Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Anvilogic, Nagomi Security, and Mate Security.

Hey -

I hope you had a great weekend!

Another week and another sigh of relief mixed with a side of grief. Last week, NVIDIA held its quarterly earnings call and beat the “AI Bubble” charges against it for at least another quarter. While NVIDIA isn’t directly in the cybersecurity world, the current fate of all private and public money is at the whims of the world’s largest benefactor of the AI wave. NVIDIA's continued success means that every industry that has seen its boats rise (a rising tide lifts all boats), including cyber, can continue to march on strongly.

It wasn’t all rosy, though. All of that positive news was offset by continued high inflation and low job market data in the US, leading the U.S. Federal Reserve and my boy JPow to be split on an interest rate cut in December.

It’s always the “expectations” that drive our markets, and about what people and investors anticipate. When you’ve been living in a “stocks only go up and to the right” environment for so long, any apparent cracks in the foundation make every freakout, and that’s exactly what we saw last week.

Cyber, though, just like Wu-Tang, is here forever (and is for the children). Bubble or no bubble, strong economy or not, someone still has to secure the proverbial bag.

It was also great to meet up with some friends, old and new, in London, stylishly wearing our AI-generated black-tie attire.

If you’re celebrating Thanksgiving this year, I hope you tack on some real mass and enjoy some time off with your friends and family! 🦃

💡 Share the newsletter in one click

PARTNER

Anvilogic Entered Its AI SOC Era

Smarter SecOps layer on top of where data lives

Anvilogic adds AI-driven detection and triage across your SIEMs and data lakes. With our suite of detection content and AI agents, rapidly improve coverage, boost detection engineering efficacy, and reduce alert noise while freeing up dollars with a flexible architecture that scales without replatforming.

Explore the AI SOC Layer Built for Modern Teams

Partner With Us

Table of Contents

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
Anthropic published a report on catching threat actors using AI for 'mostly autonomous' attacks. How do you feel about it?
🟩🟩🟩🟩🟩🟩 Attackers do a lot of automation already
🟨⬜️⬜️⬜️⬜️⬜️ Valuable threat intelligence
🟨⬜️⬜️⬜️⬜️⬜️ Interested but want third-party validation
🟨🟨🟨🟨🟨⬜️ Can't tell where the research ends and the sales pitch begins
🟨🟨🟨⬜️⬜️⬜️ Skeptical until I see technical evidence

If you looked anywhere on social media last week, you would have seen person after person sharing the Anthropic report and their take on what happened. You’d see typical responses from people trying to talk their own books, saying things like, “This is why the world needs our AI-driven autonomous whiz-bang platform at Vendor X.

But it seems like a lot of the security community kind of scratched their heads over the report. It was both interesting and I’m really glad they shared it, but it left us with many more questions than answers. It was billed as a threat intel report, but it left far too much to the imagination.

My friend Matt Johansen breaks it down really well here.

Some of the top comments from last week’s vibe check:

💬 “Given that previous claim by MIT business school that 80% of ransomware actors used generative AI used data from before 2022, I'm gonna need strong sources. Also a definition of ‘autonomous’”

💬 “Automation is cool and so is Claude, but Anthropic strayed over the line, overselling the amount that AI did here.”

💰 Market Summary

Private Markets

  • 19 companies from 6 countries raised $352.2M across 17 unique product categories

  • Average deal size was $25.2M (median: $18.5M)

  • 96% of funding went to product companies

  • 6 companies from 3 countries were acquired for $3.4B across 4 unique product categories

  • 67% of M&A activity went to product companies

Public Markets

  • 1 public cyber company had an earnings report

As of market close on November 21, 2025.

📸 YoY Snapshot

Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

Funding continues to surge, with over 190 deals in the last 13 weeks totaling $3.7B and averaging $24.1M per deal.

M&A activity continued with 85 acquisitions over the past 12 weeks, up 10% from 77 last year. There’s also an interesting trend emerging of cybersecurity companies acquiring non-cybersecurity companies. We saw that last week with Palo Alto, but it’s happening on the smaller end of the scale as well.

PARTNER

2025 CISO Pressure Index: Measuring the Breaking Point

Board demands outrank threats in CISO stress

Boards are asking for proof, budgets stay tight, and AI adds a new attack surface. Nagomi’s 2025 CISO Pressure Index measures the real strain on security leaders and shows where shared ownership across IT, risk, and the board cuts pressure before burnout.

Read the 2025 CISO Pressure Index

Partner With Us

Subscribe to the Newsletter

☎️ Earnings Reports

This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.

Earnings reports from last week: $PANW ( ▲ 1.29% )

$PANW ( ▲ 1.29% ) - BULL

A huge earnings call for Palo Alto last week! ARR was up nearly 30% to $5.85 billion, and total revenue was up 16% to $2.47 billion. There was also strong product traction, with over 450 XSIAM (Palo’s visibility and automation platform) customers at $1 million ARR (!!) and SASE ARR growing 34%.

