💰 Security, Funded #143 - Putting the AI in RSA

Insights for the week of May 6, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz and Anvilogic.

Hey there,

What 👏 a 👏 week 👏 ! BSidesSF and rolling into the 2024 RSA Conference made for an exhausting but super fun time.

Thank you to everyone who took the time to say hello and tell me they enjoyed Return on Security and how they were using it. It’s super humbling to hear things like that, and I can’t tell you how much your support means and helps me keep grinding every week. 😤 👊 

I'm really sorry to the many folks I didn’t get the chance to meet. I hope we get the chance to meet at a future event!

Some RSA event highlights for me were:

  • The Decibel Partners' Oasis event

  • The GAINS AI + National Security event

  • The RSA breakfast event put on by Citi Ventures

What were your favorites this year?

My Broad Takeaways from the RSA Conference

Here is a quick summary of what you missed if you didn’t get a chance to go to RSA this year. I’ll try to capture three key themes I saw this year by using the “RSA” name and mapping each letter to a concept (the last one you won’t believe 🤯 ). Here is it:

R = AI
S = AI
A = Also, AI

One theme amongst the sea of AI that stood out to me was the perception that the adoption curve “chasm” between the early “AI Security” and “Security for AI” is really wide. Outside of the Bay Area, the rest of the business world doesn’t seem to be there yet in adopting AI, but we’ve got tons of potential vendors and answers to solve future AI Security problems.

At this point, the tech of AI is far outpacing businesses’ ability to use it in meaningful ways outside of chatbots. From the conversations I had last week, it seems very few companies outside of the Bay Area, Big Tech, and the largest companies around the world are doing anything meaningful with AI applications. Or at least they’re not talking about it. This isn’t a bad thing, but the Bay Area is not Real Life™️, and most companies are not using AI the way big tech does.

The good news is that the cyber industry and community as a whole have pounced on getting ahead of things because we’ve seen this movie play out before with the cloud. Practitioners and vendors are discussing how we can support a safe and secure AI-driven future, and the security community really wants AI's promise to finally be true. I think collectively, we’ve learned from our past mistakes with cloud computing and mobile devices, and “security” and “AI” now go hand-in-hand.

A few other observations that were subtle nods to austerity (or as close as the cyber industry can get to something like that):

  • There were fewer racecars than in previous years (I have no idea why we have ever had those, but I think Ricky Bobby explained it best).

  • There were far more booths with automated coffee machines (with worse coffee) than human baristas making drinks.

  • There were a few more open sections without booths on the expo floor than normal. Palo Alto even had a whole separate conference during RSA.

  • The good booths focused on an engaging experience that drew people in to learn more, not crazy buzzword salad bingo and over-the-top actions.

  • It felt like there were fewer booth gimmicks and less custom merch on demand at the booths, which I think is the right way to go on both fronts.

I also saw a pancake robot on the expo floor, which was very cool.

Onward to this week's issue.

Submit a deal here: [email protected]


Strategies from Top CISOs

Hyper-scaling cloud security secrets?

The Wiz research team surveyed security orgs at top security teams to uncover how they’re adapting in 2024+. We packed all of their best-practices, frameworks, and templates in this handbook.

😎 Vibe Check

If you went to RSA, how well do you feel like you understand "AI Security" and "Security for AI" as a whole now?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
For the practitioners, is RSA a place where you make buying decisions
⬜️⬜️⬜️⬜️⬜️⬜️ ✅ Yes (4)
🟩🟩🟩🟩🟩🟩 ❌ No (36)
40 Votes

People don’t seem to be going to make buying decisions at conferences like RSA. Buying is complicated at many companies, so this is probably no surprise. I think it is always very hard to really get attention at a conference so large unless you make a huge announcement/breakthrough or throw a rager of a party 🤘 

💰 Market Summary

  • 15 companies raised $1.1B across 12 unique product categories in 6 countries

  • 6 companies were acquired or had a merger event for $2.6B across 5 unique product categories

  • 73% of funding went to product-based cybersecurity companies

  • 2 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

RSA is the week of big reveals and even bigger funding rounds. Wiz flexed on everyone and stole the show at RSA and abroad. Last year’s RSA Conference week also saw $1 billion in funding but from 13 different companies, not from just one! 🤯 

And with that mega round, as of the first full week in May, Q2 2024 is only 6% behind all of Q2 2023 funding.

