At a glance.
- Kocho acquires Mobliciti.
- NetSPI receives $410 million in funding.
- Optus breach fallout.
Mergers and acquisitions.
United Kingdom-based Kocho, a cyber security, identity, cloud transformation and managed services provider, has acquired fellow UK-based managed service provider Mobliciti. The company reports that the deal provides Kocho with new mobile management and security capabilities. Des Lekerman, Kocho CEO, said, “We are thrilled to welcome Mobliciti to the Kocho Group – it has an impressive portfolio of customers working in high-risk industries, which is testament to the team’s dedication, skill and mobile expertise. For many organisations, mobile devices represent their soft underbelly, providing criminals easy access to corporate data; they are also complex and costly to manage. With Mobliciti onboard, Kocho can now help organisations tackle the mobile challenge as part of their overall digital transformation and security strategies. This will enable us to add even more value to our customers, as well as deliver growth by opening up new markets.”
Investments and exits.
NetSPI, a Minneapolis-based enterprise pentesting and attack surface management company has received $410 million in new funding from investor KKR. The company says that the investment will go toward technology innovation, talent acquisition, and expansion, as well as “recapitalizing NetSPI's first institutional investor Sunstone Partners.”
Software supply chain security platform provider Ox Security, headquartered in Israel, has raised $34 million in seed funding, with investments from Evolution Equity Partners, Team8, Rain Capital and Microsoft’s M12. Ox Security CEO Neatsun Ziv said to TechCrunch in an email, “When the infamous SolarWinds attack took place, I recall the amount of stress that was felt across the industry. When brainstorming on ideas with my co-founder Lior Arzi, we talked about the need for an end-to-end supply chain solution — something that doesn’t only look at the code that goes into the end product but also at all of the procedures and processes that could have impacted the software throughout the whole development lifecycle. At the end of 2021, we founded Ox Security to build this solution.”
Privacy and security application and service developer RealDefense has closed a $30 million financing from Sunflower Bank, N.A. RealDefense is based in California. This funding provides the company the ability to compete for acquisitions in privacy and cybersecurity sectors.
Eclypsium, an Oregon-based cybersecurity startup focused on protecting device supply chains, has raised $25 million in Series B funding, led by Ten Eleven Ventures, with participation from Global Brain’s KDDI Open Innovation Fund and J-Ventures. The company says the funding will be used for expansion of product capabilities, acceleration of sales momentum, and supply chain security research.
Hong Kong-based crypto hardware wallet maker OneKey has raised $20 million in Series A funding, led by Dragonfly and Ribbit Capital, with contributions from Coinbase Ventures, Framework Ventures, Sky9 Capital, Folius Ventures and Ethereal Ventures, along with angel investors. OneKey says that they plan to add support for more blockchains soon, with the intent to add 40 new networks every year.
Security platform Detectify, based in Stockholm, has raised an additional $10 million in funding, led by Insight Partners. This brings the total raised by the company to $42 million, and the new funding will be put toward product development and user experience improvements. “With Detectify, organizations can maintain an external point-of-view of exactly how attackers would exploit their attack surface, manage exposure and prioritize their remediation efforts,” said company CEO Richard Carlsson.
Quantum networking company Qunnect, based in Brooklyn, has raised over $8 million in Series A financing, led by Airbus Ventures, with participation from Quantonation, SandboxAQ, NY Ventures, Impact Science Ventures, and Motus Ventures. The company says the funding will be used to “further develop their product suite, scale manufacturing, and launch a multi-node R&D quantum network testbed to demonstrate entanglement distribution protocols.”
London-based cyber risk management specialists CyberOwl have raised $5.1 million in funding. The funding will be used for the company’s maritime cyber risk monitoring solution, Medulla. “Cyber-securing shipping systems has become mission critical. This funding round gives us the rocket fuel to continue being the sector’s frontrunner. It enables us to ensure that our customers continue to experience the high-quality thought leadership, engagement, technology and service that CyberOwl is known for,” says CEO of CyberOwl, Daniel Ng.
Onyxia, an Israeli cybersecurity strategy and performance platform, has raised $5 million in seed funding, led by World Trade Ventures with participation from Silvertech Ventures and angel investors. Sivan Tehila, CEO of Onyxia, said, “Traditional cybersecurity systems are reactive, burdening CISOs with manual work. As a result, many vulnerabilities are ignored while pervasive cyber threats are becoming more complex. We built Onyxia to be a proactive solution to cybersecurity threats, aimed at keeping CISOs ahead of the curve by providing them with tailored insights based on real-time data, so companies properly prioritize and are best prepared.”
Executive moves.
Swimlane has appointed Ashraf Sheet as Vice President of the Middle East, Turkey and Africa (META) region.
The Identity Defined Security Alliance has appointed Julie Smith to the Executive Advisory Board.
Menlo Security has hired Kate Terrell as the company’s Chief Human Resources Officer.
JFrog has named Yvonne Wassenaar to the company’s Board of Directors and Compensation Committee.
Bugcrowd has appointed Robert Taccini as the company’s Chief Financial Officer.
Splunk has named Gretchen O’Hara as the company’s new channel chief.
Company news.
GovConWire reports that three vendors have been chosen by the US Department of Homeland Security for a $43.16 million contract focusing on assessment of crowdsourced vulnerabilities across the department. Bugcrowd, Synack and SecureSoft Technologies were listed on a notice as the companies holding positions on the contract.
CNet reports that Palantir has been awarded a $229 million contract with the Defense Department to provide AI and machine learning to all branches of the US military, the Special Forces, and the Joint Staff. This is the continuation of a controversial program known in the past as Project Maven, abandoned by Google following worker protests against their labor being used as “tools of war.”
Optus breach fallout.
The Straits Times reports that Singtel said Monday that media reports that cite fines and costs from the Optus cyber breach are “speculative.”
Singtel said in a Singapore Exchange filing, "Singtel is continuing to evaluate the potential financial implications arising from this matter and any material development will be disclosed to the market on a timely basis.” This follows reports from outlets such as Bloomberg saying that the breach could cost the company between US$420 million and US$560 million. Also announced was the appointment of Deloitte by Singtel to conduct an independent external review of the cyberattacks and security systems.
Reuters reports the Australian government said it blames Optus for the breach and urged the company to speed up its customer notification process. At a televised press conference, Home Affairs Minister Clare O'Neil stated, "We should not be in the position that we're in, but Optus has put us here. It's really important now that Australians take as many precautions as they can to protect themselves against financial crime."
Android Police notes that information on the breach was requested by government officials at Services Australia on September 27, but Optus, which ran a full-page me culpa in Australian newspapers on Saturday, says it’s still working with government officials to determine which customers were impacted by the incident, especially those whose accounts were no longer active. “We continue to seek further advice on the status of customers whose details have since expired. Once we receive that information, we can notify those customers,” an Optus spokesperson said on Sunday, 7NEWS reports.
The Australian Federal Police (AFP) have launched “Operation Guardian” to protect the breach victims, prioritizing the customers connected to the 10,000 records that were published on a data leak website last week. Prime Minister Anthony Albanese confirmed on Friday that Optus has agreed to pay to replace the passports of impacted customers, the Guardian reports. AFP assistant commissioner Justine Gough says they will provide “multi-jurisdictional and multilayered protection from identity crime and financial fraud” by monitoring online forums for additional leaks and working with the financial sector to detect activity that could be connected to the breach, but she warned that will take time. “There are complex datasets,” Gough stated. It will involve co-operation with law enforcement from across the globe, potentially, given that we are talking about a type of crime that is borderless.” Experts estimate Optus could be dealing with the reputational fallout from the breach for years to come. “People are quite forgiving in the long term, but that can take a couple of years,” University of Sydney associate professor of narratology Tom Van Laer told the Townsville Bulletin.