Return on Security
Posts
💰 Security, Funded #142 - Nobody Inflate, Nobody Get Hurt

💰 Security, Funded #142 - Nobody Inflate, Nobody Get Hurt

Insights for the week of April 29, 2024

Mike Privette
May 06, 2024 • Reading Time: 14 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz and Tenchi Security.

Hey there,

Yes, yes, y’all! Coming at you live and direct from the 2024 RSA Conference in the US, fresh off the heels of BSidesSF.

BSidesSF

www.linkedin.com/posts/mikeprivette_had-a-great-time-as-always-this-year-at-bsidessf-activity-7193037891843895296-1R8w

What a great time meeting so many people and reconnecting with folks. Can’t wait to dig into all the ideas and future collaboration plans.

Meanwhile, the US economy reported lower-than-expected jobs and wage growth for April. Low growth on these reports is traditionally not good, but we are in a strange time where the economy doing worse by traditional measures means the US Federal Reserve’s actions to stem inflation are “working.” This then creates a rally in the stock market because investors believe rate cuts are coming later in the year.

Doing worse today is celebrated because it means we can do better in the future. In summary, wages and jobs did not go up, the Fed didn’t raise rates, and the stock market goes up and to the right, driving up the rest of the economy.

Why does this matter to cyber? Because we’re in a field where a lot of money changes hands, the easier and less costly the access to that money, the more innovation and the more problems that can be solved.

Also, in truly meta fashion, the platform I write this newsletter on, Beehiiv, raised a $33.0M Series B at a $224.0M valuation. Congrats to the team! There’s simply no better place to be writing a blog or newsletter these days, smash that referral link and get yourself a discount to get started.

Onward to this week's issue.

_{Submit a deal here:}_{[email protected]}

_Sponsor_or_Upgrade

😎 Vibe Check
Market Summary
📸 YoY Snapshot
🤙 Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
Great Reads
🧪 Labs

😎 Vibe Check

For the practitioners, is RSA a place where you make buying decisions?

Last issue’s vibe check:
Are you going to be at BSides SF and/or RSA next week?
🟨🟨🟨🟨⬜️⬜️ 🏄🏻‍♂️Just RSA (27)
⬜️⬜️⬜️⬜️⬜️⬜️ 🅱️ Just BSides SF (5)
🟨🟨⬜️⬜️⬜️⬜️ 😤 Both Events (15)
🟩🟩🟩🟩🟩🟩 😫 Neither Event (40)
87 Votes

55% of respondents last week said they were going to one or both events this week, and it was great to meet up with some of you over the weekend at BSidesSF! Looking forward to meeting more of you at RSA this week.

💰 Market Summary

23 companies raised $628.5M across 18 unique product categories in 4 countries
4 companies were acquired or had a merger event across 4 unique product categories
91% of funding went to product-based cybersecurity companies
3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Conference season is officially here, and we are so back! The massive amount of funding news has arrived with it. Last year this time, there was a lot less frothy energy as companies were still recovering from the late-2022 collapse.

M&A is a bit muted this week but still pretty consistent with the clip we’ve seen the rest of the year. Funding and stealth launches take the cake this week, but the M&As will continue until morale improves.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: CyberArk, Fortinet, and Tenable

CyberArk (CYBR)

CyberArk had a strong Q1 2024 on a number of fronts, and identity-centric threats and breaches continue to be top of mind for everyone.

Total ARR had a 34% increase year-over-year.
Q1 revenue grew by 37% to approximately $222 million.

CyberArk also raised its full-year guidance, which is not something a lot of other cyber companies are doing right now. This is also a positive signal because it means that CyberArk expects the macro environment and buying environment to improve as the year goes on. If true, this is a good signal for everyone.

Fortinet (FTNT)

Fortinet beat its earnings expectations, but the stock still got clapped and is down ~9% as of this writing.

Had record cash flow of $830 million
Secure Access Service Edge (SASE) sales accounted for 24% of total sales
Service revenue increased by 24%
Product revenue decreased by 18%

So why the stock dip? This was mostly due to the big shift in revenue makeup. Investors saw the change as a sign of a company that is struggling with its core offerings.

Tenable (TENB)

Tenable beat its expectations on the latest earnings call, driven by strong demand for its consolidated vulnerability management platform, threat exposure management growth, and better traction in the US federal space. Some key financial highlights included:

Revenue was up 14% year-over-year, reaching $216 million
The consolidated platform accounted for 26% of total new enterprise sales
Added 410 new enterprise platform customers

These results encouraged investors as Tenable’s earlier plans to become known as a one-stop vulnerability management platform have been working. Something to watch here over the net few quarters, however, is that federal sales are not the same as enterprise sales.

_{TOGETHER WITH}

Google Cloud Security Foundations for Dummies Guide

Best Practices for Securing Google Cloud

Wiz created an in-depth eBook focused on GCP security fundamentals. This guide goes back to the basics and dives into how to secure everything you build and run on Google Cloud. You’ll learn how to:

Manage complexity in the cloud
Understand Shared Fate and Zero Trust principles
Meet developers earlier in the development process
Secure the supply chain

