentary to your poll answer, leave an answer when you cast your vote or email me at}_{[email protected]}_{. All responses will be kept anonymous}🤫

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

Darktrace ($DARK) - beat its earnings estimate on all fronts off of expanded growth with large clients in the US. Darktrace has been using AI and LLMs “before it was cool” and stated how their use of AI to “remove the analysts from the incident process” was able to play well with the 800 lbs. gorilla in the room that is Microsoft.

Meanwhile:

SecureWorks ($SCWX) - beat earnings expectations, but revenue was down from previous quarters. SecureWorks is in the process of a business model shift to focus on partner channel growth and regional expansion in the EU and MEA.

It might be a wait-and-see investment until SecureWorks fully reveals the outcomes of its transition and if it can see success in its channel business. Like others, SecureWorks is experiencing elongated buying cycles, signaling heightened fiscal scrutiny across the sector. The stock was down >9% since the earnings call.

Zscaler ($ZS)- beat its earnings estimate and raised its forward-looking guidance for the rest of the year. Raising the guidance is something that other cyber players are not doing, opting for a more conservative estimate (investors like the sound of this now but will make the stock pay if it doesn’t meet that newly raised guidance next quarter 👀 )

Zscaler also cited that part of their success this last quarter was from replacing network, endpoint, and email DLP and CASEB services. DLP, in general, has needed help for years in being more valuable than harmful to the business, and this traction could pay future dividends.
ZeroFox ($ZFOX - reported strong financials, exceeding their forecast based on large ARR deals. The company also turned cash flow positive a year ahead of schedule.

The growth in their managed response business indicates an industry-wide trend toward outsourcing certain cybersecurity functions.

Companies that are growing well are seeing macro pressures easing, while those who are not are still seeing macro struggles.

📅 YTD Funding

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

Funding is up >64% YoY this week as 2023 continues to rebound from the bottom of 2022.

Now that folks are back from an epic Burning Man and fully enlightened, the acquisition train is back up and moving again 🚂.

💰 Funding Summary

10 companies raised $444.5M across 9 unique product categories
7 companies were acquired or had a merger event for $265.0M across 6 unique product categories

🧩 Funding By Product Category

$260.0M for Threat & Vulnerability Management (TVM) across 1 deal
$67.8M for Fraud and Financial Crime Protection across 2 deals
$50.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal
$35.0M for Third-Party Risk Management across 1 deal
$15.1M for Network Detection and Response (NDR) across 1 deal
$6.9M for Data Privacy across 1 deal
$6.0M for API Security across 1 deal
$3.7M for Artificial Intelligence (AI) Security across 1 deal
An undisclosed amount for Application Security Testing (AST) across 1 deal

🏢 Funding By Company

Rapid7, a United States-based suite of threat and vulnerability management (TVM) tools, raised a $260.0M post-IPO debt round. (more)
ThetaRay, an Israel-based anti-money laundering (AML) platform, raised a $57.0M Venture Round from Portage Ventures. (more)
Upwind Security, an Israel-based run-time cloud native application protection platform (CNAPP), raised a $50.0M Series A from Cyberstarts, Greylock, and Leaders Fund. (more)
Certa, a United States-based third-party risk management platform, raised a $35.0M Series B from Fin Capital and Vertex Ventures. (more)
IronNet Cybersecurity, a United States-based network detection and response (NDR) platform, raised a $15.1M post-IPO debt round but furloughed workers and may be filing for bankruptcy. (more)
Strise, a Norway-based anti-money laundering (AML) platform, raised a $10.8M Series A from Atomico. (more)
Integral, a United States-based privacy-focused data platform making healthcare data shareable, raised a $6.9M Seed from Haystack and The General Partnership. (more)
Pynt, an Israel-based API security platform, raised a $6.0M Seed from Joule Ventures. (more)
Mindgard, a United Kingdom-based threat detection and security platform for AI models, raised a $3.7M Seed from IQ Capital, Lakestar, and Osney Capital. (more)
Cytix, a United States-based continuous application security testing platform, raised an undisclosed Seed round. (more)

🗣Sponsor

Bullet-proof your cloud IAM and ensure rapid recovery with Acsense.

Acsense’s IAM Resilience Platform eliminates IAM as a single point of failure by providing a solution for data security, continuity, and compliance.

Your identity management infrastructure is hardened with continuous backups, one-click granular recovery, incident investigation, and change management.

Protect Your IAM Investments. SCHEDULE A CHAT WITH US

🌎 Funding By Country

$317.0M for United States across 5 deals
$113.0M for Israel across 3 deals
$10.8M for Norway across 1 deal
$3.7M for United Kingdom across 1 deal

🤝 Mergers & Acquisitions

Ermetic, a United States-based cloud infrastructure identity security platform, was acquired by Tenable for $265.0M. (more)
Advanced Network Products (ANP), a United States-based managed services provider (MSP), was acquired by Coretelligent for an undisclosed amount. (more)
Atmosec, an Israel-based threat detection platform for SaaS applications, was acquired by Check Point Software Technologies for an undisclosed amount. (more)
Cohere Cyber Secure, a United States-based managed security services provider (MSSP), was acquired by Dataprise for an undisclosed amount. (more)
ES2, an Australia-based managed security services provider (MSSP), was acquired by OneStep Group for an undisclosed amount. (more)
GrammaTech, a United States-based application security testing platform, was acquired by Battery Ventures for an undisclosed amount. (more)
Stacksi, a United States-based automated security questionnaire answer platform, was acquired by SafeBase for an undisclosed amount. (more)

📚 Great Reads

Demystifying LLMs and Threats My Journey - Caleb Sima, former CISO of Robinhood, shares his journey of demystifying LLMs, threats, and all things AI.
*Start a Newsletter - If you’re thinking about starting a newsletter, I can't recommend Beehiiv highly enough.
Awesome GPT Prompt Engineering - A curated list of awesome resources, tools, and other shiny things for GPT prompt engineering.
The Resilience Potion & Security Chaos Engineering - Kelly Shortridge shares the Resilience Potion Recipe, a five-ingredient elixir we can brew to foster resilience in our systems and guide our security chaos engineering transformation.

_{*Sponsored content and/or affiliate link.}

🧪 Labs

Really makes you think 🤔

— SwiftOnSecurity (@SwiftOnSecurity)
Sep 3, 2023

Promote your business to a hard-to-reach audience of cybersecurity and investment professionals by sponsoring this newsletter.

How was this week's newsletter?

Join the conversation

or to participate.