The M&Ayhem continued at a healthy clip last week as product and service rollups continued. With more later-stage companies raising rounds again (something that was mostly missing from 2023), expect to see the M&A transactions stay strong.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: Qualys and Rapid7

Qualys (QLYS)

Qualys reported a strong first quarter, showing revenue growth and strength in the US federal sector. Some of the key financial metrics were:

  • Revenue grew 12% to $145.8 million

  • Free cash flow was $83.5 million (57% margin)

  • International growth at 13% outpaced domestic business growth

  • Customers spending $500,000 or more in Q1 grew 19%

  • Net dollar expansion rate was 104% (down from 105%)

While those numbers sound impressive, many firms downgraded price targets for Qualys because of the reduced net dollar retention rate. This means that while Qualys is attracting new customers in new geographies, it’s not keeping the customers it has. In earnings calls, as in personal finance, it’s not always about what you earn but what (or who) you keep.

Rapid7 (RPD)

While Rapid7 seemed to have reported a strong first quarter by the numbers, there were lingering execution concerns with the platform, and Rapid7 mentioned a worsening spending environment. Some financial highlights include:

  • ARR saw an 11% growth to $807 million

  • The customer base grew by 4% to over 11,000 customers

  • International revenue grew by 22% year-over-year

Investors seemed cautious and unsure about Rapid7's ability to execute and make the “platform transition” like its competitors, and several firms cut their price targets for Rapid7 stock as a result.

🧩 Funding By Product Category

Capped at top 10 transactions

  • $1.0B for Cloud Security across 1 deal

  • $51.0M for Operational Technology (OT) Security across 1 deal

  • $18.0M for Managed Security Services Provider (MSSP) across 2 deals

  • $16.0M for Identity Threat Detection and Response (ITDR) across 1 deal

  • $13.0M for Extended Detection and Response (XDR) across 1 deal

  • $9.5M for SaaS Security Posture Management (SSPM) across 1 deal

  • $8.5M for Fraud and Financial Crime Protection across 1 deal

  • $7.0M for Cloud Infrastructure Entitlement Management (CIEM) across 1 deal

  • $5.5M for Data Protection across 1 deal

  • $2.5M for Professional Services across 2 deals

  • $2.0M for Cybersecurity Performance Management across 1 deal

  • $1.8M for Secure File Sharing across 2 deals

🏢 Funding By Company

Congrats to Wiz for not only raising the biggest funding round this year but also being a sponsor of this issue! I’m not saying that sponsoring Return on Security leads to raising a lot of money and winning the hearts and minds of the cyber industry, but I’m not NOT saying that either. 👀 

🌎 Funding By Country

  • $1.1B for the United States across 10 deals

  • $51.0M for Taiwan across 1 deal

  • $7.0M for Israel across 1 deal

  • $2.0M for Singapore across 1 deal

  • $1.5M for Spain across 1 deal

  • $478.8K for India across 1 deal

🤝 Mergers & Acquisitions

📚 Great Reads

  • Inside the Network - Sid Trivedi, Mahendra Ramsinghani, and Ross Haleliuk launch a new podcast, Inside the Network. The first episode features Dmitri Alperovitch on building CrowdStrike and defending against nation-states.

  • *The Two-Headed SIEM Monster - Endpoint security vendors have joined cloud providers in recommending their SIEM. However, the downsides to detection engineering across multiple SIEMs haven't been widely discussed. Here’s what to consider before embracing a side SIEM.

  • How to Rapidly Progress your Cyber Security Career - Jacob Larsen wrote a post about some of the best career advice he's gotten over the years to advance his career with a few quotes from me in there. Very cool and meta!

  • When You Destroy the Tools of Creativity - Something different this week from one of my favorite vibe economists, Kyla Scanlon, and her take on why that latest Apple iPad ad had a visceral response for a lot of people.

*A message from our sponsor

🧪 Labs

Help us, AI, you are our only hope 🙏 

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.