Return on Security
Posts
💰 Security, Funded #156 - Cyber Earnings Szn

💰 Security, Funded #156 - Cyber Earnings Szn

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of August 5, 2024

Mike Privette
August 12, 2024 • Reading Time: 10 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Material Security and Outpost24.

Hey there,

If you attended Hacker Summer Camp with Black Hat and DEF CON last week, I hope you had fun! My apologies to everyone I didn’t get the chance to talk with, and I hope to see you at the next event!

It was also a really great and surreal experience to moderate my first panel at Black Hat. A big thank you and shoutout go to Jon Sakoda, Ross Haleliuk, and Kaiti Delaney for being on the panel and making the conversation so engaging.

Black Hat Innovators & Investors Summit

Thank you to everyone who came up and said they enjoyed the newsletter! That kind of stuff really helps me keep grinding 😤 👊

Also, you know The Security Newsletter Mafia ™️ had to flex and have a strong showing at Black Hat 💪 📰

Can we interest you in a newsletter?
@DanielMiessler@mikepsecuritee@clintgibler
— Matt Johansen (@mattjay)
1:09 AM • Aug 7, 2024

Onward to this week's issue.

_{TOGETHER WITH}

Get more out of your email security budget.

When every dollar counts, you want to make sure you make the most of what you get. You (hopefully) get funds for anti-phishing tools, but the threat landscape extends beyond the inbox.

With more sophisticated attack flavors at higher volumes than ever, email security must also encompass insider risk scenarios, account takeover protection, and data loss prevention.

See why Material Security is the preferred choice for organizations looking to protect more areas of their Microsoft 365 or Google Workspace footprint under a unified toolkit… and a single line item in the budget.

_Sponsor_or_Upgrade

😎 Vibe Check
Market Summary
📸 YoY Snapshot
🤙 Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
Great Reads
🧪 Labs

😎 Vibe Check

One year ago this week after a conversation at Black Hat, I decided to start doing the Vibe Check in the newsletter. This has been both a really fun and really interesting section each week, but I want to make sure it still vibes.

Are you still vibing the Vibe Check section?

If you have questions you want me to ask, send them my way, and I’ll see how I can work them in!

Last issue’s vibe check:
Are you at any of the BSides LV, Black Hat, or DEF CON events this week?
🟩🟩🟩🟩🟩🟩 ✅ Yes (tell me which ones) (27)
🟨⬜️⬜️⬜️⬜️⬜️ ❌ Not this year (tell me what you're doing instead) (8)
35 Votes

Out of the people who voted last week, most were at least going to Black Hat and DEF CON.

Some of the top comments from last week:

“Not this year - I’ll be in the office wishing I was at BSides LV and Defcon”

“Not this year - I red-teamed our company's unlimited PTO policy and just got back from an 8-week vacation” 🫡

💰 Market Summary

5 companies raised $290.6M across 5 unique product categories in 2 countries
5 companies were acquired or had a merger event across 5 unique product categories
100% of funding went to product-based cybersecurity companies
4 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Last week's funding announcements were small but mighty. While there were fewer transactions overall, one massive deal brought the average way up (details below). Black Hat is typically more heavy on product and partnership announcements than funding announcements.

M&A activity was stronger, however, continuing at a healthy clip with some bigger names at later-stages. I expect M&A to continue on its upward trajectory through the rest of Q3 and Q4.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

Earnings reports this week: CyberArk, Fortinet, Qualys, and Rapid7

CyberArk (CYBR)

CyberArk reported a strong second quarter for 2024, beating expectations with a 28% YoY revenue growth to $224.7 million and a 33% increase in total ARR to $868 million. Key drivers for its performance include strong subscription billing growth, strategic customer acquisitions, and strong international growth in EMEA and APACJ.

CyberArk highlighted the acquisition of Venafi, which is geared towards improving its machine identity or “Non-human identity (NHI)” capabilities. CyberArk raised its full-year guidance, showing strong confidence in the identity industry and its overall position.

NHI was also a recurring theme at Black Hat this year. While NHI appears to be just “secrets management” with new marketing, the drive to secure these identities and secrets is stronger than ever.

