💰 Security, Funded #90 - Conference Corn, RSA Innovation Sandbox, and the Smell of the Expo Floor in the Morning

Hey there,

Happy Monday, and I hope you had a great weekend!

In this week's issue:

• Conference Corn🌽
• RSA Innovation Sandbox
• The Smell of the Expo Floor in the Morning

Microsoft is developing its own AI chip, Meta is doing yet another round of layoffs, Twitter gets rid of the legacy verified blue checkmark and security people brace for a new wave of scams, BSides SF actually had some pretty tasty Conference Corn 🌽 for lunch, and I love the smell of the expo floor in the morning! 😤

Over the weekend, I had the chance to attend my first ever BSides SF, and it was the best BSides event I’ve been to. Extremely well run, a great venue with an amazing list of topics, and I got to meet a lot of other great security people in real life. 10/10 - would do it again.

Today the 2023 RSA Conference (RSAC) kicks off in San Francisco, and it always starts with the big RSA Innovation Sandbox event at the end of the first day.

Last week, Rami McCarthy and I teamed up to write an analysis of the history and outcomes of the RSA Innovation Sandbox challenge. Let us know what you think, and excited to see how the 2023 challenge shapes up!

Signal v. Noise in the RSA Innovation Sandbox

Discover RSA Innovation Sandbox’s impact on cybersecurity startups, explore winner outcomes, anti-portfolio insights, and key observations to understand its industry significance.

Return on Security | Making the Most of Security InvestmentsMike P

Also, if you’re here at RSA this week and reading this issue, let’s meet up so I can give you a Security, Funded sticker!

I’ll also be wheeling and dealing with the remaining sponsorship spots I have for 2023 while here and maybe even opening up some of 2024 for the right partners. 👀  Let’s get this bread together, family. 🥖

Onward to this week's issue.

🗣Sponsor

Lacework: Security for DevOps, Container, and Cloud

Lacework is data-driven cloud security

Our platform, powered by Polygraph®, automates cloud security at scale so our customers can innovate with speed and safety across AWS, Azure, GCP, and Kubernetes environments

Schedule a meeting to start your cloud security journey today!

🛞 Industry News Roundup

• Ukraine's cyber defense against “unprecedented” Russian offensive (more)
• Thoma Bravo Sponsors Launch of Industry Group to Advance Cybersecurity Sector (more)
• These two marketing pros are filling a gap in the cybersecurity industry (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

Q2 2023 funding has started off with a rebound 🏀 as compared to Q1 2023. Overall deal volume is relatively the same, and overall funding is only down ~13% so far as compared to the 54% drop (or a reversion to the mean prior to the zero interest rate phenomenon) we saw in Q1 2023.

💰 Funding Summary

• 16 companies raised $323.4M across 12 unique product categories
• 8 companies were acquired or had a merger event across 4 unique product categories for $26.0M

🧩 Funding By Product Category

• $75.0M for Threat Detection and Response (TDR) across 1 deal
• $58.4M for Application Security across 2 deals
• $50.0M for Threat and Risk Prioritization across 1 deal
• $50.0M for Endpoint Detection and Response (EDR) across 1 deal
• $30.0M for Security Data Lake (SDL) across 1 deal
• $25.0M for Breach & Attack Simulation (BAS) across 1 deal
• $20.5M for Fraud and Financial Crime Protection across 3 deals
• $12.0M for Data Access Governance across 1 deal
• $2.5M for Data Privacy across 1 deal
• An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal
• An undisclosed amount for Connected and Autonomous Vehicle Security (CAVS) across 1 deal
• An undisclosed amount for API Security across 1 deal

