- Return on Security
- Posts
- 💰 Security, Funded #171 - Wazz Up
💰 Security, Funded #171 - Wazz Up
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of November 18, 2024
Mike Privette
November 25, 2024 • Reading Time: 13 minutes
Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Vanta.
Hey there,
I hope you had a great weekend!
What a week last week! There were some really big moves in both private and public markets last week, not the least of which was Wiz buying Dazz (Wazz Up! 😜 ), and cybersecurity funding for 2024 surpassed $12 billion! This issue has a lot of numbers, so I’ll save the long pre-amble and jump in.
But before I do and to carry forward last week's theme, so here’s another poll that I would really appreciate your feedback on! 👇️
Would you watch/listen to a Return on Security podcast?Still fleshing out the idea, but it could cover not just the newsletter, but do interviews with founders and practitioners. |
TOGETHER WITH
Automate SOC 2 and ISO 27001 compliance: Join the Live Product Demo
Proving trust is more important than ever. Especially when it comes to your security program.
Vanta helps centralize program requirements and automate evidence collection for frameworks like SOC 2, ISO 27001, HIPAA, and more, so you save time and money—and build customer trust.
And with Vanta, you get continuous visibility into the state of your controls.
See it in action: join Vanta’s live product demo on December 5 to learn how Vanta automates the work required for compliance and helps organizations maintain their standards effortlessly over time.
Table of Contents
😎 Vibe Check
What's the most valuable factor when it comes to assessing a new cyber vendor? |
Last issue’s vibe check:
What metric do you find most valuable for evaluating the success of your security program?
🟩🟩🟩🟩🟩🟩 Mean time to detect/respond (MTTD/MTTR) (23)
🟨⬜️⬜️⬜️⬜️⬜️ Number of incidents prevented (8)
🟨🟨🟨🟨⬜️⬜️ Compliance audit/findings success rates (16)
🟨🟨🟨🟨⬜️⬜️ Business impact or cost savings (17)
64 Votes
Super interesting results here. Last week, 48% of respondents were very focused on incident response and recovery as a means of evaluating the success of their cyber programs. This leaves the other 52% as more compliance and business-focused, which don’t often have a direct correlation to incident response and recovery (unless the story is artfully crafted that way 🤝).
I know all of these answers have external factors that influence them, but I love how these polls can really expose the divergent thinking and approaches in our industry. It really depends on who the judge, jury, and executioners are for your program.
Some of the top comments from last week:
Business impact - “It all comes down to dollars & cents at the end of the day.”
MTTD/MTTR - “Incidents are inevitable, even in the best security programs. Time to detect and respond is paramount and a great gauge of organizational effectiveness. I always judge other organizations by their response to incidents, not their compliance certifications. Security first, compliance second.”
💰 Market Summary
15 companies raised $555.8M across 14 unique product categories in 5 countries
9 companies were acquired or had a merger event for $550.4M across 6 unique product categories
100% of funding went to product-based cybersecurity companies
1 public cyber company had an earnings report
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
A huge bump in funding last week compared to the past several weeks, most of which came from later-stage funding. With last week under our belt, cybersecurity funding for 2024 has surpassed $12 billion YTD.
Mergers and acquisitions have also continued their ripping pace these last few weeks. It’s been a noticeably quieter year on the M&A front in cyber in terms of transaction volume, but M&A dollars have surpassed $41 billion (compared to $40 billion last year).
☎️ Earnings Reports
Cyber Market Movers
As of markets close on November 22, 2024.
Earnings reports from last week: Palo Alto Networks
Palo Alto Networks (PANW)
Palo Alto had strong results in its latest quarterly report, with a 14% increase in total revenue and a 40% increase in its Next-Gen Security product line. Product and services revenue increased by 4% and 16%, respectively, and EMEA revenue rose by 21%, JAPAC by 13%, and the Americas by 12%. It’s clear that the “platformization” strategy that Palo Alto started last year is indeed working to an extent.
Even with the impressive quarterly results, announcing a 2-for-1 stock split, and even the general optimism of most analysts, there were still minor concerns about the slight decline in net new ARR year-over-year. As a result, the stock was slightly down from last week.
Macro Context:
This is a good time to remember that the public markets ≠ the economy.
Another record close for the Dow Jones Index as public markets and Bitcoin continues its bull run.
