💰 Security, Funded #160 - Soft(ish) Landing

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of September 2, 2024

Author

Mike Privette
September 09, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with ThreatLocker and Nudge Security.

Hey there,

I hope you had a great weekend!

Last week, the US experienced a few ups and downs as new jobs reports came out. The current US Treasury Secretary, Janet Yellen, said that she sees the economy as having made the coveted “soft landing” (basically a light recession without too much loss of wage growth); however, she noted existential factors that still concern her outside the financial and banking systems. 

Can you guess the main factor? If you said “cybersecurity,” you would be right! Janet said that “cybersecurity is a huge and growing risk.” To me, that makes the cybersecurity industry so exciting, and is why I like covering it the way I do. Cybersecurity is so intertwined with how the world works, whether we like it or not, and you can’t fully talk about the economy without covering global relations and cybersecurity.

Onward to this week's issue.

TOGETHER WITH

Are You Confident in the Security of Your Remote and Hybrid Employees?

Zero Trust Endpoint Protection with 24/7/365 Cyber Hero® Support

A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks.

To learn how you can secure your company's workforce, get a free copy of ThreatLocker®'s latest whitepaper on how to secure remote workforces.

😎 Vibe Check

What's your biggest threat or risk you are focusing on now for your organization?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Are you using an "AI SOC" or AI copilot to support your security operations work today?
⬜️⬜️⬜️⬜️⬜️⬜️ ✅ Yes, it's the main driver of SecOps work (4)
🟨⬜️⬜️⬜️⬜️⬜️ 💡Yes, but only for certain workflows (8)
🟩🟩🟩🟩🟩🟩 ❌ Not yet (35)
47 Votes

Only ~25% of the people who responded to last week’s poll said they were using AI to support their security operations workflows, while the remaining 75% said no. I imagine this is a pretty good representation of the overall industry right now, and I bet the haves and have not can fit into some neatly defined buckets.

It’s interesting seeing this as we all know that businesses are trying to use AI with everything. I haven’t done a repeat vibe check yet, but this one might be worth repeating in 6 months to see if things have changed. 🧐

It doesn’t sound like it’s all roses anyhow, based on the top comment from last week:

“Yes - Honestly, I don't like it, because I don't have enough insight into why its triggering on things (how can I tell if this is a false-positive?). More importantly, I have no way to fix the system if it misses things (false negatives) without rebuilding from the ground up -- effectively undermining any potential benefits.”

💰 Market Summary

  • 8 companies raised $643.3M across 7 unique product categories in 4 countries

  • 7 companies were acquired or had a merger event for $1.9B across 5 unique product categories

  • 90% of funding went to services-based cybersecurity companies (A first in services over products!)

  • 1 public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Funding was strongly up last week after being bolstered by an unlikely source in the services arena. For the first time since tracking this data, services-based funding has outpaced product-based funding.

Acquisitions also rebounded strongly last week, with more than one service business buying another (the typical pattern in our industry). The industry is continuing to index on data protection and backup capabilities to sure up resiliency.

🤙 Earnings Reports

Cyber Market Movers

As of market close on September 6th, 2024

Earnings reports from last week: Zscaler

Zscaler (ZS)
Zscaler reported strong Q4 2024 results, with revenue growing 30% year-over-year and achieving a milestone of $1 billion (!!) in quarterly bookings. This growth came largely from customer adoption of zero-trust access, and data protection use cases for AI usage in the enterprise. As more enterprises embrace AI across all deployment models, it’s unsurprising that companies want more visibility, control, and guardrails on AI usage than ever.

Another interesting data point from the earnings call is that Zscaler cites 40% of Fortune 500 companies as customers and 35% of Global 2000. Big when true!

All sounds good, right? You’d think so, but the stock got clapped after the earnings report and was down ~17%. Zscaler’s 2025 guidance didn’t impress investors, and there is a shake-up in the sales and revenue organization to move to an account-centric sales model. This could affect both future operating margins and stock-based compensation.

Is the stock price drop really a logical reaction from investors? Yes and no. Two things that scare investors more than anything are lowering future guidance and changing how sales operate and get paid.

Macro Context:

  • The cybersecurity market and the broader tech-heavy S&P 500 index all saw red last week with a big sell-off.

  • This was partly due to NVIDIA’s performance (only doubled revenue this time 😩) and investor fears of waning demand for AI chips (I don’t think demand is anywhere near softening yet).

  • When you’ve got a tech giant as big as NVIDIA (they are basically the entire US economy this year), tech across the board takes a hit.

  • If one cyber stock takes a big hit, there is a good chance they all will when the drop is so stark. The opposite can also be true, too.

Earning reports to watch this coming week:

  • Rubrik (RBRK)

🧩 Funding By Product Category

  • $577.3M for Professional Services across 2 deals

  • $40.0M for Threat and Risk Prioritization across 1 deal

  • $16.0M for Security Operations across 1 deal

  • $9.0M for Artificial Intelligence (AI) Governance across 1 deal

  • $1.0M for Quantum Security across 1 deal

  • An undisclosed amount for Network Security across 1 deal

  • An undisclosed amount for Cybersecurity Education & Training across 1 deal

🏢 Funding By Company

  • CGI, a Canada-based professional services company focused on digital transformation, cloud, and cybersecurity services, raised a $552.0M post-IPO debt round.

  • Zafran Security, a United States-based threat and risk prioritization platform that uses your existing tool stack to show risks and mitigations, raised a $40.0M Venture Round from Sequoia Capital. (more)

  • ITC Federal, a United States-based professional services firm focused on advising national security clients on cloud and cybersecurity issues, raised a $25.0M Venture Round from Blue Delta Capital Partners. (more)

  • Hypernative, an Israel-based security operations platform for Web3 transactions and applications, raised a $16.0M Series A from Quantstamp. (more)

  • Acuvity, a United States-based visibility and governance platform for AI application usage in the enterprise, raised a $9.0M Seed from Foundation Capital. (more)

  • Ambit, a United States-based post-quantum data encryption and secure network connectivity platform, raised a $1.0M Private Equity Round from HEST. (more)

  • Secureflag, a United Kingdom-based secure coding training platform, raised an undisclosed Private Equity Round from Copilot Capital. (more)

  • threatER, a United States-based network security threat detection platform, raised a undisclosed Debt Financing from CIBC Innovation Banking. (more)

🌎 Funding By Country

  • $552.3M for Canada across 1 deal

  • $75.0M for the United States across 5 deals

  • $16.0M for Israel across 1 deal

  • An undisclosed amount for the United Kingdom across 1 deal

🤝 Mergers & Acquisitions

  • OwnBackup, a United States-based cloud data protection and backup system for companies using Salesforce., was acquired by Salesforce for $1.9B. (more)

  • Infodas, a Germany-based professional services firm focused on cyber threat assessments, was acquired by Airbus for an undisclosed amount. (more)

  • Novatech, a United States-based managed security services provider (MSSP), was acquired by Perpetual Capital Partners for an undisclosed amount. (more)

  • Pentest People, a United Kingdom-based professional services firm focused on penetration testing, was acquired by GRC Group for an undisclosed amount. (more)

  • SecAlliance, a United Kingdom-based professional services firm focused on creating and supporting cyber threat intelligence programs, was acquired by CSIS Security Group for an undisclosed amount. (more)

  • Syxsense, a United States-based endpoint management and security platform, was acquired by Absolute Software for an undisclosed amount. (more)

  • Venminder, a United States-based third-party risk management platform, was acquired by Ncontracts for an undisclosed amount. (more)

📚 Great Reads

  • The Silicon Empire - Chips, AI, and Security all go hand-in-hand now. That's why the story of TSMC's rise to dominance in the computer chip wars and Morris Chang's naming as the Godfather of Chips in Taiwan is so compelling.

  • *It’s time for a new SaaS shared responsibility model - With the rise of threat campaigns targeting SaaS instances, we need a shared responsibility model that includes employees as well as IT security teams.

  • Lifting the world out of the cybersecurity poverty - Why the "trickle-down" cybersecurity strategy is not enough, and what we as an industry need to do to solve the problem.

  • Magic Quadrant Madness - A Twitter (X) thread as old as time about the pay-to-play perceptions of using analyst firms like Gartner. As you might expect, there are some spicy opinions on this one!

*A message from our sponsor

🧪 Labs

“Only the finest for you, my dear.” 💅 

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.