Return on Security
Posts
💰 Security, Funded #163 - Get the Bag

💰 Security, Funded #163 - Get the Bag

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of September 23, 2024

Mike Privette
September 30, 2024 • Reading Time: 12 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Nudge Security and ThreatLocker.

Hey there,

I hope you had a great weekend and a happy end to Q3 for all those who celebrate! 🫡

It’s also almost officially Spooky Season 🎃, and not just on the Halloween front. It’s also that final 90-day push to the end of the year where deals get made, budgets get spent (if you don’t use it, you lose it), and when people and companies alike get “serious” about their annual goals and targets.

Lettuce all get this bread, family! 🥬 🥖

Onward to this week's issue.

_{TOGETHER WITH}

Discover shadow SaaS spend, usage and risk insights

Regain control of SaaS security and spend

Nudge Security now includes automated SaaS spend discovery capabilities, uncovering up to 2 years of historical SaaS spend, even for apps you’ve never heard of. With a free trial, you can immediately:

Discover all SaaS apps, identities, and spend
Find all genAI apps, accounts, and integrations
Automate user access reviews and IT offboarding
Surface and revoke risky OAuth grants
Review security profiles for each provider

Proactively manage SaaS security, spend, and sprawl with Nudge Security.

_{Partner With Us}

😎 Vibe Check
Market Summary
📸 YoY Snapshot
☎️ Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
Great Reads
🧪 Labs

😎 Vibe Check

Forget your zodiac sign, tell me your favorite cybersecurity acronym right now.

Last issue’s vibe check:
With Q4 just around the corner, do you think we will see a cybersecurity company go IPO this year?
🟨⬜️⬜️⬜️⬜️⬜️ 🤑 Yes (tell me who you think it'll be) (5)
🟩🟩🟩🟩🟩🟩 🙅‍♀️ Not a chance (tell me why) (19)
24 Votes

80% of people who participated in the vibe check last week said there was no chance there would be a cyber IPO this year (or arguably another IPO if you count Rubrik). This wasn’t surprising to me, as I bet many companies are waiting to see how the US Presidential election plays out and to let some of the Wiz momentum pass them by. If the M&A climate strengthens in the US, 2025 could be a blockbuster year.

Some of the top comments from last week:

“Not a chance - I think people will wait until 2025 to see rates stabilize and the election buzz to calm down for more certainty in the market.”

“Yes - Expel”

“Not a chance - The market is still too volatile, but I would expect to see Wiz, Snyk, and maybe Netskope make a play in 2025.”

💰 Market Summary

15 companies raised $114.3M across 14 unique product categories in 9 countries
5 companies were acquired or had a merger event across 5 unique product categories
88% of funding went to product-based cybersecurity companies
No public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

The final week of September continues the high-volume pace for the month with lots of funding events. With Q3 (after today) officially over, the current total of $3.3 billion raised in this quarter is about 19% less than this same timeframe last year (unless someone does a YOLO round today 👀 ).

M&A transactions finished at about the monthly average count of events last week. Again, unless something huge happens today (and never say ‘never’ in the cyber industry), Q3 2024 is about 35% less on transaction volume than the same timeframe last year.

_{Partner With Us}

☎️ Earnings Reports

Cyber Market Movers

As of markets close on September 27, 2024

Earnings reports from last week: None

Macro Context:

Markets hit new highs again last week while continuing to ride the interest rate cut wave.
Many tech stocks took a hit last week as new trends emerged, with companies wanting to end remote work and reverse the pandemic lockdown norm. Amazon announced that all corporate employees must return to the office five days a week starting in January 2025, and this push sent some cyber stocks downward that focus on secure remote access and zero-trust network access (ZTNA).
Overall, I see this as a last-ditch effort from these large tech companies to force some attrition and cut burn from overhiring during the 2020-2022 timeframe, but I don’t think this is what the future of work will look like.

Earning reports to watch this coming week:

None

🧩 Funding By Product Category

$70.0M for Security Orchestration and Automated Response (SOAR) across 1 deal
$12.0M for Continuous Threat Exposure Management (CTEM) across 2 deals
$7.0M for Threat & Vulnerability Management (TVM) across 1 deal
$6.7M for Managed Detection and Response (MDR) across 1 deal
$6.7M for Professional Services across 1 deal
$4.5M for Infrastructure as Code (IaC) Security across 1 deal
$2.7M for Secure File Sharing across 1 deal
$2.1M for Application Security Testing (AST) across 1 deal
$1.8M for Managed Security Services Provider (MSSP) across 1 deal
$556.9K for Artificial Intelligence (AI) Privacy Assurance across 1 deal
$167.1K for Penetration Testing across 1 deal
An undisclosed amount for Security Analytics across 1 deal
An undisclosed amount for Cybersecurity Program Management across 1 deal
An undisclosed amount for Artificial Intelligence (AI) Security across 1 deal

