At a glance.
- Google completes acquisition of Mandiant.
- Thoma Bravo and Darktrace back out of buyout talks.
- Dig Security raises $34 million.
- EY splitting into two businesses.
Mergers and acquisitions.
Google has completed its acquisition of Mandiant. With this acquisition, Mandiant will be joining Google Cloud, but will be retaining the Mandiant brand. Google says that this acquisition will enable them to “deliver an end-to-end security operations suite with even greater capabilities to support customers across their cloud and on-premise environments.”
Thoma Bravo and Darktrace are no longer in talks of a buyout after an agreement on sale price couldn’t be reached, CRN reports. The news of the ended discussions hurt Darktrace’s stock, plunging the company’s stock prices more than 33% on the London Stock Exchange.
Distology, a specialist IT security distributor based in the United Kingdom, has acquired Berlin-based Squareball, a provider of IT services and IT consulting. Distology said in a press release, “Squareball augment our existing expertise with their recognised excellence in software engineering, product design, solution architecture and identity access management solutions (IAM & CIAM).”
Enterprise security technology provider Minuteman Security Technologies, headquartered in Massachusetts, has acquired systems integrator Inlution, based out of Maine. This acquisition enables Minuteman to continue to grow as the Northeast’s largest independent full-service integrated security, communication, and life safety systems provider. Minuteman’s CEO Joseph Lynch said, “We are excited to have the Inlution team to be a part of our family. This acquisition will insure we can continue to offer our clients in Maine with the highest level of service they deserve.”
California-based cyber defense solutions provider Celerium has acquired automated network defense provider Dark Cubed, based out of Virginia. This acquisition marks a shift for Celerium, moving “to powering active cyber defense from enabling cyber threat sharing.”
Volaris Group has acquired Hitachi ID Systems, and has renamed the company Bravura Security. Bravura Security will continue the work of its predecessor and remain independent. “Bravura Security’s analyst-recognized market position combined with its more than 20 years of experience and global customer base made it an attractive investment for Volaris. This acquisition positions us to strategically build out a broader cybersecurity portfolio and provides us a footprint in the growing identity and privileged access management market,” said Carl Bruce, Group Leader at Volaris.
Palo Alto-based enterprise SaaS company SandboxAQ has acquired cybersecurity and encryption analysis software company Cryptosense. Jack D. Hidary, CEO of SandboxAQ, said of the acquisition, "Rapid advances in quantum computing and AI challenge the effectiveness and performance of existing cryptography-based cybersecurity solutions. The combined leadership, talent, and expertise that SandboxAQ and Cryptosense bring to the marketplace accelerates the deployment of more effective cryptography solutions to protect the world against the security threats of today and tomorrow.”
Investments and exits.
Tel Aviv-based cloud data security company Dig Security has raised $34 million in Series A funding, led by SignalFire, with contributions from Felicis; Okta Ventures; Nir Polak, Venture Partner at SignalFire and Founder and Chairman of the Board at Exabeam; Jack Huffard, Co-Founder of Tenable; and Team8. The funding will be used to accelerate go-to-market efforts and deliver new features that enhance cloud data security.
Industrial IoT startup Litmus Automation, based out of California, has raised $30 million in Series B funding, led by Belden. Co-founder Vatsal Shah says that the funding will be used to expand the company’s go-to-market efforts, as well as “scaling to support enterprise customers globally.”
Los Angeles-based data security platform Open Raven has raised $20 million in Series B funding, led by Pelion Ventures, with contributions from Kleiner Perkins and Upfront Ventures, who are existing investors. The funding will be used to invest in engineering, sales, and marketing to accelerate their plans and expand support for their growing clientele.
Cloud data security provider Theom, based in California, has raised $16 million in seed funding, led by Ridge Ventures and M12, Microsoft’s Venture Fund. The company said, “Theom is pioneering a new method of securing data in the cloud and SaaS data stores by ensuring that protection always follows the asset, adapting the security as environments change.”
Cloud security orchestration and remediation startup Opus Security, based in Tel Aviv, has raised $10 million in seed funding, led by YL Ventures with participation from Tiger Global, as well as many security executives and entrepreneurs. Meny Har, co-founder and CEO of the company, said, “The massive transition to the cloud has created a need for a new and different type of security orchestration platform, one that minimizes organizational risk and excels at leveraging the countless automation opportunities in the cloud. The growing number of stakeholders that are now an inherent part of the security operations process should be connected and working together to reduce risk.”
Executive moves.
Omada has announced four new hires; Karen Slatford as Chairperson of the Board, Benoit Grangé as Chief Technology and Product Officer, Sean Brown as Global Partner Vice President, and Eric Neal as Senior Vice President of Sales for North America.
Cohesity has appointed CEO of Mandiant, Kevin Mandia, to the company’s Board of Directors.
