- Return on Security
- Posts
- 💰 Security, Funded #186 - GWiz II (This Time it's Personal)
💰 Security, Funded #186 - GWiz II (This Time it's Personal)
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of March 17, 2025.
Mike Privette
March 24, 2025 • Reading Time: 17 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Nudge Security and Tines.
TOGETHER WITH
Hey there,
I hope you had a great weekend!
Just when I thought the drama was contained to last week in our industry, Wiz said, ‘Hold my beer.’ Wiz had talks again with Google, but this time with its parent company, Alphabet, to be acquired for up to $30 $32 billion (what’s a few extra billi between friends??), per the WSJ. A staggering fact - $32 billion is 71% of the total amount of cyber M&As in 2024. 🤯
This renewed transaction brings up a few questions:
Why now? It’s only been about six months since they walked away from the last deal (for unknown reasons). In a post on LinkedIn, I covered some of Wiz's arcs, including its decision to turn down the previous $23 billion acquisition from Google Cloud. This signaled Wiz’s confidence in its growth trajectory and belief in the IPO route.
So why not stick with the IPO route? One possible answer is that the IPO window seemed to open with the new US administration, but the markets couldn’t be having a worse time. Why risk public market instability when a premium acquisition deal is on the table? Proceeding with an IPO now would risk losing too much value unless they are willing to wait for the market to improve (through either policy decisions or market adjustments, neither of which appear to be happening soon).
What does this mean for the cloud security market? While many view this as the industry's peak, others are looking at it with renewed vigor. “Finally, we can compete with Wiz out of the way!” many have started proclaiming. Whether they’re right or wrong, this was a defining moment for the industry, and we are now in the Third Wave of Cloud Security.
While you often hear the refrain that “the stock market is not the economy,” it is most definitely a mirror of broader economic expectations. Markets speak louder than political policies. Given the volatility in the tech sector, prolonged high interest rates, and shifting investor sentiment, an IPO could introduce significant downside risk.
Wiz's reentry into this deal is a clear sign that businesses aren’t going to venture into a chaotic market if they don’t have to, even if they have one of the best chances of making it big, as Wiz did. Ultimately, it’s about maximizing value for investors, founders, and employees (which I tried to do personally in the Labs section).
If this deal makes it through the US Justice Department’s anti-trust review (a similar concern during the last M&A offer), it will become the largest M&A in the cybersecurity industry’s history. 👀 🍿
TOGETHER WITH
Eliminate Wasted SaaS Spend to Help Fund Your 2025 Priorities
View app spend, risk, and usage all in one place.
Your SaaS footprint is likely a happy hunting ground for cost savings to help make room in your budget for new priorities. Nudge Security discovers every app, account, and up to two years of historical SaaS spend to give you the full picture of who’s using what, where you have overlap, and where you are wasting money on unused apps.
You’ll see all of this on Day One, along with vendor risk profiles for each app and automated workflows to help you rein in SaaS sprawl.
Table of Contents
😎 Vibe Check
Make sure to click on the options below to vote in this week’s poll!
What’s the biggest reason cybersecurity tools don’t get fully adopted? |
Last issue’s vibe check:
As a security leader, what’s the toughest decision you have to make?
🟨⬜️⬜️⬜️⬜️⬜️ 💰 Deciding where to invest budget (4)
🟨🟨🟨🟨⬜️⬜️ 🛑 When to push back on leadership (11)
🟩🟩🟩🟩🟩🟩 ⚖️ Balancing security & business needs (14)
🟨🟨🟨🟨🟨⬜️ 🚀 Adopting new tech vs. reducing complexity (13)
42 Votes
A security leader’s job is never finished. Just looking at the poll results from last week, it should be incredibly obvious that security teams have a lot to juggle, a lot of strategy to plan, and a lot of tactical, day-to-day issues to handle.
Do you know what else is clear? Security leaders have 99 problems, but where to invest their budget ain’t one (hit me!).
Some of the top comments from last week’s vibe check:
Balancing - “As AI really starts taking hold, there are a lot of shot-gun type approaches to see what sticks and has legs. This involves IT getting to know toolsets that might not be in the long haul. A little up-front about the lifecycle of the product being onboarded would be helpful.”
💰 Market Summary
Private Markets
13 companies from 6 countries raised $46.9M across 11 unique product categories
8 companies were acquired or had a merger event across 7 unique product categories
77% of funding went to product-based cybersecurity companies
Public Markets
No public cyber companies had an earnings report last week
Public market moves last week
As of markets close on March 21, 2025
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between the end of 2023 and the start of 2024 and 2025.
Click to see a larger version
A high transaction volume but a low funding total last week. As we reach April next week, I expect those funding rounds will ramp up as we get closer to the RSA Conference in the US.
Click to see a larger version
M&A, on the other hand, was high-speed, low-drag. Not only was it the week with the largest cybersecurity acquisition in history, but it was also a week full of more than just one service company buying another.
☎️ Earnings Reports
Earnings reports from last week: None
Macro Context:
The US Fed kept interest rates steady last week, as inflation remains high and a recession is increasingly likely. The Fed also confirmed they would still be looking to make two additional rate cuts in 2025.
US markets rebounded slightly last week without the rapidly changing tariff policies that have been causing uncertainty.
The Bank of England held interest rates steady at 4.5%.
Earning reports to watch this coming week: SecureWorks
🧩 Funding By Product Category
Click to see a larger version
$15.0M for Data Protection across 2 deals
$12.0M for Threat Intelligence across 1 deal
$8.8M for Mobile Application Security across 1 deal
$6.0M for Data Security Posture Management (DSPM) across 1 deal
$3.0M for Software Supply Chain Security across 1 deal
$2.0M for Cyber Risk Management across 2 deals
$155.0K for Autonomous Product Security Engineering (APSE) across 1 deal
An undisclosed amount for Secure Remote Access across 1 deal
An undisclosed amount for Penetration Testing across 1 deal
An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal
An undisclosed amount for Managed Detection and Response (MDR) across 1 deal
🏢 Funding By Company
Product Companies:
Privy, a United States-based API platform for encrypting Web3 user data, raised a $15.0M Venture Round from Ribbit Capital. (more)
VulnCheck, a United States-based threat intelligence platform for exploits, vulnerabilities, and initial access brokers, raised a $12.0M Series A from Ten Eleven Ventures. (more)
Protectt.ai, an India-based mobile application security platform, raised a $8.8M Series A from Bessemer Venture Partners. (more)
Orion Security, an Israel-based data security posture management (DSPM) platform, raised a $6.0M Seed from FXP and PICO Venture Partners. (more)
Hunted Labs, a United States-based software supply chain security platform, raised a $3.0M Pre-Seed from Red Cell Partners. (more)
Cyberating, an Italy-based cyber risk management platform, raised a $2.0M Pre-Seed round. (more)
*Nullify, an Australia-based autonomous product security engineering (APSE) platform, raised a $155.0K Angel round from a16z Scout Fund, Black Nova Venture Capital, and various angel investors.
Cyber Grant, a United States-based data rights management and protection platform, raised an undisclosed Seed from Mangusta Capital. (more)
Evolve Security, a United States-based penetration and application security testing platform, raised an undisclosed Funding Round. (more)
Knocknoc, an Australia-based secure remote access platform, raised an undisclosed Seed from Decibel Partners. (more)
Service Companies:
Bluesify, a Malaysia-based managed security services provider (MSSP), raised an undisclosed Private Equity Round from Ekuiti Nasional Berhad. (more)
CyberMaxx, a United States-based managed detection and response (MDR) platform, raised an undisclosed Debt Financing from Comvest Credit Partners. (more)
HITRUST, a United States-based cybersecurity standard and risk management framework governing body, raised an undisclosed Private EquityRound from Brighton Park Capital. (more)
*A company in my portfolio
🌎 Funding By Country
Click to see a larger version
$30.0M for United States across 7 deals
$8.8M for India across 1 deal
$6.0M for Israel across 1 deal
$2.0M for Italy across 1 deal
$155.0K for Australia across 2 deals
An undisclosed amount for Malaysia across 1 deal
🤝 Mergers & Acquisitions
Click to see a larger version
Product Companies:
Wiz, a United States-based cloud workload protection and posture management platform, was acquired by Google for $32.0B. Wiz had previously raised $1.9B in funding. (more)
Cyral, a United States-based cloud data governance and security platform, was acquired by Varonis Systems for an undisclosed amount. Cyral had previously raised $26.0M in funding. (more)
Gretel, a United States-based synthetic data generation platform, was acquired by NVIDIA for an undisclosed amount. Gretel had previously raised $320.0M in funding. (more)
LeakSignal, a United States-based cloud data governance and protection platform for cloud and network traffic, was acquired by F5 Networks for an undisclosed amount. LeakSignal had previously raised $1.6M in funding. (more)
Maltiverse, a Spain-based cyber threat intelligence platform, was acquired by Lumu for an undisclosed amount. Maltiverse had previously raised $500.0K in funding. (more)
NetWitness, a United States-based network security monitoring platform, was acquired by Partner One Capital for an undisclosed amount. NetWitness had previously raised $15.7M in funding. (more)
Service Companies:
CBR Cyber, an Australia-based professional services firm focused on cybersecurity consulting and assessments, was acquired by Brennan IT for an undisclosed amount. CBR Cyber has not publicly disclosed any funding events. (more)
Holiseum, a France-based professional services firm focused on cybersecurity risk assessments, was acquired by Integrity360 for an undisclosed amount. Holiseum has not publicly disclosed any funding events. (more)
📚 Great Reads
Understanding Digital Footprint Management - It's been quite a while since I created a new Category Report, but here is one covering how individuals and businesses can reclaim control over their personal data for greater privacy, security, and digital autonomy.
*Leveraging Automaton to Streamline Vulnerability Management - Security teams need efficient processes to manage vulnerabilities without straining resources. Join Tines and LivePerson on April 9th to learn how security and IT teams can increase collaboration, adopt automation gradually, and streamline key processes for efficiency.
The "Wiz-Ardry of Google" Panel - The Five Horsemen of the Cloud Apocalypse™️ got together to discuss how Google's $32B acquisition of Wiz will reshape the cloud security landscape, implications for multi-cloud strategies, and the evolution of CSPM/CNAPP to runtime security.
W is for Wiz: Alphabet’s Audacious Acquisition - Cole Grolmus covers the end-to-end spectrum of Wiz's acquisition by Alphabet and what it means for Wiz and the industry at large.
*A message from our sponsor
🧪 Labs
“This one weird trick to make companies go IPO 🤔 “
Sorry, everyone, I tried!
How was this week's newsletter?Click your answer below! |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.
Follow me on LinkedIn to never miss any updates!
Reply