💰 Security, Funded #95 - Palo Alto's PANcake Power Play 🥞
A review of cybersecurity funding and industry news from the week of May 22nd, 2023.
Mike Privette
May 30th, 2023
Hey there,
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things:
US raises the debt roof (finally)
Palo Alto flexed on ‘em with bundling 💪
China hackers and AI deception ramp up
LLMASB (LLM Access Security Broker?)
2023's YTD funding down ~32%, steady deal volume
$95.4M raised across 12 companies, 4 acquisitions
60 Minutes staff scammed in cybersecurity demo
AI business risks under discussion
Google's '.zip' domains creatively utilized
Onward to this week's issue.
🗣Sponsor
Lacework is data-driven cloud security
Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environmentsSchedule a meeting to start your cloud security journey today!
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
Palo Alto ($PANW) - crushed earnings yet again with a 30% CAGR as they see more and more companies go to the platform route.I’ve got to hand it to Palo Alto’s ability to get customers to say ‘yes,’ they have really professionalized this. Two of the biggest ways that stood out to me were the required bundling of XDR (Extended Detection and Response) + XIEM (Extended Information and Event Management) (I really hate these terms btw) and the “credits” system. You can’t buy the hot new SIEM replacement of XIEM without buying XDR, and customers can buy a single SKU of Palo Alto credits, which I am now dubbing PANcakes (Nikesh, I’ll send you my bill) that let them spend across the portfolio of services. This is fully leaning into the prevailing macro headwinds.
🛞 Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
We’re well into the middle of Q2, and more of a picture is emerging. Deal volume is remaining relatively close YoY, but YTD funding is still down ~32%. By all accounts, this appears to be the “new normal” (or a “reversion to the historical mean prior to the zero-interest rate phenomenon,” depending on how long you’ve been in the game).
💰 Funding Summary
12 companies raised $95.4M across 13 unique product categories
4 companies were acquired or had a merger event across 3 unique product categories
🧩 Funding By Product Category
$37.9M for Threat Intelligence across 2 deals
$14.3M for Cloud Security across 1 deal
$10.0M for Brand Protection across 1 deal
$8.2M for Identity and Access Management (IAM) across 1 deal
$7.6M for Third-Party Risk Management across 1 deal
$7.0M for Continuous Compliance across 1 deal
$5.0M for Risk Management across 1 deal
$4.6M for Security Awareness across 1 deal
$500.0K for Quantum Security across 1 deal
$300.0K for Cloud Native Application Protection Platform (CNAPP) across 1 deal
An undisclosed amount for Password Management across 1 deal
An undisclosed amount for Distributed Ledger Technology (DLT) Security across 1 deal
🏢 Funding By Company
Sekoia.io, a France-based cyber threat intelligence platform, raised a $38.0M Series A from Banque des Territoiresand BNP Paribas Développement. (more)
Lingxin Digital Technology, a China-based cloud data security platform, raised a $14.3M Series B from Firstred Capital.
Memcyco, an Israel-based digital brand protection platform for businesses, raised a $10.0M Seed from Capri Venturesand Venture Guides. (more)
authID, a United States-based identity and authentication as a service platform, raised an $8.2M Post-IPO Equity round. (more)
CyberVadis, a France-based third-party risk management platform, raised a $7.6M Series A from Zobito. (more)
Strike Graph, a United States-based compliance SaaS platform, raised a $7.0M Venture Round fromBAMCAP. (more)
Ballerine, an Israel-based open-source risk management platform for business processes like KYC, AML, etc., raised a $5.0M Seed from Team8. (more)
CyberConIQ, a United States-based security awareness training platform, raised a $4.6M Debt Financing from StonegateIG LLC. (more)
Qrcrypto, a Switzerland-based quantum encryption security platform, raised a $500.0K Debt Financing round. (more)
Hopr, a United States-based cloud workload and API protection platform, raised a $300.0K Seed from TEDCO. (more)
Citalid Cybersecurity, a France-based cyber threat intelligence platform, raised a $100.0K Grant from Zurich Insurance Group. (more)
MindYourPass, a Netherlands-based password management application, raised an undisclosed Venture Round from Value Creation Capital. (more)
Naoris Protcol, a New Caledonia-based distributed ledger technology (DLT) security protocol supporting decentralized identity and privacy of Web3, raised an undisclosed Grant from T Challenge. (more)
🌎 Funding By Country
$45.4M for France across 3 deals 🇫🇷
$20.1M for United States across 4 deals 🇺🇸
$15.0M for Israel across 2 deals 🇮🇱
$14.3M for China across 1 deal 🇨🇳
$500.0K for Switzerland across 1 deal 🇨🇭
An undisclosed amount for the Netherlands across 1 deal 🇳🇱
An undisclosed amount for New Caledonia across 1 deal 🇳🇨
🤝 Mergers & Acquisitions
Airside, a United States-based privacy and security-focused digital identity app, was acquired by Onfido for an undisclosed amount. (more)
Cysiv MEA (formerly SecureMisr), an Egypt-based managed security services provider (MSSP), was acquired by Liquid Intelligent Technologies for an undisclosed amount. (more)
Stryker Networks, a United States-based managed services provider (MSP), was acquired by Cardone Ventures for an undisclosed amount. (more)
XOR Security, a United States-based managed security services provider (MSSP) focused on national security, was acquired by Agile Defense for an undisclosed amount. (more)
📚 Great Reads
Ethical hacker scams 60 Minutes staffer to show how easy digital theft is - Rachel Tobac shows just how easy it is to scam a member of the show 60 Minutes using an AI-powered voice app to give up confidential information. If you have elderly loved ones or family members, you need to make sure they see this episode.
Crypto and the Opioid Crisis: What Blockchain Analysis Reveals About Global Fentanyl Sales - This post explores the role of cryptocurrency in global fentanyl sales by analyzing the activity of crypto addresses associated with chemical shops suspected of selling fentanyl precursors, some of which come from shops involved in recent criminal cases.
Leveraging Large Language Models (LLMs) in Business: Risk Assessment and the Imperative of Data Security - A post on the business implications and risks of employing your own Large Language Models (LLMs). I attempt to look into the dual-edged sword of custom LLMs and proprietary data with the competitive edge they can provide and the new security threats they invite.
🗣Sponsor
Automate security and privacy complianceWith a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?
Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.
🧪 Labs
People are already putting those Google ".zip" domains to good use
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.