💰 Security, Funded #203 - Porto Folio Management

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of July 14, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Maze and Prophet Security.

Hey there,

Hope you had a great weekend, and hello from sunny Portugal this week! 🇵🇹 I’ll be out here standing on business (😤 👊) for a bit and enjoying Porto for a short holiday. If you have any places I must see/drink/eat, send them my way!

I’ll be traveling for the next few weeks and look forward to seeing/meeting many of you out at Black Hat US this year.

Let’s get to it.

PARTNER

Why Vulnerability Management Is Failing Security Teams

Stop with the acronyms and focus on making teams more effective.

Most organizations have thousands - or even millions - of open vulnerabilities. Maybe 0.1% are real threats, but no one knows which ones. Adrian Jozwik, co-founder and CPO of Maze, has been obsessing over the problem and just published a blog on what he believes needs to change.

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Which of these security efforts has driven the most real impact in your org?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Which security tradeoff is most underappreciated today?
🟨🟨🟨⬜️⬜️⬜️ Cost vs coverage (10)
🟨🟨🟨⬜️⬜️⬜️ Speed vs thoroughness (10)
🟩🟩🟩🟩🟩🟩 User experience vs security (25)
🟨🟨🟨🟨🟨⬜️ Innovation vs control (19)
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (3)
67 Votes

No real contest last week with user experience (UX) vs. security taking the top spot. This one’s near and dear for me. Some of the biggest wins I’ve ever had in security came from just removing friction. It wasn’t by adding more controls, it was doing the “ugly” work and just making things suck less.

Bad UX is a silent killer. But when you fix it, even just a little it, you can get people on your side.

Some of the top comments from last week’s vibe check:

💬  “Maybe I’ve heard a few too many coworkers say “it doesn’t matter how intrusive it is, we’ll just scare them into compliance”. Cultures of fear suck though — both the experience and the innovation.”

💬 “Unbridled innovation without controls has led us to madness, stupidly.”

💰 Market Summary

Private Markets

  • 15 companies from 6 countries raised $240.0M across 11 unique product categories

  • 100% of funding went to product-based cybersecurity companies

  • 4 companies were acquired or had a merger event across 4 unique product categories

Public Markets

  • No public cyber companies had an earnings report.

As of market close on July 18, 2025.

📸 YoY Snapshot

Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

It’s really interesting to me how so many weeks look very similar year over year in terms of dollars raised and number of events. It’s almost like there’s some industry rhythm and an “invisible hand” moving the wheels of the market. Or maybe it’s just cyclical ahead of Black Hat US ¯\_(ツ)_/¯

M&A activity continues on its aggressive pace this year.

PARTNER

Smarter alert triage. Faster investigations. Powered by Prophet Security.

Cuts the noise. Surfaces what matters. Explains every decision.

SOC teams face the same inefficiencies: endless alert backlogs, hours spent on manual triage, investigation bottlenecks, and too much noise obscuring real threats.

Prophet Security delivers an Agentic AI SOC Analyst that acts as a force multiplier for security operations. It autonomously triages and investigates every alert in seconds, and delivers clear, explainable findings so your team can focus on real threats.

☎️ Earnings Reports

Earnings reports from last week: None

Earning reports to watch this coming week: None

🪦 Stop, Drop, Shut’em Down…

  • Adarma, a Scotland-based managed security services provider, entered administration last week, a legal procedure in the UK aimed at rescuing or restructuring a business and its assets, and the step right before liquidation. Adarma had previously raised $2.2M in funding. (more)

🧩 Funding By Product Category

  • $81.3M for Internet of Things (IoT) Security across 1 deal

  • $48.8M for Fraud and Financial Crime Protection across 2 deals

  • $32.2M for Threat Intelligence across 3 deals

  • $28.0M for Application Security across 1 deal

  • $23.0M for Threat & Vulnerability Management (TVM) across 2 deals

  • $13.5M for Security and Compliance Automation across 1 deal

  • $5.2M for Email Security across 1 deal

  • $4.2M for AI Privacy Assurance across 1 deal

  • $3.8M for Secure File Sharing across 1 deal

  • An undisclosed amount for Security Operations across 1 deal

  • An undisclosed amount for Brand Protection across 1 deal

🏢 Funding By Company

Product Companies:

Service Companies:

  • None

🌎 Funding By Country

  • $151.4M for the United States across 8 deals

  • $81.3M for Italy across 1 deal

  • $3.8M for Spain across 2 deals

  • $1.9M for The Netherlands across 1 deal

  • $1.3M for India across 2 deals

  • $335.3K for the United Kingdom across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • Redjack, a United States-based cyber attack surface management platform, was acquired by Lansweeper for an undisclosed amount. Redjack has not previously disclosed any funding events. (more)

  • Riskey, an Israel-based third-party vendor risk management platform, was acquired by Vanta for an undisclosed amount. Riskey has not previously disclosed any funding events. (more)

Service Companies:

  • DigitalXRAID, a United Kingdom-based managed security services provider (MSSP), was acquired by Limerston Capital for an undisclosed amount. DigitalXRAID has not previously disclosed any funding events. (more)

  • Enigma International, a United States-based professional services firm that provided cyber threat intelligence for national defense, was acquired by Sphinx for an undisclosed amount. Enigma International has not previously disclosed any funding events. (more)

📚 Great Reads

*A message from our partner

🧪 Labs

Good morning, say it back.

The lion IS the threat actor

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or send your smart friends a referral.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate.