- Return on Security
- Posts
- 💰 Security, Funded #143 - Putting the AI in RSA
💰 Security, Funded #143 - Putting the AI in RSA
Insights for the week of May 6, 2024
Mike Privette
May 13, 2024 • Reading Time: 15 minutes
Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz and Anvilogic.
Hey there,
What 👏 a 👏 week 👏 ! BSidesSF and rolling into the 2024 RSA Conference made for an exhausting but super fun time.
Thank you to everyone who took the time to say hello and tell me they enjoyed Return on Security and how they were using it. It’s super humbling to hear things like that, and I can’t tell you how much your support means and helps me keep grinding every week. 😤 👊
I'm really sorry to the many folks I didn’t get the chance to meet. I hope we get the chance to meet at a future event!
Some RSA event highlights for me were:
The Decibel Partners' Oasis event
The GAINS AI + National Security event
The RSA breakfast event put on by Citi Ventures
What were your favorites this year?
My Broad Takeaways from the RSA Conference
Here is a quick summary of what you missed if you didn’t get a chance to go to RSA this year. I’ll try to capture three key themes I saw this year by using the “RSA” name and mapping each letter to a concept (the last one you won’t believe 🤯 ). Here is it:
RSA
R = AI
S = AI
A = Also, AI
One theme amongst the sea of AI that stood out to me was the perception that the adoption curve “chasm” between the early “AI Security” and “Security for AI” is really wide. Outside of the Bay Area, the rest of the business world doesn’t seem to be there yet in adopting AI, but we’ve got tons of potential vendors and answers to solve future AI Security problems.
At this point, the tech of AI is far outpacing businesses’ ability to use it in meaningful ways outside of chatbots. From the conversations I had last week, it seems very few companies outside of the Bay Area, Big Tech, and the largest companies around the world are doing anything meaningful with AI applications. Or at least they’re not talking about it. This isn’t a bad thing, but the Bay Area is not Real Life™️, and most companies are not using AI the way big tech does.
The good news is that the cyber industry and community as a whole have pounced on getting ahead of things because we’ve seen this movie play out before with the cloud. Practitioners and vendors are discussing how we can support a safe and secure AI-driven future, and the security community really wants AI's promise to finally be true. I think collectively, we’ve learned from our past mistakes with cloud computing and mobile devices, and “security” and “AI” now go hand-in-hand.
A few other observations that were subtle nods to austerity (or as close as the cyber industry can get to something like that):
There were fewer racecars than in previous years (I have no idea why we have ever had those, but I think Ricky Bobby explained it best).
There were far more booths with automated coffee machines (with worse coffee) than human baristas making drinks.
There were a few more open sections without booths on the expo floor than normal. Palo Alto even had a whole separate conference during RSA.
The good booths focused on an engaging experience that drew people in to learn more, not crazy buzzword salad bingo and over-the-top actions.
It felt like there were fewer booth gimmicks and less custom merch on demand at the booths, which I think is the right way to go on both fronts.
I also saw a pancake robot on the expo floor, which was very cool.
Onward to this week's issue.
Submit a deal here: [email protected]
TOGETHER WITH
Strategies from Top CISOs
Hyper-scaling cloud security secrets?
The Wiz research team surveyed security orgs at top security teams to uncover how they’re adapting in 2024+. We packed all of their best-practices, frameworks, and templates in this handbook.