Open Systems has hired May Mitchell, formerly with iboss and Cylance, as the company’s Chief Marketing Officer.
PagerDuty has appointed Sesh Tirumala as the company’s Chief Information Officer and Heather Hinton as the company’s Chief Information Security Officer.
Cerberus Technology Solutions has hired Ilya Feige as the company’s Global Head of Artificial Intelligence and Machine Learning.
Gallagher Re has named Jasper Goring as the head of the company’s cyber reinsurance hub in New York.
Cerberus Sentinel has hired David Bronner as the company’s M&A Legal Counsel.
Silverfort has appointed Tim Fleming, former Deloitte Australia and APAC CIO and Partner, as a Strategic Advisor.
Swimlane has appointed Frans Xavier as the company’s Chief Technology Officer and Senior Vice President of Engineering.
Hogan Lovells has hired former Deputy Chief of the Criminal Division, Southern District of New York, Kristy Greenberg, as a Litigation and Investigations Partner.
Lumen has appointed Kate Johnson as the company’s President, Chief Executive Officer, and a member of the company's Board of Directors.
Netacea has appointed Andy Lole as the company’s Chief Technology Officer.
FTI Consulting has appointed former Director of the FBI National Cyber Investigative Joint Task Force, Brian Boetig, as a Senior Managing Director for the firm.
Sift has hired Mary Writz as the company’s Senior Vice President of Product.
Mimecast has appointed Rafe Brown as the company’s President and Chief Operating Officer.
Obsidian Security has appointed Reena Choudhry as the company’s Chief Revenue Officer.
Critical Start has appointed three new executives, as well as internally promoting two people to notable positions; Chris Williams as the company’s new Chief Revenue Officer, George Jones as the company’s Chief Information Security Officer, John Schilskyhas as the company’s Chief Financial Officer, Chris Carlson as the company’s Senior Vice President of Product, and Roseanne Donohue as the company’s Senior Vice President of People Strategy.
LogRhythm has appointed Gary Abad as the company’s Vice President of Global Channels.
SonarSource has hired Derek Smith, a former Airbnb executive, as General Counsel.
Company news.
Accounting and consulting firm Ernst & Young (EY) has announced that they will be splitting into two businesses, the New York Times reports. The company will operate as two separate companies, one focused on auditing work and the other on consulting and advisory services if the plan is approved. The Times reports that the split “is intended to help avoid conflicts of interest that can arise between the auditing work and consulting work that EY does for some corporate clients.”
Considerations on developing a business's security budget.
Jason Clark, Chief Security Officer at Netskope (and formerly the New York Times' first CISO) commented on the challenges of developing a budget for security operations:
"Nearly every CISO that I’ve had a conversation with lately has had the same top of mind priority: the simplification of security operations. They are being forced to simplify security, as budgets consolidate and the tech stack becomes too complex for long-term sustainability. Here are a few areas that I recommend evaluating first:
"Security’s greatest enemy is complexity. Therefore, the first area to focus on is the simplification of processes. In many cases, there are too many security controls in place without thinking about the resulting friction it puts on the business at large. By simplifying processes, you also eliminate a few of the unnecessary controls.
"Next, organizations should prioritize investing in the next generation of talent. The most efficient, effective security programs hire young talent and develop them over time. At Netskope, we hire high school and college graduates, and provide mentorship and shadowing opportunities so they quickly learn and become more productive on the job.
"When evaluating the tech stack, it’s important to focus on the capabilities versus the technology’s domains, with the end goal of driving consolidation on platforms. For example, organizations can consider consolidating to one SASE solution collapsing technologies like DLP, VPN and SD-WAN (among others) into one secure access solution. This drives reduction in product and operating costs, but also significantly reduces risk because one ‘brain’ is driving all user and device access to all applications and data, regardless of where the users are located.
"Overall, I’m finding the best, most simplified security programs have four foundational solutions as the core of the security program, and those are: Secure Service Edge (SSE); Identity and Access Management (IAM); Security Orchestration, Automation and Response (SOAR) / Security, Information and Event Management (SIEM); and Endpoint Security.
"Once the core of the security program is established, CISOs can address any missing gaps in each domain, with the best practice of spending the most budget on the largest or fastest growing risks within their business. For instance, many CISOs are moving 30-40% of their firewall spend to new capabilities because the firewall does not see that traffic or can not decode cloud traffic. Many are investing in API security to fill a fast-growing risk. I’d also advise when filling any gaps to Shift Left in order to build security early on into the software pipeline. It costs significantly less to be proactive versus reactive, and this is how you get leverage in your application security program as well as in engineering.
"It’s no longer about checking the box to comply with security standards that were built some 20 years ago. It’s now about security simplification while remaining effective, proactive and cognizant of budget.”