- Return on Security
- Posts
- 💰 Security, Funded #195 - The Notorious P.A.N.W.
💰 Security, Funded #195 - The Notorious P.A.N.W.
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of May 19, 2025.
Mike Privette
May 27, 2025 • Reading Time: 15 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Palo Alto Networks and Cydea.
LEAD PARTNER
Hey there,
I hope you had a great long weekend if you’re tuning in from the US or Europe, and hello from Greece, where the holiday lives on! 🇬🇷 🫒 🍻
I will keep the opener short this week, but there was a ton of activity last week and a big Palo Alto earnings report. You might as well hit the “Read Online” link in the top right of this issue, but two things before we get into this issue:
If you’re heading to Black Hat USA in August this year, consider checking out the Innovators & Investors Summit. Your boy is going to be the MC this year, and it would be great to see you there!
The most based funding announcement I’ve ever seen is here.👏 🫡
PARTNER
Break Security Silos. Accelerate Cloud Defense.
Unified security from code to cloud to SOC.
Tool sprawl and team silos don’t just slow response—they increase risk. This guide dives into how AI, automation, and unified data bring AppSec, CloudSec, and SecOps together to detect threats faster and act with precision. It’s a smart read for security leaders rethinking their architecture.
Table of Contents
😎 Vibe Check
Make sure to click on the options below to vote, whether you’re a practitioner, founder, or investor!
How is AI changing cybersecurity hiring? |
Last issue’s vibe check:
Which area of security is most overdue for reinvention?
🟩🟩🟩🟩🟩🟩 Security awareness training (55)
🟨🟨🟨🟨⬜️⬜️ Risk modeling & metrics (33)
🟨🟨🟨🟨⬜️⬜️ Compliance frameworks (32)
🟨🟨⬜️⬜️⬜️⬜️ Pen testing & red teaming (10)
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (4)
134 Votes (Newsletter + LinkedIn)
Last week’s vibe check was a reminder that there are still a lot of legacy practices in the cybersecurity industry and that, sometimes as an industry, we default to what’s familiar instead of what’s effective.
Security awareness training feels like a formality and a CYA (Cover Your Ass) move. Risk models look precise with really complex math and modeling but often rely on shaky assumptions. Compliance Debt™️ piles up faster than it evolves, with new frameworks coming out each year.
Some of the top comments from last week’s vibe check:
Security Awareness - “I had to pick Security Awareness Training purely out of confidence that if you polled most people about their current programs, offerings, or lack thereof in-house, they would not have many good things to say. “Acceptable” has become synonymous with mediocre.”
Risk Modeling - “Risk modeling and metrics are too damned squishy and the approach is a very cafeteria-style of what is a risk and how much and how to weight and how to calculate. There needs some accounting GAP-like rigor to this area.”
Other - “Vulnerability Management, for sure. The CVE-gathering, haystack-building, needle-burying incumbents here haven't kept up, despite growing steadily through acquisitions. Embarrassingly, their inaction and ineptitude forced both the risk-based vulnerability management and external attack surface management markets into being. They still insist on telling me I have 3 million+ critical vulnerabilities instead of just saying, "get rid of Windows 7, and Office 97, dummy".”
💰 Market Summary
Private Markets
22 companies from 6 countries raised $706.0M across 17 unique product categories
91% of funding went to product-based cybersecurity companies
7 companies were acquired or had a merger event across 6 unique product categories
Public Markets
1 public cyber company had an earnings report
Public market moves last week
As of markets close on May 23, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Another huge week in funding volume and dollar amount. As of last week, not even halfway through the year, 2025 has already surpassed more than 50% of 2024’s funding total.
Not to be outdone, M&A continues on its familiar tear this year and has surpassed 100 transactions year-to-date.
PARTNER
How do you make cyber security make sense to the business?
In our first episode of Communicating Cyber series, Robin Oldham is joined by Tim Grieveson, Chief Security Officer at THINGSRECON, to reveal his storytelling playbook.
Tim and Robin also dig into:
Why listening to critics can strengthen your message
How to shift from blockers to enablers in your comms
What it takes to create shared ownership around security
If your cyber security message isn’t landing with decision-makers, this is the blueprint you need.
☎️ Earnings Reports
Earnings reports from last week: $PANW ( ▲ 0.72% )
Macro Context:
More volatility in policy in the market last week brought back that familiar whipsaw effect we’ve groan grown to love.
Palo Alto Networks - $PANW ( ▲ 0.72% )
Palo Alto Networks had a strong quarter, with revenue growing 15% to reach $2.3 billion. This success was driven by customer demand for the next-generation security (NGS) platform and the AI-powered Cortex platform.
Palo Alto saw ARR grow to nearly $400 million, and an increase in large multi-product deals. However, the quarter was not without challenges, as geopolitical tensions and tariff discussions added complexity to the business environment. Nikesh went on to say,
“Had we not had the tariff conversations, the geopolitical tensions, it was much easier to sell through it. But we had our lessons from the pandemic. We had our lessons from the supply chain crisis. So we had to go back and pull up our shorts and execute the same practices that we did then.”
Just like the playbook I called out in The Uncertainty Era piece for long-time subscribers and supporters.
These headwinds saw the company’s stock drop about 2% after the earnings report, but all of tech had a bit of a bad time last week.