Table of Contents
😎 Vibe Check
If you went to RSA, how well do you feel like you understand "AI Security" and "Security for AI" as a whole now? |
Last issue’s vibe check:
For the practitioners, is RSA a place where you make buying decisions
⬜️⬜️⬜️⬜️⬜️⬜️ ✅ Yes (4)
🟩🟩🟩🟩🟩🟩 ❌ No (36)
40 Votes
People don’t seem to be going to make buying decisions at conferences like RSA. Buying is complicated at many companies, so this is probably no surprise. I think it is always very hard to really get attention at a conference so large unless you make a huge announcement/breakthrough or throw a rager of a party 🤘
💰 Market Summary
15 companies raised $1.1B across 12 unique product categories in 6 countries
6 companies were acquired or had a merger event for $2.6B across 5 unique product categories
73% of funding went to product-based cybersecurity companies
2 public cyber companies had an earnings report
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
RSA is the week of big reveals and even bigger funding rounds. Wiz flexed on everyone and stole the show at RSA and abroad. Last year’s RSA Conference week also saw $1 billion in funding but from 13 different companies, not from just one! 🤯
And with that mega round, as of the first full week in May, Q2 2024 is only 6% behind all of Q2 2023 funding.
The M&Ayhem continued at a healthy clip last week as product and service rollups continued. With more later-stage companies raising rounds again (something that was mostly missing from 2023), expect to see the M&A transactions stay strong.
🤙 Earnings Reports
Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.
See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.
Earnings reports this week: Qualys and Rapid7
Qualys (QLYS)
Qualys reported a strong first quarter, showing revenue growth and strength in the US federal sector. Some of the key financial metrics were:
Revenue grew 12% to $145.8 million
Free cash flow was $83.5 million (57% margin)
International growth at 13% outpaced domestic business growth
Customers spending $500,000 or more in Q1 grew 19%
Net dollar expansion rate was 104% (down from 105%)
While those numbers sound impressive, many firms downgraded price targets for Qualys because of the reduced net dollar retention rate. This means that while Qualys is attracting new customers in new geographies, it’s not keeping the customers it has. In earnings calls, as in personal finance, it’s not always about what you earn but what (or who) you keep.
Rapid7 (RPD)
While Rapid7 seemed to have reported a strong first quarter by the numbers, there were lingering execution concerns with the platform, and Rapid7 mentioned a worsening spending environment. Some financial highlights include:
ARR saw an 11% growth to $807 million
The customer base grew by 4% to over 11,000 customers
International revenue grew by 22% year-over-year
Investors seemed cautious and unsure about Rapid7's ability to execute and make the “platform transition” like its competitors, and several firms cut their price targets for Rapid7 stock as a result.
🧩 Funding By Product Category
Capped at top 10 transactions
$1.0B for Cloud Security across 1 deal
$51.0M for Operational Technology (OT) Security across 1 deal
$18.0M for Managed Security Services Provider (MSSP) across 2 deals
$16.0M for Identity Threat Detection and Response (ITDR) across 1 deal
$13.0M for Extended Detection and Response (XDR) across 1 deal
$9.5M for SaaS Security Posture Management (SSPM) across 1 deal
$8.5M for Fraud and Financial Crime Protection across 1 deal
$7.0M for Cloud Infrastructure Entitlement Management (CIEM) across 1 deal
$5.5M for Data Protection across 1 deal
$2.5M for Professional Services across 2 deals
$2.0M for Cybersecurity Performance Management across 1 deal
$1.8M for Secure File Sharing across 2 deals
🏢 Funding By Company
Congrats to Wiz for not only raising the biggest funding round this year but also being a sponsor of this issue! I’m not saying that sponsoring Return on Security leads to raising a lot of money and winning the hearts and minds of the cyber industry, but I’m not NOT saying that either. 👀
Wiz, a United States-based cloud workload protection and posture management platform, raised a $1.0B Series E from Andreessen Horowitz, Lightspeed Venture Partners, and Thrive Capital. (more)
TXOne Networks, a Taiwan-based industrial Internet of Things (IIoT) security company, raised a $51.0M Series B from TGVest Capital. (more)
Anetac, a United States-based privileged identity threat detection and response (ITDR) platform, raised a $16.0M Seed from Liberty Global. (more)
Blackwell Security, a United States-based managed extended detection and response (XDR) for healthcare organizations, raised a $13.0M Seed from General Catalyst and Rally Ventures. (more)
Alert Logic, a United States-based managed security operations center (MSOC) platform, raised a $12.6M Series E from Updata Partners, Covera Ventures, and DFJ Mercury. (more)
Nudge Security, a United States-based SaaS security posture management (SSPM) platform, raised a $9.5M Seed from Forgepoint Capital. (more)
HUMAN, a United States-based platform helping to defend against bot impersonation attacks, raised a $8.5M Venture Round. (more)
Token Security, an Israel-based cloud identity posture management platform, raised a $7.0M Seed from TLV Partners and SNR.vc. (more)
Niobium Microsystems, a United States-based fully homomorphic encryption (FHE) data protection platform, raised a $5.5M Seed from Fusion Fund. (more)
Evo Security, a United States-based managed identity and access management platform for MSSPs, raised a $5.4M Venture Round. (more)
Bleach Cyber, a United States-based cybersecurity assessment and program maturity platform, raised a $2.0M Pre-Seed from Acadian Capital Ventures. (more)
CyWreck, a Singapore-based professional services firm focused on threat modeling and application security, raised a $2.0M Pre-Seed round.
