- Return on Security
- Posts
- 💰 Security, Funded #148 - Do Red Teams Dream of Electronic Sheep?
💰 Security, Funded #148 - Do Red Teams Dream of Electronic Sheep?
Insights for the week of June 10, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Aikido and iVerify.
Hey there,
I hope you had a great weekend, and a belated Happy Father’s Day to all the dads and dad-like figures who were able to celebrate.
Another week, another bit about inflation. US inflation numbers can in slightly lower than expected, which is a good sign that inflation is beginning to cool. Everyone was stoked for a bit until the US Fed announced that inflation was still too high and was not in a hurry to lower interest rates yet. The Fed even pulled back on future interest rate cut plans from two cuts down to just one but wouldn’t say when. Consumer confidence in the economy and public markets dropped as a result. 🥴
The Fed response reminds me of those “never let them know your next move” meme videos, in which people do increasingly hilarious and confusing things. Speaking of not letting people know your next move, the Lacework saga finally comes to a conclusion with an acquisition from an unlikely source. 🤔
Onward to this week's issue.

Table of Contents

😎 Vibe Check
Did you have it on your 2024 BINGO card that Lacework would be acquired by Fortinet? |
Last issue’s vibe check:
What do you think the next AI meets Cybersecurity bubble will be?
🟨🟨🟨🟨🟨⬜️ 🫧 AppSec (14)
🟨🟨🟨🟨⬜️⬜️ 🫧 Governance (12)
🟩🟩🟩🟩🟩🟩 🫧 Adversarial / Red Team (16)
🟨⬜️⬜️⬜️⬜️⬜️ 🫧 Other (tell me) (4)
46 Votes
The people have spoken, and they think the next AI bubble will be (or already is) the AI-augmented red teaming / adversarial pentesting platforms. This was followed by a strong vote towards the Governance box, as so many platforms are also trying to solve the third-party risk management (TPRM) spreadsheet questionnaire problems.
Some of the top comments from last week on red teaming and other platforms:
“I foresee consolidation for all of these GPT-powered auto vulnerability remediation github apps”
“SOC automation / SOC Agents - seems like there is a new startup everyday in this category.”

💰 Market Summary
9 companies raised $161.7M across 6 unique product categories in 5 countries
7 companies were acquired or had a merger event across 6 unique product categories
78% of funding went to product-based cybersecurity companies
No public cyber company had an earnings report

📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Funding continues to make strong progress in 2024, with a steady stream of later-stage funding rounds, including this week.

M&A was on a tear this week, with yet another DSPM company getting snapped up (remember last week?) and the acquisition that no one really expected. Despite the healthy clip of M&A activity, 2024 is surprisingly still trending behind 2023 in terms of deal volume.

🤙 Earnings Reports
Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.
Earnings reports this week: None
See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

TOGETHER WITH
SaaS CTO Security Checklist
40+ items to help you secure your app
The no-nonsense checklist covers over 40 ways to harden security across your people, processes, code, infrastructure, and more. It's organized by business growth stage - bootstrap, startup, and scaleup - so you can find the security best practices relevant to your current phase.
It’s never too late or too early to get started, no matter what stage your company is at. Now get that app secured!

🧩 Funding By Product Category

$88.0M for Data Protection across 1 deal
$28.0M for Threat & Vulnerability Management (TVM) across 2 deals
$24.0M for Managed Security Services Provider (MSSP) across 2 deals
$18.2M for Operational Technology (OT) Security across 2 deals
$3.6M for Data Access Governance across 1 deal
An undisclosed amount for Continuous Threat Exposure Management (CTEM) across 1 deal

🏢 Funding By Company
Cyberhaven, a United States-based data leak detection and response platform, raised a $88.0M Series C from Adams Street Partners and Khosla Ventures. (more)
YesWeHack, a United States-based crowdsourced bug bounty and vulnerability disclosure platform, raised a $28.0M Series C from Wendel. (more)
XONA Systems, a United States-based secure remote access platform for operational technology (OT), raised an $18.0M Venture Round from Energy Impact Partners. (more)
MONDATA, a Canada-based managed security services provider (MSSP), raised a $17.0M Venture Round from Fonds de solidarité FTQ. (more)
OnSecurity, a United Kingdom-based managed security services provider (MSSP), raised a $7.0M Series A from Gresham House Ventures. (more)
Ohalo, a United Kingdom-based data access governance, raised a $3.6M Private Equity from YFM Equity Partners. (more)
Fend, a United States-based company providing physical devices for securing critical infrastructure networks, raised a $150.0K Debt Financing round. (more)
CardinalOps, an Israel-based platform for identifying cloud infrastructure threats and providing pre-engineered mitigations, raised an undisclosed Venture Round from IN Venture.
StrikeOne, a Chile-based continuous threat exposure management (CTEM) platform, raised an undisclosed Pre-Seed round.

🌎 Funding By Country

$134.2M for the United States across 4 deals
$17.0M for Canada across 1 deal
$10.6M for the United Kingdom across 2 deals
An undisclosed amount for Israel across 1 deal
An undisclosed amount for Chile across 1 deal

🤝 Mergers & Acquisitions

DPOrganizer, a Sweden-based data privacy rights management platform, was acquired by DataGuard for an undisclosed amount. (more)
Garrison Technology, a United States-based remote browser isolation platform, was acquired by Everfox (formerly ForcePoint Federal) for an undisclosed amount. (more)
Hubble, a United States-based IT asset discovery and management platform, was acquired by NetSPI for an undisclosed amount. (more)
I-TRACING, a France-based managed security services provider (MSSP), was acquired by Oakley Capital for an undisclosed amount. (more)
Lacework, a United States-based cloud workload protection and posture management platform, was acquired by Fortinet for an undisclosed amount. (more)
Open Raven, a United States-based data security posture management (DSPM) platform, was acquired by Formstack for an undisclosed amount. (more)
Servium, a United Kingdom-based managed security services provider (MSSP), was acquired by Advania for an undisclosed amount. (more)

📚 Great Reads
What the Apple-OpenAI Deal Means for Four Tech Titans - OpenAI's partnership with Apple reshapes the competitive landscape in AI, challenging Google and impacting Microsoft's strategy, and the downstream impacts for security and privacy are just getting started.
*Engineering Threat Hunting for iOS and Android - How does iVerify’s mobile EDR run forensic diagnostics on thousands of files every minute? Find out in this blog post from Kris Jones, head of engineering.
No Snow, No Flakes - What the recent Mandiant investigation into the Snowflake breach mean for the shared responsibility model around enabling multi-factor authentication, and who is at fault.
The Revolution of Mobile Device Security - This post discusses the evolution of the mobile device security market, the current threats, and the psychological and structural barriers to better security.
*A message from our sponsor

🧪 Labs
Adventure awaits!
my favourite turn based strategy game
— des (@dotnetschizo)
3:03 AM • May 29, 2024

How was this week's newsletter? |

Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Reply