💰 Security, Funded #142 - Nobody Inflate, Nobody Get Hurt

Insights for the week of April 29, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz and Tenchi Security.

Hey there,

Yes, yes, y’all! Coming at you live and direct from the 2024 RSA Conference in the US, fresh off the heels of BSidesSF.

What a great time meeting so many people and reconnecting with folks. Can’t wait to dig into all the ideas and future collaboration plans.

Meanwhile, the US economy reported lower-than-expected jobs and wage growth for April. Low growth on these reports is traditionally not good, but we are in a strange time where the economy doing worse by traditional measures means the US Federal Reserve’s actions to stem inflation are “working.” This then creates a rally in the stock market because investors believe rate cuts are coming later in the year.

Doing worse today is celebrated because it means we can do better in the future. In summary, wages and jobs did not go up, the Fed didn’t raise rates, and the stock market goes up and to the right, driving up the rest of the economy.

Why does this matter to cyber? Because we’re in a field where a lot of money changes hands, the easier and less costly the access to that money, the more innovation and the more problems that can be solved.

Also, in truly meta fashion, the platform I write this newsletter on, Beehiiv, raised a $33.0M Series B at a $224.0M valuation. Congrats to the team! There’s simply no better place to be writing a blog or newsletter these days, smash that referral link and get yourself a discount to get started.

Onward to this week's issue.

Submit a deal here: [email protected]

😎 Vibe Check

For the practitioners, is RSA a place where you make buying decisions?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Are you going to be at BSides SF and/or RSA next week?
🟨🟨🟨🟨⬜️⬜️ 🏄🏻‍♂️Just RSA (27)
⬜️⬜️⬜️⬜️⬜️⬜️ 🅱️ Just BSides SF (5)
🟨🟨⬜️⬜️⬜️⬜️ 😤 Both Events (15)
🟩🟩🟩🟩🟩🟩 😫 Neither Event (40)
87 Votes

55% of respondents last week said they were going to one or both events this week, and it was great to meet up with some of you over the weekend at BSidesSF! Looking forward to meeting more of you at RSA this week.

💰 Market Summary

  • 23 companies raised $628.5M across 18 unique product categories in 4 countries

  • 4 companies were acquired or had a merger event  across 4 unique product categories

  • 91% of funding went to product-based cybersecurity companies

  • 3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Conference season is officially here, and we are so back! The massive amount of funding news has arrived with it. Last year this time, there was a lot less frothy energy as companies were still recovering from the late-2022 collapse.

M&A is a bit muted this week but still pretty consistent with the clip we’ve seen the rest of the year. Funding and stealth launches take the cake this week, but the M&As will continue until morale improves.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: CyberArk, Fortinet, and Tenable

CyberArk (CYBR)

CyberArk had a strong Q1 2024 on a number of fronts, and identity-centric threats and breaches continue to be top of mind for everyone.

  • Total ARR had a 34% increase year-over-year.

  • Q1 revenue grew by 37% to approximately $222 million.

CyberArk also raised its full-year guidance, which is not something a lot of other cyber companies are doing right now. This is also a positive signal because it means that CyberArk expects the macro environment and buying environment to improve as the year goes on. If true, this is a good signal for everyone.

Fortinet (FTNT)

Fortinet beat its earnings expectations, but the stock still got clapped and is down ~9% as of this writing.

  • Had record cash flow of $830 million

  • Secure Access Service Edge (SASE) sales accounted for 24% of total sales

  • Service revenue increased by 24%

  • Product revenue decreased by 18%

So why the stock dip? This was mostly due to the big shift in revenue makeup. Investors saw the change as a sign of a company that is struggling with its core offerings.

Tenable (TENB)

Tenable beat its expectations on the latest earnings call, driven by strong demand for its consolidated vulnerability management platform, threat exposure management growth, and better traction in the US federal space. Some key financial highlights included:

  • Revenue was up 14% year-over-year, reaching $216 million

  • The consolidated platform accounted for 26% of total new enterprise sales

  • Added 410 new enterprise platform customers

These results encouraged investors as Tenable’s earlier plans to become known as a one-stop vulnerability management platform have been working. Something to watch here over the net few quarters, however, is that federal sales are not the same as enterprise sales.


Google Cloud Security Foundations for Dummies Guide

Best Practices for Securing Google Cloud

Wiz created an in-depth eBook focused on GCP security fundamentals. This guide goes back to the basics and dives into how to secure everything you build and run on Google Cloud. You’ll learn how to:

  • Manage complexity in the cloud

  • Understand Shared Fate and Zero Trust principles

  • Meet developers earlier in the development process

  • Secure the supply chain

🧩 Funding By Product Category

Capped at top 10 to make it easier to r

  • $201.0M for Remote Browser Isolation across 2 deals

  • $150.0M for Network Detection and Response (NDR) across 1 deal

  • $40.0M for Identity and Access Management (IAM) across 2 deals

  • $37.0M for Secure Remote Access across 1 deal

  • $34.0M for Privileged Access Management (PAM) across 1 deal

  • $33.0M for Third-Party Risk Management across 1 deal

  • $30.0M for API Security across 1 deal

  • $27.0M for Threat Detection and Response (TDR) across 1 deal

  • $17.0M for Application Security Testing (AST) across 1 deal

  • $15.0M for Security and Compliance Automation across 2 deals

  • $13.0M for Managed Security Services Provider (MSSP) across 2 deals

  • $10.0M for Artificial Intelligence (AI) Security across 1 deal

  • $7.0M for Artificial Intelligence (AI) Governance across 1 deal

  • $5.0M for Data Security Posture Management (DSPM) across 1 deal

  • $4.5M for Application Security across 2 deals

  • $2.5M for Security Operations across 1 deal

  • $2.5M for Security Analytics across 1 deal

  • An undisclosed amount for Artificial Intelligence (AI) Privacy Assurance across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $568.5M for the United States across 18 deals

  • $43.0M for Israel across 3 deals

  • $17.0M for Belgium across 1 deal

  • An undisclosed amount for the United Kingdom across 1 deal

🤝 Mergers & Acquisitions

  • Cyborg Security, a United States-based cyber threat intelligence platform focused on threat hunting exercises, was acquired by Intel 471 for an undisclosed amount. (more)

  • oak9, a United States-based infrastructure as code (IaC) security platform, was acquired by Drata for an undisclosed amount. (more)

  • Redpoint Cybersecurity, a United States-based professional services firm focused on threat hunting and digital forensics, was acquired by Mitsui & Co for an undisclosed amount. (more)

  • SoConnect, a United Kingdom-based managed security services provider (MSSP), was acquired by Air IT for an undisclosed amount. (more)

📚 Great Reads

🧪 Labs

The last true great frontier

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • If you spot any errors, let us know, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.