Earning reports to watch this coming week: $OKTA ( ▲ 0.25% ), $S ( ▲ 0.34% ) , $ZS ( ▼ 0.25% )
🧩 Funding By Product Category
$500.0M for Data Security Posture Management (DSPM) across 1 deal
$73.0M for Breach & Attack Simulation (BAS) across 1 deal
$29.3M for Identity and Access Management (IAM) across 3 deals
$19.0M for Threat and Risk Prioritization across 1 deal
$15.0M for Third-Party Risk Management (TPRM) across 1 deal
$15.0M for Security Incident Management across 1 deal
$15.0M for Autonomous Product Security Engineering (APSE) across 1 deal
$13.1M for Application Security across 2 deals
$12.0M for API Security across 2 deals
$9.0M for Identity Governance & Administration (IGA) across 1 deal
$3.4M for Embedded Security across 1 deal
$1.4M for Secure Remote Access across 1 deal
$356.8K for Managed Detection and Response (MDR) across 2 deals
$320.0K for Connected and Autonomous Vehicle Security (CAVS) across 1 deal
$100.0K for Data Loss Prevention (DLP) across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
An undisclosed amount for Security Operations across 1 deal
An undisclosed amount for Remote Browser Isolation across 1 deal
🏢 Funding By Company
Product Companies:
Cyera, a United States-based data security posture management (DSPM) platform, raised a $500.0M Venture Round from Georgian, Greenoaks, and Lightspeed Venture Partners. (more)
Horizon3.ai, a United States-based breach and attack simulation platform, raised a $73.0M Funding Round. (more)
CloudSEK, a Singapore-based, externally-focused threat and risk prioritization platform, raised a $19.0M Series B from Exfinity Venture Partners. (more)
BreachRx, a United States-based platform for managing the process of cyber incident response for organizations, raised a $15.0M Series A from Ballistic Ventures. (more)
Pixee, a United States-based autonomous product security engineering (APSE) platform, raised a $15.0M Seed from Decibel Partners and Wing Venture Capital. (more)
TrustCloud, a United States-based third-party risk management platform, raised a $15.0M Venture Round from ServiceNow Ventures. (more)
Memority, a France-based blockchain-based identity and access management suite, raised a $14.8M Series A from Tikehau Capital. (more)
StackHawk, a United States-based application security platform, raised a $12.0M Venture Round from Costanoa Ventures and Sapphire Ventures. (more)
Impart Security, a United States-based API security platform, raised a $11.0M Venture Round. (more)
Nok Nok Labs, a United States-based authentication platform, raised a $10.8M Venture Round and a $3.8M Debt Financing Round. (more) & (more)
Clarity Security, a United States-based identity governance and administration (IGA) platform, raised a $9.0M Series A from Venture Guides. (more)
SCI Semiconductor, a United Kingdom-based embedded chip and hardware security company, raised a $3.4M Venture Round from Mercia Ventures. (more)
Defguard, a Poland-based secure remote access platform, raised a $1.4M Pre-Seed from Hard2beat. (more)
PlaySafe ID, a United Kingdom-based video game security platform, raised a $1.1M Pre-Seed from Early Game Ventures. (more)
Bright Security, a United States-based application security and API testing platform, raised a $1.0M Series A from Toloka.vc. (more)
Fleet Defender, a United States-based connected vehicle security platform, raised a $320.0K Seed. (more)
Magier AI, a United States-based browser platform for protecting against sensitive data usage GenAI applications, raised a $100.0K Pre-Seed from Northwestern Mutual. (more)
AgileBlue, a United States-based managed SOC-as-a-Service company, raised an undisclosed Private Equity Round from H.I.G. Growth Partners. (more)
DefensX, a United States-based remote browser isolation, raised an undisclosed Venture Round from Eksim Ventures. (more)
RIIG, a United States-based cyber risk intelligence platform, raised an undisclosed Funding Round. (more)
Service Companies:
Seven Sector, a Spain-based managed detection and response (MDR), raised a $356.8K Seed from Encomenda VC.
Wirespeed, a United States-based managed detection and response (MDR), raised an undisclosed Seed from Mairs & Power Venture Capital. (more)
🌎 Funding By Country
$666.0M 🤘🏽for the United States across 17 deals
$19.0M for Singapore across 1 deal
$14.8M for France across 1 deal
$4.5M for the United Kingdom across 2 deals
$1.4M for Poland across 1 deal
$356.8K for Spain across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
GroupSense, a United States-based threat intelligence platform, was acquired by Cognyte for an undisclosed amount. GroupSense had previously raised $675.0K in funding. (more)
Nuclei, a United States-based platform for compliance and legal archiving across workspace collaboration platforms, was acquired by Proofpoint for an undisclosed amount. Nuclei has not publicly disclosed any funding events. (more)
Suridata, an Israel-based data-centric SaaS security posture management platform, was acquired by Fortinet for an undisclosed amount. Suridata had previously raised $12.6M in funding. (more)
Vault One, a Brazil-based privileged access management (PAM) platform, was acquired by JumpCloud for an undisclosed amount. Vault One has not publicly disclosed any funding events. (more)
Service Companies:
Agio, a United States-based managed security services provider (MSSP), was acquired by NETRIO for an undisclosed amount. Agio has not publicly disclosed any funding events. (more)
Black Breach, a United States-based managed security services provider (MSSP), was acquired by Intelligent Technical Solutions for an undisclosed amount. Black Breach has not publicly disclosed any funding events. (more)
Predatech, a United Kingdom-based professional services firm focused on penetration testing, was acquired by Ekco for an undisclosed amount. Predatech had previously raised has not publicly disclosed any funding events. (more)
📚 Great Reads
Security for High Velocity Engineering - Jason Chan, former VP of InfoSec at Netflix, talks about the strategy and tactics for protecting and enabling modern software organizations.
Most security tools are too theoretical - Frank Wang talks about how security tools need to shift from solving theoretical issues to addressing tangible, real-world risks to demonstrate clear value and reduce churn.
🧪 Labs
How your email found me this week
am i “enjoying” microsoft outlook? does the medieval prisoner “enjoy” being broken upon the rack
— lesbian mothman 🇵🇸 (@verysmallriver)
4:08 PM • May 12, 2025
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply