💰 Security, Funded #205 - Back in Black(jack)

Hey there,

I hope you had a great weekend and a happy start to the Q2 Cyber Earnings Season to all those who celebrate. 🫡 

Last week was another huge week on the private and public markets front, including the second-largest cyber M&A deal in history. But don’t worry! I’ve got it all summarized, ticked, and tied for you!

Today’s issue is coming at you live and direct from Las Vegas, NV, ahead of Black Hat USA. I’m looking forward to all the events and catching up with everyone!

I’ll be bouncing around all over the place, and would love to say hello if you’re out here, so please feel free to stop me.

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
What’s your real security operating model?
🟨⬜️⬜️⬜️⬜️⬜️ Panic-driven planning
🟨🟨🟨⬜️⬜️⬜️ Spreadsheets
🟩🟩🟩🟩🟩🟩 “It depends” 2.0
🟨🟨⬜️⬜️⬜️⬜️ Ctrl-F in a PDF

Turns out, the dominant security operating model is “It depends.” ¯\_(ツ)_/¯

Spreadsheets continue to haunt us like a compliance ghost we can’t exorcise. No matter how modern the stack claims to be, behind the scenes, there’s almost always a spreadsheet making it work (or not work 👀 ).

Some of the top comments from last week’s vibe check:

💬  We rely a lot on (inadequate) built-in features and deal with things as they come. Hard to be proactive when things change too often to even panic-plan.

💬 "We're investigating" = spreadsheets. "We have a plan" = spreadsheets. "We use a proprietary platform with integrated intelligence and ticketing" = 12 spreadsheets in a trench coat, don't @ me.

✍🏽 _{Have a question you want answered? Ask Return on Security.}

💰 Market Summary

📸 YoY Snapshot

Over the past 12 weeks, funding reached $7.6B through 170 deals, averaging $52.3M and a median of $10.0M. This marks a 202% rise from the same period last year, when $2.5B was invested in 143 deals.

M&A activity has been pretty busy lately, with 98 deals closed over the past 12 weeks (or about 8/week). That’s a huge 92% jump from the 51 deals during the same period last year. This week, there were 3 deals, which is fewer than the 14 the week before.

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $140.5M for Security Operations across 7 deals

• $108.5M for AI Governance across 2 deals

• $95.5M for Threat and Risk Prioritization across 3 deals

• $55.0M for API Security across 2 deals

• $50.0M for Security Orchestration and Automated Response (SOAR) across 1 deal

• $24.5M for Human Risk Management across 1 deal

• $18.4M for AI Security across 1 deal

• $15.0M for Secure Infrastructure across 1 deal

• $7.0M for Security Analytics across 1 deal

• $6.9M for Identity Verification across 1 deal

• $4.7M for Personal Cybersecurity across 1 deal

• $4.0M for Endpoint Detection and Response (EDR) across 1 deal

• $3.6M for Data Security Posture Management (DSPM) across 1 deal

• $3.0M for Infrastructure Security across 1 deal

• $2.6M for Security and Compliance Automation across 1 deal

• $228.8K for AI Adversary Simulation across 1 deal

• $149.3K for Brand Protection across 1 deal

• An undisclosed amount for Operational Technology (OT) Security across 1 deal

🏢 Funding By Company

Product Companies:

• Noma, an Israel-based data and AI pipeline security platform, raised a $100.0M Series B from Evolution Equity Partners. (more)

• Safe Security, a United States-based cyber risk quantification and management platform, raised a $70.0M Series C from Avataar Venture Partners. (more)

• Wallarm, a United States-based API security company, raised a $55.0M Series C from Toba Capital. (more)

• Blink Ops, an Israel-based low-code security automation platform, raised a $50.0M Series B from O.G. Venture Partners. (more)

• Legion Security, a United States-based AI-assisted security operations center workflow platform, raised a $38.0M Series A from Coatue. (more)

• Dropzone AI, a United States-based AI-agent-enabled security operations platform, raised a $37.0M Series B from Theory Ventures. (more)