Earning reports to watch this coming week:
CrowdStrike
🧩 Funding By Product Category
$300.0M for Data Security Posture Management (DSPM) across 1 deal
$175.0M for API Security across 1 deal
$21.0M for Identity and Access Management (IAM) across 2 deals
$18.0M for Artificial Intelligence (AI) Privacy Assurance across 1 deal
$10.4M for Governance Risk and Compliance (GRC) across 1 deal
$8.0M for Remote Browser Isolation across 1 deal
$7.0M for Third-Party Risk Management (TPRM) across 1 deal
$7.0M for Infrastructure as Code (IaC) Security across 1 deal
$4.0M for Artificial Intelligence (AI) Governance across 1 deal
$3.0M for Security Analytics across 1 deal
$2.2M for Identity Verification across 1 deal
$213.9K for Password Management across 2 deals
An undisclosed amount for Threat Intelligence across 1 deal
An undisclosed amount for Cloud Native Application Protection Platform (CNAPP) across 1 deal
🏢 Funding By Company
Cyera, a United States-based data security posture management (DSPM) platform, raised a $300.0M Series D from Accel, Sapphire Ventures, and Coatue. (more)
Kong, a United States-based API management and security platform, raised a $175.0M Series E from Balderton Capital and Tiger Global Management. (more)
Prompt Security, a United States-based browser extension platform protecting against sensitive data usage and attacks in generative AI applications, raised a $18.0M Series A from Jump Capital. (more)
Twine Security, an Israel-based AI digital employee (agent) for identity and access management (IAM) security tasks, raised a $12.0M Seed from Dell Technologies Capital and Ten Eleven Ventures. (more)
Trustero, a United States-based AI-assistant-driven governance, risk, and compliance platform, raised a $10.4M Series A from Bright Pixel. (more)
ZITADEL, a United States-based secure authentication management platform, raised a $9.0M Series A from Nexus Venture Partners. (more)
Grey Market Labs, a United States-based platform for managing, securing, and supporting employee workspaces, raised a $8.0M Series A from Capri Ventures. (more)
Anitian, a United States-based platform offering pre-engineered and secured infrastructure components, raised a $7.0M Series D from Sageview Capital. (more)
VISO Trust, a United States-based third-party risk management platform, raised a $7.0M Venture Round from Bain Capital Ventures, Work-Bench, and Sierra Ventures. (more)
Calvin Risk, a Switzerland-based artificial intelligence (AI) governance and compliance platform, raised a $4.0M Seed from Join Capital and seed + speed Ventures. (more)
RIIG, a United States-based security analytics platform, raised a $3.0M Seed from Felton Group. (more)
Hopae, a United States-based decentralized identity and verification service, raised $2.2M in Debt Financing from the Korea Credit Guarantee Fund. (more)
Sunnies, a Japan-based password management platform, raised a $213.9K Pre-Seed from Hyperion and an undisclosed Debt Financing from Japan Finance Corporation.
ThreatMon, a Turkey-based cyber threat intelligence platform, raised an undisclosed Private Equity Round from PCP. (more)
Wiz, a United States-based cloud workload protection and posture management platform, raised an undisclosed Debt Financing round from SoftBank Vision Fund. (more)
🌎 Funding By Country
$539.6M for United States across 11 deals
$12.0M for Israel across 1 deal
$4.0M for Switzerland across 1 deal
$213.9K for Japan across 2 deals
An undisclosed amount for Turkey across 1 deal
🤝 Mergers & Acquisitions
Dazz, a United States-based application security posture management (ASPM) platform, was acquired by Wiz for $450.0M. (more)
Adlumin, a United States-based managed detection and response (MDR) platform, was acquired by[N-Able for $100.0M. (more)
Crossword Consulting, the United Kingdom-based professional services arm of Crossword Cybersecurity, was acquired by SysGroup PLC for $393.0K. (more)
AppViewX, a United States-based certificate lifecycle and public key management infrastructure (PKI) management platform, was acquired by Haveli Investments for an undisclosed amount. (more)
Black Cipher, a United States-based professional services firm focused on risk management for states, municipalities, and hospital systems, was acquired by[UTRS InfoSec for an undisclosed amount. (more)
C5 Technology, an Australia-based professional services firm focused on cybersecurity consulting for the federal government, was acquired by OneStep Group for an undisclosed amount. (more)
Colligio, a United States-based professional services firm focused on network management and security, was acquired by Blue Mantis for an undisclosed amount. (more)
Muscope, an Italy-based attack surface management (ASM) and risk quantification platform, was acquired by TeamSystem for an undisclosed amount. (more)
VeriClouds, a United States-based identity threat detection and response (ITDR) platform, was acquired by Enzoic for an undisclosed amount. (more)
📚 Great Reads
Agents, clarified. - An analysis of the future of AI agents and the applications they can take on from a security perspective.
The Dislocation Between Public & Private Web3 Markets - The discussion explores the current state of web3 markets, emphasizing public-private market dislocation, token performance, and regulatory uncertainties.
The AI Granny Scamming the Scammers - Daisy is an AI bot designed to waste fraudsters' time. She's been created by Virgin Media O2, who says she's "indistinguishable" from a real human.
*A message from our sponsor
🧪 Labs
Love getting these kinds of heartfelt messages! 😍
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Reply