• Return on Security
  • Posts
  • 💰 Security, Funded #148 - Do Red Teams Dream of Electronic Sheep?

💰 Security, Funded #148 - Do Red Teams Dream of Electronic Sheep?

Insights for the week of June 10, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Aikido and iVerify.

Hey there,

I hope you had a great weekend, and a belated Happy Father’s Day to all the dads and dad-like figures who were able to celebrate.

Another week, another bit about inflation. US inflation numbers can in slightly lower than expected, which is a good sign that inflation is beginning to cool. Everyone was stoked for a bit until the US Fed announced that inflation was still too high and was not in a hurry to lower interest rates yet. The Fed even pulled back on future interest rate cut plans from two cuts down to just one but wouldn’t say when. Consumer confidence in the economy and public markets dropped as a result. 🥴 

The Fed response reminds me of those “never let them know your next move” meme videos, in which people do increasingly hilarious and confusing things. Speaking of not letting people know your next move, the Lacework saga finally comes to a conclusion with an acquisition from an unlikely source. 🤔 

Onward to this week's issue.

Table of Contents

😎 Vibe Check

Did you have it on your 2024 BINGO card that Lacework would be acquired by Fortinet?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What do you think the next AI meets Cybersecurity bubble will be?
🟨🟨🟨🟨🟨⬜️ 🫧 AppSec (14)
🟨🟨🟨🟨⬜️⬜️ 🫧 Governance (12)
🟩🟩🟩🟩🟩🟩 🫧 Adversarial / Red Team (16)
🟨⬜️⬜️⬜️⬜️⬜️ 🫧 Other (tell me) (4)
46 Votes

The people have spoken, and they think the next AI bubble will be (or already is) the AI-augmented red teaming / adversarial pentesting platforms. This was followed by a strong vote towards the Governance box, as so many platforms are also trying to solve the third-party risk management (TPRM) spreadsheet questionnaire problems.

Some of the top comments from last week on red teaming and other platforms:

“I foresee consolidation for all of these GPT-powered auto vulnerability remediation github apps”

“SOC automation / SOC Agents - seems like there is a new startup everyday in this category.”

💰 Market Summary

  • 9 companies raised $161.7M across 6 unique product categories in 5 countries

  • 7 companies were acquired or had a merger event across 6 unique product categories

  • 78% of funding went to product-based cybersecurity companies

  • No public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Funding continues to make strong progress in 2024, with a steady stream of later-stage funding rounds, including this week.

M&A was on a tear this week, with yet another DSPM company getting snapped up (remember last week?) and the acquisition that no one really expected. Despite the healthy clip of M&A activity, 2024 is surprisingly still trending behind 2023 in terms of deal volume.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

Earnings reports this week: None

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.


SaaS CTO Security Checklist

40+ items to help you secure your app

The no-nonsense checklist covers over 40 ways to harden security across your people, processes, code, infrastructure, and more. It's organized by business growth stage - bootstrap, startup, and scaleup - so you can find the security best practices relevant to your current phase.

It’s never too late or too early to get started, no matter what stage your company is at. Now get that app secured!

🧩 Funding By Product Category

  • $88.0M for Data Protection across 1 deal

  • $28.0M for Threat & Vulnerability Management (TVM) across 2 deals

  • $24.0M for Managed Security Services Provider (MSSP) across 2 deals

  • $18.2M for Operational Technology (OT) Security across 2 deals

  • $3.6M for Data Access Governance across 1 deal

  • An undisclosed amount for Continuous Threat Exposure Management (CTEM) across 1 deal

🏢 Funding By Company

  • Cyberhaven, a United States-based data leak detection and response platform, raised a $88.0M Series C from Adams Street Partners and Khosla Ventures. (more)

  • YesWeHack, a United States-based crowdsourced bug bounty and vulnerability disclosure platform, raised a $28.0M Series C from Wendel. (more)

  • XONA Systems, a United States-based secure remote access platform for operational technology (OT), raised an $18.0M Venture Round from Energy Impact Partners. (more)

  • MONDATA, a Canada-based managed security services provider (MSSP), raised a $17.0M Venture Round from Fonds de solidarité FTQ. (more)

  • OnSecurity, a United Kingdom-based managed security services provider (MSSP), raised a $7.0M Series A from Gresham House Ventures. (more)

  • Ohalo, a United Kingdom-based data access governance, raised a $3.6M Private Equity from YFM Equity Partners. (more)

  • Fend, a United States-based company providing physical devices for securing critical infrastructure networks, raised a $150.0K Debt Financing round. (more)

  • CardinalOps, an Israel-based platform for identifying cloud infrastructure threats and providing pre-engineered mitigations, raised an undisclosed Venture Round from IN Venture.

  • StrikeOne, a Chile-based continuous threat exposure management (CTEM) platform, raised an undisclosed Pre-Seed round.

🌎 Funding By Country

  • $134.2M for the United States across 4 deals

  • $17.0M for Canada across 1 deal

  • $10.6M for the United Kingdom across 2 deals

  • An undisclosed amount for Israel across 1 deal

  • An undisclosed amount for Chile across 1 deal

🤝 Mergers & Acquisitions

  • DPOrganizer, a Sweden-based data privacy rights management platform, was acquired by DataGuard for an undisclosed amount. (more)

  • Garrison Technology, a United States-based remote browser isolation platform, was acquired by Everfox (formerly ForcePoint Federal) for an undisclosed amount. (more)

  • Hubble, a United States-based IT asset discovery and management platform, was acquired by NetSPI for an undisclosed amount. (more)

  • I-TRACING, a France-based managed security services provider (MSSP), was acquired by Oakley Capital for an undisclosed amount. (more)

  • Lacework, a United States-based cloud workload protection and posture management platform, was acquired by Fortinet for an undisclosed amount. (more)

  • Open Raven, a United States-based data security posture management (DSPM) platform, was acquired by Formstack for an undisclosed amount. (more)

  • Servium, a United Kingdom-based managed security services provider (MSSP), was acquired by Advania for an undisclosed amount. (more)

📚 Great Reads

  • What the Apple-OpenAI Deal Means for Four Tech Titans - OpenAI's partnership with Apple reshapes the competitive landscape in AI, challenging Google and impacting Microsoft's strategy, and the downstream impacts for security and privacy are just getting started.

  • *Engineering Threat Hunting for iOS and Android - How does iVerify’s mobile EDR run forensic diagnostics on thousands of files every minute? Find out in this blog post from Kris Jones, head of engineering.

  • No Snow, No Flakes - What the recent Mandiant investigation into the Snowflake breach mean for the shared responsibility model around enabling multi-factor authentication, and who is at fault.

  • The Revolution of Mobile Device Security - This post discusses the evolution of the mobile device security market, the current threats, and the psychological and structural barriers to better security.

*A message from our sponsor

🧪 Labs

Adventure awaits!

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.


or to participate.