Startup Post Mortems, Live Security Statuses, LG Acquires Cybellum, & Coalition – ESW #244
In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor "live security status page", 386 startup post mortems, and don't forget to stick around for Adrian's curveball "Squirrel of the Week" story at the end!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Hosts
- 1. FUNDING: Cyber insurance firm Coalition lands $205M at Series E, valued at $3.5BSo, cyber insurance/cyber security combo firms are a thing now. It's kind of the inverse of a conflict of interest - it's more like a _protection of interest_. In fact, if every vendor had some real stakes in preventing their customers from getting breached, the whole cybercrime landscape would likely look very different right now. Resilience and Corvus offer some continuous monitoring and services, but Coalition has nearly a full security program stack that they can deploy to customers. They acquired BinaryEdge, an ASM vendor, in early 2020. They raised a $90m Series C back in May 2020, with an $890m valuation. (10x the raise) They raised a $175m Series D in March 2021, with a $1.75bn valuation. (10x the raise) This is a $205m Series E, at a $3.5bn valuation. (17x the raise) Their master plan, they propose, is to build an insurance product to fund a security platform, which informs a better insurance product, which leads to better security tools. I'm skeptical, but I can't hate it. At least it's a different approach - one that seems to have some sound logic behind it.
- 2. FUNDING: Cyber risk management platform provider Panorays nabs $42M
- 3. FUNDING: SenseOn nabs $20M for faster, more accurate cybersecurity detection and response via its ‘triangulation’ approach – TechCrunch
- 4. FUNDING: Jscrambler Raises $15 Million in Series A Funding to Rewrite the Rules of Website SecurityREWRITE the rules? Get it? GET IT???
- 5. FUNDING: Exein raises €6M to fuel the company’s planned architectural product expansion – Help Net Security
- 6. FUNDING: EQT Private Equity invests in EC-Council, a global leader in cybersecurity training and certificationSwedish PE firm grabs a significant stake in EC-Council as part of their Asian fund (EC-Council's founder is Malaysian and they seem to have significant operations in India)
- 7. ACQUISITION: LG is acquiring automotive cybersecurity startup Cybellum in a $240M deal – TechCrunch
- 8. ACQUISITION: OneTrust acquires Tugboat Logic to automate InfoSec assurance and certification
- 9. TRENDS: Crossbeam introduces their live security status page – is this the future of vendor management?Crossbeam is part of a new trend taking a bold step: publicly sharing their current compliance and security status. They're using an off-the-shelf product to do it, called SafeBase (https://safebase.io) and they're not the first to do it, just the first that has come to my attention. Any way you look at it, it's impressive and it's really where we need to be: Kirckhoff's Principle really seems to apply here.
- 10. TRENDS: 386 Startup Failure Post-MortemsIt's always interesting reading case studies of startup successes and failures. This is a long list of very concise post-mortems. Each one is about a 10-20 second read. One of the 386 failures is even a cybersecurity startup, called Rubica. (I couldn't really figure out what Rubica did, despite reading several descriptions)
- 11. SQUIRREL: Here’s everything Amazon announced this morning…NOTE: co-hosts, don't read beforehand, I want to do a 'bluff the listener' style quiz. I'll throw out three new products Amazon announced. Two will be made up, one is real. You try to guess which one is real!