Fortinet (FTNT)

Fortinet had a strong year, beating expectations and growing revenue by 11%. Momentum comes, in part, from significant acquisitions (more below), adding 6,300 new customers (!), and a big uptick in service revenue.

According to the CEO, 70% of Fortinet's business is international, which could be correlated to the same international growth that CyberArk reported.

Fortinet remains optimistic about future growth, especially in the firewall market, which it believes is expected to recover in 2025. I’m no vulnerability expert, but this is interesting coming from a firewall company that has had 50+ CVEs related to its products this year. 🤔 Even still, the stock continues upwards.

Qualys (QLYS)

Qualys's earnings report was mixed. While revenue grew by 8% to $148.7 million, driven by strong international and federal sector demand with increased channel contributions, it had trouble landing and expanding with customers and lost its Chief Product Officer.

Qualys also cited a tougher macroeconomic climate, and its stock has been down ~5% since.

Rapid7 (RPD)

Rapid7 had a solid second quarter, hitting a 9% increase in ARR to $816 million with a 19% increase in international sales. Rapid7 cites its growth for strong demand for its unified threat platform offerings, which contributed over 40% of new ARR.

Rapid7 mentioned a challenging macro environment but maintained its full-year guidance, and its stock was up ~9%.

As always, the public cyber company tracker shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more!

_Sponsor_or_Upgrade

🧩 Funding By Product Category

$250.0M for Email Security across 1 deal
$25.0M for Confidential Computing across 1 deal
$12.8M for Artificial Intelligence (AI) Security across 1 deal
$1.5M for Cyber Risk Quantification across 1 deal
$1.4M for Fraud and Financial Crime Protection across 1 deal

🏢 Funding By Company

Abnormal Security, a United States-based email security company, raised a $250.0M Series D from Wellington Management. (more)
Anjuna, a United States-based confidential computing platform, raised a $25.0M Series B from M Ventures. (more)
Aurascape, a United States-based security posture management platform for AI applications and workloads, raised a $12.8M Seed from Mayfield Fund. (more)
Inscora, a Canada-based cyber risk assessment platform for cyber insurance brokers, raised a $1.5M Pre-Seed from Luge Capital. (more)
Scamnetic, a United States-based platform for detecting AI-based fraud and scam threats, raised a $1.4M Pre-Seed from Roo Partners, Ruxton Ventures, and SaaS Ventures. (more)

🌎 Funding By Country

$289.2M for the United States across 4 deals
$1.5M for Canada across 1 deal

🤝 Mergers & Acquisitions

Acronis, a Switzerland-based company that solves safety, accessibility, privacy, authenticity, and security (SAPAS) challenges, was acquired by EQT for an undisclosed amount. (more)
Fortress SRM, a United States-based managed security services provider (MSSP), was acquired by Fulcrum IT Partners for an undisclosed amount. (more)
InQuest, a United States-based file-based malware analysis platform, was acquired by OPSWAT for an undisclosed amount. (more)
Next DLP, a United Kingdom-based insider risk and data loss prevention platform, was acquired by Fortinet for an undisclosed amount. (more)
Phx-IT, a United States-based professional services firm focused on cyber incident response, was acquired by Dataprise for an undisclosed amount. (more)

📚 Great Reads

BlackHat Innovators & Investors Recap - Quick hits and notes by Darwin Salazar from this year's Black Hat Innovators & Investors summit.
*49% of unauthorized access attempts involve stolen credentials - Have your organization’s credentials been involved in a breach? Discover methods for managing the threat of compromised credentials and explore tools to help you take a proactive approach to cybersecurity
Europe Has US Tech in Its Sights. It Might Miss. - The architect of the EU's AI policy now thinks Europe's AI rules may only strengthen U.S. competitors. The window to innovate instead of regulate is closing rapidly. I hate to say that I called this, but I called it a while ago.
CrowdStrike accepts the Pwnie Award for Most Epic Fail in person - When your failure is so massive and public, the best course of action is simply to own it. The Pwnie Awards recognize some of the most outstanding achievements in technology security over the past year—as well as the greatest failures.

_{*A message from our sponsor}

🧪 Labs

It really be like that sometimes 🤔

— Tom🌶\(^-^)/🌶 infosec.exchange/@tomlawrence (@TomLawrenceTech)
11:10 PM • Aug 1, 2024

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.