Return on Security
Posts
💰 Security, Funded #168 - I Vote For Cyber

💰 Security, Funded #168 - I Vote For Cyber

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of October 28, 2024

Mike Privette
November 04, 2024 • Reading Time: 14 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Nudge Security and Harmonic Security.

Hey there,

Hope you had a great weekend!

Potential interest rate cuts, a better-than-expected U.S. jobs report, a potential catastrophe U.S. Presidential Election, and more Big Tech earnings, oh my! Add on to this that nearly half of the S&P 500 reported earnings last week, and this is a tumultuous time for many. Whoever wins the election this week, Cyber still has my vote. 😎

None of that stopped a huge influx of cybersecurity investments last week, however. and one of the busiest weeks we’ve seen this year. Hold on to your shorts because this issue is a packed one!

You might as well go ahead and hit the “Read Online” link because it will definitely get clipped.

_{TOGETHER WITH}

How GLAAD protects SaaS identities and sensitive data with Nudge Security

When the team at GLAAD deployed Nudge Security, they were blown away by the immediate visibility it provided into SaaS they hadn’t known about.

With this visibility, they were able to achieve quick wins, including:

4-5 hours reclaimed per day in manual effort
90% reduction in offboarding time, with more complete results
11 previously-unknown GenAI tools discovered
Continuous SaaS security monitoring and breach alerts
SaaS identity governance for a high-risk remote workforce

_{Partner With Us}

😎 Vibe Check
Market Summary
📸 YoY Snapshot
☎️ Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
📚 Great Reads
🧪 Labs

😎 Vibe Check

How much of a compliance audit should be offloaded to AI?

A similar play to last week, but with higher stakes...

Last issue’s vibe check:
How much of a third-party security questionnaire should be offloaded to AI?
🟨🟨⬜️⬜️⬜️⬜️ None - Keep things pure (5)
🟨🟨🟨🟨⬜️⬜️ A little - Use it sparingly (10)
🟩🟩🟩🟩🟩🟩 A lot - Use it for big portions (14)
🟨🟨🟨🟨🟨⬜️ All - Heck it, no one reads these things anyhow (12)
41 Votes

Last week, 63% of people who responded to the vibe check said that AI should be used to complete third-party security questionnaires either heavily or completely. To me, this makes a lot of sense and is a use case that AI is already very strong at (making sense of large sets of text). Of course, you still need to spot-check what results come out since AI can still make up answers.

Some of the top comments from last week:

A lot - “If you have standards use AI to go through all the routine questions and hit yes no. Then use the AI to flag the areas they can't answer. Reduce the time.”

💰 Market Summary

22 companies raised $448.0M across 20 unique product categories in 7 countries
3 companies were acquired or had a merger event across 3 unique product categories
91% of funding went to product-based cybersecurity companies
3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

It was one of the busiest weeks of the year so far last week on the transaction front. I imagine many companies are trying to sandwich announcements around the U.S. Presidential Elections so their news doesn’t get lost in the political sauce.

M&A activity continues at its lackluster pace overall on the volume front for this year. However, from the dollar amount side of things, 2024 has surpassed 2023 at $40.7 billion from publicly available data.

_{Partner With Us}

☎️ Earnings Reports

Cyber Market Movers

As of markets close on November 1, 2024

Earnings reports from last week: Check Point, Tenable, Varonis

Check Point (CHKP)

Check Point had a strong third quarter with a 7% increase in revenue to $635 million and a 5% rise in net income to $225 million. Growth was driven by strong demand for the Infinity platform and Harmony Email, along with the strategic acquisition of Cyberint.

Billings got pushed a bit from Q3 to Q4, mainly in Europe where the economy is struggling, Check Point thinks that future billings will be positive. On the contrary, the U.S. market was showing strong demand growth, especially in the SASE space. Analysts expressed cautious optimism, acknowledging Check Point's strong performance but probing for more aggressive growth strategies.

Tenable (TENB)

Tenable reported a strong Q3 2024 with better-than-expected revenue and earnings, driven by high demand for Tenable One. The company experienced significant growth in exposure management, a very hot sector this year, which now makes up over 50% of new sales. It was also a strong quarter in U.S. Federal sales, which is typical for this time of year.

Despite longer sales cycles and scrutiny in new business, particularly for large VM deals, Tenable said its sales pipeline remains robust. The company also announced a $200 million increase in its share buyback program, reflecting confidence in its growth trajectory and operational efficiency.

Varonis (VRNS)

Varonis had a robust third quarter with an 18% increase in ARR to $610 million, driven by strong SaaS platform adoption and its Managed Data Detection and Response (MDDR) offerings. Varonis has seemingly come out of nowhere, with businesses rushing to solve data security concerns amid growing generative AI usage in enterprises.

Contrary to Tenable, Varonis said it underperformed in the U.S. Federal segment. Even still, it remains optimistic about the future and positive cash flow trends. Analysts appreciated the strong ARR growth and free cash flow and were optimistic about Gen AI use cases but still wanted to see more concrete numbers.

Macro Context:

All the major indexes worldwide got pulled down as Big Tech earnings season continued with Amazon and Meta. Despite still growing quarter over quarter, analysts were disheartened that Q4 predictions were flat or slightly below expectations. A global selloff ensued.
No matter who wins the US Presidential Election this week, expect markets to go totally nuts!

Earning reports to watch this coming week:

Fortinet, Qualys, Rapid7

🧩 Funding By Product Category

The Top 10

$200.0M for Internet of Things (IoT) Security across 1 deal
$50.0M for Bug Bounty across 1 deal
$38.0M for No-Code Security across 1 deal
$35.0M for Threat Intelligence across 1 deal
$32.0M for Artificial Intelligence (AI) Governance across 1 deal
$25.0M for Quantum Security across 1 deal
$25.0M for Distributed Ledger Technology (DLT) Security across 1 deal
$15.0M for Security Analytics across 1 deal
$13.2M for Data Loss Prevention (DLP) across 2 deals
$5.0M for Secure Communications across 1 deal
$4.3M for Identity Verification across 1 deal
$3.3M for Security Orchestration and Automated Response (SOAR) across 1 deal
$2.2M for Managed Security Services Provider (MSSP) across 2 deals
An undisclosed amount for Threat Informed Defense (TID) across 1 deal
An undisclosed amount for Threat Detection and Response (TDR) across 1 deal
An undisclosed amount for Secure Remote Access across 1 deal
An undisclosed amount for Secrets Management across 1 deal
An undisclosed amount for Remote Browser Isolation across 1 deal
An undisclosed amount for Passwordless Authentication across 1 deal
An undisclosed amount for Attack Surface Management (ASM) across 1 deal

🏢 Funding By Company

Armis Security, a United States-based agentless IoT security platform, raised a $200.0M Series D from General Catalyst and Alkeon Capital Management. (more)
Bugcrowd, a United States-based crowdsourced application security and bug bounty platform, raised a $50.0M Venture Round from Silicon Valley Bank. (more)
Zenity, an Israel-based governance and security platform for low-code/no-code applications, raised a $38.0M Series B from DTCP and Third Point Ventures. (more)
Filigran, a France-based cyber threat intelligence platform, raised a $35.0M Series B from Insight Partners. (more)
Noma, an Israel-based data and AI pipeline security platform, raised a $32.0M Series A from Ballistic Ventures. (more)
Nillion, a Switzerland-based decentralized secure storage platform for distributed ledger applications, raised a $25.0M Venture Round from Hack VC. (more)
SandboxAQ, a United States-based post-quantum cryptography (PQC) security platform, was awarded a $25.0M Grant from the Michael J. Fox Foundation. (more)
Abstract Security, a United States-based security analytics and operations platform, raised a $15.0M Series A from Munich Re Ventures. (more)
MIND, a United States-based data loss prevention platform focused on securing data for AI applications, raised a $11.0M Seed from YL Ventures. (more)
RiPSIM Technologies, a United States-based secure software-defined cellular network platform, raised a $5.0M Seed from Ten Eleven Ventures. (more)
Hopae, a United States-based decentralized identity and verification service, raised a $4.3M Seed from SV Investment Corp. (more)
ContraForce, a United States-based security services delivery platform (SSDP), raised a $3.3M Seed from GALLOS Technologies and DataTribe. (more)
Polymer, a United States-based no-code data governance and loss prevention platform for AI applications, raised a $2.2M Venture Round. (more)
Cybaverse, a United Kingdom-based managed security services provider (MSSP), raised a $1.4M Seed from The FSE Group and Haatch. (more)
FAT32, a United Kingdom-based managed security services provider (MSSP) focused on automated compliance, raised a $810.2K Pre-Seed from Northstar Ventures. (more)
Akeyless Security, an Israel-based secrets management platform, raised an undisclosed Venture Round from Deutsche Venture Capital. (more)
Detectify, a Sweden-based attack surface management (ASM) platform, raised an undisclosed Venture Round from Insight Partners. (more)
Island, a United States-based secure remote browser isolation platform, raised an undisclosed Series D from Coatue and Sequoia Capital. (more)
Nebula iXDR, an India-based threat detection and response platform, raised an undisclosed Seed round.
Secret Double Octopus, an Israel-based passwordless authentication platform, raised an undisclosed Series C from SBI Japan-Israel Innovation Fund. (more)
TerraZone, an Israel-based secure remote access and microsegementation platform, raised an undisclosed Corporate Round from World Health Energy Holdings. (more)
Tidal Cyber, a United States-based threat-informed defense (TID) platform, raised an undisclosed Venture Round from USAA. (more)

🌎 Funding By Country

$315.8M for the United States across 11 deals
$70.0M for Israel across 5 deals
$35.0M for France across 1 deal
$25.0M for Switzerland across 1 deal
$2.2M for the United Kingdom across 2 deals
An undisclosed amount for Sweden across 1 deal
An undisclosed amount for India across 1 deal

🤝 Mergers & Acquisitions

Normalyze, a United States-based cloud data identification and data posture security platform, was acquired by Proofpoint for an undisclosed amount. (more) (This marks the 8th DSPM acquisition since 2023! 🤯)
SaaS Alerts, a United States-based SaaS security posture management (SSPM) platform, was acquired by Kaseya for an undisclosed amount. (more)
Vertical Structure, a Northern Ireland-based professional services firm focused on penetration testing and compliance, was acquired by Instil Software for an undisclosed amount. (more)

📚 Great Reads

An Open Letter to the ISC2 Board - An open letter to the ISC^2 board of directors on what the author claims is materially misleading around unfilled jobs in the cybersecurity industry. This is a spicy but growing observation from people who are tired of seeing inflated numbers tossed around by certification bodies without backing.
*GenAI Usage Policy Generator (free) - GenAI is here, and your employees are using it. Ensure responsible AI usage with a tailored policy. Harmonic Security offers a free policy generator as a starting point.
The Real Story Behind AI Security Incidents - Caleb Sima analyzes 243 documented AI security incidents/issues between 2015 and 2024 and reveals a surprising truth: most of these aren’t AI-specific attacks at all. They’re conventional security failures that just happen to affect companies and software working with AI.

_{*A message from our sponsor}

🧪 Labs

A rare CEO-level troll in the wild - But, it’s still probably DNS…

Thanks for being a reader, Joe!

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.