At a glance.
- CrowdStrike to acquire Bionic.
- Dragos raises an additional $74 million in Series D round.
- HiddenLayer secures $50 million in Series A round.
Mergers and acquisitions.
CrowdStrike has agreed to acquire cloud security posture management platform provider Bionic for $350 million, TechCrunch reports. CrowdStrike said in a press release, "The combination will extend CrowdStrike’s leading Cloud Native Application Protection Platform (CNAPP) with ASPM to deliver comprehensive risk visibility and protection across the entire cloud estate, from cloud infrastructure to the applications and services running inside of them. As a result, CrowdStrike will be the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform."
Shareholders of Australian cybersecurity company Tesserent have voted in favor of an acquisition by Thales Australia for AU$176 million, ARN reports. Tesserent CEO Kurt Hansen stated, "This transaction will accelerate our three-year growth plan as the combination of Tesserent and Thales Australia will provide rapid scale and advanced services to address cyber security needs in Australia and New Zealand, including in the government, defence, and commercial sectors." If the transaction is approved by the Federal Court of Australia, Tesserent plans for the acquisition to be completed on October 4th.
Investments and exits.
Maryland-based industrial cybersecurity company Dragos has raised $74 million in a Series D extension led by WestCap, bringing the total amount of the Series D round to $274 million. The company stated, "The funding will support additional go-to-market initiatives to meet growing demand. It will also fund accelerated expansion in key growth markets including North America, Europe, the Middle East, and Asia-Pacific; and across diverse industries including electric, oil & gas, chemical, manufacturing, pharmaceutical, food and beverage, water, transportation, mining, and building automation."
Austin, Texas-based HiddenLayer, a company that provides security for AI models and assets, has secured $50 million in a Series A round led by led by M12, Microsoft’s Venture Fund, and Moore Strategic Ventures, with participation from Booz Allen Ventures, IBM Ventures, Capital One Ventures, and Ten Eleven Ventures. The company says it will use the funding "to expand its talent base, increase go-to-market efforts, and further invest in its award-winning Machine Learning Security (MLSec) Platform."
San Francisco-based backup-as-a-service startup Alcion has raised $21 million in a Series A round led by Veeam. The company stated, "Looking ahead, we're deepening our data security focus, improving product functionality, and expanding our platform’s global footprint. Additionally, we will add more features tailored for our managed service provider (MSP) customers and broaden our data protection horizons to encompass other critical SaaS services beyond Microsoft 365."
French cyber insurance company Stoïk has raised $10.7 million in a funding round led by Munich Re Ventures, with participation from Opera Tech Ventures, TechCrunch reports. The funding will support the company's expansion into Germany.
Sunnyvale, California-based cybersecurity policy management startup Discern Security has emerged from stealth with $3 million in seed funding from BoldCap, WestWave Capital, Cyber Mentor Fund, Security Syndicate, and others. The company stated, "The proceeds from this funding round will be allocated to expand the product offering, incorporating essential integrations, and continuing the recruitment of a global team of cybersecurity experts."
British cybersecurity company Goldilock has secured $1.7 million in a seed funding round led by New York Angels and Harvard Business School Alumni Angels of Greater New York. The company is "dedicating the proceeds of this financing round to sales and marketing of already commercially available products, with an emphasis on building a top-tier worldwide MSSP partner and Security Vendor channel network."
Science Applications International Corp. (SAIC) has appointed former Chief Information Officer of the Department of the Air Force Lauren Knausenberger as Chief Innovation Officer and Tim Turitto as Chief of Staff to incoming CEO Toni Townes-Whitley.
Resecurity has hired Mohammed Alghamdi as the Managing Director for its operations in the Kingdom of Saudi Arabia.
Sectigo has appointed Jairo Fraile and Rob Charlebois as Vice Presidents: "Mr. Fraile will be responsible for the continued development and growth of Sectigo’s global partner sales organization, and Mr. Charlebois will be responsible for the continued success of Sectigo’s eCommerce business."
Cyware has added Rick Howard, former Chief Security Officer of Palo Alto Networks, to its advisory board. Howard currently serves as CSO for the CyberWire.
Qrypt has added Steven Silberstein, CEO of FS-ISAC, to its board of advisors.
Strider Technologies has retained Admiral (Ret.) Craig Faller as an advisor.
Coming to grips with SEC cyber reporting regulations.
The cyberattack that disrupted operations at Clorox was among the first major incidents to fall under the US Securities and Exchange Commission (SEC) rules that went into effect on September 5th. (Compliance dates for mandatory reporting are somewhat later, falling for most companies in December. "The Form 10-K and Form 20-F disclosures will be due beginning with annual reports for fiscal years ending on or after December 15, 2023. The Form 8-K and Form 6-K disclosures will be due beginning the later of 90 days after the date of publication in the Federal Register or December 18, 2023," the SEC explained.) The Wall Street Journal reviews how the company has responded publicly to the incident. Clorox has issued six statements, including two Forms 8-K, since the incident was disclosed on September 14th, shortly after it was detected. There are at least two challenges: keeping reporting current as an investigation unfolds ("A stream of 8-Ks will be the new norm,” one expert told the Journal), and determining whether an incident has a material impact on a public company.
The other two major recent incidents that raise interesting regulatory challenges are the attacks against MGM Resorts and Caesars Entertainment, both prominent casino operators. Caesars Entertainment saw data belonging to its loyalty program affected, but was able to keep its operations online during the incident. The Form 8-K the company filed with the SEC strongly hinted that it had paid the attackers ransom. MGM Resorts has had by all accounts a more difficult time. The New York Post reports that MGM continues to have trouble with its slot machines and hotel systems eight days after the attack was detected. The company is estimated to be losing as much as $8.4 million per day in revenue.
MGM and Caesars face an additional regulatory burden, Dark Reading points out, in the form of oversight by the Nevada Gaming Control Board, whose regulation 5,260 requires "covered entities" (including casino operators) to establish effective cybersecurity measures. In the event of an incident "resulting in a material loss of control, compromise, unauthorized disclosure of data or information, or any other similar occurrence," a casino operator must disclose the incident to the Board within seventy-two hours and undertake both investigation and remediation of the incident.