💰 Security, Funded #169 - Pastels de Cyber

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of November 4, 2024

Author

Mike Privette
November 12, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Nudge Security.

Hey there,

I hope you had a great weekend and a long one if you’re tuning in from the U.S.! It was a wild week in the U.S. as the 2024 presidential elections concluded, public markets ripping upwards to hit new highs, and another interest rate cut from my man JPow.

This week’s issue is coming to you live and direct from Portugal where I’m attending Web Summit. With over 70,000 attendees (that’s almost two RSAs 🤯), it’s the largest tech conference in Europe, and possibly the whole world. It’s my first time attending this conference, but I like to follow what the broader tech industry is doing, so I gave it a go.

Why, you ask? It’s because what the tech industry achieves today, the cybersecurity industry needs to secure tomorrow (yeah, I know earlier is better, but you get what I’m saying). With so much happening in AI, robotics, and enterprise software in general, it’s challenging to keep up with, but I’m trying to observe trends and patterns that the security industry needs to meet head-on. I’m not the only one who thinks like this either, as there’s also a good representation of cyber companies out here.

Plus, it was a good reason to visit Portugal and the food is 🧑‍🍳 🤌 🔥 so I had to come through.

TOGETHER WITH

How GLAAD protects SaaS identities and sensitive data with Nudge Security

When the team at GLAAD deployed Nudge Security, they were blown away by the immediate visibility it provided into SaaS they hadn’t known about.

With this visibility, they were able to achieve quick wins, including:

  • 4-5 hours reclaimed per day in manual effort

  • 90% reduction in offboarding time, with more complete results

  • 11 previously-unknown GenAI tools discovered

  • Continuous SaaS security monitoring and breach alerts

  • SaaS identity governance for a high-risk remote workforce

😎 Vibe Check

Should the CISO or security leaders be driving security programs with AI?

It’s vague on purpose, give me your reasoning!

Login or Subscribe to participate in polls.

Last issue’s vibe check:
How much of a compliance audit should be offloaded to AI?
🟨⬜️⬜️⬜️⬜️⬜️ None - Keep things pure (6)
🟩🟩🟩🟩🟩🟩 A little - Use it sparingly (18)
🟨🟨🟨🟨⬜️⬜️ A lot - Use it for big portions (14)
🟨🟨🟨🟨⬜️⬜️ All - Heck it, no one reads those final reports anyhow (13)
51 Votes

53% of the people who responded to last week’s vibe check think that AI should be used to offload compliance audit work either mostly or all the way. I have to say that I agree with this assessment, as this kind of work is point-in-time and is largely a paperwork exercise. It’s still a very important paperwork exercise that has to be completed, and it can really help your program play catch up if you have gaps.

Some of the top comments from last week:

All - “This is one of the best opportunities for AI in cybersecurity. The work is low stakes: no one gets breached if AI gets it wrong. The work has to get done, but as humans, this is our least favorite kind of work: repetitive, meaningless, and long hours.”

A lot - “The biggest challenge most entities have when dealing with compliance is understanding if what they've done meets the compliance control, its intent, and whether there are compensating mechanisms in place. Information discovery is time-consuming, sifting through all that information and matching it up to a compliance regime to determine what is broadly missing or lacking in content would be a huge use case for AI use.”

💰 Market Summary

  • 6 companies raised $109.3M across 6 unique product categories in 4 countries

  • 8 companies were acquired or had a merger event across 7 unique product categories

  • 100% of funding went to product-based cybersecurity companies

  • 3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

It was an expectedly quiet week post-US elections (save for one bombshell). With that out of the way, transactions can start flowing again on an already impressive year. 🌊 

For the first time (at least that I can remember), M&A activity was higher than fundraising activity. With a lot more variety than the standard of one service-based business buying another service-based business. We are approaching the end of the year firesales, so there could be a good year-end consolidation push.

☎️ Earnings Reports

Cyber Market Movers

As of markets close on November 8, 2024

Earnings reports from last week: Fortinet, Qualys, Rapid7

Fortinet (FTNT)

Fortinet reported strong Q3 2024 results, hitting 13% revenue growth from significant growth in its Security Operations, strong virtual firewall demand, Secure Access Service Edge (SASE), and services offerings. Fortinet also cited that its acquisition of Lacework is finally starting to pay off in terms of expanded market opportunities.

Analysts showed cautious optimism, appreciating Fortinet's strong execution but expressing concerns about the reliance on large deals and competitive pressures.

Qualys (QLYS)

Qualys reported OK third-quarter performance, with revenue growing by 8%, driven by significant wins in the U.S. federal sector and stronger international revenue growth.

Despite macroeconomic challenges, Qualys maintained a strong net retention rate (NRR), meaning customers paid and stayed, and expanded its channel partnerships. Investors were cautiously optimistic about Qualys’ performance, but given that they are in a highly competitive segment of Threat & Vulnerability Management (TVM) and the expanded Continuous Threat Exposure Management (CTEM), they have really steep competition.

Rapid7 (RPD)

Rapid7 reported less-than-stellar Q3 performance, with revenue only growing 6% from the previous year. Revenue and operating income growth in Q3 was mainly driven by customer demand for more professional and managed detection and response (MDR) support.

In general, investors don’t like hearing that service revenue is growing faster than product revenue at a product company. Services are “too lumpy” and not consistent, like product revenue from a SaaS or subscription model. It’s one of the main reasons that VCs historically haven’t invested in private services companies. However, I do expect this model to be seriously challenged in the next 12-24 months as AI has pushed the threshold of what is possible with “software AND services” instead of one vs. the other.

Macro Context:

  • U.S. markets and the USD ripped last week on the news of Trump winning the U.S. Presidential Election.

  • Markets also celebrated the expected interest rate cut from the U.S. Federal Reserve and the resolve of the chairmen on how the election result won’t affect his position.

Earning reports to watch this coming week:

  • CyberArk

🧩 Funding By Product Category

  • $100.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

  • $6.0M for Security Operations across 1 deal

  • $2.5M for Application Security Posture Management (ASPM) across 1 deal

  • $780.0K for Data Protection across 1 deal

  • An undisclosed amount for Threat Intelligence across 1 deal

  • An undisclosed amount for Security Services Delivery Platform (SSDP) across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $100.0M for Israel across 1 deal

  • $8.5M for the United States across 2 deals

  • $780.0K for India across 1 deal

  • An undisclosed amount for the United Kingdom across 2 deals

🤝 Mergers & Acquisitions

📚 Great Reads

  • AI and Security - While securing AI is necessary and will remain relevant, it faces constraints that make it a smaller market compared to using AI to address traditional security challenges in the near term.

  • 5 cybersecurity Issues at Stake from the US Election - Cynthia Brumfield discusses the potential impact of the upcoming US presidential election on cybersecurity, focusing on issues like Russia as a digital adversary, the enforcement of cyber regulations, the future of CISA, and the possibility of a US Cyber Force.

*A message from our sponsor

🧪 Labs

This sums up how I ended my week last week

I think it worked, but let me know!

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.