💰 Security, Funded #135 - AI in Cybersecurity: Boon or Bane?

Insights for the week of March 11, 2024

Author

Mike Privette
March 18, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Prowler.

Hey there,

Happy Monday, and I hope you had a great weekend! In this issue, we’ve got:

  • 🐍 About Tree Fiddy

  • 🤖 The Upsides to AI and Security

  • 💰️ Funding cooled down, but still strong

I’m not sure what it was last week, but the number $350.0M just felt right™️. 🤔 

Onward to this week's issue.

Submit a deal here: [email protected]

TOGETHER WITH

Transform Your AWS Security Landscape with Prowler SaaS

Unlock unparalleled visibility and control over your AWS security posture with Prowler SaaS. Our platform goes beyond traditional security measures to provide:

  • In-depth Analysis: Dive deep into your AWS environment to uncover and prioritize vulnerabilities with precision.

  • Actionable Intelligence: Equip your team with the insights needed to fortify your cloud infrastructure against the latest threats.

  • Effortless Compliance: Navigate the complexities of compliance with our automated tools, ensuring your AWS resources meet industry standards.

Join the ranks of organizations that trust Prowler for comprehensive cloud security. Experience the difference with a free trial and take the first step towards a more secure and resilient AWS environment.

😎 Vibe Check

Which areas of security stand to lose the most from using AI?

Can be loss of expertise, loss of human intervention, loss of job specialties, you name it.

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Which area of security stands to gain the most from using AI?
🟨🟨⬜️⬜️⬜️⬜️ 📲 AppSec (14)
🟨⬜️⬜️⬜️⬜️⬜️ 🌩️ Cloud Sec (9)
⬜️⬜️⬜️⬜️⬜️⬜️ 🔒 Data Protection (3)
🟨⬜️⬜️⬜️⬜️⬜️ 🆔 IAM (9)
🟩🟩🟩🟩🟩🟩 ⚙️ SecOps (32)
⬜️⬜️⬜️⬜️⬜️⬜️ 🔮 Other (leave a comment) (0)
67 Votes

SecOps took the poll last week by a landslide, and it’s no surprise, really. The SecOps space is where there attacker-defender mismatch is the most painfully obvious to security professionals, and it’s where there is still a lot of help needed. Luckily, there are already like 946 (/sarcasm) security AI co-pilot SecOps companies tackling this problem. 👀 

Some of my favorite comments from last week were:

“Every _DR platform wants to replace the SOC analyst with AI and I think they'll be successful.”

“Because secops is the area where there's most inefficiency that may be easy to solve with AI.”

“CSPM with AI could be interesting.”

💰 Market Summary

  • 12 companies raised $142.1M across 11 unique product categories in 7 countries

  • 5 companies were acquired or had a merger event for $700.0M across 4 unique product categories

  • 100% of funding went to product cybersecurity businesses

  • 2 public cyber companies had an earnings call

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

As this is a new year, this chart will be building over the next 12 weeks and then roll forward.

Funding this past week took a notable dive from the week prior, but it still had some high-flying transactions. Also of note, the funding total from this same week last year was ~57% less than this year. With only two weeks left in Q1, we are on pace to have a better Q1 2024 than Q1 2023.

M&A volume is still moving strongly in 2024, with two high-profile acquisitions from Israel this week with suspiciously similar transaction totals. Similar to funding, with only two weeks left in Q1, we are on pace to beat the M&A totals for the same time last year.

🤙 Earnings Reports

Notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies. This section is Powered by Quartr.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Secureworks ($SCWX)

  • Secureworks reported a strong fiscal 2024, with its XDR business driving most of the growth. XDR revenue surged by 41% year-over-year, reaching $265 million, while its annual recurring revenue (ARR) grew by 9% to $285 million.

  • The XDR business growth was attributed to SIEM market disruption and customers' decision to leave their existing SIEM providers and move to more integrated and automated platforms.

  • Despite all of the positive sentiment from the call and analysts alike, Secureworks’ stock has seen better days, dropping ~5% since the call. The company needs several more quarters of success to get the rebound it is seeking in the market.

SentinelOne ($S) 

  • SentinelOne had a stronger earnings call than exciting results in its Q4 2023 earnings call, reporting a 47% growth in revenue year over year, a 30% operating margin improvement, and customers with an ARR of $100.0K or more grew 30%.

  • SentinelOne also likes to remind people that they were using AI in their products “before it was cool” and takes the opportunity to take shots at competitors who are also claiming the same.

  • Like rival CrowdStrike, SentinelOne has also made strategic investments and acquisitions in cloud security (PingSafe) and identity (Attivo) as it sees these are continued areas of focus from security leaders.

  • In a similar fashion to other public cyber stocks, SentinelOne saw a ~17% drop on weaker-than-expected forward-looking guidance. I believe this was also a bit of a hangover effect 🍻 from the interesting stance and guidance that Palo Alto shared a few weeks prior and CrowdStrike’s excellent results.

🧩 Funding By Product Category

  • $100.0M for Operational Technology (OT) Security across 1 deal

  • $13.1M for Anti-Bot across 1 deal

  • $6.0M for Breach & Attack Simulation (BAS) across 1 deal

  • $5.5M for Security Orchestration and Automated Response (SOAR) across 1 deal

  • $5.3M for Data Protection across 2 deals

  • $4.2M for Security Awareness across 1 deal

  • $3.5M for Container Security across 1 deal

  • $2.2M for Personal Digital Sovereignty across 1 deal

  • $1.3M for Trust & Safety across 2 deals

  • $1.0M for Application Security Testing (AST) across 1 deal

  • An undisclosed amount for Distributed Ledger Technology (DLT) Security across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $109.5M for the United States across 6 deals

  • $13.1M for Estonia across 1 deal

  • $7.7M for France across 2 deals

  • $6.0M for Germany across 1 deal

  • $3.5M for Canada across 1 deal

  • $2.3M for Portugal across 1 deal

  • An undisclosed amount for Singapore across 1 deal

🤝 Mergers & Acquisitions

  • Avalor, an Israel-based security analytics and operations platform, was acquired by Zscaler for $350.0M. (more)

  • Gem, a United States-based cloud threat detection and response (TDR) platform, was acquired by Wiz for $350.0M. (more)

  • Arculus Cyber Security, a United Kingdom-based professional services firm focused on cyber risk management and penetration testing services, was acquired by Bridewell Consulting for an undisclosed amount. (more)

  • PCG Cyber, an Australia-based professional services firm focused on cyber and national security conuslting, was acquired by AUCloud for an undisclosed amount. (more)

  • SureCloud, a United Kingdom-based governance, risk, and compliance (GRC) platform, was acquired by Cyber Security Associates for an undisclosed amount. (more)

📚 Great Reads

  • How Public AI Can Strengthen Democracy - This post discusses the challenges and opportunities at the intersection of AI and democracy, emphasizing the need for a public AI option to counterbalance corporate control and ensure AI serves the public interest.

  • Cloud Security Maturity Model 2.0 - Rich Mogull worked with IANS to release version 2.0 of the Cloud Security Maturity Model, a big update from the original released in 2020. It includes around 100 cloud security control objectives to use as Key Performance Indicators (KPIs).

  • The Power of Community: 5 Steps to Fast-Track Your InfoSec Career - Phil Venables talks about the importance of engaging with professional communities for career advancement in cybersecurity and how the field requires more self-reliance and initiative to navigate.

*A message from our sponsor.

🧪 Labs

Gotta catch’em all!

How was this week's newsletter?

Login or Subscribe to participate in polls.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. Our goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the backstory here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.

  • Sometimes, the details about deals, like who's in, how much they're giving, or the deal stage, might get updated after we first share the news.

  • If you spot any errors, let us know, and we’ll fix them.

Join the conversation

or to participate.