- Return on Security
- Posts
- 💰 Security, Funded #133 - 👊 Don't Call it A [Economic] Comeback!
💰 Security, Funded #133 - 👊 Don't Call it A [Economic] Comeback!
Insights for the week of February 26, 2024
Mike Privette
March 04, 2024 • Reading Time: 13 minutes
Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Prowler.
Hey there,
Happy Monday, and I hope you had a great weekend! In this issue, we’ve got:
🍎 Apple Signals
🧘♀️ Economic Recovery Vibes
🏓 Platform vs. Best-of-Breed
Finally, some good news on the economic recovery front from the ZIRP (Zero Interest Rate Phenomenon) era - Apple canceled its autonomous electric car project, and some employees are going to be shifted to work on Generative AI things while others are being laid off.
“Why is this a good sign of recovery from the ZIRP era?” you may be asking yourself. It’s a good sign because it’s a re-focusing from a major tech player away from the crazy, no value-add, growth-at-all-costs mantras of the 10-year period from 2012 - 2022 and a focus towards things that people actually want AND will make the company money. It’s a vote in favor of businesses becoming more efficient, becoming more adaptable, and being more willing to pivot strategies in response to customer demands and inward reflections. Moves like this have a reverberating effect on the tech industry at large, including the cyber industry.
Add onto this that the U.S. economy is on stronger footing than expected, with increased consumer spending and overall investment, and we start to see the making of a comeback story. Somewhere, training montage music starts playing in the background.
Speaking of being on strong footing, this week’s sponsor, Prowler, raised a seed round (details below), making it the second company to both sponsor AND be mentioned IN the newsletter for fundraising. Welcome to an elite class! 🤝
I’m not saying that sponsoring this newsletter leads you to immediately raise money, attract customers, and win the hearts and minds of the industry, but I’m not NOT saying that either. Your move, other companies. 👊 😤
Onward to this week's issue.
Submit a deal for the newsletter here: [email protected]
TOGETHER WITH
Open Cloud Security with Prowler SaaS CSPM
Break free from expensive, complex, and closed security solutions.
With Prowler SaaS, enjoy the freedom and transparency of an open-source core with an easy-to-use and powerful CSPM SaaS solution. Try Prowler SaaS for free and join thousands of engineers in the Open Cloud Security Movement.
Table of Contents
😎 Vibe Check
How do you think the usage of AI will affect Insider Threats?Tell me what you've seen on this front! |
Last issue’s vibe check:
Which cybersecurity tools camp are you mostly in?
🟩🟩🟩🟩🟩🟩 🏢 Team Platform (25)
🟨🟨🟨⬜️⬜️⬜️ 🐶 Team Best-of-Breed (14)
39 Votes
Team Platform has spoken! I know this was an overly simple poll that doesn’t represent all the right context that security teams take into consideration, but it was still a fun one to do. I thought Team Best-of-Breed would win out.
Many of you also let me know that your ideal solution is to use a combination of both, and I also think this is the best approach if you’ve got the budget and people to make it successful. Some of the top comments were:
“A combo would be best - a platform that covers 'core' and is extensible/open to easily integrate with B-of-B.”
“I only chose best of breed because as a large FI, we cannot ONLY just use platforms from major vendors we have to use some point solutions too to cover all our use cases.”
Don’t pay attention to the armchair quarterbacks and sideline pundits who claim that people don’t want platforms or those who claim that there is “a single platform” for cybersecurity. Both of these arguments are wrong, and the simple fact is that all programs need both platforms and point solutions to different degrees.
💰 Market Summary
15 companies raised $121.2M across 14 unique product categories in 7 countries
2 companies were acquired or had a merger event across 2 unique product categories
~88.5% of funding went to product-based cybersecurity businesses
2 public companies had an earnings call
📸 YoY Snapshot
A rolling 12-week chart to compare funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
As this is a new year, this chart will be building over the next 12 weeks and then roll forward.
Even with it being a leap year and getting an extra day to make deals, February ended on a quieter note than last year this time. This brings the global cybersecurity fundraising total to just shy of $2.0B, down from $2.4B from the same period in 2023.
Two months down in Q1 2024, and we’ve reached just over 65% of M&A activity from Q1 2023. Since conference season is fast approaching, that means we should look for both M&A and fundraising activities to be on an overall upward trend through the rest of Q1 and into the summer months.
🤙 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.
Don’t forget, you can see the tracker I published here to check out all public cybersecurity companies from around the world with real data and categories.
Okta ($OKTA)
Okta ended 2023 on a high note despite all of the breach challenges. There was a record-high quarterly profitability in Q4 2023, and the free cash flow margin increased to 22%, up from 3% last year.
Okta added 150 new customers in the quarter, grew its revenue from AWS by ~130%, million-dollar deals were up over 30%, and the average contract length from customers reached a 2-year high (meaning more customers are signing longer-term deals).
The bottom line is that identity still remains one of the top priorities for security programs, and the myriad of breaches hasn’t deterred anyone from buying Okta. As I’ve said before, security incidents don’t matter when you’re in a category of one.
Zscaler ($ZS)
Zscaler also had a strong year-end performance, with revenue and billings growth of 35% and 27% year-over-year, respectively, and highlighted there was no meaningful change on its demand pipeline due to the macroeconomic factors.
Zscaler saw its customer base expanding for those spending more than $1.0M/year by over 30%.
Zscaler also took advantage of the recent downward guidance in the U.S. federal sector from rival Palo Alto to comment on how they saw no signs of weakness on their front. This has been driven largely by Zero Trust efforts, which is still a priority for government and non-government companies alike.
