- Return on Security
- 💰 Security, Funded #96 - Dollar Bills and Mixed Thrills
💰 Security, Funded #96 - Dollar Bills and Mixed Thrills
A review of cybersecurity funding and industry news from the week of May 29th, 2023.
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the macroenvironment :
CrowdStrike, SentinelOne, Okta, Zscaler earnings mixed
Microsoft just quietly flexing
AI risk concerns surge, Twitter safety lead quits
Q2 funding down, AI & LLM in focus
$50.1M raised across 12 companies, 3 M&As
Discussion on LLM Application's security challenges
Brush up on your security challenges
Onward to this week's issue.
Don’t waste time on security scavenger hunts. With pre-mapped controls and over 75 integrations to your tech stack, Drata automates the compliance process.Drata supports 14 frameworks, including SOC2, ISO 27001, HIPAA, and GDPR, so your team can scale security without duplicating work. Best of all, you get real-time visibility into your risk levels with powerful dashboards and alerts.
Have to see it to believe it?
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
CrowdStrike ($CRWD) - beat its earnings estimates, but revenue projections “slowed down” as compared to last year (only a 42% increase instead of a 61% increase) and saw its stock take a bit of a hit. The most likely reason this revenue is “down” from last year is that customers are still seeing increased expense reduction pressure.
SentinelOne ($S) - missed projections and got absolutely clotheslined by investors after its latest earnings report. The stock dropped >35% after SentinelOne announced an “error” in the way they were reporting ARR in the CRM, and they had to significantly cut back on their forward-looking ARR guidance. Analysts, weary of the reasoning from SentinelOne and combined with other cost-saving plays like RIFs, saw this as a loss of momentum and negative customer sentiment.
Okta ($OKTA) - got clapped on its earnings, and the stock dropped ~12% from macro headwinds on net new business across SMB and enterprise.
Zscaler ($ZS) - beat expectations and strong earnings on the back of public sector growth. Government zero-trust initiatives and a FedRAMP High certification are continuing to pay off for Zscaer.
All players mentioned generative AI at various lengths, and all players saw their proprietary data combined with LLM usage as “the new IP” (you might remember I called this out a few weeks back in this post). On the positive side, cyber companies are hoping to see increased generative AI and LLM usage in their products as future revenue drivers from customers.What is still consistent now that we are deep into Q2 — everyone is still facing prolonged sales pipelines and expecting a continued worsening of the macroeconomic outlook for the rest of the year.Also, just going to leave this here
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
Funding in Q2 continues on its downward trend and is ~36% lower than last year this time. Deals are fewer and farther between in the cyber industry as the majority of VCs and PE firms pivot to funding the next big thing in generative AI and LLMs.
💰 Funding Summary
12 companies raised $50.1M across 11 unique product categories
3 companies were acquired or had a merger event across 3 unique product categories
🧩 Funding By Product Category
$28.4M for Professional Services across 1 deal
$10.0M for Operational Technology (OT) Security across 1 deal
$8.0M for Data Protection across 2 deals
$2.0M for Identity Verification across 1 deal
$1.0M for Cloud Security Posture Management (CSPM) across 1 deal
$500.0K for Secure Remote Access across 1 deal
$500.0K for Managed Detection and Response (MDR) across 1 deal
$75.0K for Software Supply Chain Security across 1 deal
$10.0K for Blockchain Security across 1 deal
An undisclosed amount for Threat Informed Defense (TID) across 1 deal
An undisclosed amount for Security Operations across 1 deal
🏢 Funding By Company
BringYour, a United States-based personal virtual private network (VPN) platform, raised a $500.0K Debt Financing round.
SECTA5, a Singapore-based managed detection and response (MDR), raised a $500.0K Pre-Seed round.
🌎 Funding By Country
$28.4M for China across 2 deals 🇨🇳
$18.6M for United States across 6 deals 🇺🇸
$2.0M for Hong Kong across 1 deal 🇭🇰
$1.0M for Australia across 1 deal 🇦🇺
$500.0K for Singapore across 1 deal 🇸🇬
An undisclosed amount for Israel across 1 deal 🇮🇱
🤝 Mergers & Acquisitions
📚 Great Reads
Indirect Prompt Injections and Threat Modeling of LLM Applications - A podcast on Spotify around the concept of indirect prompt injections, a novel adversarial attack, and vulnerability in LLM-integrated applications. This podcast also examines contrasts to traditional security injection vulnerabilities like SQL injections.
Stop Silly Security Awards - It's time to end the practice of security awards run by marketing companies. Plus, there's a button where you can claim your own sill security award. My personal favorite was the time I won "🏆 Jury Selection for SaaS Security Pentesting" 😂
Awesome Security Challenges - A curated list of Awesome Security Challenges aimed at getting beginners and experts involved in upskilling their ethical hacking, pentesting, and crypto skill through online challenges. There are a lot of great security challenges on the Internet, but it's hard to keep track of them all or work on different types of challenges. This list helps keep all those scattered platforms in one place.
Much like the often-messy technical process of incident response, security communications are frequently created on the fly, by many cooks, with little forethought (due to time constraints) and even less afterthought. This results in a security and incident comms process that is anything but resilient and sustainable and can leave everyone from external comms to executives annoyed at why something as simple as getting a message out always seems to be so hard. In short, the process feels unreliable, and the amount of work that goes into managing it is often unsustainable. The best incident response communications are built on a foundation of strong, ongoing security communications. Here are a few thoughts from Melanie Ensign, CEO at Discernible on how to do that.Read Melanie’s post
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.