Security Experts:

Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding

Palo Alto, Calif-based firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022.

Palo Alto, Calif-based firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022. The new financing comes from SCF Partners, an investor in energy and critical infrastructure services, and Overture Venture Capital (now known as Overture Climate Fund), which specializes in startups in government, energy and climate.

Top-ups to existing funding rounds are not unknown but not common. In this instance, the top-up illustrates the current state of the growth funding market: funding still exists, and cybersecurity remains a growth area, but geopolitics and fragile national economies have made the investors nervous.

Xage Security logoLast month, the MD of investment advisory firm Progress Partners – Eric Bell – told SecurityWeek that this nervousness means investors are not as willing to enter companies at such high valuations. “They are looking at current investments and doubling down on the winners and are not maybe deploying as much capital or risk at this moment into earlier stages or companies that don’t have proven track records.”

For Xage to get its Series B funding and then increase that within a matter of months implies that the investors consider the firm to be a safe bet. The reason lies in the cybersecurity threat emanating from geopolitics, the federal response to that threat, and the growing belief that a zero-trust approach to cybersecurity offers the best solution. Xage offers such a zero trust product – the Xage Fabric – designed to bring zero-trust to complex environments such as those that exist in many of the critical industries.

But the reason that this solution is attractive to investors is not just theory – Xage has already achieved dramatic growth over the last 18 months. To an extent, this growth goes back to the Colonial Pipeline hack. “That attack received so much publicity that it really woke a lot of companies to the risks they had been running,” Duncan Greatwood, Xage CEO, told SecurityWeek. “That spread from oil and gas into renewables and then into manufacturing and into the retail supply chain – which is another sort of hidden part of the country’s critical infrastructure.”

The pressure to implement a zero-trust solution to cybersecurity grew with the government response following the Colonial incident. Exactly one year ago, May 12, 2021, President Biden issued an Executive Order (EO) that included, “Within 60 days of the date of this order, the head of each agency shall… develop a plan to implement Zero Trust Architecture.” Executive Orders provide instructions to federal agencies, but also often-heeded advice to private enterprises.

The EO has been further supplemented by other government requirements including the Department of Homeland Security Transportation Security Administration (TSA) that need to be met before the end of 2022.

This year, of course, the geopolitical pressures on critical industries have grown as a by-product of the Ukraine war. Even before the war started, CISA, the FBI and the NSA issued a joint advisory: “It will be important for U.S. organizations, especially the critical infrastructure vertical, to pay extra attention to cybersecurity in order to mitigate Russia’s retaliatory options, should the U.S. ‘act decisively’ in response to an invasion as the Biden administration has promised.” The entire western alliance has acted decisively in arming Ukraine and delivering sanctions against Russia. The threat of retaliation against US critical infrastructure is rising.

With threats increasing against the critical infrastructure, and with the EO pointing to zero-trust as a potential answer, Xage is ready with a solution. Customers in energy, defense, utilities, manufacturing, and logistics have more than doubled in the past year. Other customers are asking for quicker rollouts. Greatwood gave an example of one customer that had intended to rollout the solution to about 1,000 sites over a period of 12 to 18 months. “Suddenly,” he said, “they’re asking, can we do this in six months, can we do it in three months.”

So, Eric Bell’s premise that funding is still available for companies that seem to be a sure bet, appears to be correct – firstly that Xage could raise its Series B round and then even top it up in such nervous times proves this.

Greatwood told SecurityWeek that Xage doesn’t need the additional funding, but it is welcome, nonetheless. He knew it was on the cards right from the time of the Series B round in January. He had been steering the investors towards a figure of between $20 million and $30 million, and achieved the higher figure with investment demand still active.

“The top-up,” he said, “gives us an opportunity to accelerate our business.” This comes from the expertise in the Xage target market that comes with these new investors, “And also, frankly, it allows us to spend a little bit more money and take a more aggressive approach to growth than perhaps we would have done otherwise.” This includes adding new features and improving support.

The moral of the story is clear. Although investors have become nervous over the last year, they still have money to invest in those companies that do not seem to be high risk. It would be wrong to suggest that Xage is lucky to be in the right place at the right time – its founders had the foresight to develop the product before the current geopolitical influences – but nevertheless it does have the right product at the right time. And where this is the case, funding is available even in a nervous market.

Xage was founded in 2017 by Roman Arutyunov (VP Products), and Susanto Irwan (VP Engineering). It raised $12 million, extended by a further $4 million Series A funding in 2018; and $30 million in Series B funding in January 2022. The latest top-up brings the total raised to date to $60 million.

Related: White House Publishes Federal Zero Trust Strategy

Related: New Blockchain Solution for IIoT Aims to Solve Scaling Problem

Related: Xage Lands Contract to Bring Zero Trust Principles to Emergency Responders

Related: US Air Force Adopts Zero Trust to Secure Flightline Operations

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Twenty-one cybersecurity-related M&A deals were announced in December 2022.