At a glance.
- QinetiQ US to purchase Avantus Federal for $590 million.
- Peraton awarded $850 million DOD contract.
- Lawmakers proposing changes to SBIR program.
Mergers and acquisitions.
QinetiQ US has announced that it has agreed to purchase cyber and data analytics company Avantus Federal for $590 million. Shawn Purvis, CEO and president of QinetiQ, said of the acquisition, “This acquisition is a transformational platform that delivers on our growth strategy of building a disruptive mid-tier defense and intelligence company,” and also added that the purchase will result in “a powerful performance culture and scaled technical differentiation.”
New York-based actionable intelligence company Flashpoint has acquired Canadian open-source intelligence company Echosec Systems. Flashpoint reports that this acquisition will “significantly expand its OSINT capabilities to drive on-the-ground situational awareness, executive protection, geopolitical risk assessments, counterterrorism, misinformation and disinformation identification and response, and crisis response.”
BitSight, a Boston-based cybersecurity ratings company, has announced its intent to acquire Third-Party Risk Management (TPRM) platform ThirdPartyTrust. BitSight says that with the integration of ThirdPartyTrust into its existing TPRM solutions, the company will be able to provide an “end-to-end third-party risk management solution that delivers real-time insights to drive strategic decision-making throughout the entire vendor lifecycle.”
Investments and exits.
Peraton, a Virginia-based technology company, has been awarded an $850 million contract by the US Department of Defense to provide analytic platforms and data management solutions. Peraton chairman, President and CEO Stu Shea, said “This win, which solidifies our long-standing relationship with the DOD, is the result of years of exceptional performance from our technical teams. I am proud that we are continuing Peraton’s heritage of driving capabilities for our IC customers to solve their most daunting challenges.”
Lockheed Martin has doubled its venture capital fund from $200 million to $400 million, and will use the money to invest in defense innovation via technology startups. Chris Moran, vice president and general manager of Lockheed Martin Ventures said, “In 2021 alone, Lockheed Martin Ventures screened more than 1,000 start-up companies that are leading advancements in the areas such as artificial intelligence, autonomy and robotics, cyber security, and quantum computing.”
Israeli enterprise browser provider Talon Cyber Security has raised $100 million in Series A funding, led by Evolution Equity Partners, with contributions from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The company says the funding will be used to accelerate go-to-market efforts, as well as delivering new product enhancements.
Cyber risk quantification solutions provider Axio, headquartered in New York, has raised $23 million in Series B funding, led by ISTARI, with participation from existing investors, including Distributed Ventures, IA Capital Group, and Bob Dudley, Axio Chairman and former CEO of BP. The company says it will use the funding “to accelerate its mission of empowering security and business leaders to discover and respond to the cyber risks that most affect their organizations.”
Cybersecurity company Keyavi Data, based in Colorado, has raised $13 million in Series A funding. The funding will be used to expand into new markets and acquire “expert-level talent.” CEO Elliot Lewis said, “Keyavi is leading the way in redefining the cybersecurity landscape, carving the future of self-protecting, intelligent and self-aware data security. Our platform presents a fundamental paradigm shift from conventional data protection technologies that will secure data for businesses across all industries. We are thrilled at the opportunities for growth that are enabled by our investors’ continued trust and commitment.”
Cyren, a cloud-based internet security company headquartered in Virginia, has announced its completed divestment of its legacy secure email gateway business to Content Services Group GmbH for €10 million. Brett Jackson, Cyren's CEO said, "This divestment will improve our balance sheet and allow Cyren to focus on products and market opportunities that will best help us grow our revenues. We will concentrate on continuing to build momentum with our enterprise anti-phishing product, Cyren Inbox Security, as well as growing our core threat detection business."
Cybersecurity company Lumu, based in Miami, has raised $8 million in funding, led by Panoramic Ventures, with investments from KnowBe4 Ventures, Lane Bess, former Zscaler and Palo Alto Networks executive, and Tom Noonan, former CEO at Internet Security Systems and the SoftBank Group's SB Opportunity Fund. The funding will be used as growth capital for sales and marketing initiatives.
Data privacy code scanning platform Privya has emerged from stealth with $6 million in seed funding, with participation from Hyperwise Ventures and several angel investors. Privya is based in Tel Aviv, Israel. Uzy Hadad, co-founder and CEO of Privya, said, “Privacy and data protection are among the biggest challenges of our time, and with big data and machine learning using larger and larger quantities of personal data, keeping sensitive and personal information protected is getting both harder and more urgent.”
Tampa Bay-based security awareness company KnowBe4 has announced the creation of KnowBe4 Ventures. Elephant and Ten Eleven Ventures are partnering with KnowBe4 on the venture capital initiative. The company will be focusing on early-stage investments, at Seed through Series B stages. KnowBe4 plans to invest in companies that “strengthen and support the human layer of cybersecurity.”
Cybersecurity firm ZeroFox is set to join the NYSE, following a $1.3 billion SPAC merger. The deal was approved on August 2nd, and SPAC L&F Acquisition will merge with ZeroFox and another cybersecurity firm, ID Experts, and will form ZeroFox Holdings, shown on the NYSE as “ZFOX.”
SBIR changes may be coming.
Lawmakers are proposing major structural changes to the Small Business Administration’s (SBA) federally-funded Small Business Innovation Research (SBIR) and Small Business Technology Transfers (STTR) programs, BreakingDefense reports. The Department of Defense is a major user of the program, which was established in 1982 and expires September 30th of this year.
The goal of the SBIR program is to tap into the innovative potential of small businesses. SBIR awards coming in three phases. The first two are funding phases, with the third involving support for commercialization and sales. The Department of Commerce, which has overall responsibility for the program, says that a business is eligible to apply for an award if:
- It’s “organized for profit, with a place of business located in the United States”
- If it’s “more than 50% owned and controlled by one or more individuals who are citizens or permanent resident aliens of the United States, or by other small business concerns that are each more than 50% owned and controlled by one or more individuals who are citizens or permanent resident aliens of the United States”
- If the business has “no more than 500 employees, including affiliates.”
The awards are large enough to be of interest to a start-up. “As of November 2021, agencies may issue a Phase I award (including modifications) up to $275,766 and a Phase II award (including modifications) up to $1,838,436 without seeking SBA approval. Any award above those levels will require a waiver.”
There are eligibility requirements for Federal agencies as well. “Each year, Federal agencies with extramural research and development (R&D) budgets that exceed $100 million are required to allocate 3.2% (since FY2017) of this extramural R&D budget to fund small businesses through the SBIR program.”
This means that agencies with substantial R&D budgets from which they issue grants and contracts for research to business, universities, and not-for-profits will run an SBIR program. Congress believes there’s an issue with businesses transitioning between phases, especially with some technology falling into the “valley of death” between Phase II and Phase III. BreakingDefense writes, “In the first proposal, the Senate Small Business Committee would restrict eligibility to the SBIR/STTR programs based on the total number of awards received from the inception of the program. The second proposal, also from the committee, would restrict eligibility to the programs based on the number of awards received over a five-year period. In the third proposal, the House Small Business Committee restricts eligibility based on enhanced requirements associated with the existing Phase I to Phase II transition rate and the Phase III commercialization benchmarks.” These proposals are apparently motivated by Congressional sentiment that some companies are SBIR shops – they get grants, do research, and move to the next phase without transitioning their technology to a product that meets an operational or a business need. The Department of Defense (which makes heavy use of SBIR in its science and technology programs) doesn’t much care for the Senate proposals, but believes it could live with the modification the House proposed.
Some of the bigger SBIR/STTR programs that contain topics likely to be of interest to cybersecurity companies are operated by the Departments of Defense, Homeland Security, Energy, Transportation, and Health and Human Services. Search the current SBIR topics to see what the agencies are interested in funding.