💰 Security, Funded #172 - Monday Cybers

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of November 25, 2024

Author

Mike Privette
December 02, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Nudge Security, DeleteMe, and Intezer.

Hey there,

I hope you had a great weekend, and happy Cyber Monday to all those who celebrate! If you partook in Thanksgiving in the US (or abroad like me), I hope it was filled with great food and company. If you found any good deals or really useful items in your shopping on Black Friday / Cyber Monday, I’d love to hear about them!

Thank you to everyone who voted on the podcast idea poll last week. The responses were overwhelmingly positive! Don’t worry, though, this newsletter isn’t going anywhere. I’m just looking for additional ways to branch out, reach more folks, and bring you more value. 😤 👊 

Also, I started picking up on BlueSky last week, so smash that follow button if you’re into that kind of thing.

Onward to this week’s issue.

TOGETHER WITH

Eliminate Wasted SaaS Spend in 2024 to Help Fund Your 2025 Priorities

View spend, risk, and usage info all in one place.

Your SaaS footprint is likely happy hunting grounds for cost savings to make room for new priorities in 2025. Nudge Security discovers every app, account, and up to two years of historical SaaS spend to give you the full picture of who’s using what, where you have overlap, and where you are wasting money on unused apps.

You’ll see all of this on Day One, along with security posture findings for your IdP infrastructure and workflows to scale identity governance.

😎 Vibe Check

Where do you see the biggest gap in the cybersecurity talent pipeline?

And I don't mean what the certification bodies tell you...

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What's the most valuable factor when it comes to assessing a new cyber vendor?
🟨🟨🟨🟨🟨⬜️ 💰 Pricing and/or perceived ROI (9)
🟩🟩🟩🟩🟩🟩 🏃🏽‍♀️ Proven track record in the industry (10)
🟨🟨🟨🟨⬜️⬜️ 💡 Innovation or tech leadership (7)
🟨🟨🟨⬜️⬜️⬜️ ⛑️ Customer support (6)
🟨🟨🟨🟨⬜️⬜️ 🍳 Ease of implementation into current stack (7)
39 Votes

Last week’s vibe check responses were an interesting mix of answers, but what stood out to me was the focus on subjective intangibles. Things like “perceived ROI,” “proven track record,” and “innovation” don’t exactly have clear start and stop edges. It really highlights something that I’m sure many are already aware of, and it’s that everyone in the cyber industry is under a constant influence campaign. It really shows why marketing is so strong and high-stakes in this industry.

Some of the top comments from last week:

Innovation - “The most important thing is that they can do something meaningfully different. If not, then they are just iterating on everyone else and it becomes about price/implementations/customer support/etc.”

Track Record - “Not much else can predict software reliability, so company track record is pretty much our best (albeit crude) predictor of future performance and maintenance costs”

Pricing/ROI - “You always have to weigh a complicated mix of requirements that varies depending on the nature of the offering the vendor has. Reliability, quality and support are more crucial for more intrusive solutions like endpoint security tools (*cough* Crowdstrike *cough*) or inline networking equipment. For less business critical tools like GRC products, ROI and features will weigh more heavily”

💰 Market Summary

  • 11 companies raised $205.4M across 8 unique product categories in 7 countries

  • 3 companies were acquired or had a merger event across 3 unique product categories

  • 93% of funding went to product-based cybersecurity companies

  • 1 public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

A smaller but still mighty week last week on the funding front. Some really large and later-stage rounds made an appearance with some rocket ship companies. 🚀 

A much quieter week on the M&A front last week from a volume perspective. This has been the norm for most of 2024.

TOGETHER WITH

Restore Privacy to Your Employees and Executives

Enterprise-grade PII Removal for Businesses

As cyber threats evolve, so should your privacy strategy. DeleteMe is the industry leader in personal data exposure prevention, offering a managed service that removes your sensitive information from the public web. Our team of Privacy Advisors works tirelessly to keep your data secure, reducing the risk of targeted cyberattacks and social engineering threats. With DeleteMe, you're not just reacting to privacy concerns – you're staying one step ahead of potential threats.

☎️ Earnings Reports

Cyber Market Movers

As of markets closed on November 29, 2024

Earnings reports from last week: CrowdStrike

CrowdStrike (CRWD)

CrowdStrike was received with a bit of mixed emotions in its latest earnings report. 🥴 

On the one hand, CrowdStrike’s performance and public perception took some serious nerfing in the last quarter in the aftermath of causing the worst IT outage in history back in July. On the other hand, however, CrowdStrike surpassed $4 billion in ARR, hit over $1 billion in revenue for the first time, kept a very strong net retention rate (rate of customers staying and renewing) of 115%, and raised its full-year outlook. CrowdStrike even cited how many customers stuck around because of how transparent they were after the incident.