🏢 Funding By Company

• Coro, an Israel-based unified threat management platform focused on the mid-market, raised a $75.0M Series C from Energy Impact Partners. (more)
• Semgrep (formerly r2c), a United States-based static code analysis application security tool, raised a $53.0M Series C from Lightspeed Venture Partners. (more)
• Halcyon, a United States-based endpoint detection and response (EDR) platform, raised a $50.0M Series A from SYN Ventures and Corner Ventures. (more)
• Safe Security, a United States-based cyber risk quantification and management platform, raised a $50.0M Series B from Sorenson Capital. (more)
• Avalor, an Israel-based security data lake platform, raised $30.0M in funding with a $25.0M Series A from TCV and a $5.0M Seed from Cyberstarts. (more)
• SpecterOps, a United States-based breach and attack path management platform, raised a $25.0 M Series A from Decibel Partners. (more)
• Veridas, a Spain-based digital identity verification platform, raised a $16.5M Series. (more)
• Dasera, a United States-based data access governance platform, raised a $12.0M Series A from Storm Ventures. (more)
• Mobb, a United States-based application security platform that helps developers find and fix code vulnerabilities, raised a $5.4M Seed from Ariel Maislos and MizMaa Ventures. (more)
• FiVerity, a United States-based anti-fraud platform, raised a $4.0M Seed from Mendon Venture Partners. (more)
• lockr, a United States-based consumer-focused digital identity and consent management platform, raised a $2.5M Pre-Seed from Junction Venture Partners, Mozilla Ventures, and Grit Capital Partners. (more)
• ARC Systems, a United Kingdom-based managed security services provider (MSSP), raised an undisclosed Private Equity from Beech Tree Private Equity. (more)
• Block Harbor Cybersecurity, a United States-based automotive cybersecurity platform, raised an undisclosed Venture Round from [VicOne](). (more)
• Cequence Security, a United States-based API security platform, raised an undisclosed Venture Round from Hewlett Packard Pathfinder and Prosperity7 Ventures. (more)
• Wallet Guard, a United States-based Web3 transaction fraud protection browser extension, raised an undisclosed Pre-Seed from Ethereal Ventures. (more)

🌎 Funding By Country

• $201.9M for United States across 11 deals 🇺🇸
• $105.0M for Israel across 3 deals 🇮🇱
• $16.5M for Spain across 1 deal 🇪🇸
• An undisclosed amount for United Kingdom across 1 deal 🇬🇧

🤝 Mergers & Acquisitions

• LookingGlass Cyber Solutions, a United States-based external attack surface management platform, was acquired by ZeroFox for $26.0M. (more)
• CloudComputing, a Portugal-based managed security services provider (MSSP), was acquired by Allurity for an undisclosed amount. (more)
• CWL Systems, a United Kingdom-based managed security services provider (MSSP), was acquired by Atech Cloud for an undisclosed amount. (more)
• MMC, a South Africa-based managed security services provider (MSSP), was acquired by +OneX for an undisclosed amount. (more)
• Neosec, a United States-based API security platform, was acquired by Akamai Technologies for an undisclosed amount. (more)
• SECUDE International, a Switzerland-based managed security services provider (MSSP), was acquired by Peakstone Growth Partners for an undisclosed amount. (more)
• Securix, a Switzerland-based managed security services provider (MSSP), was acquired by Allurity for an undisclosed amount. (more)
• Yubico, a United States-based hardware-based multi-factor authentication (MFA) device company, merged with Acq Bure for an undisclosed amount for future plans of an IPO via SPAC. (more)

📚 Great Reads

• Addressing the Security Risks of AI - The report starts from the premise that AI systems, especially those based on the techniques of machine learning, are remarkably vulnerable to a range of attacks.
• More musings on data gravity, platform play, and the growing role of data lakes and cloud providers in cybersecurity - Addressing a few questions about data gravity and cybersecurity: role of cloud providers, data gravity and software security, AI, multi-cloud, and making a case for the emergence of a security data layer
• Meet Chaos-GPT: An AI Tool That Seeks to Destroy Humanity - Chaos-GPT, an autonomous implementation of ChatGPT, has been unveiled, and its objectives are as terrifying as they are well-structured.

🗣Sponsor

Easy SOC 2 compliance + AI-based RFP automation

SOC 2 compliance in weeks, not months

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process, end-to-end. What makes Secureframe different?

• Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
• Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
• Automate responses to RFPs and security questionnaires with AI.
• Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Schedule a personalized demo of Secureframe

🧪 Labs

Rick Astley was the hero we needed, not the one we deserved

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🔥 Security, Funded is brought to you by Return on Security.

🤝 Want to partner with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.