🏢 Funding By Company

Torq, a United States-based no-code security automation platform, raised a $70.0M Series C from Evolution Equity Partners. (more)
Tamnoon, a United States-based continuous threat exposure management (CTEM) platform, raised a $12.0M Series A from Bright Pixel. (more)
Defectdojo, a United States-based security automation and vulnerability management platform, raised a $7.0M Series A from Aspenwood Ventures. (more)
Enginsight, a Germany-based managed detection and response (MDR), raised a $6.7M Venture Round from UVC Partners. (more)
Blackpanda, a Singapore-based professional services firm focused on cyber incident response and recovery, raised a $6.7M Series A from Gaw Capital Partners, Singtel Innov8, and WI Harper Group. (more)
Bluebricks, an Israel-based cloud infrastructure security and remediation platform, raised a $4.5M Seed from Flint Capital and Glilot Capital Partners. (more)
TrueScreen, an Italy-based secure data acquisition and sharing platform focused on data authenticity and lineage, raised a $2.7M Seed from Cysero. (more)
Cytix, a United Kingdom-based continuous application security testing platform, raised a $2.1M Seed from Praetura Ventures. (more)
Loom Security, a United States-based managed security services provider (MSSP) focused on cloud security, raised a $1.8M Seed. (more)
CyberTide, a Germany-based AI privacy assurance platform for chatbot applications and foundational LLMs, received a $556.9K Grant from Investitionsbank Berlin.
Pentra, a Romania-based automated pentesting and reporting platform, raised a $167.1K Pre-Seed from Early Game Ventures. (more)
Aim Intelligence, a South Korea-based threat detection, red teaming, and security platform for AI models, raised an undisclosed Seed from Mashup Ventures. (more)
Cyvatar.ai, a United States-based cybersecurity program management platform, raised an undisclosed Revenue-Based Financing round from Decathlon Capital Partners. (more)
MegaVector, a China-based continuous threat exposure management (CTEM) platform, raised an undisclosed Venture Round from Shenzhen Capital Group.
Query, a United States-based federated security analytics searching platform, raised an undisclosed Venture Round from Cisco Investments. (more)

🌎 Funding By Country

$90.8M for the United States across 6 deals
$7.3M for Germany across 2 deals
$6.7M for Singapore across 1 deal
$4.5M for Israel across 1 deal
$2.7M for Italy across 1 deal
$2.1M for the United Kingdom across 1 deal
$167.1K for Romania across 1 deal
An undisclosed amount for South Korea across 1 deal
An undisclosed amount for China across 1 deal

🤝 Mergers & Acquisitions

Clumio, a United States-based data backup and recovery as a service protecting against ransomware attacks, was acquired by CommVault for $47.0M. (more)
CyberOwl, a United Kingdom-based cybersecurity analytics platform for maritime Internet of Things (IoT) assets, was acquired by DNV for an undisclosed amount. (more)
Featurespace, a United Kingdom-based anti-fraud and payment security platform, was acquired by Visa for an undisclosed amount. (more) (Not to be outdone by Mastercard)
inversion6, a United States-based managed security and professional services firm, was acquired by TRG for an undisclosed amount. (more)
NetGuardians, a Switzerland-based fraud and financial crimes prevention platform, was acquired by Summa Equity for an undisclosed amount. (more)

📚 Great Reads

Cybersecurity Workforce Woes - Chris Hughes looks at the current cybersecurity workforce challenges, the factors involved, and why things might not be what they seem.
*Uncover hidden risks in your environment - Get a free, software health report from ThreatLocker®. Identify unapproved software, shadow IT, and potential threats, and learn how to harden your IT security.
300 Billion Emails, Infinite Risk: The Evolution of Email Security - Email security is still a hot mess in 2024, despite all the fancy tech and billions invested. Phishing and business email compromise are still absolutely dominating, and it's time for the email security market to change.
Cyber Thoughts Podcast - I joined the Cyber Thoughts Podcast with Lucas Nelson from Lytical Ventures, and we covered highlights from Black Hat and DEF CON, the evolution of AI in cybersecurity, and the importance of staying ahead of emerging threats.

_{*A message from our sponsor}

🧪 Labs

Cyber programs are gonna cyber

My CISO to the board: We're tracking AI powered Attacks and Quantum Computing threats
My Board: And rekdt, what is Security Architecture working on?
Me: I just notified our internal teams they haven't remediated their deployed public S3 buckets
— rekdt (@rekdt)
4:48 PM • Sep 24, 2024

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.