Return on Security
Posts
💰 Security, Funded #174 - All I Want for Christmas is [Shareholder Value]!

💰 Security, Funded #174 - All I Want for Christmas is [Shareholder Value]!

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of December 9, 2024

Mike Privette
December 16, 2024 • Reading Time: 15 minutes

Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with DeleteMe and Intezer.

Hey there,

I hope you had a great weekend, and welcome to the final newsletter issue of 2024! 🤯

Black Hat Europe and BSides London were great send-offs to close out a whirlwind year for Return on Security and me personally. Both events were bigger and had more energy than this time last year, and it was great to catch up with and meet so many people. I was left with the impression that there was renewed energy and excitement from everyone in the industry as 2024 has normalized what 2022 and 2023 brought.

Even though I’m not shipping another newsletter issue this year, be on the lookout for some blog content coming your way.

Speaking of coming your way, it’s that time of year for the annual reader survey. Your feedback makes all the difference. Please consider taking this quick survey to help shape Return on Security in 2025!

Onward to this week’s issue.

_{TOGETHER WITH}

DeleteMe - The Intersection of Privacy and Security

Get a trusted partner in removing sensitive PII anywhere on the Open Web

Today, any crude bad actor can leverage AI tools to weaponize PII in the form of phishing attacks, voice and video deep fakes, and more. We know keeping organizations secure isn’t getting easier. But DeleteMe is dedicated to making part of your layered defenses just that: easier.

Our continuous PII threat monitoring and removal platform finds and does the time-consuming takedown work for you to remediate employee personal info exposed in unwanted ways on the Public Web, saving Security Teams thousands of hours per year.

_{Partner With Us}

😎 Vibe Check
Market Summary
📸 YoY Snapshot
☎️ Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
📚 Great Reads
🧪 Labs

😎 Vibe Check

For the practitioners, how much money do you estimate your company will spend on "AI for Security" or "Security for AI" in 2024?

Last issue’s vibe check:
What’s the most critical skill for today’s cybersecurity professionals?
🟨🟨🟨⬜️⬜️⬜️ Technical expertise (e.g., threat hunting, incident response, coding) (8)
🟩🟩🟩🟩🟩🟩 Risk assessment and prioritization (17)
🟨🟨🟨⬜️⬜️⬜️ Strategic thinking and program management (10)
🟨🟨🟨🟨⬜️⬜️ Communication and stakeholder engagement (12)
47 Votes

Risk assessment and prioritization skills came out on top of last week’s vibe check as THE most important skills for cybersecurity professionals today. It was followed closely by strategic thinking, communication, and program management, all of which are softer supplemental skills. To me, this really shows that the security industry has a strong focus on making sure we are only working on the most important, most risk-reducing work (which makes a lot of sense).

This data is likely also skewed due to the concentration of security leaders in the newsletter. However, it’s still interesting to see, given that many of the bars to get into security are technical in nature.

Unfortunately, a certification can’t teach most of what people say are the most critical skills. This really makes you wonder why there’s such a disconnect in our industry. 🤔

Some of the top comments from last week:

Communication - “The criticality of a vuln pales next to the amount of skepticism a c-suite executive can potentially summon when a security engineer fails to appropriately justify their work or does not clearly describe the benefits of fixing the issues they've found.”

Risk Assessment - “Security Engineers tend to focus on the tasks they can complete more than what eliminates the most risk for the business, and most security leaders do not understand risk well enough to prioritize effectively. Nothing could be more important to a security program than understanding the real risks to the organizations and prioritizing security to enable the business to achieve its goals while eliminating those risks.”

💰 Market Summary

15 companies raised $176.2M across 12 unique product categories in 7 countries
9 companies were acquired or had a merger event for $100.0M across 7 unique product categories
99% of funding went to product-based cybersecurity companies
No public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

The industry keeps on giving with a continuation of the Santa Rally in late Q4. 🎅 With just a few weeks left in the year, can we beat 2023?

Like many people around the world, the cyber industry is also doing a lot of last-minute shopping on the M&A front. So far, the cyber M&A scene has exchanged over $41.5 billion in 2024, and there are a few more weeks to get those stocking stuffers (like a half-priced threat intelligence or XDR platform!).

_{TOGETHER WITH}

Agentic AI for Security is Making Waves Going Into 2025

SOC teams are seeing big impact from Intezer’s AI SOC solution

Intezer’s solution is gaining momentum in the emerging AI SOC space, based on its track record among security teams at Fortune 500s and top MSSPs. Intezer emulates the thinking of an experienced analyst, collecting and analyzing evidence to autonomously filter out false positives, then escalate real threats. This significantly improves MTTR, triaging every alert including low severity and information with AI, while making sure SOC analysts can focus on the threats that matter the most.

_{Partner With Us}

☎️ Earnings Reports

Cyber Market Movers

As of markets close on December 13, 2024.

Earnings reports from last week: None

Macro Context:

Your eyes are not deceiving you. That Palo Alto number is indeed real. Last week, to stay competitive in the market, Palo Alto announced a two-for-one stock split and share increase.
Other cyber stocks took hits from a combination of weaker-than-expected revenue guidance and execution risks.
It’s still too soon to know the global economic impacts of the incoming Trump administration in January 2025, but US stock markets are continuing to hit record highs.

Earning reports to watch this coming week:

None, check back in 2025!

