Return on Security
Posts
💰 Security, Funded #118 - From Check Point to Checkmate: Cybersecurity's Strategic Plays ♟️

💰 Security, Funded #118 - From Check Point to Checkmate: Cybersecurity's Strategic Plays ♟️

A deep dive on cybersecurity funding and industry news from the week of October 30th, 2023.

Mike Privette
November 06, 2023 • Reading Time: 13 minutes

Hey there,

Happy Monday, and I hope you had a great weekend. In this week’s issue, we’ve got:

🔥 M&A is heating up
☎️ Earnings call bonanza
🤑 16 companies secure $256.8M
⛈️ AI today is like the cloud 7 years ago

As the year comes closer to an end, things are starting to heat up like NBA Jam (one of my favorite games growing up).

A week of big funding rounds, even bigger acquisitions, and a packed lineup of earnings calls look to reveal the true pulse of an industry on the rebound (see what I did there?).

Onward to this week's issue.

🚨 I’m now officially sold out of sponsorship spots for 2023! A special thank you to all the companies who have sponsored this year who have allowed me the privilege to keep working on something I love doing.

If you want to sponsor in 2024 and get your brand in front of the top leaders in the cyber industry, hit me up at [email protected].

🗣Sponsor

Close more enterprise deals

Automate security and privacy compliance

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process end-to-end. What makes Secureframe different?

Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.
Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.
Automate responses to RFPs and security questionnaires with AI.
Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Schedule a personalized demo of Secureframe

Vibe Check - Buy now or pay later?

As the year winds down, are you looking to spend excess budget now, or are you already pushing to next year?

Last week’s poll:

Vibe Check - Is AI affecting security spend?
Is the focus on adopting AI in your business affecting your security budget?

While most people said there were neither positive nor negative impacts on that security budget, a significant portion of those who responded were feeling the impact. Still, it was mainly in a positive way.

To me, this is a good sign, and AI usage in enterprises today is very much like cloud usage in enterprises 7-10 years ago. Companies need to spend the time, effort, and resources to see how they can securely adopt and use AI in all the forms that the business wants it in.

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

Holy Earnings Week, Batman! 🦇 Last week was unusually busy on the earnings call front, so click here if you want to read the latest.

Check Point ($CHKP) - Despite the political tension in Israel, Check Point's performance was strong last quarter, led by large US Federal deals.

The company's earnings per share (EPS) hit their highest rate of growth since 2017, despite the fact that the prevailing high-interest rates have led customers to prefer shorter-term deals and have fewer product refresh cycles and new sales.

The forward-looking guidance was encouraging, but Check Point still faced headwinds. Analysts were cautiously optimistic about the earning results given the double-digit decline in net new purchases and hardware refreshes from Q3, along with the complexity of integrating the Permiter 81 acquisition into its customer base.
CyberArk ($CYBR) - CyberArk shows another strong quarter and strong institutional demand from enterprises. CyberArk increased revenue by 25%, and its stock hit a 52-week high last week.

CyberArk’s growth is partly attributed to an increased focus on Privileged Access Management (PAM), especially following high-profile breaches at MGM and Ceaser’s. These incidents reinforce the importance of securing human and machine identities, a critical area of focus for CISOs, particularly in light of new SEC regulations impacting the industry at large.
Fortinet ($FTNT) - Fortinet had a mixed results quarter. While it improved operating margins and secured many deals over $1.0M, there were still challenges.

Retail industry sales were down broadly and product (firewall) revenue was slightly down because of an overall market slowdown in firewall purchases. As a result, shares dropped ~11%.

Fortinet’s quarter reflects a company navigating market shifts, balancing between product and services revenue, and maintaining strong enterprise engagement despite broader industry headwinds.
Qualys ($QLYS) - Qualys had a strong earnings report with 13% YoY revenue growth. This comes even as the company’s net new logo growth was only moderate, showing a challenge to growing its customer base. This is a common theme with public cyber companies at the moment.

Qualys admitted to underutilizing its sales and marketing budget this year but said it plans to ramp up these efforts in the coming year, signaling confidence in future growth. This move could reflect a broader industry trend, indicating easing concerns in certain sectors like large enterprises and the public sector.

