Early stage startup M&A on fire, funding healthy, and attackers are like lawyers? – ESW #352

$200M Series E extension, led by Accel. Reportedly doing over $100M ARR in 2023, what's next for this unicorn as it continues to grow?

$100M growth round, bringing funding total to over $700M. Is this OT security startup still a unicorn? I sure hope so, that's a lot of funding to justify! Like Axonius, the company claims over $100M ARR in 2023 - a healthy and confidence inspiring number for a company with this much funding in the can.

$4M seed round co-led by Madrona Ventures and Vine Ventures. "Codified aims to simplify the process of data governance by ensuring that the right people have access to the right data."

£2.8M in Seed funding, led by Nauta Capital.

"ESProfiler is a cybersecurity firm providing a platform that quantifies what security investments do against the evolving ways adversaries attack organisations. It offers a comprehensive view of an enterprise’s security capabilities, identifies gaps and efficacy, and provides the vital commercial and financial data needed for informed decision-making."

$2.35M funding round led by Boldcap. This Boston, MA-based company enables safe adoption of Generative AI within enterprises.

Cycode, a Series B ASPM startup with $80.6M in funding, picks up Bearer, a seed-stage SAST, API discovery, and data leak prevention startup.

Yet another DSPM picked up! Word on the street (and in Israeli rumor mills) is that the deal value is under $100M. Flow was working with $13M in funding from two funding rounds.

Hot take queen Kelly is back with another one. Attackers are like lawyers? What an opener!

There's also an acronym you probably shouldn't say out loud. As usual it's a solid, useful perspective that can help defenders outthink their adversaries.

"Principal Security Engineer Dakota Riley dives into the GitHub Advisory Database, cross referencing with other data sources and looking for interesting trends"

This involves a crypto-related pig butchering scam, but isn't really a cyber breach. Still, there are some interesting lessons to learn from it, particularly around compliance and the importance of knowing when to speak up (and file a SAR)!

"A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts."

"In the recent FTC investigation, Avast claimed that they were entitled to sell and share browsing data because it was anonymized. The FTC found that the anonymization measures employed by Avast were wildly insufficient to actually prevent re-identification -- and even where contracts contained prohibitions on re-identification, the language allowed customers to join their first-party data to the data purchased from Avast."