- Return on Security
- Posts
- 💰 Security, Funded #180 - Mustard on the [Q4 Earnings] Beat
💰 Security, Funded #180 - Mustard on the [Q4 Earnings] Beat
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of February 3, 2025.
Mike Privette
February 10, 2025 • Reading Time: 10 minutes
Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with Dropzone AI, Palo Alto Networks, and Harmonic Security.
Hey there,
Hope you had a great weekend, and Happy Cyber Earnings Season to all those who celebrate! 🫡
The first batch of “pure play” cyber companies announced earnings last week, with another batch slated to go this week. The first few come on the heels of the major tech companies like Microsoft, Google, and Meta, which often gives us a glimpse into how the cyber market will play out.
In similar news, CrowdStrike's market cap valuation surpassed $100 billion last week, making it the second cybersecurity company to reach that level. Palo Alto Networks is the only other cyber company to hit that milestone (for now).
There’s a lot of other public market coverage this week, so be sure to hit the “Read Online” link to hop over to the blog version of this issue. 🫡
TOGETHER WITH
SOC Leaders & Analysts Trust Dropzone AI to Investigate Every Alert
Gartner Cool Vendor. RSA Finalist. Proven in production.
Analysts waste hours chasing alerts. SOC leaders struggle to scale. AI solutions often fall short, leaving teams overworked and real threats unchecked.
Dropzone AI is different. The AI SOC Analyst autonomously investigates every alert, reducing manual workload while ensuring no real threats go unnoticed. Faster investigations, fewer missed incidents, and a SOC that runs efficiently.
See Dropzone AI Investigate in Real Time.
Table of Contents
😎 Vibe Check
Where is your cybersecurity budget taking the biggest hit this year?Let me know in the comments how you're handling the cuts! |
Last issue’s vibe check:
What’s the one cybersecurity challenge that’s making your job harder right now?
🟩🟩🟩🟩🟩🟩 💰 Budget constraints (11)
🟨🟨🟨⬜️⬜️⬜️ ⏳ Too many alerts (5)
🟨🟨🟨🟨⬜️⬜️ 🚨 Leadership doesn’t take security seriously (9)
🟨🟨🟨🟨⬜️⬜️ 😰 Compliance drain resources (8)
33 Votes
We had quite the toxic combination of responses last week: budget constraints, leadership not taking security seriously, and compliance draining the life out of your programs. Adding onto this the continual pressure to leverage AI throughout all the other parts of the business, and you’ve got:
But make it “cyber”
This week’s poll attempts to dig into that a little bit more. If your budget got cut, what’s your team doing to compensate? Or, if your budget stayed intact, how did you pull that off?
💰 Market Summary
9 companies from 4 countries raised $247.4M across 8 unique product categories
3 companies were acquired or had a merger event across 3 unique product categories
100% of funding went to product-based cybersecurity companies
5 public cyber companies had an earnings report
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between the end of 2023 and the start of 2024 and 2025.
Big money, no whammy! With the sixth week of 2025 down, the cybersecurity industry has already raised more than $1 billion in funding across the world. As a point of reference, both 2024 and 2023 hit this same milestone a week earlier. 👀
M&As started 2025 strong, with the current year-to-date total outpacing 2024 over the same timeframe. I feel we’re just getting warmed up for this year as well and expect to see an even healthier acquisition market.
TOGETHER WITH
Symphony 2025 | Palo Alto Networks’ Ultimate Cybersecurity Transformation Event
Undermine Adversaries. Unleash SecOps.
Symphony 2025 gives you the inside track on staying ahead of adversaries, conquering the cloud, unlocking SOC transformation, and more. Don’t miss your VIP pass to the future of security innovation, packed with exclusive insights, live demos, and stories from the pros.
☎️ Earnings Reports
Cyber Market Movers
As of markets close on February 7th, 2025
Earnings reports from last week: Fortinet, Juniper Networks, Tenable, Varonis Systems, and Qualys
Fortinet (FTNT)
Fortinet reported strong Q4 2024 results, with a 17% increase in revenue and a 32% in ARR. This growth was driven by increased demand for its Secure Access Service Edge (SASE) and the acquisition of Perception Point.
Despite strong results, Fortinet gave cautious guidance for 2025, citing potential macroeconomic challenges and tariff impacts. Fortinet was one of the only companies to cite tariff pressures. The company still deals heavily in physical hardware, with nearly half of its revenue coming from North and South America. The remaining half is 80% EMEA and 20% APAC.
Uncertainty aside, Fortinet’s stock still ripped (as it did most of 2024) nearly 10%.
Juniper Networks (JNPR)
Juniper Networks didn’t have a live earnings call, but it did produce a year-end report with all its financial data. Juniper Networks saw a slight decline in net income, dropping from $310.2 million in 2023 to $287.9 million in 2024. Juniper cited the challenging market conditions it faced in 2024 as the reason for the decline in income.
Despite this, the company showed strong cash flow from operations, reaching $788.1 million, driven by operational efficiencies. The stock stayed roughly flat after the earnings call but was up for the week.
Also, as I reported in last week's issue, HPE’s acquisition of Juniper Networks is currently being challenged by the United States Department of Justice. Juniper Networks is really in stock price and shareholder preservation mode as they wait out what will happen here.
Tenable (TENB)
Tenable reported strong Q4 2024 results, beating all of its expected metrics. Revenue grew 11% year over year, driven by strong demand for exposure management, cloud security (which doubled year over year), and its consolidated platform with displacing competitors.
Tenable cited the recent acquisition of Vulcan Cyber to enhance its data integration and remediation capabilities, which also bolstered sales. Tenable also cited a more cautious outlook for U.S. Federal sales due to the transition of a new administration. The stock dropped 15% after the earnings call was released.
On a special note, this was Tenable's first earnings call since CEO Amit Yoran passed away. Tenable created a thoughtful separate site to remember Amit.
Varonis Systems (VRNS)
Varonis Systems reported strong financial results for Q4 2024 and showcased an 18% increase in ARR to $641.9 million. Varonis cited much of the success in 2024 to two factors:
Moving to a SaaS subscription model for their service offerings, given that they were primarily an “on-prem” kind of company.
Customers with deep partnerships with Microsoft wanted to avoid data breaches from AI-driven products like Microsoft 365 and Microsoft Copilot.
Varonis plans to complete the SaaS transition in 2025, which it says will unlock even more revenue. Even with strong Q4 2024 results, Varonis showed possibly too much caution. and predicted a “flat net new ARR” to start the year (the same thing it did last year). Investors didn’t like this weak guidance, and its stock fell more than 10% last week.
Qualys (QLYS)
Qualys showed strong performance in 2024, hitting a 10% increase in revenue to $607.6 million. Qualys accounted for this from increased demand for its risk management and cloud security platform, more partner-driven sales, and more US Federal sales.
Two challenges for Qualys include the departure of CRO Dino DiMarino, which knocks down confidence in sales a bit, and weak forward-looking guidance for 2025 (a recurring theme across almost all cyber companies). The stock was down ~6% after the earnings call.
Macro Context:
Many cyber companies are trying to play it safe and conservative at the start of the year to temper investor expectations (this is not uncommon).
Major stock indices rallied slightly again last week, fueled by a fresh batch of quarterly earnings reports, but all ended the week lower.
The Bank of England cut interest rates again last week down to 4.5%, marking the third rate cut since August 2024. The bank also lowered its forecast for UK economic growth, which is already far behind the US.
Earning reports to watch this coming week:
CyberArk, Palo Alto Networks, and Rapid7
🧩 Funding By Product Category
$103.5M for Application Security across 2 deals
$67.0M for Secure File Sharing across 1 deal
$36.0M for Security Operations across 1 deal
$30.0M for Security Awareness across 1 deal
$4.0M for Third-Party Risk Management (TPRM) across 1 deal
$3.2M for Attack Surface Management (ASM) across 1 deal
$2.7M for Continuous Threat Exposure Management (CTEM) across 1 deal
$1.0M for Security and Compliance Automation across 1 deal
🏢 Funding By Company
Product Companies:
Semgrep, a United States-based static code analysis application security tool, raised a $100.0M Series D from Menlo Ventures. (more)
FTAPI Software, a Germany-based secure data exchange for SMBs, raised a $67.0M Private Equity Round from Armira and Tikehau Capital. (more)
7AI, a United States-based platform focused on agentic AI-driven security operations tasks, raised a $36.0M Seed from CRV, Greylock, and Spark Capital. (more)
Riot, a United States-based security awareness platform focused on training employees about phishing and data breaches, raised a $30.0M Series B from Left Lane Capital. (more)
ZeroRisk.io, an Ireland-based third-party risk management (TPRM) platform, raised a $4.0M Pre-Seed from Elkstone Capital Partners. (more)
Invary, a United States-based runtime application security platform, raised a $3.5M Seed from SineWave Ventures. (more)
ThreatMate, a United States-based attack surface management (ASM) platform for SMBs, raised a $3.2M Seed from Founders Fund. (more)
Astra Security, a United States-based continuous threat exposure management (CTEM) platform, raised a $2.7M Venture Round from Emergent Ventures. (more)
PCI Checklist (ONLAYER Company), a Turkey-based security and compliance automation platform for PCI programs, raised a $1.0M Seed from Future Impact Fund and Tacirler Portfolio.
Service Companies:
N/A
🌎 Funding By Country
$175.4M for the United States across 6 deals
$67.0M for Germany across 1 deal
$4.0M for Ireland across 1 deal
$1.0M for Turkey across 1 deal
🤝 Mergers & Acquisitions
Product
DeepSurface Security Inc, a United States-based vulnerability and threat prioritization platform, was acquired by AttackIQ for an undisclosed amount. DeepSurface Security Inc had previously raised $5.5M in funding. (more)
Xeol, a United States-based software supply chain security platform, was acquired by HeroDevs for an undisclosed amount. Xeol had previously raised $3.1M in funding. (more)
Service
Cyberscope, a France-based professional services firm focused on smart contract auditing and blockchain vulnerability assessments, was acquired by TAC Security for an undisclosed amount. Cyberscope has not publicly disclosed any prior funding rounds. (more)
📚 Great Reads
Resilient Cyber w/ Mike Privette - 2024 Cyber Market Analysis Retrospective - I got together with my friend Chris Hughes to do a video recap of the State of the Cybersecurity Market 2024 report.
*One in ten AI prompts puts sensitive data at risk - In-depth, data-driven new report from the Harmonic Security research team, who analyzed prompts submitted into GenAI tools. Check out their findings.
The Rise of AI Hackbots - My friend Joseph Thacker gave a TED Talk on the evolution of AI hackbots and the role they may play in our not-so-distant future.
*A message from our sponsor
🧪 Labs
Don’t worry, it’s all priced in
it's already priced in, everything, all of it, past, present, future, the infinite expanse of the universe,
you're priced, i'm priced, we are all priced, in
— Kyla Scanlon (@kylascan)
11:22 PM • Mar 28, 2022
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Reply