- Return on Security
- Posts
- 💰 Security, Funded #189 - Cool Quantum Croissants
💰 Security, Funded #189 - Cool Quantum Croissants
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of April 7, 2025.
Mike Privette
April 14, 2025 • Reading Time: 15 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Specops, Cydea, and Harmonic Security.
THIS WEEK’S LEAD SPONSOR
Hey there,
I hope you had a great weekend, and Happy World Quantum Day to all those who celebrate (or pretend to understand it 🥴).
Two quick things up top today:
The Uncertainty Era
Over the weekend, I sent a special email to OG Supporters and backers of Return on Security with a deeper dive into how tariffs and global volatility might ripple through cybersecurity. I laid out some early-stage counter-signals and what I think comes next for funding, GTM, and segment-specific pressure. Based on the feedback so far, I’ll probably do more of those.
🆕 Ask Return on Security
I’ve been asking you all questions for over a year, and now it’s time to flip the script. Got a question about the state of the cyber market, a stealth move worth watching, or something interesting about a company, investor, or segment? I’m now taking anonymous submissions that might shape future issues
Submit yours here → https://forms.gle/vHTQsr2RKMquNjcq7
Fire away on those questions, and let’s get these parallel quantum states of various bread, people! 😤 👊 🥐
Your AD password policy is probably useless
Stop weak, breached, and lazy passwords
“Spring2025!” isn’t secure - it’s predictable. Specops Password Policy blocks weak, breached, and lazy passwords before they hit your domain.
Enforce compliance (NIST, NCSC, custom rules) without user frustration.
Table of Contents
😎 Vibe Check
Make sure to click on the options below to vote in this week’s poll, whether you’re a practitioner, founder, or investor!
What’s the most effective way a security leader can build influence internally? |
Last issue’s vibe check:
What’s the strongest early signal a security tool will succeed in your org?
🟨🟨🟨⬜️⬜️⬜️ A clear internal champion (14)
🟨🟨🟨🟨🟨⬜️ Easy integration with existing stack (20)
🟩🟩🟩🟩🟩🟩 Quick time-to-value (days, not weeks) (32)
🟨🟨🟨🟨🟨⬜️ Visible support from leadership (20)
86 Votes (newsletter + LinkedIn 🆕 )
I really like running this poll on both the newsletter and LinkedIn. You get a similar distribution of answers but slightly different focus points, leading to better nuance.
It’s clear from the people who voted last week that having demonstrable evidence of quick wins, cohesiveness with the current stack, and the leadership required to make the change management efforts stick in an organization can make or break bringing in a new security tool.
Some of the top comments from last week’s vibe check:
Quick - “If we can't get a tool up and running in 2 days, it can GTFO, and the vendor needs to go back to the drawing board. Even a SIEM should be at least functional on day 1.”
Internal Champion - "Unsurprisingly, it usually comes down to culture and change management. Ease of use and enablement are one thing, but you need buy-in on the problem you're trying to solve, some education on why the tool is the best choice for solving that problem, and removing friction. Having a champion with a cultural change management perspective is worth its weight in gold..."
💰 Market Summary
Private Markets
16 companies from 4 countries raised $404.4M across 14 unique product categories
6 companies were acquired or had a merger event across 4 unique product categories
100% of funding went to product-based cybersecurity companies
Public Markets
No public cyber companies had an earnings report
Public market moves last week
As of market close on April 11, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Click to see a larger version
Another big week in funding as we ramp up to conference season. Last week marked the tenth week of the year with over $100 million in cybersecurity funding raised.
Click to see a larger version
Acquisitions also continued at a steady clip, driven by services-based businesses.
Transform risk data into clear action plans - in minutes, not months
Prioritise your next steps, show the ROI, and communicate with confidence.
Ditch the heatmaps. Cydea’s Risk Platform gives you real metrics - quantified exposure in pounds and probability - so you can explain risk in business terms, align to frameworks like ISO 27001 or NIST, and make decisions backed by data.
☎️ Earnings Reports
Earnings reports from last week: None
Macro Context:
The US paused and dropped down tariffs to 10% but reupped on China tariffs to 145% (with tons of exclusions).
China clapped back with even more tariffs on the US and globally halting natural metals and minerals used to supply some 90% of the world with components to make things like electronics.
US consumer’s expectations for a recession in the year ahead surged to 6.7%, the highest reading since 1981.
Earning reports to watch this coming week: None
🧩 Funding By Product Category
Click to see a larger version
$160.0M for Secure Remote Access across 1 deal
$56.0M for Fraud and Financial Crime Protection across 1 deal
$37.5M for Network Security across 1 deal
$31.2M for Artificial Intelligence (AI) Security across 2 deals
$30.0M for Governance Risk and Compliance (GRC) across 1 deal
$28.5M for Security Services Delivery Platform (SSDP) across 1 deal
$21.5M for Identity Threat Detection and Response (ITDR) across 2 deals
$18.0M for API Security across 1 deal
$10.0M for Security Operations across 1 deal
$6.8M for Smart Contract Security across 1 deal
$5.0M for Continuous Threat Exposure Management (CTEM) across 1 deal
An undisclosed amount for Operational Technology (OT) Security across 1 deal
An undisclosed amount for Identity and Access Management (IAM) across 1 deal
An undisclosed amount for Data Protection across 1 deal
🏢 Funding By Company
Product Companies:
Tailscale, a Canada-based zero-trust network access (ZTNA) platform, raised a $160.0M Series C from Accel. (more)
Hawk, a Germany-based anti-money laundering and fraud prevention platform, raised a $56.0M Series C from One Peak. (more)
Portnox, a United States-based network access control (NAC) platform, raised a $37.5M Series B from Updata Partners. (more)
Anecdotes, a United States-based governance, risk, and compliance (GRC) platform, raised a $30.0M Series B from DTCP. (more)
Sekoia.io, a United States-based security services delivery platform, raised a $28.5M Series B from Revaia. (more)
Aurascape, a United States-based security posture management platform for AI applications and AI-enabled SaaS prodcuts, raised a $26.2M Series A from Mayfield Fund and Menlo Ventures. (more)
Corsha, a United States-based API security platform focusing on zero-trust machine-to-machine communications, raised a $18.0M Series A from SineWave Ventures. (more)
Outtake, a United States-based agentic AI security platform focused on defending against identity-based attacks and phishing, raised a $16.5M Series A from CRV. (more)
Qevlar AI, a France-based AI-agent-enabled security operations center support platform, raised a $10.0M Series A from EQT Ventures and Forgepoint Capital International. (more)
Octane, a United States-based AI application security platform for smart contract applications, raised a $6.8M Seed from Archetype and Winklevoss Capital. (more)
CalypsoAI, a United States-based platform for protecting against adversarial machine learning (ML) attacks, raised a $5.0M Venture Round from Crosspoint Capital Partners. (more)
Spektion, a United States-based continuous threat exposure management (CTEM), raised a $5.0M Seed from LiveOak Ventures. (more)
Unosecur, a Germany-based identity threat detection and response (ITDR) platform, raised a $5.0M Seed from DFF Ventures and VentureFriends. (more)
comforte AG, a Germany-based sensitive data tokenization platform, raised an undisclosed Private Equity Round from NERA Digital Holding. (more)
Insane Cyber, a United States-based critical infrastructure security platform, raised an undisclosed Venture Round from In-Q-Tel. (more)
Radiant Logic, a United States-based federated identity services platform, raised an undisclosed Private Equity Round from Ridgeview Partners. (more)
Service Companies:
None
🌎 Funding By Country
Click to see a larger version
$173.4M for the United States across 11 deals
$160.0M for Canada across 1 deal
$61.0M for Germany across 3 deals
$10.0M for France across 1 deal
🤝 Mergers & Acquisitions
Click to see a larger version
Product Companies:
Brighter AI, a United States-based sensitive and identifiable data redaction suite for images and videos, was acquired by Milestone Systems for an undisclosed amount. Brighter AI had previously raised $780.1K in funding. (more)
Zorus, a United States-based managed DNS filtering and security for MSPs and MSSPs, was acquired by DNSFilter for an undisclosed amount. Zorus had previously raised $9.0M in funding. (more)
Service Companies:
Computer Security Technology, a United Kingdom-based professional services firm focused on risk assessments and penetration testing, was acquired by Redsquid for an undisclosed amount. Computer Security Technology has not publicly disclosed any funding events. (more)
Onevinn, a Sweden-based professional services firm focused on cyber risk assessments and securing Microsoft environments, was acquired by Allurity for an undisclosed amount. Onevinn has not publicly disclosed any funding events. (more)
Shock I.T. Support, a United States-based managed security services provider (MSSP), was acquired by Magna5 for an undisclosed amount. Shock I.T. Support has not publicly disclosed any funding events. (more)
The ZDL Group, a United Kingdom-based managed security services provider (MSSP), was acquired by The Cyberfort Group for an undisclosed amount. The ZDL Group has not publicly disclosed any funding events. (more)
📚 Great Reads
DtSR Episode 648 - CyberSecurity Market Forces - I joined the Down the Security Rabbit Hole (DtSR) podcast to talk about the market forces pushing and pulling the cybersecurity industry.
*71% of security leaders are worried about data leaks via AI tools - This research digs into how security leaders are rethinking their approach to data protection to boost AI adoption.
Security Brutalism - Making the case for how security should adopt a "brutalist" approach, focusing on simplicity, transparency, and resilience. Some very good mental models here.
*A message from our sponsor
🧪 Labs
Improvise. Adapt. Overcome. 🫡
Want to break into Cyber?
Easy
> Lookup favorite company’s HR person on LinkedIn
> Get their SSO password from the 2025 Oracle breach data
> Use password to add yourself to payrollCongrats, you’ve broken into Cyber
— rekdt (@rekdt)
12:06 AM • Apr 10, 2025
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
Reply