Internxt, a Spain-based secure file storage and sharing platform, raised a $1.5M Grant from the Centre for the Development of Industrial Technology (CDTI). (more)
Treacle Technologies, an India-based professional services firm focused on deception technologies and IT/OT security consulting, raised a $478.8K Pre-Seed from Inflection Point Ventures. (more)
ShelterZoom, a United States-based secure file storage and sharing platform, raised a $281.7K Venture Round. (more)
🌎 Funding By Country
$1.1B for the United States across 10 deals
$51.0M for Taiwan across 1 deal
$7.0M for Israel across 1 deal
$2.0M for Singapore across 1 deal
$1.5M for Spain across 1 deal
$478.8K for India across 1 deal
🤝 Mergers & Acquisitions
Synopsys Software Integrity, a division of Synopsys and a United States-based application security testing platform, will be divested and acquired by Clearlake Capital Group for $2.1B. (more)
Noname Security, a United States-based API security platform, was acquired by Akamai Technologies for $450.0M. (more) (the second API Security acquisition by Akamai, with Neosec being the first)
BioCatch, an Israel-based digital identity verification and fraud protection platform, was acquired by Permira for an undisclosed amount. (more)
LevelBlue, formerly AT&T CyberSecurity and a United States-based managed security services provider (MSSP), will divest from AT&T and become a standalone company. (more)
Madwolf Technologies, a United States-based managed security services provider (MSSP), was acquired by Network Coverage for an undisclosed amount. (more)
Vumetric, a Canada-based professional services firm focused on penetration testing, was acquired by TELUS for an undisclosed amount. (more)
📚 Great Reads
Inside the Network - Sid Trivedi, Mahendra Ramsinghani, and Ross Haleliuk launch a new podcast, Inside the Network. The first episode features Dmitri Alperovitch on building CrowdStrike and defending against nation-states.
*The Two-Headed SIEM Monster - Endpoint security vendors have joined cloud providers in recommending their SIEM. However, the downsides to detection engineering across multiple SIEMs haven't been widely discussed. Here’s what to consider before embracing a side SIEM.
How to Rapidly Progress your Cyber Security Career - Jacob Larsen wrote a post about some of the best career advice he's gotten over the years to advance his career with a few quotes from me in there. Very cool and meta!
When You Destroy the Tools of Creativity - Something different this week from one of my favorite vibe economists, Kyla Scanlon, and her take on why that latest Apple iPad ad had a visceral response for a lot of people.
*A message from our sponsor
🧪 Labs
Help us, AI, you are our only hope 🙏
1970s & 1980s: Our mission is to achieve deterministic security and deductive, proof-based certainty of that security in our systems.
2010s & 2020s: Our hope rests in stopping laypeople from clicking on things on the thing-clicking machine.
— Kelly Shortridge (@swagitda_)
3:07 PM • Oct 21, 2021
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Reply