💰 Security, Funded #91 - YABF, RSAC Recap, and Valuation Down Bad
A review of cybersecurity funding and industry news from the week of April 24th, 2023.
Happy Monday, and I hope you had a great weekend and an eventful RSA Conference Week for all those who attended!
In this week's issue:
Valuation Down Bad
RSAC 2023 was a blast with over 40,000 people in attendance 🤯, the US economy grew at a slower rate than expected last quarter, Cybereason had quite the down round and cut their valuation by 90% (plus Softbank isn’t doing too hot either 👀), Q1 2023 earnings reports for public cyber companies are rolling in, and Yet Another Banking Failure (YABF)™️ over the weekend to continue chipping away at global banking stability.
RSA was officially back in full swing this year with 400+ registered vendors (likely 10-20% more on the fringes) and 40,000+ attendees. The expo floor did not disappoint with over-the-top booths, claims, and tactics to draw would-be buyers in.
Every vendor I spoke with was optimistic, hopeful, and focused on unseating competition, saying their solution was the best. Every investor I spoke with was looking for the next big thing, chasing hunches and missed deals from earlier in the year and cementing new relationships that could give them a future edge. Every practitioner I spoke with was curious and cautiously optimistic about the future of AI and cyber but still weary and jaded by the marketing spectacle that is RSA.
In short, everything was feeling back to normal. As Ed Sim said, “Steak dinners are back”:
It was a great time to connect with new people for the first time and reconnect with friends I hadn’t seen since the last RSA. One of the highlights for me, however, was being able to get together with this absolute unit of a brain trust of cybersecurity creators:
For anyone that I didn’t get the chance to connect with at RSA, I’m sorry I missed you but hope to catch you at a future conference this year or next.
Onward to this week's issue.
Using anonymized data for development and testing environments has become standard practice. Unfortunately, much of that data can still be identified using linkage attacks.
Research shows 87% of Americans can be uniquely identified using only their zip code, gender, and date of birth. As applications continue collecting detailed personal information from consumers, re-identification becomes even more likely.
With simulated attacks, Privacy Dynamics helps CISOs quickly and easily monitor re-identification risk across their organization.
🔮 Earnings Reports 🆕
I’m making this into a separate section now where there are significant earnings reports, let me know what you think!
Check Point ($CHKP) - beat Q4 earnings by 4% but still missed Q1 estimates leading to a dip in their stock.
Tenable ($TENB) - beat its Q1 earnings estimate but fell short of its annual revenue forecast, and analysts gave the stock the business. Tenable cited the elongation of approvals for customer spend, challenges with new customer acquisition, and weakness in the North American financial sector for missed targets.
Juniper Networks ($JNPR) - beat its Q1 2023 earnings estimates by 17% and claims that a push towards digital transformation and leveraging AI drove their growth.
The takeaway: digital transformation at companies, both large and small, is continuing to be a driver for enterprise sales for public cyber companies. The combination of a continued macroeconomic recession, more bank failures, the likelihood of continued rate hikes from the US Fed, the strong labor market driving wages higher (which the Fed is trying to quash), and the rapid development and rise of generative AI are all driving companies to leapfrog and transform their businesses faster. Expect this to be a pattern for the rest of the public cyber companies.
The companies who can come to the table to accelerate this for businesses by way of cyber? These are the ones that will continue to stand out.
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
A sign of how much the world has changed since last year post-RSA, and we see an 89%+ drop in funding from last year. This might just be a deal timing issue, but there were noticeably fewer funding announcements during RSA this year than last year.
💰 Funding Summary
13 companies raised $44.6M across 12 unique product categories
3 companies were acquired or had a merger event across 3 unique product categories
🧩 Funding By Product Category
$12.0M for Privileged Access Management (PAM) across 1 deal
$8.0M for Internet of Things (IoT) Security across 1 deal
$7.8M for Managed Security Services Provider (MSSP) across 2 deals
$6.0M for Secure Remote Access across 1 deal
$4.0M for Identity Governance & Administration (IGA) across 1 deal
$3.2M for Continuous Threat Exposure Management (CTEM) across 1 deal
$3.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal
$621.7K for Threat & Vulnerability Management (TVM) across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
An undisclosed amount for Professional Services across 1 deal
An undisclosed amount for Blockchain Security across 1 deal
An undisclosed amount for Anti-Phishing across 1 deal
🏢 Funding By Company
BreachBits, a United States-based continuous threat exposure management (CTEM) platform, raised a $3.2M Venture Round.
🌎 Funding By Country
$29.2M for United States across 7 deals 🇺🇸
$12.0M for Canada across 1 deal 🇨🇦
$2.8M for France across 1 deal 🇫🇷
$621.7K for United Kingdom across 1 deal 🇬🇧
An undisclosed amount for Spain across 1 deal 🇪🇸
An undisclosed amount for India across 1 deal 🇮🇳
An undisclosed amount for China across 1 deal 🇨🇳
🤝 Mergers & Acquisitions
📚 Great Reads
M-Trends 2023: Cybersecurity Insights From the Frontlines - Mandiant's report from the frontlines of incident response with metrics on the types of attacker techniques and how defenders are responding.
ChatGPT-Themed Scam Attacks Are on the Rise - The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.
AI for security is here. Now we need security for AI - Despite all the attention AI received in the industry, the vast majority of the discussions have been focused on how advances in AI are going to impact defensive and offensive security capabilities. What is not being discussed as much is how we secure the AI workloads themselves.
SOC 2 compliance in weeks, not months
With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?
Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.