💰 Security, Funded #147 - AI Hype or Hope?

Insights for the week of June 3, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with iVerify and Nudge Security.

Hey there,

I hope you had a great weekend!

Last week’s macroeconomic news was somewhat exciting and confusing (but if you’re familiar with macroeconomics, it’s always confusing). The European Central Bank lowered interest rates for the first time since before COVID, and the US jobs report came in better than expected. The US added more jobs, with higher wage growth, while at the same time, unemployment also rose (remember how I said it was confusing?). This new data has all but squashed expectations of a US Fed rate cut in July. In turn, the public markets freaked out, and there was red across the board.

Remember, when rates and inflation are high, it means putting money to work is more expensive. Sustained high interest rates and inflation can lead investors to deploy capital a bit more slowly. That being said, bets are still being made in certain sectors, like cyber and AI.

Speaking of bets, I’m officially saying that we are in a bubble with AI revolutionizing the Security Operations Center (SOC). 🫧 

Have you or a loved one been affected by the AI and Security Operations movement? You may be entitled to compensation. Call 1-800-1SOC-NOW today!

We have hit peak hype when companies can emerge from stealth, be valued at $100M+, and have no discernible product from the other AI x SOC players. I do believe there is some genuine innovation in this space, but right now, it’s heavy on ideas and low on evidence.

We need a sea change in how SOCs operate to prevent this bubble from bursting. If you’ve got real examples of how this has changed your security program, please reply; I’d love to hear about them!

Onward to this week's issue.

TOGETHER WITH

Don’t just detect threats, automatically remediate them with iVerify EDR.

Detection and response backed by advanced mobile threat hunting

Legacy mobile EDR solutions focus on threat detection with no ability to respond. It’s mobile “EDR” without the “R.” That changes today with the rollout of new features from iVerify that empower security teams to take action against smishing attacks, compromised mobile endpoints, and dangerous vulnerabilities.

Prevent attackers from routing device traffic to malicious websites without using a data-sniffing VPN and block compromised devices from accessing corporate systems — even without MDM!

😎 Vibe Check

What do you think the next AI meets Cybersecurity bubble will be?

Bonus points if you tell me why!

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Does your cyber budget for the rest of 2024 have a carve-out for securing the use of AI?
🟨🟨🟨🟨🟨⬜️ ✅ Yes (share what you can) (12)
🟩🟩🟩🟩🟩🟩 ❌ No (tell me why not) (14)
26 Votes

Things were pretty evenly split last week on the vibe check, which was a bit of a surprise to me. Most people I have spoken with have stated that their cyber programs prioritize securing the use of AI, but they aren’t adjusting budgets as a result. They apply what they already know and do to AI use cases. I think that makes a lot of sense unless you are building AI into your products or launching an AI service like a chatbot.

Top comments this week:

“AI is within risk appetite, we deal with it as a standard new SaaS provider.”

“The market is hot but also frothy with SaaS companies pretending to be AI companies.”

💰 Market Summary

  • 14 companies raised $198.6M across 12 unique product categories in 4 countries

  • 4 companies were acquired or had a merger event across 4 unique product categories

  • 93% of funding went to product-based cybersecurity companies

  • 1 public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Cyber funding is back on track this week at a normal clip, just like this time last year. Unlike last year, however, the rolling 12-week average for 2024 as of this week is 21% higher than in 2023.

And another DSPM company got snapped up. The DSPM category might be the fastest growing, raising just over $900 million across 23 companies, and maybe the fastest to be folded in with all the M&A activities.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

Earnings reports this week: CrowdStrike

CrowdStrike (CRWD)

CrowdStrike reported a strong quarter and continued to break its own financial records, driven mostly by the strength of its platform offering and the continued customer demands for cost savings and consolidations. A few highlights included:

  • A 22% increase in net new ARR up to $212 million

  • A 33% increase in total revenue up to $921 million (!)

  • CrowdStrike raised its forward-looking guidance for the rest of the fiscal year.

CrowdStrike also has its eyes set squarely on the recently hot SIEM market. Given the activity in the cyber industry over the past few weeks, this is a timely area to double down on, and CrowdStrike expects to continue driving momentum from this specific segment.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

🧩 Funding By Product Category

  • $60.0M for Application Security across 1 deal

  • $36.0M for Security Operations across 1 deal

  • $35.0M for Threat Intelligence across 1 deal

  • $30.0M for Passwordless Authentication across 1 deal

  • $14.5M for Cloud Security Posture Management (CSPM) across 1 deal

  • $10.0M for Blockchain Security across 1 deal

  • $7.4M for Artificial Intelligence (AI) Governance across 2 deals

  • $5.0M for Managed Detection and Response (MDR) across 1 deal

  • $740.0K for Operational Technology (OT) Security across 2 deals

  • An undisclosed amount for Security Awareness across 1 deal

  • An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal

  • An undisclosed amount for Fraud and Financial Crime Protection across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $186.2M for the United States across 11 deals

  • $10.0M for Singapore across 1 deal

  • $2.4M for Spain across 1 deal

  • An undisclosed amount for Switzerland across 1 deal

🤝 Mergers & Acquisitions

  • Eureka Security, an Israel-based data security posture management (DSPM) platform, was acquired by Tenable for an undisclosed amount. (more)

  • MindPoint Group, a United States-based managed security services provider (MSSP), was acquired by Tyto Athene for an undisclosed amount. (more)

  • Staging Labs, a United States-based cryptocurrency and smart contract auditing and security platform, was acquired by Merkle Science for an undisclosed amount. (more)

  • Vestige Digital Investigations, a United States-based professional services firm focused on digital forensics and incident response (DFIR), was acquired by ArcherHall for an undisclosed amount. (more)

📚 Great Reads

  • A world after Wiz: Emerging opportunities in cloud security - Scale Venture Partners discusses the evolution and future opportunities in cloud security, highlighting the success of companies like Rubrik and Wiz.

  • *Debunking the “stupid user” myth - How do employee perceptions of security interventions influence their likelihood to comply, and your security posture? Research conducted in consultation with leading Duke University psychologies explores the connection.

  • Getting Started with eBPF for Security - In this video, James Berthoty covers the emerging technology of eBPF (extended Berkeley Packet Filter) and explains its significance in differentiating cloud security vendors.

  • AI is making the internet worse - A topic that is near and dear to many hearts on generative AI and the increasingly poor state of content on the Internet. Jack Raines discusses the impact of generative AI, particularly OpenAI's deals with publishers and long-form journalism.

*A message from our sponsor

🧪 Labs

A SANS class? In this economy?!

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.