🧩 Funding By Product Category

$60.0M for Email Security across 1 deal
$45.0M for SaaS Security Posture Management (SSPM) across 1 deal
$40.0M for Brand Protection across 2 deals
$10.0M for Threat Intelligence across 1 deal
$7.9M for Trust & Safety across 2 deals
$4.2M for Application Security Testing (AST) across 1 deal
$4.0M for Artificial Intelligence (AI) Security across 1 deal
$3.0M for Secure Networking across 1 deal
$2.1M for Managed Security Services Provider (MSSP) across 2 deals
An undisclosed amount for Remote Browser Isolation across 1 deal
An undisclosed amount for Data Protection across 1 deal
An undisclosed amount for Cybersecurity Education & Training across 1 deal

🏢 Funding By Company

Sublime Security, a United States-based email security platform, raised a $60.0M Series B from IVP. (more)
Astrix Security, an Israel-based access management platform for third-party applications and integrations, raised a $45.0M Series B from Menlo Ventures. (more)
Flare, a Canada-based brand protection and threat intelligence platform, raised a $30.0M Series B from Base10 Partners. (more)
BforeAI, a France-based cyber threat intelligence and brand protection platform, raised a $10.0M Series B from Titanium Ventures.
Silent Push, a United States-based threat intelligence platform, raised a $10.0M Series A from StepStone Group and Ten Eleven Ventures. (more)
Musubi, a United States-based content moderation platform from GenAI threats for trust and safety teams, raised a $5.0M Seed. (more)
ETHIACK, a Portugal-based autonomous application security testing platform, raised a $4.2M Seed from Explorer Investments. (more)
Wald.ai, a United States-based platform for securing AI chatbot applications, raised a $4.0M Seed from Entrada Ventures and Inventus Capital Partners. (more)
VergeCloud, an India-based secure edge and cloud networking platform, raised a $3.0M Seed. (more)
Refute, a United Kingdom-based misinformation detection and response platform, raised a $2.9M Pre-Seed from Playfair Capital and Episode 1. (more)
Senteon, a United States-based managed security services provider (MSSP) focused on endpoint monitoring and operating system hardening, raised a $2.1M Seed. (more)
Cohesity, a United States-based data protection and disaster recovery platform, raised an undisclosed Series H from Haveli Investments. (more)
CyberNorth, a United Kingdom-based cybersecurity training and education company supporting North East England, raised an undisclosed Grant from the Department for Science, Innovation and Technology (DSIT). (more)
Island, a United States-based secure remote browser isolation platform, raised an undisclosed Series D from EDBI. (more)
SDG Corporation (TruOps), a United States-based managed security services provider focused on identity and access management and threat intelligence, raised an undisclosed Private Equity Round from Recognize Partners. (more)

🌎 Funding By Country

$81.1M for the United States across 8 deals
$45.0M for Israel across 1 deal
$30.0M for Canada across 1 deal
$10.0M for France across 1 deal
$4.2M for Portugal across 1 deal
$3.0M for India across 1 deal
$2.9M for the United Kingdom across 2 deals

🤝 Mergers & Acquisitions

Perception Point, an Israel-based Prevention-as-a-Service company protecting against email phishing and 0-day attacks, was acquired by Fortinet for $100.0M. Perception Point had previously raised $38.0M.(more)
Connor Consulting, a United States-based professional services firm focused on third-party risk management (TPRM) services, was acquired by Schellman & Company for an undisclosed amount. Connor Consulting had not publicly disclosed any prior funding rounds. (more)
Cythera, an Australia-based managed security services provider (MSSP) focused on the SMB market, was acquired by Bastion Security Group for an undisclosed amount. Cythera had not publicly disclosed any prior funding rounds. (more)
deviceTRUST, a Germany-based endpoint-based conditional access platform, was acquired by Citrix for an undisclosed amount. deviceTRUST had not publicly disclosed any prior funding rounds. (more)
MetaCompliance, a United Kingdom-based security awareness and training platform, was acquired by Keensight Capital for an undisclosed amount. MetaCompliance has previously raised funding, but the amount was not made public. (more)
Outpost Security, a United States-based professional services firm focused on security operations and analytics assessments, was acquired by CYDERES for an undisclosed amount. Outpost Security had not publicly disclosed any prior funding rounds. (more)
procilon, a Germany-based data protection company focused on certificates, PKI, and encrypted communications, was acquired by Main Capital Partners for an undisclosed amount. procilon had not publicly disclosed any prior funding rounds. (more)
Securitybricks, a United States-based professional services firm focused on security automation use cases, was acquired by Aprio for an undisclosed amount. Securitybricks had not publicly disclosed any prior funding rounds. (more)
Strong Network, a Switzerland-based secure cloud development environment platform, was acquired by Citrix for an undisclosed amount. Strong Network had not publicly disclosed any prior funding rounds. (more)

📚 Great Reads

A Decade of Defense: Securing the Largest US Crypto Exchange - Philip Martin, CISO of Coinbase, gave a talk earlier this year at MSSN CTRL 2024 emphasizing winning in cybersecurity, lessons learned, and the importance of making security easier.
Profitable Misery - With 58% of U.S. adults reporting loneliness, privacy risks escalate as sensitive data fuels AI optimization. Investors should monitor ethical concerns as demand grows for privacy-focused and human-centric solutions over exploitative models.
The 2024 Cybersecurity Market Review - For the second year now, I joined the Enterprise Security Weekly team to discuss the year's highlights and what's to come in the next 12 months.

_{*A message from our sponsor}

🧪 Labs

May you receive no emails of the bad variety this holiday season

I hope this email kills us both
— carmeb (@therealcbrad)
12:00 AM • Sep 27, 2024

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.