• Prophet Security, a United States-based AI-assisted security operations platform, raised a $30.0M Series A from Accel. (more)

• Fable, a United States-based human risk management platform, raised a $24.5M Series A from REDPOINT. (more)

• Promptfoo, a United States-based open-source platform for identifying and fixing vulnerabilities in AI applications, raised a $18.4M Series A from Insight Partners. (more)

• Echo, an Israel-based secure container image infrastructure platform, raised a $15.0M Seed from Notable Capital and Hyperwise Ventures. (more)

• Seal Security, a United States-based threat prioritization platform using LLMs to prioritize patching, raised a $13.0M Series A from Vertex Ventures Israel. (more)

• Root Evidence, a United States-based vulnerability risk and prioritization platform, raised a $12.5M Seed from Ballistic Ventures. (more)

• Command Zero, a United States-based security operations and investigation platform, raised a $10.0M Seed from Crosspoint Capital Partners, SE Ventures, and Okta Ventures. (more)

• Reach Security, a United States-based security operations AI copilot platform, raised a $10.0M Series A from M12 - Microsoft's Venture Fund. (more)

• Cyata, an Israel-based agentic AI governance and security platform, raised a $8.5M Seed from TLV Partners. (more)

• Nebulock, a United States-based agentic threat hunting and security operations, raised a $18.5M Seed from Bain Capital Ventures. (more)

• RunReveal, a United States-based security analytics and observability platform, raised a $7.0M Seed from Costanoa Ventures. (more)

• Tonic Security, an Israel-based AI agent-driven security operations platform, raised a $7.0M Seed from Hetz Ventures. (more)

• Trustfull, an Italy-based anti-fraud and identity verification platform, raised a $6.9M Venture Round from Elevator Ventures and Seaya. (more)

• DynaRisk, a United Kingdom-based personal cyber risk management and threat intelligence platform, raised a $4.7M Series A from YFM Equity Partners. (more)

• North Pole Security, a United States-based endpoint detection and response platform for MacOS, raised a $4.0M Seed from Andreessen Horowitz. (more)

• Cavelo, a Canada-based data security posture management platform, raised a $3.6M Seed from Inovia Capital. (more)

• Dawnguard, a Netherlands-based secure infrastructure design platform, raised a $3.0M Pre-Seed from 9900 Capital. (more)

• Comp AI, a United States-based open-source security and compliance automation platform, raised a $2.6M Pre-Seed from OSS Capital L.P.. (more)

• Haicker, a Switzerland-based continuous AI penetration testing platform, raised a $228.8K Seed from Project Europe.

• Brandsec, an Australia-based DNS and brand protection platform, raised a $149.3K Grant from Business.gov.au. (more)

• Corsha, a United States-based API security platform focusing on zero-trust machine-to-machine communications, raised an undisclosed Venture Round from Cybernetix Ventures. (more)

• Nozomi Networks, a United States-based operational technology (OT) security platform for industrial control systems (ICS), raised an undisclosed Private Equity Round from Partners Group. (more)

Service Companies:

• None

🌎 Funding By Country

• $340.5M for the United States across 17 deals

• $180.5M for Israel across 5 deals

• $6.9M for Italy across 1 deal

• $4.7M for the United Kingdom across 1 deal

• $3.6M for Canada across 1 deal

• $3.0M for The Netherlands across 1 deal

• $228.8K for Switzerland across 1 deal

• $149.3K for Australia across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• CyberArk Software, a United States-based suite of identity security and privileged access management (PAM) tools, was acquired by Palo Alto Networks for $25.0B. CyberArk Software had previously raised $1.7B in funding. (more)

Service Companies:

• BlackPoint IT Services, a United States-based managed security services provider (MSSP), was acquired by Compass MSP for an undisclosed amount. BlackPoint IT Services has not previously disclosed any funding events. (more)

• Infinite MSP, a United States-based managed security services provider (MSSP), was acquired by NetSpark IP and Telecom for an undisclosed amount. Infinite MSP has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs