💰 Security, Funded #219 - Thirty-Two Billion Reasons

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of November 3, 2025.

Author

Mike Privette
November 10, 2025 • Reading Time: 17 minutes

Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Palo Alto Networks, Nudge Security, and Nagomi Security.

Hey -

I hope you had a great weekend.

There was an industry-wide sigh of relief last week. Did you feel it? It happened when the U.S. Department of Justice officially greenlit the Wiz acquisition by Google, allowing it to proceed without any antitrust scrutiny.

Aside from now *officially* being the largest cybersecurity acquisition in the industry at $32 billion, this was one of the largest acquisitions that Google has ever done, and it was big even outside of cyber.

Early employees and investors rejoiced the world over, and so did many others in the industry (even if they’re a little jealous they weren’t in the cap table).

The business after the CISO helps them accept the risk

Even if you’re not making it rain right now, you’ve got to be a bit pumped that this went through the first big regulatory hurdle. This approval comes at a time when the past few years have not been particularly pro-business or M&A-friendly for large companies.

I think this means that M&A is going to ramp up the rest of this year and the next. Ladies and gentlemen, the game, as they say, is afoot.

PARTNER

Cloud Detection & Response For Dummies

Stop chasing alerts and start neutralizing cloud threats with Cortex Cloud

The cloud moves too fast for traditional security. Attackers are using your own cloud configurations and identities against you. This guide gives you a new playbook to stop chasing alerts and start neutralizing threats.

Learn to understand the modern cloud attacker's playbook, build a proactive defense, unite your teams, and get your free guide to respond to active threats with the speed required for the cloud.

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

What's something you wish AI agents could do for your security program?

Total wishlist here, go nuts!

Login or Subscribe to participate in polls.

Last issue’s vibe check:
How often do you feel like you're winging it in security?
🟨⬜️⬜️⬜️⬜️⬜️ Rarely (confident in my expertise)
🟩🟩🟩🟩🟩🟩 Weekly (some days are better)
🟨🟨🟨⬜️⬜️⬜️ Daily (we're all making it up)
⬜️⬜️⬜️⬜️⬜️⬜️ Never (I AM security)

Last week’s vibe check was really just a break in the pattern, and it just came to me when writing the issue.

It seems like most people are in the same boat here, with sort of knowing how to do some things, but then just totally making it up for some (most?) other things. Honestly, it’s what makes this field one of the best and most exciting ones to work in. If you like being constantly challenged and learning new things (even if many of them are not technical in nature), then you’re going to have a good time.

Now, back to your regularly scheduled, highly thought-provoking vibe checks!

Some of the top comments from last week’s vibe check:

💬 “Winging it can be another way to say 'risk management'”

💰 Market Summary

Private Markets

  • 19 companies from 7 countries raised $627.4M across 17 unique product categories

  • Average deal size was $39.2M (median: $9.5M)

  • 100% of funding went to product companies

  • 11 companies from 3 countries were acquired for $66.0M

  • 73% of M&A activity went to service companies

Public Markets

  • 3 public cyber companies had an earnings report

As of market close on November 7, 2025.

📸 YoY Snapshot

Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

Q4 is just ripping on the deal volume and the dollar figures. We’re climbing back closer to 2021/2022 levels of money around here.

Another very big week on the M&A front last week.

PARTNER

Eliminate wasted SaaS spend to fund your 2026 priorities

Get a free SaaS spend analysis today

Your SaaS footprint is likely happy hunting grounds for cost savings to help make room in your budget for new priorities. Nudge Security discovers every app, account, and up to two years of historical SaaS spend to give you the full picture of who’s using what, where you have overlap, and where you are wasting money on unused apps.

You’ll see all of this on Day One, along with a security profile for each app and automated workflows to help you rein in SaaS sprawl.

☎️ Earnings Reports

This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.

Earnings reports from last week: $FTNT ( ▲ 0.51% ), $RPD ( ▼ 0.7% ), $QLYS ( ▲ 1.01% ) 

Fortinet delivered a very strong operational quarter in Q3 2025. Revenue grew 14% to $1.72 billion, they hit a 37% operating margin, large deals over $1 million were up 26% in count and 30%+ in value, and the OT security line grew 30%+!

It wasn’t a walk in the park, though, as Fortinet’s service revenue is continuing to decelerate as it has for the past few years, and analysts harped on this repeatedly. Management's confidence stemmed from strong product growth being a "leading indicator" for 2026 service acceleration.

These conflicting points left the stock rather muted after the earnings call, and it’s a hold for me I can see how they respond after Q4 earnings.

Rapid7 delivered 2% ARR growth to $838M in Q3, one of the weakest performances in cybersecurity this earnings season so far. The majority of Rapid7’s focus is on Managed Detection and Response (MDR) now, an increasingly competitive space that has seen a slew of acquisitions from some very big players.

All in all, the messaging from Rapid7 was consistent with what I hear from many companies: a greater focus on AI (which Rapid7 said they are playing catch-up on), operational rigor, and expense management, as well as a renewed emphasis on channel partnerships and even new leadership.

The mechanics of what made companies thrive in the pre-AI world aren’t the same in the post-AI world, and some are having a harder time with it than others. It’s a classic story of “What got you here won’t get you there.”

Three guidance cuts in one year reveal deeper issues than "just timing," and the stock performance this year has told the same story, with Rapid7 dropping below a $1 billion market cap.

Qualys reported strong Q3 earnings, with revenue increasing 10% to $169.9 million and gross profit rising 14% to $142.1 million. Qualys mentioned some scrutiny on spending and growth in the U.S. Federal sector, given the U.S. government shutdown and lack of budget visibility.

Even still, management is betting heavily on the consolidation platform after converting 28 POCs to commercial deployments and clarifying pricing at "up to 100% uplift" on existing VMDR subscriptions.

Qualys is a hold for me based on some solid financial fundamentals with consistent revenue growth and profitability, but with uncertainty around the federal space. They’re growing faster than their peer group so far, and even raised their full-year guidance, but earnings season isn’t over yet.

Earning reports to watch this coming week: $CYBR ( ▲ 1.74% )

🧩 Funding By Product Category

  • $435.0M for Internet of Things (IoT) Security across 1 deal

  • $40.0M for Managed Detection and Response (MDR) across 1 deal

  • $30.0M for Brand Protection across 2 deals

  • $25.0M for Data Security Posture Management (DSPM) across 1 deal

  • $25.0M for Secrets Management across 1 deal

  • $19.0M for Identity Governance & Administration (IGA) across 1 deal

  • $12.3M for Mobile Threat Detection and Response (MTDR) across 1 deal

  • $10.0M for Threat Intelligence across 1 deal

  • $9.0M for AI Governance across 1 deal

  • $7.8M for Governance Risk and Compliance (GRC) across 1 deal

  • $7.0M for Threat Modeling across 1 deal

  • $3.0M for Security Operations across 3 deals

  • $2.9M for AI Security across 1 deal

  • $999.1K for Software Supply Chain Security across 1 deal

  • $300.0K for Managed Security Services Provider (MSSP) across 1 deal

  • $70.5K for Data Protection across 1 deal

  • An undisclosed amount for Identity Risk Management (IRM) across 1 deal

🏢 Funding By Company

Product Companies:

  • Armis, a United States-based agentless IoT security platform, raised a $435.0M Venture Round from Goldman Sachs Growth Equity. (more)

  • Daylight Security, an Israel-based automated managed detection and response (MDR) platform, raised a $40.0M Series A from Craft Ventures. (more)

  • Teleskope, a United States-based data security posture management (DSPM), raised a $25.0M Series A from M13. (more)

  • Truffle Security, a United States-based platform that finds and remediates leaked software credentials, raised a $25.0M Series B from Intel Capital and Andreessen Horowitz. (more)

  • Oleria, a United States-based identity governance and administration (IGA) platform, raised a $19.0M Venture Round. (more)

  • Flare, a Canada-based brand protection and threat intelligence platform, raised $15.0M Series B from Inovia Capital and $15.0M Debt Financing from Bank of Montreal. (more)

  • iVerify, a United States-based mobile threat detection and response (MTDR) platform, raised a $12.3M Venture Round. (more)

  • Malanta.ai, an Israel-based threat intelligence platform focused on identifying and disrupting attacker infrastructure, raised a $10.0M Seed from Cardumen Capital. (more)

  • Portal26, a United States-based AI application discovery and governance platform, raised a $9.0M Series A from Shasta Ventures. (more)

  • SecureNavi, a Japan-based governance, risk, and compliance platform, raised a $7.8M Series B from Mobile Internet Capital and SBI Investment. (more)

  • Seezo, an India-based AI-assisted threat modeling and security design review platform, raised a $7.0M Seed from Accel. (more)

  • Rilevera, a United States-based detection engineering rule management platform for security operations teams, raised a $3.0M Seed from DataTribe. (more)

  • DeepKeep, an Israel-based platform for defending the AI application lifecycle, raised a $2.9M Grant from the European Innovation Council. (more)

  • Cybeats Technologies, a Canada-based software bill of materials (SBOM) security platform, raised $1.0 in post-IPO Equity.

