- Return on Security
- Posts
- 💰 Security, Funded #132 - 💡 Palo Alto's Pivot: A New Era for Cybersecurity Platforms?
💰 Security, Funded #132 - 💡 Palo Alto's Pivot: A New Era for Cybersecurity Platforms?
Insights for the week of February 19, 2024
Mike Privette
February 26, 2024 • Reading Time: 9 minutes
Security, Funded is a weekly deep dive into cybersecurity funding and industry news, captured and analyzed by Mike Privette.
Hey there,
Happy Monday, and I hope you had a great weekend! In this issue, we’ve got:
💪 Funding Stays Strong
📣 Secure Design Feedback
🍳 Nikesh Cooking With The Pot
With the industry at a crossroads between opting for platform-based solutions or best-of-breed technologies, resilience and adaptability emerge as essential themes. But don’t forget, it’s not just tools; it’s how you use them and the value you get from them that matters.
Onward to this week's issue.
Submit a deal for the newsletter here: [email protected]
Sponsor
Boost Your Brand With Cybersecurity Leaders
Showcase your brand to cybersecurity’s elite
If you would like to get your company seen by over 8,000 of the smartest and most influential people in cybersecurity, tech, and investing, you should reach out and get on the calendar.
Learn more about sponsoring | Learn more about upgrading
Which cybersecurity tools camp are you _mostly_ in?I know context always matters, but just for fun, pick one. Also tell me why! |
Last issue’s vibe check:
Does your company have a dedicated "AI Security" team/function yet?
🟨⬜️⬜️⬜️⬜️⬜️ 😎 Yes (8)
🟨🟨🟨🟨⬜️⬜️ 🙂 Not dedicated, but we have "top people" on it (22)
🟩🟩🟩🟩🟩🟩 😭 No (29)
59 Votes
Companies are not creating new AI Security teams. At least, according to last week’s vibe check. I expected most companies to at least put someone(s) in charge of figuring it all out with all of the sensationalized media around AI Security.
One of my favorite responses this week was:
“I've been told it's my job. But with no description, resource, or scope. Let's see where we get”
This is what happens a lot when some new tech or threat enters the mainstream. Godspeed, friend! 🫡
🤙 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.
Palo Alto Network (PANW) - Oh man, there have been endless takes on what happened in the last week, both in support of and against the decisions and commentary Palo Alto made. From a number perspective, Palo Alto did very well with a 19% YoY increase in revenue, they saw a surge in large deals, with 10 transactions over $20 million, and a 36% spending increase by their top 10 customers.
So why the freakout? The short story is this:Palo saw less demand from the U.S. Federal Government last year and expects that to carry forward this year.
There was a much stronger focus on platformization that it hopes to achieve by offering its suite of products for free to wait for other product contract terms to end (meaning missing out on some revenue in the short term).
The approach and shift were “Microsoft-like” to licensing and customer financing options and sparked the “best-of-breed” vs. the best platform conversations.
Saying the quiet part out loud - “beginning to notice customers fac[ing] spending fatigue in cybersecurity.”
The best-best-breed vs. the best platform has been ongoing for as long as I have been in the cyber field (and I’m sure longer). While Palo has been successfully pushing the platform message for years now, this combination of demand weakness and strategic approach really scared investors. The market was not happy with the king showing signs of weakness and changing their strategy because the stock dropped ~24%, wiping ~$30.0B off their market cap and dropping below the $100B threshold. 🤯
After all the pundits, pontificators, and talking heads are done, the only thing left to do is wait to see the results of Q1 2024 to see if the strategy is working. Enough playing pretend and make-believe, let Nikesh cook! 🧑🍳
See also:
Change my mind
📸 YoY Snapshot
A rolling 12-week chart to compare funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
As this is a new year, this chart will be building over the next 12 weeks and then roll forward.
Already, there are some interesting trends when you look at the cybersecurity funding numbers this year compared to last year. While there have been ~17% fewer cybersecurity transactions year-to-date in 2024 compared to the same time in 2023, the average transaction amount by week is only ~5% less, and the total funding raised to date is only ~14% less. There have been fewer transactions, but they are still strong ones, showing an industry that continues to live in a world of contradictions, with funding and layoffs continuing to move at a strong clip.
Acquisitions are continuing on their early-in-the-year tear with no signs of letting up. We are going to continue to see this have an impact in an outsized way in 2024, especially as companies are either weathering the 2023 hangover 🥴 or succumbing to it as an investment target 😵💫.
💰 Market Summary
10 companies raised $177.9M across 10 unique product categories in 4 countries
6 companies were acquired or had a merger event across 6 unique product categories
~98.5% of funding went to product-based cybersecurity businesses
1 public cybersecurity company had an earnings call
Sponsor
Boost Your Brand With Cybersecurity Leaders
Showcase your brand to cybersecurity’s elite
If you would like to get your company seen by over 8,000 of the smartest and most influential people in cybersecurity, tech, and investing, you should reach out and get on the calendar.
Learn more about sponsoring | Learn more about upgrading
🧩 Funding By Product Category
$75.0M for Data Protection across 1 deal
$61.4M for Data Access Governance across 1 deal
$25.0M for Secure Networking across 1 deal
$7.5M for Application Security across 1 deal
$5.0M for Network Traffic Analysis (NTA) across 1 deal
$2.5M for Managed Security Services Provider (MSSP) across 1 deal
$1.3M for Embedded Security across 1 deal
$150.0K for Endpoint Detection and Response (EDR) across 1 deal
An undisclosed amount for Professional Services across 1 deal
An undisclosed amount for Artificial Intelligence (AI) Governance across 1 deal
🏢 Funding By Company
Clumio, a United States-based data backup and recovery as a service protecting against ransomware attacks, raised a $75.0M Series D from Sutter Hill Ventures. (more)
BigID, a United States-based customer and employee data access governance platform, raised a $61.4M Venture Round. (more)
Synadia Communications, a United States-based secure edge networking platform, raised a $25.0M Series B from Forgepoint Capital. (more)
Crash Override, a United States-based application security platform, raised a $7.5M Venture Round. (more)
ElastiFlow, a United States-based network traffic analysis platform, raised a $5.0M Seed from Venture Guides.
FirstWave Cloud Technology, an Australia-based managed security services provider (MSSP), raised $2.5M in post-IPO debt from Formue Nord. (more)
ExactTrak, a United Kingdom-based embedded and remote device security company, raised a $1.3M Seed from the UK Innovation & Science Seed Fund. (more)
SecuritySnares, a United States-based endpoint detection and response (EDR) focused on ransomware prevention, raised a $150.0K Seed from Ann Arbor SPARK. (more)
Impact AI, an Austria-based governance platform for managing legal and compliance risks with AI applications, raised an undisclosed Pre-Seed.
Trianz, a United States-based professional services firm focused on cloud engineering and security assessments, raised an undisclosed Private Equity Round from Capital Square Partners. (more)
🌎 Funding By Country
$174.1M for the United States across 7 deals
$2.5M for Australia across 1 deal
$1.3M for the United Kingdom across 1 deal
An undisclosed amount for Austria across 1 deal
🤝 Mergers & Acquisitions
AKIPS, an Australia-based network security monitoring platform, was acquired by Tufin for an undisclosed amount. (more)
BreachQuest, a United States-based email security platform focused on preventing business email compromise (BEC), was acquired by Resilience Cyber Insurance Solutions for an undisclosed amount. (more)
Fastpath, a United States-based identity governance and administration (IGA) platform, was acquired by Delinea for an undisclosed amount. (more)
ITGL, a United Kingdom-based managed security services provider (MSSP), was acquired by Conscia A/S for an undisclosed amount. (more)
Kolide, a United States-based endpoint protection and compliance platform that teaches users to keep their devices secure, was acquired by 1Password for an undisclosed amount. (more)
Security Research Labs, a Germany-based professional services firm focused on ethical hacking, was acquired by Allurity for an undisclosed amount. (more)
📚 Great Reads
Palo Alto Networks - A Play For The Future - Tyler Shields argues that despite short-term market reactions and lower guidance for 2024, Palo Alto's acquisitions and focus on a unified platform leveraging AI will secure its long-term dominance in the cybersecurity market.
A Reply to CISA's Call for Feedback on Principles and Approaches for Secure by Design Software - Kelly Shortridge and Ryan Petrich respond to CISA's request for information on Secure by Design software principles and offer recommendations for nurturing software that is safe, secure, and resilient by design.
Cybersecurity's Class Conundrum - Cole Grolmus discusses the widening class divide within the cybersecurity industry, highlighting the stark contrast between the industry's "A-list" companies, like Palo Alto Networks, and those struggling or filing for bankruptcy.
*A message from our sponsor.
🧪 Labs
The real threats are closer than you think
Them: You’re a security person, do you use public Wi-Fi?
Me: Nope
Them: Because it’s so unsafe and easy to hack you?
Me: Because it requires me to go out in public.
— [email protected] Dark NIST Lord (@DarthSn3ak3rs)
Feb 16, 2024
How was this week's newsletter? |
Join the conversation