Happy Monday, and I hope you had a great weekend!
In this week's issue:
XDR Is Calling
SVB Finds A Buyer
New Uses For Old Tech
The US and TikTok have a face-off, SVB finds a buyer, the US Fed and the ECB raised interest rates again, and the Co-Founder of Intel and inventor of “Moore’s Law”, industry legend Gordon Moore, dies at 94.
SVB finally finds a buyer in First Citizens Bank (FCB), based in Raleigh, North Carolina. Many people reading this may have never heard of FCB prior to buying SVB, but FCB is no stranger to acquisitions, having completed more than 20 FDIC-backed bank acquisitions since 2009.
FCB also holds a special place in my own heart. Many (many!) years ago, I got my first job as a security engineer there. I was only a few years into my career, having just been laid off from the last financial crisis in 2008, and I was given the chance to break into engineering. It was the first hands-on role I had in cybersecurity, and it created an unquenchable thirst to learn more about cybersecurity and always improve myself.
I credit my time there, and my experience living through multiple bank mergers, as a breakout period that helped tremendously accelerate my career. Without my time at FCB, I may not be where I am today.
XDR is now more than just another annoying cyber industry acronym. The cost of log collection, retention, normalization, and detection has dropped significantly.
At the same time, with the rise of detections as code, Detection Engineering as a discipline, security engineers starting to look more and more like software developers, and trust-driven security vendors, and the cost of threat detection has followed suit.
XDR is now making true what the SIEM promised 10+ years ago.
This doesn’t mean the SIEM is dead, however. XDR and SIEM deployments are a piece of the larger puzzle, and there is no one-size fits all model.
Don’t forget that with 3 referrals, you can get my Airtable base with a list of all the public cybersecurity companies mapped to categories, funding data, and market cap information, updated daily. Find your unique referral link below (email-only version)!
Onward to this week's issue.
Lacework is data-driven cloud security
Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environmentsSchedule a meeting to start your cloud security journey today!
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
Overall funding volume over the past few weeks has been on par year-over-year, which I think is a good sign. Of course, this year has seen a lot of uncertainty on the macro headwinds and banking industry instability, but this still shows that dry powder is, indeed, getting wet. 🌊
💰 Funding Summary
10 companies raised $89.6M across 9 unique product categories
5 companies were acquired or had a merger event across 4 unique product categories
🧩 Funding By Product Category
$37.1M for Identity and Access Management (IAM) across 2 deals
$15.0M for Passwordless Authentication across 1 deal
$8.0M for Identity Governance & Administration (IGA) across 1 deal
$8.0M for Application Security Testing (AST) across 1 deal
$7.5M for Data Protection across 1 deal
$6.0M for Cloud Security across 1 deal
$5.0M for Managed Security Services Provider (MSSP) across 1 deal
$2.0M for Internet of Things (IoT) Security across 1 deal
🏢 Funding By Company
Backslash Security, an Israel-based application security testing and bug prioritization platform, raised an $8.0M Seed from D. E. Shaw & Co., First Rays Venture Partners, and StageOne Ventures. (more)
OP, a United States-based Internet of Things (IoT) and embedded device security platform, raised a $2.0M Seed.
Guard Dog Solutions, a United States-based network security platform, raised a $1.0M Debt Financing round.
🌎 Funding By Country
$75.6M for United States 🇺🇸
$8.0M for Israel 🇮🇱
$6.0M for Luxembourg 🇱🇺
🤝 Mergers & Acquisitions
📚 Great Reads
AI Prompt Injection Threat Model - Using AI prompt injection to reveal that a person is attempting to use an AI prompt to interact with you on LinkedIn is just 👨🍳🤌
Lots of Cybersecurity Companies Are Going to Fail This Year - A hot take from Andrew Morris, CEO of GreyNoise, about how companies should get to a cash flow break-even, consider new strategies, and consider partnering with competitors.
The rise of the technical security leader - Frank Wang thinks we need to establish a foundational security strategy where security is integrated into the engineering process rather than an afterthought.
🐝 Cross Pollinate
Discover something 🆕 this week.
A newsletter that talks about the intersection of AI and cybersecurity, something very top of mind for security professionals today, from Craig Balding:
Discover Bearer, an innovative, open-source SAST engine for lightning-fast security risk assessment, prioritization, and remediation. Seamlessly integrate with GitHub or GitLab, and effortlessly shift data security left.Bearer simplifies privacy reporting, generating detailed reports with information on processed sensitive data, associated risks, data subjects, and third-party services to support your privacy and compliance teams. By focusing on sensitive data flow analysis, Bearer helps protect your business from the rising threats of data leaks and breaches.Elevate your application security game and safeguard your sensitive data with Bearer
Improvise. Adapt. Overcome.
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.