- 1. FUNDING – SecurityScorecard snags $180M Series E to measure a company’s security risk – TechCrunch
I don't want to say too much, because we'll be reviewing the products in this space in a few months, but the entire value prop is a bit hard to swallow here. Can you glean some useful information from observing a company from the outside? Absolutely. Can that information be used to make a conclusion about the risk of doing business with that company? That's the $290m question, I guess. SecurityScorecard takes a swift kick at Solarwinds while they're down, but I wonder what a more comprehensive look at scores when companies were breached looks like. How many of Solarwinds' own third-party vendors have a score as low as Solarwinds' or lower? What I really worry about is these scorecard companies creating a compliance-like distraction away from a focus on improving security. Put another way, does an "A" from Security Scorecard really mean better security than someone with a B or a C?
- 2. FUNDING – Secureframe raises $18M Series A to simplify cybersecurity compliance – TechCrunch
Helping orgs comply with SOC2 and ISO27k is about as far from sexy as you can get. That said, there's no mention of blockchain, NFTs, AI/ML, ZeroTrust or next-gen. Secureframe is aiming to make a hugely painful process easier and that's never a bad formula for a solid business model.
- 3. FUNDING – Israeli-Founded Cyber Startup Axis Security Raises $50M
Some more money in the SASE pot. The Zero Trust dollars continue to flow!
- 4. NON-FUNDING – Thinkst – We bootstrapped to $11 million in ARR
I LOVE the idea of a "non-funding announcement" to go after that signal that's typically reserved for those that make funding announcements. Funding announcements are no-brainer announcements that are a key part of how we follow a company's progress, even though we know from experience that it isn't necessarily a sign of success. In fact, as the amounts get bigger and closer to Series D and beyond, if there aren't clear signs of an exit, it tends to turn into less and less of a positive signal. Especially 24 months+ after the last raise. But what are the positive signals for bootstrapped companies? How do we know what they're doing? If they're growing? I hope more bootstrappers take a page from Thinkst's strategy here and create their own milestones to publicly celebrate. It's not only important for employees and morale, but to signal to the outside world that things are going well. It creates customer confidence and naturally, should come around full circle to help sales and growth!
- 5. ACQUISITION – Fortinet Acquires Cloud And Network Security Startup ShieldX
A microsegmentation play aiming to strengthen Fortinet's Zero Trust muscles. Deal value wasn't shared. They've raised $34m to date, but haven't raised in a good long while (over 3 years). I suspect they've been struggling to both raise another round and gain some sales traction. Combined with the fact that Fortinet isn't sharing the deal value, my guess is gonna be that the VCs didn't get a 20x return on this one. Looking at comps, Palo Alto (who typically do generous deals) paid $150m on $34.5m raised (4.4x) for Aporeto, Zscaler paid $31m on $18m raised for Edgewise (1.7x), and FireEye paid $13.5m for Cloudvisory. It's really making me wonder how Illumio is doing (Series E, raised $332.5m to date). It's interesting tech for sure, but clearly a hard sell in the current market.
- 6. IPO – Cybersecurity training platform KnowBe4 files for a $100 million IPO
No secret S-1 here, you can go check it out now!
- 7. TRENDS – US Gov offering buybacks on Chinese telco equipment
The FCC outlines its rules to incentivize US organizations to stop using ZTE and Huawei gear through their "Secure
and Trusted Communications Networks Reimbursement Program". Apparently they want to update the vendor list that qualifies for this, but ZTE and Huawei are the two mentioned in this filing.
- 8. TRENDS – Google ditching cookies in Chrome to improve privacy
The general idea here (if I'm understanding it correctly) is that websites will be able to advertise to groups of individuals with similar preferences. The individuals within these groups will (in theory) have anonymity. I've spoken to a few folks about it though and it seems there are a lot more details here that aren't clear cut - some "you'll have to trust us on this bit" stuff.
- 9. TRENDS – US privacy, consumer, competition and civil rights groups urge ban on ‘surveillance advertising’ – TechCrunch
Looks like Big Tech is set to have Yet Another Chat with Congress tomorrow. This time, it's over "Surveillance Advertising", which is excellent branding if you want to shame Big Tech over their practices. Unless you're also an organization that regularly oversteps when it comes to surveillance... Hmmm, awkward. The open letter to Congress and Big Tech mostly focuses on the tangible harm social media has caused by taking a traditionally hands-off approach to some pretty vile content. Content that can be precisely targeted using social media's ad machines. https://uploads-ssl.webflow.com/6037bac32729e03c425791a6/605789d32e8de8a73441e1a7_Coalition%20Letter.pdf
- 10. TRENDS – NFTs could bridge video games and the fashion industry – TechCrunch
Cybercrime follows the money. The super-quick rise in NFT value means they're probably already looking for ways to profit off it.
- 11. OPEN SOURCE TOOLS – ConsoleMe: A Central Control Plane for AWS Permissions and Access
Another interesting open-source tool, courtesy of Netflix. It appears to be a front-end for managing AWS IAM roles and permissions, but not just for admins. Looks like this aims to be user-facing as well, for self-service use cases.