For me, what remains to be seen is how long the single-vendor SASE market can continue to go up and to the right. The debate of platform vs. best-of-breed continues to rage on.
TOGETHER WITH
Boost Your Brand With Cybersecurity Leaders
Showcase your brand to cybersecurity’s elite
If you would like to get your company seen by over 8,000 of the smartest and most influential people in cybersecurity, tech, and investing, you should reach out and get on the calendar.
🧩 Funding By Product Category
$50.0M for Security Operations across 1 deal
$26.0M for Physical Security across 2 deals
$16.3M for Threat Intelligence across 1 deal
$6.3M for Secure Networking across 1 deal
$6.0M for Cloud Security across 1 deal
$4.1M for Identity Verification across 1 deal
$4.0M for Data Access Governance across 2 deals
$3.6M for Cybersecurity Program Management across 1 deal
$2.4M for Artificial Intelligence (AI) Governance across 1 deal
$1.1M for Secure Access Service Edge (SASE) across 1 deal
$1.0M for Application Security across 1 deal
$500.0K for SaaS Security Posture Management (SSPM) across 1 deal
An undisclosed amount for Professional Services across 1 deal
An undisclosed amount for Continuous Threat Exposure Management (CTEM) across 1 deal
🏢 Funding By Company
Todyl, a United States-based network and security operations platform built for MSPs, raised a $50.0M Venture Round. (more)
Rhombus Systems, a United States-based cloud-based building video and security access management platform, raised a $17.0M Debt Financing from Silicon Valley Bank and a $9.0M Series B from Cota Capital and Tru Arrow Partners. (more)
Filigran, a France-based cyber threat intelligence platform, raised a $16.3M Venture Round from Accel. (more)
Sitehop, a United Kingdom-based secure networking hardware platform, raised a $6.3M Venture Round from Amadeus Capital Partners and Manta Ray Ventures. (more)
Prowler, a United States-based open-source cloud security management platform, raised a $6.0M Seed from Decibel Partners. (more)
Silence Laboratories, a Singapore-based Web3 identity authentication and verification platform, raised a $4.1M Venture Round from Pi Ventures and Kira Studio. (more)
Codified, a United States-based data access governance platform, raised a $4.0M Seed from Madrona and Vine Ventures. (more)
ESProfiler, a United Kingdom-based platform helping security leaders measure the return on investment of their cybersecurity program, raised a $3.6M Seed from Nauta Capital. (more)
Enkrypt AI, a United States-based secure web gateway for AI applications, raised a $2.4M Seed from BoldCap. (more)
BBT.live, an Israel-based secure access service edge (SASE) platform, raised a $1.1M Seed from Tzvi Neta Holdings. (more)
CredShields, a Singapore-based Web 3.0 application and smart contract auditing and security platform, raised a $1.0M Venture Round from Draper Associates. (more)
1.security, a Poland-based security and configuration management platform for Microsoft 365 environments, raised a $500.0K Pre-Seed from Sunfish Partners. (more)
Axon Technologies, a United Arab Emirates-based professional services company focused on cloud security, raised an undisclosed Corporate Round from Keyrus. (more)
BreachBits, a United States-based continuous threat exposure management (CTEM) platform, raised an undisclosed Seed from Blu Ventures Investors. (more)
QueryPie, a United States-based data access governance and control platform, raised an undisclosed Venture Round from Salesforce Venturesand Z Venture Capital. (more)
🌎 Funding By Country
$94.7M for the United States across 9 deals
$16.3M for France across 1 deal
$9.9M for the United Kingdom across 2 deals
$5.1M for Singapore across 2 deals
$1.1M for Israel across 1 deal
$500.0K for Poland across 1 deal
An undisclosed amount for the United Arab Emirates across 1 deal
🤝 Mergers & Acquisitions
RedShift, a Portugal-based privacy and compliance management platform for unstructured data, was acquired by Atena Equity Partners for an undisclosed amount. (more)
Sherpa, a United States-based professional services firm focused on cybersecurity and compliance consulting, was acquired by AdRem Systems for an undisclosed amount. (more)
📚 Great Reads
The FTC Draws a Line in the Sand for Data Anonymization - The FTC's investigation into Avast found that its data anonymization efforts were not good enough to keep people from being re-identified. The FTC has now set a new technical bar for what "anonymized data" means, and that means litigation will soon follow.
Walter's War Podcast - The first part of a four-part series about one of the co-founders of defense tech, Rebellion Defense, and how his life was a "tissue of lies." It's an incredible series that has aspects of AI, pathological lying, defense tech, the metaverse, and more. h/t to Dave Palmer for turning me on to this series!
The Evolution of the BISO Role - The Business Information Security Officer (BISO) role is essential in bridging the gap between cybersecurity and business, but it faces challenges. Learn what it takes to excel in this role and how to overcome its limitations.
*A message from our sponsor.
🧪 Labs
Modern problems require modern solutions. 🐶
My password is my pet’s name; I just rename my dog every 60 days like it’s a Google product.
— Corey Quinn (@QuinnyPig)
Feb 24, 2024
How was this week's newsletter? |
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. Our goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the backstory here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to tip your hat to Return on Security when you do.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Companies are categorized using our own system at Return on Security.
Sometimes, the details about deals, like who's in, how much they're giving, or the deal stage, might get updated after we first share the news.
If you spot any errors, just give us a shout, and we'll sort them out.
Join the conversation