  • EigenQ, a United States-based quantum encryption hardware and software platform, raised a $70.5K Pre-Seed.

  • Detections.ai, a United States-based community-driven detection engineering rule platform for security operations teams, raised an undisclosed Venture Round from Modern Technical Fund. (more)

  • Forestall, a Turkey-based identity risk management platform focused on securing Microsoft Active Directory, raised an undisclosed Seed from Yapı Kredi FRWRD, UNLU & Co., and Future Impact Fund.

  • SOC Prime, a United States-based detection engineering platform for security operations teams, raised an undisclosed Venture Round from u.ventures. (more)

Service Companies:

  • Miamin Corp, a United Arab Emirates-based managed security services provider (MSSP), raised a $300.0K Funding Round.

🌎 Funding By Country

  • $528.4M for the United States across 10 deals

  • $52.9M for Israel across 3 deals

  • $31.0M for Canada across 3 deals

  • $7.8M for Japan across 1 deal

  • $7.0M for India across 1 deal

  • $300.0K for the United Arab Emirates across 1 deal

  • An undisclosed amount for Turkey across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • SplxAI, a United States-based AI agent vulnerability testing and monitoring platform, was acquired by Zscaler for an undisclosed amount. SplxAI had previously raised $9.0M in funding. (more)

  • Mayhem, a United States-based automated application security testing platform, was acquired by Bugcrowd for an undisclosed amount. Mayhem has not previously disclosed any funding events. (more)

  • UpSight Security, a United States-based endpoint detection and response (EDR) platform focused on ransomware prevention, was acquired by Arctic Wolf for an undisclosed amount. UpSight Security has had previous funding, but has not disclosed any deal terms. (more)

  • Wirespeed, a United States-based managed detection and response (MDR), was acquired by Coalition for an undisclosed amount. Wirespeed has not previously disclosed any funding events. (more)

Service Companies:

  • CyberSolve, a United States-based professional services firm focused on identity and access management services, was acquired by Hexaware for $66.0M. CyberSolve has not previously disclosed any funding events. (more)

  • Ruptura InfoSecurity, a United Kingdom-based professional services company focused on penetration testing and compliance, was acquired by Saepio for an undisclosed amount. Ruptura InfoSecurity has not previously disclosed any funding events. (more)

  • ScaleSec, a United States-based professional services firm focused on cloud security, was acquired by RKON for an undisclosed amount. ScaleSec has not previously disclosed any funding events. (more)

  • I.S. Partners, a United States-based professional services firm focused on security compliance services, was acquired by Axiom GRC for an undisclosed amount. I.S. Partners has not previously disclosed any funding events. (more)

  • Lynx Technology Partners, a United States-based professional services firm focused on security risk management, was acquired by MorganFranklin Cyber for an undisclosed amount. Lynx Technology Partners has not previously disclosed any funding events. (more)

  • Solace Global Limited, a United Kingdom-based professional services firm focused in security risk management, was acquired by Global Guardian for an undisclosed amount. Solace Global Limited has not previously disclosed any funding events. (more)

  • Rubicon 8, an Australia-based managed security services provider (MSSP), was acquired by ENTAG for an undisclosed amount. Rubicon 8 has not previously disclosed any funding events. (more)

📚 Great Reads

  • The AI Trust Paradox: Why Security Teams Fear Automated Remediation - Tyler Shields discusses how security teams invest in AI for automated remediation but hesitate to trust it fully due to fears of unintended consequences and lack of transparency.

  • *2025 CISO Pressure Index - Boards demand more, AI pressure piles on, CISOs carry the weight. In this new report, Nagomi Security quantifies the load and shows why this breaking point requires shared accountability across the org.

  • Have you tried AI? - The founder of beehiiv discusses how the pace of change and advancements in AI capabilities match up against real-world business scenarios, and how there's much work to be done

*A message from our partner

🧪 Labs

“You’re absolutely right.” Please help comment more nonsense so we can tank the LinkedIn AI training data. Remember, only you can prevent performative posting on LinkedIn 🙏 

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or send your smart friends a referral.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate.