💰 Security, Funded #181 - Billion Dollar Baby, Don't At Me

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of February 10, 2025.

Author

Mike Privette
February 18, 2025 • Reading Time: 13 minutes

Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with Yesh ID, Comp AI, and Palo Alto Networks.

Hey there,

I hope you had a great weekend and a longer holiday if you’re tuning in from the US.

It was a busy week of earnings reports, a ton of transactions, and even an IPO of a “pure play” cyber company (we are so back)!

With that, I’ll keep the intro short, and please hit that “Read Online” link to jump to the full blog post so you don’t miss a thing.

TOGETHER WITH

Enterprise IAM is Overkill. Try the IAM built for SMBs

Security, compliance, and access management for growing teams.

YeshID is built for growing teams that need security, compliance, and access management—without the complexity of enterprise IAM.

We automate onboarding, offboarding, and access reviews, giving small IT teams the tools to stay secure and compliant without the busy work. YeshID replaces spreadsheets with automated workflows, helps control Shadow IT, and keeps you audit-ready with detailed access logs.

Avoid the SSO tax and complicated setup and get security that just works.

😎 Vibe Check

What’s the biggest shift in your cybersecurity strategy this year?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Where is your cybersecurity budget taking the biggest hit this year?
🟨🟨🟨🟨⬜️⬜️ 🔧 Security tools (13)
🟨⬜️⬜️⬜️⬜️⬜️ 🎓 Training & certs (3)
🟨⬜️⬜️⬜️⬜️⬜️ 🛠 Third-party services (3)
🟩🟩🟩🟩🟩🟩 💼 Hiring & team growth (17)
36 Votes

Interesting results from last week! I expected hiring and team growth to be the number one thing on the chopping block since headcount is the most expensive resource for a company, along with commercial real estate. I had also hoped I wouldn’t see security tools being the second highest and that things had changed, but I was wrong.

It used to be that training budgets were always the first thing to be axed in security programs, but there was always more room for more tools and more people to manage them. Efficiency and maximizing usage of what you’ve already got in-house continue to be the name of the game in 2025.

Some of the top comments from last week’s vibe check:

Hiring - “Makes no sense but this is how it goes...There is money for other stuff and they say ‘it is not the same bucket.’ ”

💰 Market Summary

  • 15 companies from 4 countries raised $378.4M across 14 unique product categories

  • 7 companies were acquired or had a merger event for $425.0M across 6 unique product categories

  • 93% of funding went to product-based cybersecurity companies

  • 3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between the end of 2023 and the start of 2024 and 2025.

Funding continues with another impressive week. Two weeks ago, we crossed over $1 billion in total funding for the year. While slightly behind the pace of 2024, this year is still starting off very strongly.

M&As also continued rapidly for the year, continuing to outpace how 2024 started. We’ll keep tracking the pace to see how it compares to 2024 as the year goes on.

TOGETHER WITH

Comp AI - The Open Source Vanta/Drata Alternative

Get SOC 2, ISO 27001, and GDPR Compliant

Comp AI is developing the first open and transparent compliance automation platform to help 100,000 companies get compliant by 2032. Their approach is helping companies automate evidence collection, manage and track risks, and have full vendor oversight - without high upfront fees and lengthy sales calls.

Enterprise-grade compliance. Simplify compliance from day one - no drawn-out demos, no six-figure commitments.

Get immediate visibility into your compliance status.

☎️ Earnings Reports

Cyber Market Movers

As of markets close February 14, 2025.

Earnings reports from last week: CyberARk, Palo Alto Networks, and Rapid7

CyberArk (CYBR)

CyberArk delivered another strong quarter, with revenue growing 37% to reach $314.4 million. This success was driven by continued demand for human and non-human identity (NHI) security solutions and continued platform expansion. CyberArk also hit a significant milestone by surpassing $1 billion in revenue and ARR while showing impressive operating leverage, with margins expanding to 15% (up from 4% last year).

The strategic acquisitions of Venafi and Zilla Security position CyberArk to capitalize on the growing demand for machine identity protection and IGA capabilities. CyberArk appears well-positioned to benefit from several industry tailwinds as companies are combining identity solutions that can handle both human and machine identities, especially in AI-driven environments. The stock rose on these results as analysts endorsed both the execution and strategic direction.

Palo Alto Networks (PANW)

Palo Alto delivered another strong quarter, with revenue growing 14% to reach $2.3 billion. This success was driven by strong performance in large deals and contributions from SASE, software firewalls, and the Cortex security operations product.

Strategic moves such as platformization and a focus on AI have positioned Palo Alto Networks to capitalize on the growing demand for integrated security solutions. Palo is well-positioned to benefit from industry tailwinds, such as increased cloud transformation projects driven by AI projects and customer demand for AI-enhanced security solutions.

Unrelated, but this is the first time a company has both sponsored and had an earnings call review in the same newsletter. Achievement unlocked! 🎮️ 

Rapid7 (RPD)

Rapid7 delivered a steady quarter, with revenue growing 5% to reach $216 million. This performance was driven by strong demand in their detection and response (D&R) business and early traction from its new Exposure Command platform offering.

Rapid7’s shift towards integrated exposure management and managed detection and response (MDR) puts them in a unique position to provide software AND services that meet their customers where they are. Analyst acknowledged and appreciated their proactive approach to addressing growth opportunities and anticipated improvements in operational efficiency.

Macro Context:

  • The US Federal Reserve and my boy JPow decided to keep interest rates flat because the US economy was moving along as they expected but not quite at the goal it wanted to see.

  • Inflation data in the US for January came in higher than analysts expected, and US stocks fell as a result (a good reminder that the economy is not the stock market).

Earning reports to watch this coming week:

  • None

🤘 IPO-h Yeah

  • SailPoint, a United States-based enterprise identity and access management (IAM) platform, went public (again! 🤯 ), pricing its IPO at $23/share on the Nasdaq stock exchange, raising $1.4B at a $12.8B valuation. (more)

🧩 Funding By Product Category

  • $125.0M for Security Orchestration and Automated Response (SOAR) across 1 deal

  • $86.0M for Fraud and Financial Crime Protection across 2 deals

  • $30.0M for Privileged Access Management (PAM) across 1 deal

  • $30.0M for Application Security Testing (AST) across 1 deal

  • $30.0M for Application Security across 1 deal

  • $28.0M for Network Security across 1 deal

  • $23.0M for Security Operations across 1 deal

  • $9.6M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

  • $8.0M for Password Management across 1 deal

  • $5.2M for Internet Security across 1 deal

  • An undisclosed amount for Remote Browser Isolation across 1 deal

  • An undisclosed amount for Managed Detection and Response (MDR) across 1 deal

  • An undisclosed amount for Internet of Things (IoT) Security across 1 deal

  • An undisclosed amount for Data Privacy across 1 deal

🏢 Funding By Company

Product Companies:

Service Companies:

🌎 Funding By Country

  • $350.8M for the United States across 12 deals

  • $16.0M for the United Kingdom across 1 deal

  • $8.0M for Luxembourg across 1 deal

  • An undisclosed amount for Singapore across 1 deal

🤝 Mergers & Acquisitions

Corrected on Feb 20

Product Companies:

  • SafeBase, a United States-based platform helping companies present their security program to speed up the third-party security assessment process, was acquired by Drata for $250.0M. SafeBase had previously raised $53.1M in funding. (more)

  • Zilla Security, a United States-based identity access governance and management platform, was acquired by CyberArk Software for $175.0M. Zilla Security had previously raised $13.5M in funding. (more)

  • ThreatX, a United States-based managed web application and API security platform, was acquired by A10 Networks for an undisclosed amount. ThreatX had previously raised $47.5M in funding. (more)

  • Traceable, a United States-based API security platform, has merged with Harness for an undisclosed amount. Traceable had previously raised $110.0M in funding. (more)

Service Companies:

  • BitShield, a Malaysia-based professional services firm focused on cybersecurity consulting, was acquired by Bitdefender for an undisclosed amount. BitShield has not publicly disclosed any prior funding rounds. (more)

  • ​​Compass MSP, a United States-based managed security services provider (MSSP), was acquired by Agellus Capital for an undisclosed amount. Compass MSP has not publicly disclosed any prior funding rounds. (more)

  • Velox Systems, a United States-based professional services firm focused on cybersecurity and cloud consulting, was acquired by CMIT Solutions for an undisclosed amount. Velox Systems has not publicly disclosed any prior funding rounds. (more)

📚 Great Reads

  • How to Say "No" Well - My friend Rami McCarthy talks about how the ability to effectively communicate a strategic “No” can strengthen security teams’ alignment with business goals and how poorly timed or ambiguous refusals erode trust.

  • *Introducing Cortex Cloud — The Future of Real-Time Cloud Security - Cortex Cloud natively brings together new releases of its best-in-class cloud detection and response (CDR) and industry-leading CNAPP capabilities on the unified Cortex platform.

  • Never Waste a Good Compliance Framework - Companies pay for compliance but want security. Smart teams leverage compliance as a strategic tool to drive security improvements and business growth.

  • OpenAI is IBM - Jack Raines discusses the competitive landscape of cloud and AI markets, comparing IBM's early cloud efforts to OpenAI's current challenges.

*A message from our sponsor

🧪 Labs

I guess anything is possible when you hit that $100B market cap. 😳

Call me, George!

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.