To me, this is a nod to the industry's regaining momentum and a clear sign that Qualys is gearing up to capitalize on growth opportunities.
Rapid7 ($RPD) - Rapid7’s call brought some strong momentum, with shares jumping 13% last week, showing strong investor confidence. Larger consolidation deals and channel growth led the way.

Despite a bumpy Q3 that saw a controversial restructuring (announced during BlackHat USA, no less 👀 ), the rationale for offshoring a number of teams to provide better global threat response (despite being convenient), and a slower pipeline, Rapid7 saw steady logo retention and growth through its Managed Security Service Providers (MSSPs) channel.
Tenable ($TENB) - Tenable’s call results were met with mixed results and an edge of skepticism.

On the positive front, Tenable’s strategy largely revolved around expanding existing business and focusing on large public sector deals and operational technology (OT) deals, significantly contributing to a shift in revenue recognition and average deal size.

Yet, gaining new logos in the SMB mid-market proved challenging due to broader macroeconomic hurdles, echoing the earlier mentioned K-Shaped recovery in the cybersecurity market. Combine this with scaled-back marketing efforts last quarter, and investors were looking for a bit more substance. Tenable sees potential for upward momentum in Q4, a critical period in the industry, hinting at possible recovery and growth across multiple public cybersecurity companies.

The resistance to switch vendors among customers, owing to high switching costs in terms of resources and operations, has emerged as a prevailing trend for 2023.

📅 YTD Funding

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

A bounce-back in high volume last week. Transaction volume was up 25% from the rolling 12-week average, and this was led by some impressive (albeit mostly elusive in 2023) growth-stage rounds. Two weeks in a row of large middle rounds does not make a trend, but could that mid/growth stage round be coming back again that fueled a lot of 2022?

A big jump in cyber acquisitions last week as we come ever closer to the end of Q4 2023, fueled by some rather hefty transactions. As the remaining weeks go on, I expect this high volume to continue as more and more startups are now cheap enough to buy.

💰 Funding Summary

16 companies raised $256.8M across 13 unique product categories
10 companies were acquired or had a merger event for $1.5B across 8 unique product categories

🧩 Funding By Product Category

$68.8M for Identity and Access Management (IAM) across 3 deals
$61.0M for Software Supply Chain Security across 2 deals
$39.0M for Security Information and Event Management (SIEM) across 2 deals
$25.0M for Cyber Insurance across 1 deal
$20.0M for Internet of Things (IoT) Security across 1 deal
$9.0M for Continuous Threat Exposure Management (CTEM) across 1 deal
$8.5M for Professional Services across 1 deal
$8.0M for Breach & Attack Simulation (BAS) across 1 deal
$5.0M for Secure Remote Access across 1 deal
$5.0M for Hardware Security across 1 deal
$3.3M for Data Protection across 1 deal
$2.5M for Managed Security Services Provider (MSSP) across 1 deal
$1.7M for Data Access Governance across 1 deal

🏢 Funding By Company

FusionAuth, a United States-based customer identity and access management (CIAM) platform, raised a $65.0M Venture Round from Updata Partners. (more)
Chainguard, a United States-based software supply chain company, raised a $61.0M Series B from Spark Capital. (more)
Graylog, a United States-based security log management platform, raised a $30.0M Debt Financing round and a $9.0M Series C round from Silver Lake Waterman, Harbert Growth Partners, and Piper Sandler. (more)
Cowbell Cyber, a United States-based cyber risk insurance company, raised a $25.0M Series B from Prosperity7 Ventures. (more)
Xage Security, a United States-based Industrial Internet of Things (IIoT) security platform, raised a $20.0M Series B from SAIC. (more)
spiderSilk, a United Arab Emirates-based continuous threat exposure management (CTEM) platform, raised a $9.0M Series A from Wa’ed Ventures. (more)
IO Connect Services, a United States-based professional services firm focused on DevOps and cybersecurity services, raised a $8.5M Private Equity Round from East Los Capital.
Wraithwatch, a United States-based breach and attack simulation (BAS) platform focused on generative AI attacks, raised a $8.0M Seed from Founders Fund. (more)
P0 Security, a United States-based secure remote cloud access platform, raised a $5.0M Seed from Lightspeed Venture Partners and SVA. (more)
zeroRISC, a United States-based hardware security company, raised a $5.0M Seed from Cambridge Angels Group. (more)
Bio-Key International, a United States-based biometric-focused identity and access management (IAM) provider, raised a $3.8M post-IPO equity round. (more)
HyperSphere Technologies, a United States-based data protection platform focused on quantum-resistant use cases, raised a $3.3M Seed from Lightning Capital. (more)
Ostra Cybersecurity, a United States-based managed security services provider (MSSP), raised a $2.5M Venture Round. (more)
Polymer, a United States-based no-code data governance and loss prevention platform, raised a $1.7M Seed
Aembit, a United States-based identity and access workload management platform, raised an undisclosed Seed from CrowdStrike Falcon Fund. (more)
Vigilant Ops, a United States-based software supply chain security platform, raised an undisclosed Seed from DataTribe. (more)

🗣Sponsor

The Okta Disaster Recovery Plan Guidebook

The ultimate guide to crafting an Okta recovery plan on any budget.

Whether you’re a beginner or an expert, this guide will provide the tools and techniques you need to create a Disaster Recovery Plan.

Download Now! (direct PDF)

🌎 Funding By Country

$247.8M for the United States across 16 deals
$9.0M for the United Arab Emirates across 1 deal

🤝 Mergers & Acquisitions

Talon Cyber Security, an Israel-based remote browser isolation platform, was acquired by Palo Alto Networks for $625.0M. (more)
Corvus Insurance, a United States-based cyber risk insurance company, was acquired by Travelers Insurance for $435.0M. (more)
Dig Security, an Israel-based cloud data detection and response platform, was acquired by Palo Alto Networks for $400.0M. (more)
6point6, a United Kingdom-based professional services firm focused on digital transformation and cybersecurity services, was acquired by Accenture for an undisclosed amount. (more)
Allied Associates International, a United States-based professional services firm focused on cyber threat intelligence, was acquired by Redhorse for an undisclosed amount. (more)
CSW Systems, a United States-based managed security services provider (MSSP), was acquired by Summit 7 Systems for an undisclosed amount. (more)
Divebell, a United States-based privacy data discovery and management platform, was acquired by Exterro for an undisclosed amount. (more)
Entelgy Innotec Security, a Spain-based professional services firm focused on penetration testing and GRC services, was acquired by Accenture for an undisclosed amount. (more)
PEI, a United States-based managed services provider (MSP), was acquired by Dataprise for an undisclosed amount. (more)
Tessian, a United Kingdom-based email security and data loss prevention company, was acquired by Proofpoint for an undisclosed amount. (more)

📚 Great Reads

No Way Out: The Changing World of Cybersecurity Exits - Cole Grolmus talks about how cybersecurity has too many companies with high valuations for all of them to have successful exits. Good strategic choices can ease the pain and set us on a trajectory higher than ever before.
*Data Masking vs Data Tokenization: Differences And Which To Choose - The endless stories of data breaches that decorate the headlines testify to how vital robust data security frameworks are. Amidst an array of data protection mechanisms, Data Masking and Data Tokenization emerge as prominent players. These data security tools are not only pivotal in safeguarding sensitive information but also play a crucial role in ensuring compliance with evolving data privacy laws.
Wait, is cloud bad? - Forrest Brazeal discusses why some companies with specific use cases and specific skill sets might be better off moving away from the cloud.
Deciphering the CISO Accountability Landscape: A Comparative Analysis with the AML Officer’s Evolution - While the responsibilities and expectations for CISOs are less defined than those for AML officers, increased accountability is not inherently negative, reflecting the importance of their role in corporate governance.

_{*Sponsored content and/or affiliate link.}

🧪 Labs

A live look at security professionals everywhere last week

Is it working? #securityawareness
— Mike Privette (@mikepsecuritee)
Oct 31, 2022

How was this week's newsletter?

Join the conversation

or to participate.