These competing feelings and data points led the stock to drop roughly 5% post-earnings call, which, all things considered, really isn’t that bad of a dip for taking out 60% of the world with one update. I fully expect CRWD to successfully navigate out of this one and remain in the top spot in the hearts and minds of investors and practitioners.

Macro Context:

  • Another record close for the S&P500 and Dow Jones Index last week.

  • Bitcoin continues its bull run.

  • The US Dollar continues its own bull run, even with commentary on BRICS nations trading in other currencies.

Earning reports to watch this coming week:

  • Okta, Rubrik, SentinelOne, Zscaler

🧩 Funding By Product Category

  • $104.0M for Endpoint Detection and Response (EDR) across 2 deals

  • $70.0M for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal

  • $13.3M for Professional Services across 3 deals

  • $8.6M for Attack Surface Management (ASM) across 1 deal

  • $8.5M for Fraud and Financial Crime Protection across 1 deal

  • $1.1M for Cybersecurity Education & Training across 1 deal

  • An undisclosed amount for Security and Compliance Automation across 1 deal

  • An undisclosed amount for Cybersecurity Conferences & Events across 1 deal

🏢 Funding By Company

  • Halcyon, a United States-based endpoint detection and response (EDR) triage and automation platform, raised a $100.0M Series C from Evolution Equity Partners. (more)

  • Eon, a United States-based cloud data backup and recovery platform, raised a $70.0M Series C from Bond. (more)

  • Cipher, a Saudi Arabia-based professional services firm focused on governance, risk, and compliance assessments, raised a $13.3M Venture Round from Impact46. (more)

  • AI SPERA, a South Korea-based attack surface management and threat intelligence platform, raised a $8.6M Series B from KB Investment. (more)

  • FiVerity, a United States-based anti-fraud platform, raised a $8.5M Funding Round. (more)

  • North Pole Security, a United States-based endpoint detection and response platform for MacOS, raised a $4.0M Seed round. (more)

  • CyberTIX, a Spain-based cybersecurity education and training platform, raised a $1.1M Seed from Easo Ventures. (more)

  • CY4GATE, an Italy-based managed security services provider (MSSP), raised an undisclosed post-IPO equity round from First Capital. (more)

  • Federated IT, a United States-based professional services firm focused on cyber and national defense services, raised an undisclosed Venture Round from Bridge Defense. (more)

  • Nullcon, an India-based cybersecurity conference, raised an undisclosed Corporate Round from ISM Gcorp. (more)

  • SECJUR, a Germany-based security and compliance automation platform, raised an undisclosed Venture Round from Look AI Ventures. (more)

🌎 Funding By Country

  • $182.5M for the United States across 5 deals

  • $13.3M for Saudi Arabia across 1 deal

  • $8.6M for South Korea across 1 deal

  • $1.1M for Spain across 1 deal

  • An undisclosed amount for Italy across 1 deal

  • An undisclosed amount for India across 1 deal

  • An undisclosed amount for Germany across 1 deal

🤝 Mergers & Acquisitions

  • Blowfish, a United States-based platform for detecting and preventing malicious Web3 wallet transactions, was acquired by Phantom for an undisclosed amount. Blowfish had previously raised $11.8M in funding. (more)

  • IDX, a United States-based consumer digital privacy and data breach response platform, was acquired by Kingswood Capital Management for an undisclosed amount. IDX had previously raised $47.0M in funding. (more)

  • Payatu Technologies, an India-based IoT security and training platform and the parent company of Nullcon, was acquired by ISM Gcorp for an undisclosed amount. (more)

📚 Great Reads

  • AI WILL TAKE UR JOB! - Pedro Ribeiro gives a keynote talk at BSides Lisbon about the potential future impact of AI on your career and how you can prepare yourself for success.

  • *AI in Action. - This looks at four ways AI tools are making a big impact for SOC teams by making investigations more effective and reducing MTTR, from Itai Tevet at Intezer.

  • 2023 Funding and Acquisition Summary with Return on Security - From the Enterprise Security Weekly (ESW) Vaults, this is the 2023 year in review I did for the cybersecurity market funding and M&A perspective in prep for the 2024 episode.

*A message from our sponsor

🧪 Labs

[Train models] as I say, not as I do 🤖 

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.