💰 Security, Funded #202 - The Calm Between Storms

Hey there,

Hope you had a great weekend!

I’ll keep it short and sweet today. It’s almost summer time here in the UK, and I’m looking forward to some upcoming work and vacation travel.

Also, looking forward to seeing everyone in a few weeks at Hacker Summer Camp!

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
Which problem in security will never be “solved”?
🟩🟩🟩🟩🟩🟩 Phishing & social engineering (116)
🟨🟨⬜️⬜️⬜️⬜️ Shadow IT / AI (37)
🟨🟨🟨⬜️⬜️⬜️ Third-party risk (54)
🟨⬜️⬜️⬜️⬜️⬜️ Full log visibility (14)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (7)
228 Votes

Well, no surprises here. Phishing and social engineering lead the way in the “unsolvable” problem space in the cyber industry. What was interesting to me was that third-party risk outpaced Shadow IT / AI.

Given how so many people across all business units are rushing to do anything they can with AI-enabled software and services, I would have expected this one to be a (distant) second place from phishing.

Some of the top comments from last week’s vibe check:

💬 Phishing - “Since there are no defined boundaries for social interaction, I think its an eternal problem.”

💬 Shadow IT / AI - “Phishing and social engineering can be eliminated with password-less authentication, but getting to that point may never be viable. Shadow IT will never go away because people are opinionated and greedy.”

💬 Other - “All of the above obviously. And don’t forget the new risk of someone phishing your developers’ third-party, shadow IT AI copilot, which you will never get logs from.“

✍🏽 _{Have a question you want answered? Ask Return on Security.}

💰 Market Summary

📸 YoY Snapshot

A much quieter, but seasonally slow week last week on the funding front.

M&A is still rolling strong, though. This will be a landmark year for M&A in the industry.

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $50.0M for Data Protection across 1 deal

• $15.5M for Managed Detection and Response (MDR) across 1 deal

• $6.5M for Security and Compliance Automation across 1 deal

• $5.3M for Operational Technology (OT) Security across 1 deal

• $5.0M for Data Privacy across 1 deal

• $4.9M for Secure File Sharing across 1 deal

• $837.7K for Continuous Automated Red Teaming (CART) across 1 deal

• $5.0K for Secure Networking across 1 deal

• $5.0K for Cloud Security Posture Management (CSPM) across 1 deal 

• An undisclosed amount for API Security across 1 deal

🏢 Funding By Company

Product Companies:

• Virtru, a United States-based encryption and data privacy platform, raised a $50.0M Series D from ICONIQ Capital. (more)

• AirMDR, a United States-based managed detection and response (MDR) platform, raised a $15.5M Seed from Race Capital. (more)

• Knox, a United States-based security and compliance automation platform helping companies meet U.S. federal security requirements, raised a $6.5M Seed from Felicis. (more)

• Pimloc, a United Kingdom-based platform that protects sensitive and personal data in videos, raised a $5.0M Seed from Amadeus Capital Partners and Edge VC. (more)

• ShelterZoom, a United States-based secure file storage and sharing platform, raised a $4.9M Venture Round. (more)

• DEFENDERBOX, a Germany-based continuous automated read teaming platform, raised a $837.7K Seed from NRW.BANK. (more)

• GovernSafe, an Australia-based cloud security posture management platform, raised a $5.0K Grant from Cloudflare Worker's Launchpad. (more)

• Quantum Resistant Cryptographic Solutions, a Canada-based quantum-resistant secure networking platform, raised a $5.0K Seed.

• Bastazo, a United States-based AI-driven vulnerability prioritization platform for operational technology and critical infrastructure, raised an undisclosed Seed round from Cortado Ventures. (more)

• Corsha, a United States-based API security platform focusing on zero-trust machine-to-machine communications, raised an undisclosed Venture Round from Booz Allen Ventures. (more)

Service Companies:

• None

🌎 Funding By Country

• $82.2M for the United States across 6 deals

• $5.0M for the United Kingdom across 1 deal

• $837.7K for Germany across 1 deal

• $5.0K for Canada across 1 deal

• $5.0K for Australia across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• Antarex, a Singapore-based cyber threat intelligence platform, was acquired by LGMS for an undisclosed amount. Antarex has not previously disclosed any funding events. (more)

• Axiomatics, a United States-based cloud and network identity and access management platform, was acquired by Leonardo for an undisclosed amount. Axiomatics had previously raised $6.5M in funding. (more)

• Sourcepoint, a United States-based consent and preference management platform for website privacy preferences, was acquired by Didomi for an undisclosed amount. Sourcepoint had previously raised $17.0M in funding. (more)

Service Companies:

• A-LIGN, a United States-based global cybersecurity and compliance solutions provider, was acquired by Hg for an undisclosed amount. A-LIGN had previously raised in $54.5M in funding. (more)

• Abacode, a United States-based managed security services provider focused on governance, risk, and compliance, was acquired by Thrive for an undisclosed amount. Abacode has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs