💰 Security, Funded #173 - Resilience Flexes

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of December 2, 2024

Author

Mike Privette
December 09, 2024 • Reading Time: 12 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Vanta, DeleteMe, and Nudge Security.

Hey there,

I hope you had a great weekend!

I’ll be roaming around Black Hat Europe this week and BSides London on Saturday, so please stop me and say hello if you see me!

Just a heads up that this is the second to last newsletter issue in 2024! You’ll get one more regular issue next Monday (December 16th), and then I’ll take a break from the newsletter until the end of the year. During that time, I’ll be chugging eggnog with family and tacking on a winter bulk working on a few reports and collecting data, so be on the lookout for other content coming your way. (Probably will still do the eggnog thing, though 🥚 👀 )

Also, a shoutout to reader Sarah Kunst for launching a new global cybersecurity accelerator out of Cleo Capital. Very cool to see people from the RoS community doing big things! 👏 

Onward to this week’s issue.

TOGETHER WITH

Security trends: The State of Trust Report 2024

Key trends on security, compliance, & the future of trust

The data is in! The State of Trust Report 2024 from Vanta uncovers key trends in security, compliance, and the future of trust based on a survey of 2,500 business and IT leaders. The findings show that the security landscape has never been more challenging—with cybersecurity threats ranking as the #1 concern for businesses in 2024.

The insights also show that building good security is good business, with nearly half (48%) of respondents saying that good security practices drive customer trust for their business.

😎 Vibe Check

What’s the most critical skill for today’s cybersecurity professionals?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Where do you see the biggest gap in the cybersecurity talent pipeline?
🟩🟩🟩🟩🟩🟩 Entry-level positions (18)
🟨🟨🟨🟨⬜️⬜️ Mid-career professionals (12)
🟨🟨🟨🟨⬜️⬜️ Manager/director roles (15)
🟨🟨🟨⬜️⬜️⬜️ Executive-level roles (e.g., CISOs) (11)
🟨⬜️⬜️⬜️⬜️⬜️ AI will change this, so the construct is off (5)
61 Votes

I definitely expected to see more people vote for the AI option, but I think the distribution here makes sense. From a lack of jobs looking for entry-level people to that mid-career level of people who grow into become managers all the way up to a leadership void at the top, there are gaps all the way down.

Some of the top comments from last week:

Mid-career - “Definitely mid-levels. Entry levels tend to study a lot and work hard to get in, then I see mid levels just taking it slack and not working towards the upkeep of the studying.”

Manager/director - “Typically, technical security people don't want to become people managers. ”

💰 Market Summary

  • 11 companies raised $272.2M across 9 unique product categories in 3 countries

  • 5 companies were acquired or had a merger event across 4 unique product categories

  • 100% of funding went to product-based cybersecurity companies

  • 4 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Last week was another strong week of funding as we approach the final weeks of the year. The late-in-the-year Santa 🎅 funding rally looks like it might just be happening!

Different data, same story on the Santa rally for M&A activity. May all your deals close without hold up this holiday season. 🎄 🫡 

TOGETHER WITH

Exposed Executive Data Creates Risk

Get a trusted partner in removing sensitive PII anywhere on the Open Web

Executives and high-profile individuals face persistent risks and exposing more personal and professional information than needed only creates more opportunity for malicious actors. Have you been putting off preventative measures that help reduce these risks facing your team? Don’t wait until it’s too late.

DeleteMe helps teams continuously monitor the open web for instances of sensitive personal data like addresses, phone numbers, family members, and more - and removes them to the fullest extent possible, preventing threats from using them against you. Our team helps you save time and effort, delivering peace of mind to your team.

☎️ Earnings Reports

Cyber Market Movers

As of markets close on December 6, 2024.

Earnings reports from last week: Okta, Rubrik, SentinelOne, Zscaler

Okta (OKTA)

Okta reported strong Q3 results, with significant progress among large customers, especially in the public sector. Okta hoped to see more new logos from this quarter, and analysts acknowledged that there were fewer than expected, especially outside of the US in Europe. Okta said its main focus now is continued growth and will continue to invest in partnerships and product innovation.

Okta is in a very interesting position. During that call, there was an anecdote without a specific source cited that said something like 8 out of 10 breaches occur due to identity abuse. There was also an acknowledgment that identity is simply harder to change and get rid of, and this is something I have been talking about for a long time now. There’s no business interaction that doesn’t involve some form of identity, so that means that identity IS a business operation. There’s nothing else in cybersecurity like identity, which is why breaches, outages, and the like don’t move companies to change identity providers. There are no viable alternatives often, and the pain of change is far too great compared to another part of the cybersecurity stack.

Rubrik (RBRK)

Rubrik reported a very strong third quarter, surpassing $1 billion in ARR with 38% year-over-year growth. Total revenue for Q3 was $236 million, an increase of 43%, and subscription revenue reached $222 million, up 55% year-over-year. 🤯 Huge numbers all around.

As the cyber industry shifts from traditional back-ups to more robust data protection and recovery platforms, “resilience” could easily be the word of the year in the cybersecurity industry in 2024. In addition to this, data security posture management (DSPM) (Rubrik does this, too) is one of the fastest-growing sub-sectors in the cybersecurity industry, and it’s no wonder that Rubrik has been doing well.

Rubrik raised its outlook for fiscal year 2025, showing confidence in its continued growth in the resiliency sector and profitability improvements.

SentinelOne (S)

SentinelOne reported strong Q3 results, with revenue and ARR growth exceeding expectations. Revenue increased 28% to $211 million, and total ARR grew 29% to $860 million.

SentinelOne cited a focus on operational resilience (see above) as a tailwind for demand for its platform, as well as the July CrowdStrike outage, which caused some large customers to migrate platforms. As a result, SentinelOne raised its forward-looking guidance for the rest of the year, as this time of the year has been historically good for its pipeline and signing large customers.

Zscaler (ZS)

Zscaler reported a strong quarter, with revenue up 26% year-over-year to $628 million, bookings growth exceeding 30%, and 585 customers having over $1 million in ARR. 🤯 Zscaler also cited that it secures over 35% of Global 2000 and about 45% of the Fortune 500.

Zscaler’s growth was mainly driven by increased customer focus on zero trust and reducing reliance on traditional firewalls. This is the same playbook that Zscaler has been speed-running for at least the past two years, and given that their customer base has a large presence in the US public sector, there don't look like there are any signs of slowing down.

Macro Context:

  • The US labor market has shown signs of cooling off, with more job openings and fewer layoffs.

  • The US Federal Reserve Chair (my boy JPow) says the strength of the US economy gives the Fed the ability to take time on rate cuts.

  • It’s still too soon to know what the global economic impacts of the incoming Trump administration in January 2025 will be.

Earning reports to watch this coming week:

  • That’s all for the year, folks! I’ll pick this back up for the 2025 earnings season. 🫡 

🧩 Funding By Product Category

  • $150.0M for Web Application and API Protection (WAAP) across 1 deal

  • $60.0M for Hardware Security across 1 deal

  • $28.5M for Security Analytics across 1 deal

  • $10.0M for Data Privacy across 1 deal

  • $7.0M for Threat and Risk Prioritization across 1 deal

  • $5.9M for Fraud and Financial Crime Protection across 3 deals

  • $5.1M for Anti-Bot across 1 deal

  • $4.2M for Secure Remote Access across 1 deal

  • $1.5M for Security Information and Event Management (SIEM) across 1 deal

🏢 Funding By Company

Before anyone mentions the Upwind Security round being missing, that event was captured back in 💰 Security, Funded #169 - Pastels de Cyber. I report them as they come out 🫡 

🌎 Funding By Country

  • $266.6M for the United States across 9 deals

  • $5.1M for the United Kingdom across 1 deal

  • $472.1K for India across 1 deal

🤝 Mergers & Acquisitions

  • Adsigo, a Germany-based professional services firm focused on PCI compliance and security assessments, was acquired by Integrity360 for an undisclosed amount. Adsigo has not previously raised any funding from publicly available sources. (more)

  • Interpres Security, a United States-based threat-informed risk prioritization platform, was acquired by CyberProof for an undisclosed amount. Interpres Security had previously raised $8.5M in funding. (more)

  • Kyrus Tech, a United States-based professional services firm focused on reverse engineering and security operations, was acquired by SIXGEN for an undisclosed amount. Kyrus Tech has not previously raised any funding from publicly available sources. (more)

  • ThreatAdvice, a United States-based managed security services provider (MSSP), was acquired by Magna5 for an undisclosed amount. ThreatAdvice has not previously raised any funding from publicly available sources. (more)

  • Trillion Breach, a United Kingdom-based dark web threat intelligence platform from Crossword Cybersecurity, was acquired by BoxPhish for an undisclosed amount. Trillion Breach has not previously raised any funding from publicly available sources. (more)

📚 Great Reads

*A message from our sponsor

🧪 Labs

Always compute safely

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.