💰 Security, Funded #200 - Double Benjamin Energy

Hey there,

Hope you had a great weekend!

Coming at you live and direct from sunny Bournemouth, UK, at the Aspiron Search offices, today marks the 200th issue of the newsletter, and four years since I started Return on Security! 🤯 

Every year, when the anniversary comes around, I am amazed at how much has changed in the last year and since I first started. Never in my wildest dreams did I imagine things would turn out the way they have. For the four-year anniversary, here are four things I never thought would happen when I started:

1. That this newsletter would have gone on for so long.

2. That so many people would find the newsletter useful, and that it would start changing the way people think.

3. That this newsletter would become a real business and my full-time job.

4. Possibly the craziest thing to me is that this would be the longest I've ever stayed with one company.

Someone recently pointed out #4 to me, and I thought it was insane, but it’s true. The cybersecurity industry has been an incredible field for me all these years, and I’ve been fortunate enough to consistently be drawn into better opportunities rather than running from something. This time around, I was drawn into something I made up.

Let this be a reminder that you can just do things.

Also, to properly celebrate this, I’m teaming up with Decibel and Security Founders at Libertine Social to throw a party and kick off Black Hat! Make sure to RSVP here, and we’re excited to see many of you in person in Las Vegas for a toast!

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
What’s the most underused input in security decision-making today?
🟨🟨🟨🟨🟨⬜️ Customer service/helpdesk trends (12)
🟩🟩🟩🟩🟩🟩 Application-layer activity (13)
🟨🟨🟨🟨🟨⬜️ Post-incident reviews (12)
🟨🟨🟨🟨⬜️⬜️ Application-to-business mapping (11)
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (2)
50 Votes

Last week’s vibe check was one of the lowest-response polls I’ve run so far. Blame it on timing, the algorithm, or sunspots, but if I had to guess, it’s because security people love to debate what’s broken (and there’s plenty!), but they hesitate to declare what works.

It’s understandable. In this field, it’s almost impossible to say you’re “right” about anything for long.

The clear takeaway is that even when teams have access to valuable inputs, like post-incident reviews, helpdesk trends, app usage, or business mapping, they all require interpretation and time. Two things that most teams are in very short supply of.

Some of the top comments from last week’s vibe check:

💬 Post-incident reviews - “Post-incident reviews....from OTHER companies. Most organizations fail to learn from the mistakes of others.”

✍🏽 _{Have a question you want answered? Ask Return on Security.}

💰 Market Summary

📸 YoY Snapshot

The first half of 2025 is just about done, and it’s been a big one! There’s still technically one more day to get those transactions in, but the first half of 2025 is up over $1 billion from the same period last year, and the quarter is up 18% from Q2 2024.

M&A also had a bang-up first half of the year, with Q2 2025 being up 27%+ compared to Q2 2024.

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $75.0M for Application Security Testing (AST) across 1 deal

• $60.0M for Fraud and Financial Crime Protection across 2 deals

• $57.0M for Data Protection across 1 deal

• $40.0M for Network Security across 1 deal

• $17.0M for Security Log Data Management (SLDM) across 1 deal

• $10.0M for Quantum Security across 1 deal

• $9.5M for Data Loss Prevention (DLP) across 1 deal

• $5.0M for Security Operations across 1 deal

• $4.2M for Software Supply Chain Security across 1 deal

• $2.9M for Managed Security Services Provider (MSSP) across 1 deal

🏢 Funding By Company

Product Companies:

• XBOW, a United States-based autonomous application security testing platform, raised a $75.0M Series B from Altimeter Capital. (more)

• Clearspeed, a United States-based platform using voice analytics to assess fraud risk, raised a $60.0M Series D from Align Private Capital. (more)

• Zama, a France-based data protection platform focused on homomorphic encryption, raised a $57.0M Series B from Blockchange Ventures and Pantera Capital. (more)

• Allot, an Israel-based suite of network security tools, raised a $40.0 post-IPO Equity round. (more)

• DataBahn, a United States-based security log data management platform, raised a $17.0M Series A from Forgepoint Capital. (more)

• Qunnect, a United States-based secure quantum network communications company, raised a $10.0M Series A from Airbus Ventures. (more)

• Bonfy.AI, a United States-based AI-enabled data loss prevention platform focused on securing content generated by Generative AI, raised a $9.5M Seed from TLV Partners. (more)

• Command Zero, a United States-based security operations and investigation platform, raised a $5.0M Venture Round. (more)

• RevEng, a United Kingdom-based automated malware reverse engineering platform, raised a $4.2M Seed from Sands Capital Ventures. (more)

• Sygno, a Netherlands-based fraud and financial crime protection platform, raised an undisclosed Venture Round from ROM Utrecht Region. (more)

Service Companies:

• Ostra Cybersecurity, a United States-based managed security services provider (MSSP), raised a $2.9M Venture Round. (more)

🌎 Funding By Country

• $179.4M for the United States across 7 deals

• $57.0M for France across 1 deal

• $40.0M for Israel across 1 deal

• $4.2M for the United Kingdom across 1 deal

• An undisclosed amount for the Netherlands across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• CodeSecure, a United States-based application security testing platform, was acquired by AdaCore for an undisclosed amount. CodeSecure has not previously disclosed any funding events. (more)

• Invariant Labs, a Switzerland-based security monitoring and guardrails for AI and Agentic AI systems, was acquired by Snyk for an undisclosed amount. Invariant Labs has not previously disclosed any funding events. (more)

• Otterize, a United States-based composable software authentication and authorization platform, was acquired by Cyera for an undisclosed amount. Otterize had previously raised $11.5M in funding. (more)

• Prim'X, a France-based data encryption and protection platform for the Microsoft Azure and Office deployments, was acquired by Main Capital Partners for an undisclosed amount. Prim'X has not previously disclosed any funding events. (more)

Service Companies:

• Banshie, a Denmark-based professional services firm focused on penetration testing services, was acquired by TrueSec for an undisclosed amount. Banshie has not previously disclosed any funding events. (more)

• Wright Technology Group, a United States-based managed security and IT services provider, was acquired by CMIT Solutions for an undisclosed amount. Wright Technology Group has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs