- Return on Security
- Posts
- 💰 Security, Funded #182 - Let's Get Physical
💰 Security, Funded #182 - Let's Get Physical
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of February 17, 2025.
Mike Privette
February 24, 2025 • Reading Time: 12 minutes
Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with Nudge Security, Comp AI, and Dropzone AI.
Hey there,
I hope you had a great weekend!
With US cybersecurity agencies being dismantled, the UK government trying to force an encryption backdoor in Apple (only for the good guys, of course), and Apple pulling back its top security features from the UK, the gap between cybersecurity and national security is quickly closing in these unprecedented times. This is a strange and scary timeline we’re living in.
But fear not! To boost morale, please reply to this email with five bullet points showing what you accomplished last week that increased shareholder value.
The best reply gets a shoutout in the next issue. 😤 👊
TOGETHER WITH
Guide: How to Conduct a GenAI Risk Assessment
While most orgs have moved from panic to practicality when it comes to GenAI use, new tools like DeepSeek raise fresh concerns about AI governance and risk mitigation.
Download this guide to learn how to:
Discover the AI tools in use in your org
Conduct security reviews for AI vendors
Determine where AI tools are connected to other apps
Educate your workforce on safe and compliant AI use
Table of Contents
😎 Vibe Check
How is your team improving detection & response this year?Bonus points if you can send me any resources! |
Last issue’s vibe check:
What’s the biggest shift in your cybersecurity strategy this year?
🟩🟩🟩🟩🟩🟩 🔍 More focus on detection & response (12)
🟨🟨🟨🟨⬜️⬜️ 🛠️ Improving efficiency (using what you have better) (10)
🟨🟨🟨⬜️⬜️⬜️ 💡 More AI & automation adoption (7)
🟨🟨🟨⬜️⬜️⬜️ 📜 More focus on compliance & regulations (7)
36 Votes
Despite budget cuts and efficiency pushes, core security operations remain the primary focus with detection and response. “Do more with less” remains a major theme, and teams are still focused on maximizing existing resources rather than relying on new investments.
The fact that AI & automation didn’t rank higher is surprising. Given all the hype in the space, I would have expected to see a much higher score. Not ranking high could be due to adoption struggles, general skepticism, or a wait-and-see approach, given that the field is changing so quickly.
Some of the top comments from last week’s vibe check:
“All of the above? We're doing a lot of work around detection and response pipelines, but also embracing AI and automation as part of that, all in the hopes of improving efficiency and speed.”
“We're lean, so we're cutting products back and integrating the data with custom programs. Making what we have more efficient to respond.”
💰 Market Summary
11 companies from 5 countries raised $407.1M across 11 unique product categories
2 companies were acquired or had a merger event for $37.5M across 2 unique product categories
99% of funding went to product-based cybersecurity companies
No public cyber companies had an earnings report
Market Moves
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between the end of 2023 and the start of 2024 and 2025.
Last week was another big funding week, and we are well on our way to another billion-dollar milestone in the cybersecurity industry. It was also a barbell kind of week, with funding divided between late- and early-stage funding rounds.
Last week was a bit slower on the M&A front, but it was an unusual week with only acquisitions of product companies.
TOGETHER WITH
Comp AI - The Open Source Vanta/Drata Alternative
Get SOC 2, ISO 27001, and GDPR Compliant
Comp AI is developing the first open and transparent compliance automation platform to help 100,000 companies get compliant by 2032. Their approach is helping companies automate evidence collection, manage and track risks, and have full vendor oversight - without high upfront fees and lengthy sales calls.
Enterprise-grade compliance. Simplify compliance from day one - no drawn-out demos, no six-figure commitments.
Get immediate visibility into your compliance status.
☎️ Earnings Reports
Earnings reports from last week: None
Earning reports to watch this coming week: None
🧩 Funding By Product Category
Click to see full-size
$200.0M for Physical Security across 1 deal
$100.0M for Operational Technology (OT) Security across 1 deal
$50.0M for Fraud and Financial Crime Protection across 1 deal
$13.9M for Secure Networking across 1 deal
$13.5M for Confidential Computing across 1 deal
$10.0M for Artificial Intelligence (AI) Governance across 1 deal
$8.5M for Application Security across 1 deal
$8.0M for Cloud Security across 1 deal
$3.0M for Application Security Testing (AST) across 1 deal
$250.0K for Threat and Risk Prioritization across 1 deal
An undisclosed amount for Continuous Threat Exposure Management (CTEM) across 1 deal
🏢 Funding By Company
Product Companies:
Verkada, a United States-based cloud-based building video and security access management platform, raised a $200.0M Series E from General Catalyst. (more)
Dream Security, an Israel-based operational technology and critical infrastructure security platform, raised a $100.0M Series B from Bain Capital Ventures. (more)
Blockaid, an Israel-based platform protecting Web3 wallets and applications from phishing and fraudulent transactions, raised a $50.0M Series B from Ribbit Capital. (more)
Whalebone, a Czech Republic-based secure DNS and networking platform, raised a $13.9M Series B from Unbound. (more)
HUB Security, an Israel-based confidential computing platform, raised a $13.5M post-IPO debt from Claymore Capital Partners. (more)
Singulr AI, a United States-based platform to discover and control the usage of GenAI platforms and sensitive data in training models, raised a $10.0M Seed from Nexus Venture Partners and Dell Technologies Capital. (more)
MirrorTab, a United States-based client-side browser security platform for protecting against man-in-the-browser attacks, raised a $8.5M Seed from Valley Capital Partners. (more)
Gomboc.AI, a United States-based cloud infrastructure security and remediation platform, raised a $8.0M Seed from Ballistic Ventures. (more)
ThreatCaptain, a United States-based threat and risk prioritization platform for MSSPs, raised a $250.0K Grant from the South Carolina Research Authority. (more)
Nothreat, a United Kingdom-based continuous threat exposure management (CTEM) platform, raised an undisclosed Seed from Algara Group. (more)
Service Companies:
Drivesec, an Italy-based managed security testing and verification platform for internet-enabled hardware and operational technology (OT) devices, raised a $3.0M Series A from Levante Capital and LIFTT EuroInvest. (more)
🌎 Funding By Country
Click to see full-size
$226.8M for the United States across 5 deals
$163.5M for Israel across 3 deals
$13.9M for Czech Republic across 1 deal
$3.0M for Italy across 1 deal
An undisclosed amount for the United Kingdom across 1 deal
🤝 Mergers & Acquisitions
Click to see full-size
Product Companies:
Votiro, a United States-based anti-malware platform for files, emails, and collaboration platforms, was acquired by Menlo Security for $37.5M. Votiro had previously raised $25.5M in funding. (more)
Dassana, a United States-based security and cloud data aggregation and analytics platform, was acquired by Deepwatch for an undisclosed amount. Dassana had previously raised $5.0M in funding. (more)
Service Companies:
N/A
Errata:
Last week, I mistakenly reported that XONA Systems had merged with Nozomi Networks, but it was only a technology partnership, not a transaction. I appreciate everyone who pointed this out!
📚 Great Reads
Phishing Tests, the Bane of Work Life, Are Getting Meaner - Research shows phishing tests combined with voluntary training may actually increase employee vulnerability to phishing attacks by creating a false sense of security.
*The Future of Cybersecurity: AI SOC Analysts Are Here - Cyber threats are outpacing human teams. Dropzone AI is the AI SOC Analyst investigating every alert—no playbooks, no code, no missed threats. The next era of security operations has arrived. See how it works.
Quantum Security: Strategies for a Post-Quantum World - In light of Microsoft's claim of a "fourth state of matter" for quantum computing, here's an old guide on protecting your data against quantum threats that may soon be a reality.
The Jerk Fallacy - There’s a common misperception that being a jerk is a necessary ingredient on the way to becoming and staying successful.
*A message from our sponsor
🧪 Labs
My new favorite AI feature 💯
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.
Follow me on LinkedIn to never miss Return on Security updates.
Reply