- Return on Security
- Posts
- 💰 Security, Funded #198 - Uno Reverse Card
💰 Security, Funded #198 - Uno Reverse Card
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of June 9, 2025.
Mike Privette
June 16, 2025 • Reading Time: 14 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Dropzone AI, Nudge Security, and Palo Alto Networks.
LEAD PARTNER
Hey there,
Hope you had a great weekend, and a belated Happy Father’s Day to all the dads and dad-like figures out there who read the newsletter. 🫡
It was another huge week last week. There is tons of volume and a bit of a switcheroo with services businesses getting more funding than product businesses, but more product businesses being acquired than services businesses. 🔄
Make sure to hop to the blog post version of the newsletter so you don’t miss anything!
PARTNER
Your Best Analyst Spends 40 Minutes Per Alert. AI Does It in 5.
Intelligent investigation that scales with you
Give your team their time back. Dropzone AI races through every security alert - gathering evidence, analyzing patterns, and delivering investigation reports you can trust.
With <0.1% false negatives, you'll confidently dismiss the noise and zero in on real threats. It's like cloning your elite analysts and giving them superhuman speed. Watch alert backlogs disappear while your team focuses on strategic defense, not repetitive triage.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What’s the most misleading “security win” teams still celebrate? |
Last issue’s vibe check:
What’s the most overhyped source of “security truth” inside companies?
🟨🟨🟨🟨🟨⬜️ SIEM dashboards (42)
🟨🟨⬜️⬜️⬜️⬜️ Code repos / scanners (16)
🟨🟨⬜️⬜️⬜️⬜️ SBOMs / supply chain tools (14)
🟩🟩🟩🟩🟩🟩 GRC/compliance tools (53)
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (7)
130 Votes
In last week’s newsletter, GRC/Compliance tools took the lead across both the newsletter and LinkedIn. Many people (myself included) feel these tools are optimized for checkbox completion rather than actual security outcomes.
Without tying these signals to business risk, critical assets, or real exposure (not just a CVE), even the most advanced dashboards just become expensive distractions. “Expensive” can be monetary, emotional, or a busy work toll that you can’t outwork.
Some of the top comments from last week’s vibe check:
💬 Code repos / scanners - “It's amazing how much time dev teams are forced to waste resolving unexploitable vulnerabilities in open-source (and other) dependencies.”
💬 Other - “The CMDB!”
💬 Other - “spreadsheets” (lol, but it’s also the “source of truth” for the entire business world, so ¯\_(ツ)_/¯ )
💰 Market Summary
Private Markets
18 companies from 5 countries raised $366.35M across 14 unique product categories
89% of funding went to product-based cybersecurity companies
9 companies were acquired or had a merger event across 8 unique product categories
Public Markets
1 public cyber company had an earnings report
As of markets close on June 13, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Both funding volume and dollar amounts continue to show up in a big way this quarter. Q2 2025 just surpassed $5 billion in funding as of last week. 🤯
M&A shows no signs of slowing down either, passing the Q2 2024 transaction total by 15% as of last week, and we still have two more weeks to go in this quarter.
PARTNER
Why SaaS security has become a “now” problem
Understanding and securing your SaaS attack surface is becoming as fundamental as having an incident response plan.
Data points to consider from Nudge Security:
Organizations typically have twice as many SaaS apps in use as they have employees
90% of these apps are adopted by teams and individuals outside of IT
Each employee averages 35 SaaS accounts and 70 OAuth grants-many of which access sensitive data
We think the solution isn't more restrictive controls—it's smarter governance.
☎️ Earnings Reports
Earnings reports from last week: $SAIL ( ▲ 4.36% )
SailPoint - $SAIL ( ▲ 4.36% )
SailPoint posted a relatively strong Q1 2025 performance that reflected steady product execution, showing solid traction across both its core Identity Security and SaaS Subscription offerings. Revenue was up 15% YoY and 5% QoQ, and ARR landed at $550M, or a 17% YoY increase.
SailPoint also finalized its acquisition of SecZetta, expanding capabilities into non-human identity authorization and governance. Authorization is a key here, as other non-human identity competitors are focused more on discovery and authentication.
Even with clear macro headwinds, particularly in the enterprise, growth was up across all geographies, with EMEA leading the charge. This earnings call shows a company doing the right things in a tough environment.
Earning reports to watch this coming week: None until Q3
🧩 Funding By Product Category
$116.0M for Managed Security Services Provider (MSSP) across 2 deals
$48.8M for Security Operations across 3 deals
$45.0M for Security Orchestration and Automated Response (SOAR) across 1 deal
$30.0M for Data Protection across 1 deal
$25.0M for Threat and Risk Prioritization across 1 deal
$21.9M for Connected and Autonomous Vehicle Security (CAVS) across 1 deal
$20.0M for Security and Compliance Automation across 1 deal
$16.0M for IT Asset Management (ITAM) across 1 deal
$13.9M for Secure Access Service Edge (SASE) across 1 deal
$10.7M for AI Governance across 3 deals
$10.0M for Hardware Security across 1 deal
$8.0M for AI Model Security across 1 deal
$1.2M for AI Adversary Simulation across 1 deal
An undisclosed amount for Identity Governance & Administration (IGA) across 1 deal
🏢 Funding By Company
Product Companies:
Swimlane, a United States-based low-code security automation platform, raised a $45.0M Private Equity Round from Activate Capital Partners and Energy Impact Partners. (more)
Hypernative, an Israel-based security operations platform for Web3 transactions and applications, raised a $40.0M Series B from Ballistic Ventures and Ten Eleven Ventures. (more)
Turnkey, a United States-based API platform for managing private keys in smart contract and cryptocurrency deployments, raised a $30.0M Series B from Bain Capital Crypto. (more)
Maze, a United Kingdom-based threat and risk prioritization platform using AI to support remediation efforts, raised a $25.0M Series A from Theory Ventures. (more)
Fescaro, a South Korea-based connected and autonomous vehicle security company, raised a $21.9M Venture Round from AhnLab.
Conveyor, a United States-based security questionnaire automation platform, raised a $20.0M Series B from SignalFire. (more)
Cloudquery, an Israel-based cloud asset inventory and cost optimization management platform, raised a $16.0M Venture Round from Partech. (more)
Yige Cloud Technology, a China-based secure access service edge platform, raised a $13.9M Series B from HSG.
zeroRISC, a United States-based secure-by-design hardware and supply chain security company, raised a $10.0M Seed from Fontinalis Partners. (more)
Amplifier Security, a United States-based AI copilot-assisted security operations platform, raised a $8.3M Venture Round. (more)
Hirundo, an Israel-based AI model security platform preventing jailbreaks and unwanted training, raised a $8.0M Seed from Maverick Ventures Israel. (more)
Trustible, a United States-based AI risk and governance platform, raised a $4.6M Seed from Lookout Ventures and a $6.1M Funding Round. (more) & (more)
Repello AI, a United States-based AI adversary simulation platform, raised a $1.2M Seed from Venture Highway. (more)
TeamWorx Security, a United States-based malware sandboxing and analysis platform for incident response teams, raised a $500.0K Venture Round from TEDCO. (more)
Noma, an Israel-based data and AI pipeline security platform, raised an undisclosed Venture Round from Silicon Valley CISO Investments. (more)
StackBob, a United States-based identity governance and administration platform, raised an undisclosed Non-Equity Assistance from Google for Startups. (more)
Service Companies:
Nexus IT Consultants, a United States-based managed IT and security services provider, raised a $60.0M Venture Round from Metropolitan Partners Group. (more)
Guardz, an Israel-based managed security services platform for MSPs, raised a $56.0M Series B from ClearSky. (more)
🌎 Funding By Country
$185.7M for the United States across 11 deals
$120.0M for Israel across 5 deals
$25.0M for the United Kingdom across 1 deal
$21.9M for South Korea across 1 deal
$13.9M for China across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Devici, a United States-based platform using Gen AI for threat modeling and security design reviews, was acquired by Security Compass for an undisclosed amount. Devici has not previously disclosed any funding events. (more)
KAVACH Antivirus, an India-based anti-malware platform, was acquired by Net Protector AntiVirus for an undisclosed amount. KAVACH Antivirus has not previously disclosed any funding events. (more)
Privy, a United States-based API platform for encrypting Web3 user data, was acquired by Stripe for an undisclosed amount. Privy had previously raised $41.3M in funding. (more)
Raito, a Belgium-based data access governance and management platform, was acquired by Collibra for an undisclosed amount. Raito had previously raised $4.0M in funding. (more)
SecureAck, a United Kingdom-based low-code security orchestration and automated response (SOAR) platform, was acquired by Cybaverse for an undisclosed amount. SecureAck has not previously disclosed any funding events. (more)
Tentacle, a United States-based security and compliance automation platform, was acquired by Cytracom for an undisclosed amount. Tentacle has not previously disclosed any funding events. (more)
ThreatQuotient, a United States-based cyber threat intelligence platform, was acquired by Securonix for an undisclosed amount. ThreatQuotient had previously raised $46.8M in funding. (more)
Service Companies:
Ergonomics AG, a Switzerland-based professional services firm focused on security compliance consulting, was acquired by Audius for an undisclosed amount. Ergonomics AG has not previously disclosed any funding events. (more)
G3 Good Governance Group, a United Kingdom-based professional services firm focused on offensive and defensive cyber assessments, was acquired by Oakley Capital for an undisclosed amount. G3 Good Governance Group has not previously disclosed any funding events. (more)
📚 Great Reads
Least privilege is dead - A hot take from a CISO on why "least privilege access" was dead on arrival and what the real problems are.
*Kubernetes: A Practitioner’s Guide to KSPM - Managing Kubernetes can be complex. Cortex Cloud’s Kubernetes Security Posture Management (KSPM) helps security teams identify misconfigurations, vulnerabilities, malware and secrets across code, build, deploy, and runtime.
Context is King: How AI is Finally Making DLP Work - AI is giving DLP a second chance. Learn how DLP is evolving from a roadblock to the key to safe, scalable GenAI adoption.
*A message from our partner
🧪 Labs
These complexity requirements are getting really advanced!
Your password must contain two characters who talk to each other about something other than a man
— Keara Sullivan (@superkeara)
2:33 AM • May 13, 2025
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply