💰 Security, Funded #155 - Black Hat > Black Jack

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of July 29, 2024

Author

Mike Privette
August 05, 2024 • Reading Time: 13 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with ThreatLocker and Specops Software.

Hey there,

Happy Black Hat Week to all those who celebrate! If you’re out at the conference and see me gliding through the wreckage of Black Hat, please stop me to say hello!

This past week, there was a wealth of financial and economic signals that matter for cybersecurity and the broader tech industry. The US reported slowing job growth and increased unemployment, showing a classic sign of an impending recession and putting more pressure on the US Federal Reserve to “Do Something™️.” Meanwhile, the Bank of England cut rates for the first time since COVID-19, and Japan went fully into a bear market. 🐻 🔻 

Also, the cloud heavyweights Microsoft and Amazon had earnings calls that are worth talking about. Microsoft saw an impressive 15% gain in ARR up to $245 billion, with CEO Satya Nadella saying, “We continue to prioritize security above all else.” This has a double meaning for both the products they ship (which don’t seem to be going super well 👀 ) and the areas of focus for business growth (which are going well). Even still, Microsoft’s stock dropped. Amazon missed its Q2 revenue estimate even with strong cloud services growth, in large part driven by AI use cases. Amazon stock was also down ~7%.

Why mention the cloud service providers and the economic moves? Security, AI usage, and interest rates around the world are at the top of everyone’s mind. They continue to be a top priority for the biggest tech companies. Investors are anxiously waiting to see if AI is “working yet,” given the enormous capital investments. This focus has a significant downstream impact on the rest of the cybersecurity ecosystem. Observing what the Big Dogs 🐶 do is a great way to see what the rest of the cyber industry will have to do to stay relevant.

Another super interesting comment was that Microsoft pointed towards less-than-expected revenue thanks to European softness in non-AI consumption—meaning companies in Europe are using AI less than the rest of the Microsoft world. I’ve talked a bit about what’s at stake here with AI and the different approaches we are seeing around the world. It’s fascinating terrifying to watch things play out.

Onward to this week's issue.

TOGETHER WITH

Find foreign software on your devices with a free health report by ThreatLocker®

Allow what you need and block everything else, including ransomware

The White House has banned Kaspersky products across the U.S. over data access risks and alleged "backdoors." In response, ThreatLocker® is offering a free software health report to provide businesses insights into their IT environments and any malicious foreign software. This proactive measure offered by ThreatLocker® helps organizations assess and secure their devices, ensuring compliance and addressing security threats.

😎 Vibe Check

Are you at any of the BSides LV, Black Hat, or DEF CON events this week?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Why do you think the Wiz and Google deal fell apart?
🟩🟩🟩🟩🟩🟩 😤 Wiz knew it was stronger without Google (34)
🟨🟨🟨⬜️⬜️⬜️ 😩 The transaction was unlikely to go through (16)
🟨🟨⬜️⬜️⬜️⬜️ ☢️ Google didn't want to get involved with the Orca lawsuit (13)
🟨🟨⬜️⬜️⬜️⬜️ 🔮 Other (tell me) (13)
76 Votes

From last week’s vibe check, it looks like most people believed that Wiz was stronger without Google or that the transaction was unlikely to go through anyway. There were also a ton of comments about marketing ploys, hubris, and other fanciful market footwork by Wiz.

Given how often Google likes to kill things, even wildly useful and successful things like Google Domains, I wouldn’t have wanted to go the acquisition route if I were Wiz, either. In my opinion, I think the acquisition would have been good for Google from a positioning standpoint, just OK for Wiz (outside the payday!), but not great for customers.

Some of the top comments from last week:

“Wiz Stronger - It was a dumb idea for a cloud agnostic security solution to let itself get acquired by one of the primary cloud service providers. Do you really want to get your AWS or Azure security guidance from Google? Seems weird, right?”

“Other - the board wanted to sell but not the 4 co-founders, who are already millionaires from a previous sale to Microsoft. And why go to Google and be tied to their products/customers?”

“Other - Wiz trying to boost their perceived valuation”

💰 Market Summary

  • 10 companies raised $166.1M across 8 unique product categories in 2 countries

  • 4 companies were acquired or had a merger event across 4 unique product categories

  • 90% of funding went to product-based cybersecurity companies

  • 2 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

There was a noticeable difference on the funding front between this time last year and last week. Not only were there fewer deals pre-Black Hat this year, but the total funding is down about 60% compared to last year. However, given the year we’ve had already and how the year is pacing, I chalk this up to mostly just timing.

The same story, different data. 2024 has been small but mighty on the M&A front, and I expect that trend to continue into Black Hat week.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

Earnings reports this week: Varonis and Tenable

Varonis Systems (VRNS)

Varonis reported strong Q2 2024 results, with ARR growing 18% to $584.2 million year-to-date with Q2 total revenues at $130.3 million, up 13% year-over-year.

Key drivers for the strong quarter included the ongoing and successful transition from on-prem to SaaS subscriptions, a new managed detection and response offering, and the increased focus on data security as Gen AI touches every business in the world. As a result, Varionis raised its full-year ARR and free cash flow guidance, reflecting confidence in continued momentum.

Tenable (TENB)

Tenable reported mixed results for Q2 2024, with revenue up 13% year-over-year to $221.2 million, earnings beating expectations, and billings falling short. Key drivers included strong demand for its unified vulnerability management platform, strong federal market dynamics, and cloud security growth despite increased customer scrutiny of spending.

Tenable also didn’t miss the chance to kick a competitor when it was down by highlighting the importance of independent cybersecurity assessments following the recent CrowdStrike outage.

The mixed results led to its stock being down ~7% after hours.

As always, the public cyber company tracker shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more!

🧩 Funding By Product Category

  • $60.0M for Artificial Intelligence (AI) Security across 1 deal

  • $57.5M for Identity and Access Management (IAM) across 3 deals

  • $21.0M for Artificial Intelligence (AI) Governance across 1 deal

  • $20.0M for Software Supply Chain Security across 1 deal

  • $4.0M for Professional Services across 1 deal

  • $3.6M for Security and Compliance Automation across 1 deal

  • An undisclosed amount for No-Code Security across 1 deal

  • An undisclosed amount for Endpoint Detection and Response (EDR) across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $157.6M for the United States across 8 deals

  • $8.5M for Israel across 2 deals

🤝 Mergers & Acquisitions

  • aDolus Technology Inc., a Canada-based software supply chain security platform for operational technology (OT) and smart devices, was acquired by Exiger for an undisclosed amount. (more)

  • BlackSignal Technologies, a United States-based professional services firm focused on cyber-physical and national security services, was acquired by Parsons Corporation for an undisclosed amount. (more)

  • C-Net Systems, a United States-based managed security services provider (MSSP), was acquired by Secur-Serv for an undisclosed amount. (more)

  • SydeLabs, a United States-based automated red team testing platform for generative AI applications, was acquired by Protect AI for an undisclosed amount. (more)

📚 Great Reads

*A message from our sponsor

🧪 Labs

Some folks are just built different

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.