The biggest news of the call was the announcement of an acquisition into a new market segment by acquiring an observability company, Chronosphere, to the tune of $3.35 billion. With a reported ARR of $160 million, this marks the second acquisition in a row of buying mature players with clear market dominance in their space.

Nikesh (probably)

While this wasn’t a cyber acquisition, it takes direct aim at what Splunk and Cisco have going on and is a clear run at the enterprise data fabric layer. To me, this acquisition makes a lot of sense, as security monitoring and observability have been slowly converging over the last five years.

Palo Alto raised its forward-looking guidance for the full year and approved an extension of the current common stock repurchase authorization of $1 billion. Analysts were rightfully cautious yet optimistic, given the many moving parts for Palo Alto to deliver on. The only thing left to do now is to sit back and let Nikesh cook.

Earning reports to watch this coming week: $ZS ( ▲ 3.35% )

🧩 Funding By Product Category

  • $80.0M for Remote Browser Isolation across 1 deal

  • $70.0M for Brand Protection across 1 deal

  • $38.0M for Continuous Automated Red Teaming (CART) across 1 deal

  • $34.0M for Privileged Access Management (PAM) across 1 deal

  • $25.0M for Data Security Posture Management (DSPM) across 1 deal

  • $25.0M for Application Security across 2 deals

  • $22.5M for SaaS Governance across 1 deal

  • $21.5M for Threat Detection and Response (TDR) across 1 deal

  • $20.0M for Security Operations across 2 deals

  • $8.0M for Managed Security Services Provider (MSSP) across 1 deal

  • $4.5M for Cybersecurity Education & Training across 1 deal

  • $3.7M for Identity and Access Management (IAM) across 1 deal

  • An undisclosed amount for Managed Detection and Response (MDR) across 1 deal

  • An undisclosed amount for Professional Services across 1 deal

  • An undisclosed amount for Security Incident Management across 1 deal

  • An undisclosed amount for Internet of Things (IoT) Security across 1 deal

  • An undisclosed amount for Data Protection across 1 deal

🏢 Funding By Company

Product Companies:

Service Companies:

  • Elevate Services Group, a United States-based managed security services provider (MSSP) for rural hospitals and clinics, raised $8.0M in Debt Financing. (more)

  • Cybrary, a United States-based hands-on cybersecurity training and education platform, raised a $4.5M Venture Round. (more)

  • ArmourZero, a Singapore-based managed detection and response (MDR) platform, raised an undisclosed Angel round. (more)

  • ShorePoint, a United States-based professional services firm focused on security operations and zero trust implementation for the US federal sector, raised an undisclosed Private Equity Round from CM Equity Partners. (more)

🌎 Funding By Country

  • $238.2M for the United States across 13 deals

  • $95.5M for Israel across 2 deals

  • $14.0M for Canada across 1 deal

  • $4.5M for Switzerland across 1 deal

  • An undisclosed amount for Singapore across 1 deal

  • An undisclosed amount for Portugal across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • Chronosphere, a United States-based observability platform for microservices and containers, was acquired by Palo Alto Networks for $3.4B. Chronosphere has not previously disclosed any funding events. (more) ← Not a cyber company.

  • Balbix, a United States-based cloud security operations platform, was acquired by Safe Security for an undisclosed amount. Balbix had previously raised $70.0M in funding. (more)

  • Inside Agent, a United Kingdom-based identity threat detection and posture management platform for Microsoft 365 environments, was acquired by Huntress for an undisclosed amount. Inside Agent has not previously disclosed any funding events. (more)

  • Runebook, a United States-based MCP-enabled text and voice-enabled AI agent platform, was acquired by Keycard for an undisclosed amount. Runebook has not previously disclosed any funding events. (more) ← Not a cyber company.

Service Companies:

  • 24By7Security, a United States-based managed security services provider (MSSP), was acquired by Amplix for an undisclosed amount. 24By7Security has not previously disclosed any funding events. (more)

  • Cyberseer, a United Kingdom-based managed security services provider (MSSP), was acquired by Redsquid for an undisclosed amount. Cyberseer has not previously disclosed any funding events. (more)

📚 Great Reads

  • Failing to Understand the Exponential - Breaking down the performance improvement of AI models over time, and how easy it is to miss all the progress that has been made.

  • *Your False Positives Are Intelligence, Not Noise - Elite SOCs don't just filter benign alerts - they extract business context that refines detection across the board. Make your security operations antifragile: stronger from every incident.

  • Cyber Ops Experience Meets Following Industry Money - I sat down with the team at VulnCheck to discuss emerging threats, AI investment in cybersecurity, and more.

  • InfoSec Black Friday Deals - "InfoSec Cares" 2025 Edition. It’s the time of year again for the world-famous InfoSec Black Friday GitHub repo from securitymeta_! This has been a huge hit for over 7 years, and it has just about everything a cybersecurity person would want.

*A message from our partners

🧪 Labs

We live in a house of cards

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or send your smart friends a referral.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate

Keep Reading

No posts found