Get the Guide

_Sponsor_or_Upgrade

🧩 Funding By Product Category

Capped at top 10 to make it easier to r

$201.0M for Remote Browser Isolation across 2 deals
$150.0M for Network Detection and Response (NDR) across 1 deal
$40.0M for Identity and Access Management (IAM) across 2 deals
$37.0M for Secure Remote Access across 1 deal
$34.0M for Privileged Access Management (PAM) across 1 deal
$33.0M for Third-Party Risk Management across 1 deal
$30.0M for API Security across 1 deal
$27.0M for Threat Detection and Response (TDR) across 1 deal
$17.0M for Application Security Testing (AST) across 1 deal
$15.0M for Security and Compliance Automation across 2 deals
$13.0M for Managed Security Services Provider (MSSP) across 2 deals
$10.0M for Artificial Intelligence (AI) Security across 1 deal
$7.0M for Artificial Intelligence (AI) Governance across 1 deal
$5.0M for Data Security Posture Management (DSPM) across 1 deal
$4.5M for Application Security across 2 deals
$2.5M for Security Operations across 1 deal
$2.5M for Security Analytics across 1 deal
An undisclosed amount for Artificial Intelligence (AI) Privacy Assurance across 1 deal

🏢 Funding By Company

Island, a United States-based secure remote browser isolation platform, raised a $175.0M Series D from Coatue and Sequoia Capital. (more)
Corelight, a United States-based network traffic analysis platform, raised a $150.0M Series E from Accel. (more)
Elisity, a United States-based secure remote access platform, raised a $37.0M Series B from Insight Partners. (more)
Oasis Security, a United States-based machine identity lifecycle management platform, raised a $35.0M Series A from Accel, Cyberstarts, and Sequoia Capital. (more)
StrongDM, a United States-based privileged access management (PAM) platform, raised a $34.0M Series C from Anchor Capital GP. (more)
SafeBase, a United States-based platform helping companies present their security program to speed up the third-party security assessment process, raised a $33.0M Series B from Touring Capital Partners. (more)
Traceable, a United States-based API security platform, raised a $30.0M Venture Round from IVP. (more)
Mimic, a United States-based threat detection and response platform focused on ransomware, raised a $27.0M Seed from Ballistic Ventures. (more)
LayerX Security, an Israel-based remote browser isolation platform, raised a $26.0M Series A from Glilot Capital Partners. (more)
Aikido Security, a Belgium-based application security testing platform, raised a $17.0M Series A from Singular. (more)
Apptega, a United States-based security and compliance automation platform, raised a $15.0M Private Equity Round from Mainsail Partners. (more)
DefenseStorm, a United States-based managed security services provider (MSSP) for the financial services industry, raised a $13.0M Series C from Georgian, Curql, and LiveOak Venture Partners. (more)
DeepKeep, an Israel-based platform for defending the AI application lifecycle, raised a $10.0M Seed from Awz Ventures. (more)
APEX, an Israel-based generative AI governance and security platform, raised a $7.0M Seed from Index Ventures and Sequoia Capital. (more)
Ory Corp, a United States-based identity management and authentication platform, raised a $5.0M Series A from Balderton Capital and Insight Partners. (more)
Teleskope, a United States-based data security posture management (DSPM), raised a $5.0M Seed from Primary Venture Partners. (more)
StepSecurity, a United States-based platform focused on CI/CD pipelines and infrastructure security, raised a $3.0M Seed from Runtime Ventures. (more)
Bricklayer AI, a United States-based AI-agent-enabled security operations platform, raised a $2.5M Pre-Seed from Sovereign's Capital, Dreamit Ventures, VIPC's Virginia Venture Partners, BlueWing Ventures, and Blu Ventures Investors. (more)
RunReveal, a United States-based security analytics and observability platform, raised a $2.5M Seed from Costanoa Ventures. (more)
Resonance Security, a United States-based smart contract application auditing and security platform, raised a $1.5M Pre-Seed from Arca and Fabric Ventures. (more)
Apptega, a United States-based security and compliance automation platform, raised an undisclosed Debt Financing round. (more)
Harmonic Security, a United States-based platform to discover and control the usage of GenAI platforms and sensitive data in training models, raised an undisclosed Seed from In-Q-Tel. (more)
Vambrace Cybersecurity Limited, a United Kingdom-based managed security services provider (MSSP), raised an undisclosed Seed round.

🌎 Funding By Country

$568.5M for the United States across 18 deals
$43.0M for Israel across 3 deals
$17.0M for Belgium across 1 deal
An undisclosed amount for the United Kingdom across 1 deal

🤝 Mergers & Acquisitions

Cyborg Security, a United States-based cyber threat intelligence platform focused on threat hunting exercises, was acquired by Intel 471 for an undisclosed amount. (more)
oak9, a United States-based infrastructure as code (IaC) security platform, was acquired by Drata for an undisclosed amount. (more)
Redpoint Cybersecurity, a United States-based professional services firm focused on threat hunting and digital forensics, was acquired by Mitsui & Co for an undisclosed amount. (more)
SoConnect, a United Kingdom-based managed security services provider (MSSP), was acquired by Air IT for an undisclosed amount. (more)

📚 Great Reads

On IBM acquiring HashiCorp - Fintan Ryan breaks down the financials behind IBM's acquisition of Hashicorp and how it makes sense for both sides.
*Alice in Supply Chains - a newsletter covering all that's happening in third-party cyber risk management (TPCRM), software supply chain risks, and more!
Signal v. Noise in the RSA Innovation Sandbox - This is a reboot of the post Rami McCarthy and I put together last year, analyzing the history and outcomes of the Innovation Sandbox competition at the RSA Conference, updated with 2023 and 2024 data.
Resilient Cyber w/ Mike Privette - Cybersecurity Trends & Observations - Chris Hughes invited me on his Resilient Cyber podcast last week, and we talked about all kinds of industry trends, how AI Security is evolving, and how to survive and make the most of a conference like RSA.

🧪 Labs

The last true great frontier

😪
— Sarah 👩🏼‍🍳👩🏼‍💻 (@chfsrh)
May 5, 2024

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
If you spot any errors, let us know, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.