💰 Security, Funded #86 - XDR Is Calling, SVB Finds A Buyer, and New Uses For Old Tech

Hey there,

Happy Monday, and I hope you had a great weekend!

In this week's issue:

• XDR Is Calling
• SVB Finds A Buyer
• New Uses For Old Tech

The US and TikTok have a face-off, SVB finds a buyer, the US Fed and the ECB raised interest rates again, and the Co-Founder of Intel and inventor of “Moore’s Law”, industry legend Gordon Moore, dies at 94.

SVB finally finds a buyer in First Citizens Bank (FCB), based in Raleigh, North Carolina. Many people reading this may have never heard of FCB prior to buying SVB, but FCB is no stranger to acquisitions, having completed more than 20 FDIC-backed bank acquisitions since 2009.

FCB also holds a special place in my own heart. Many (many!) years ago, I got my first job as a security engineer there. I was only a few years into my career, having just been laid off from the last financial crisis in 2008, and I was given the chance to break into engineering. It was the first hands-on role I had in cybersecurity, and it created an unquenchable thirst to learn more about cybersecurity and always improve myself.

I credit my time there, and my experience living through multiple bank mergers, as a breakout period that helped tremendously accelerate my career. Without my time at FCB, I may not be where I am today.

Earnings Reports

• Secureworks (SCWX) - beat its earnings estimate for Q4 2022 on the backs of the evolution of the XDR (eXtended Detection and Response) space. A specific focus was spent on replacing legacy SIEM deployments and catering to the MSP/MSSPs businesses.

XDR is now more than just another annoying cyber industry acronym. The cost of log collection, retention, normalization, and detection has dropped significantly.

At the same time, with the rise of detections as code, Detection Engineering as a discipline, security engineers starting to look more and more like software developers, and trust-driven security vendors, and the cost of threat detection has followed suit.

XDR is now making true what the SIEM promised 10+ years ago.

This doesn’t mean the SIEM is dead, however. XDR and SIEM deployments are a piece of the larger puzzle, and there is no one-size fits all model.

Don’t forget that with 3 referrals, you can get my Airtable base with a list of all the public cybersecurity companies mapped to categories, funding data, and market cap information, updated daily. Find your unique referral link below (email-only version)!

Onward to this week's issue.

🗣Sponsor

Lacework: Security for DevOps, Container, and Cloud

Lacework is data-driven cloud security

Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environments

Schedule a meeting to start your cloud security journey today!

🛞 Industry News Roundup

• ChatGPT has an Outage and Unintentional Data Disclosure (more)
• 2022 Zero-Day Exploitation Continues at an Elevated Pace (more)
• U.S. Threatens Ban if TikTok’s Chinese Owners Don’t Sell Stakes (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

Overall funding volume over the past few weeks has been on par year-over-year, which I think is a good sign. Of course, this year has seen a lot of uncertainty on the macro headwinds and banking industry instability, but this still shows that dry powder is, indeed, getting wet. 🌊

💰 Funding Summary

• 10 companies raised $89.6M across 9 unique product categories
• 5 companies were acquired or had a merger event across 4 unique product categories

🧩 Funding By Product Category

• $37.1M for Identity and Access Management (IAM) across 2 deals
• $15.0M for Passwordless Authentication across 1 deal
• $8.0M for Identity Governance & Administration (IGA) across 1 deal
• $8.0M for Application Security Testing (AST) across 1 deal
• $7.5M for Data Protection across 1 deal
• $6.0M for Cloud Security across 1 deal
• $5.0M for Managed Security Services Provider (MSSP) across 1 deal
• $2.0M for Internet of Things (IoT) Security across 1 deal

🏢 Funding By Company

• Britive, a United States-based multi-cloud privileged access visibility and threat monitoring all in one platform, raised a $20.5M Series B from Pelion Venture Partners. (more)
• Aembit, a United States-based identity and access workload management platform, raised a $16.6M Seed from Ballistic Ventures and Ten Eleven Ventures. (more)
• Clerk, a United States-based no-code passwordless authentication and customer identity building blocks platform, raised a $15.0M Series A from Madrona. (more)
• Backslash Security, an Israel-based application security testing and bug prioritization platform, raised an $8.0M Seed from D. E. Shaw & Co., First Rays Venture Partners, and StageOne Ventures. (more)
• Oleria, a United States-based identity governance and administration (IGA) platform, raised an $8.0M Seed from Salesforce Ventures. (more)
• Turnkey, a United States-based API platform for managing private keys in smart contract and cryptocurrency deployments, raised a $7.5M Seed from Coinbase Ventures. (more)
• emma, a Luxembourg-based secure cloud deployment and management platform, raised a $6.0M Seed from RTP Global. (more)
• Cerberus Sentinel, a United States-based managed compliance and cybersecurity services company, raised a $5.0M Post-IPO Debt round. (more)
• OP[4], a United States-based Internet of Things (IoT) and embedded device security platform, raised a $2.0M Seed.
• Guard Dog Solutions, a United States-based network security platform, raised a $1.0M Debt Financing round.

🌎 Funding By Country

• $75.6M for United States 🇺🇸
• $8.0M for Israel 🇮🇱
• $6.0M for Luxembourg 🇱🇺

🤝 Mergers & Acquisitions

• Baffin Bay Networks, a Sweden-based web application and API security platform (WAAP), was acquired by Mastercard for an undisclosed amount. (more)
• Confluera, a United States-based extended detection and response (XDR) platform, was acquired by XM Cyber for an undisclosed amount. (more)
• Lidera Network, a Spain-based managed security services provider (MSSP), was acquired by V-Valley for an undisclosed amount.
• Liquid C2, an Egypt-based managed services provider (MSP), was acquired by Liquid Telecom for an undisclosed amount.
• Slipstream Cyber Security, an Australia-based managed security services provider (MSSP), was acquired by Interactive for an undisclosed amount.

📚 Great Reads

• AI Prompt Injection Threat Model - Using AI prompt injection to reveal that a person is attempting to use an AI prompt to interact with you on LinkedIn is just 👨‍🍳🤌
• Lots of Cybersecurity Companies Are Going to Fail This Year - A hot take from Andrew Morris, CEO of GreyNoise, about how companies should get to a cash flow break-even, consider new strategies, and consider partnering with competitors.
• The rise of the technical security leader - Frank Wang thinks we need to establish a foundational security strategy where security is integrated into the engineering process rather than an afterthought.

🐝 Cross Pollinate

Discover something 🆕 this week.

A newsletter that talks about the intersection of AI and cybersecurity, something very top of mind for security professionals today, from Craig Balding:

The Threat Prompt Newsletter | Craig Balding | Substack

The AI Security newsletter. About the security of AI and how to use AI for security. Click to read The Threat Prompt Newsletter, by Craig Balding, a Substack publication. Launched 3 months ago.

The Threat Prompt NewsletterCraig Balding

🗣Sponsor

AppSec Without the Noise

Discover Bearer, an innovative, open-source SAST engine for lightning-fast security risk assessment, prioritization, and remediation. Seamlessly integrate with GitHub or GitLab, and effortlessly shift data security left.

Bearer simplifies privacy reporting, generating detailed reports with information on processed sensitive data, associated risks, data subjects, and third-party services to support your privacy and compliance teams. By focusing on sensitive data flow analysis, Bearer helps protect your business from the rising threats of data leaks and breaches.

Elevate your application security game and safeguard your sensitive data with Bearer

🧪 Labs

Improvise. Adapt. Overcome.

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🔥 Security, Funded is brought to you by Return on Security.

🤝 Want to partner with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.