🌍 Cybersecurity Innovation Pulse #1 - Earnings! All of the Earnings!, AI and Security Madness, and Labor Market Bright Spots.
Covering the week of Feb. 1 - 8
Welcome! I'm Darwin Salazar and this is the first issue of the Cybersecurity Market Pulse newsletter. I'll be keeping a pulse on the latest events impacting the security industry including new product releases, the innovation intersection, partnerships, funding, earnings, M&A, and more. I track all of these things as a hobby so I thought it made sense to sift through the noise and curate something valuable for my network. If you think the content is valuable and worth supporting, subscribe to the newsletter to get it sent to your inbox every week. Thank you!
💰 Earnings Season!💰
Cloud Service Providers (CSPs)
While the cloud infrastructure market (IaaS, PaaS, and private cloud services) surpassed $61B in revenue this past quarter, it slowed considerably compared to the prior quarter. AWS accounted for approx. $21B, Azure for $14B, and GCP for $7B to make up about 66% of the total market segment. The Google Cloud unit posted an operating loss of about $480M compared to $890M in Q4 ‘21. AWS finished the quarter with $5.2B in operating income compared to $5.3B in Q4 ’21. Microsoft boosted its market share from 21% to 23%, AWS fell from 34% to 33% and GCP remained at a steady 11% as shown in the graph above.
The overall sentiment across the earning calls is a stark contrast compared to the past two years with Amazon's CFO, Brian Olsavsky stating that "As we look ahead, we expect these optimization efforts will continue to be a headwind to AWS growth in at least the next couple of quarters." While it's hard to speculate what happens next in this macroeconomic environment, the writing is on the wall that the tech consolidation and cost-cutting efforts by customers will continue.
For more: Source 1. Source 2. Source 3.
🔥 Security Vendor Earnings Heating Up🔥
Rapid7 (NASDAQ:RPD) - $184.5M in revenue for quarter ending in Dec. 31 (up 22% YoY) and beating analyst expectations by about $5M. Their product revenue was responsible for $172.9M of the total pie while their professional services was responsible for $11.6M. Rapid7 CEO and friend, Corey Thomas, stated "Rapid7 ended the year with revenue, operating profit, and free cash flow that exceeded our targeted ranges.." and "Amidst an evolving economic landscape, we see customers continuing to expand their wallet share …, with ARR per customer growing double-digits from the prior year." This comes a week after the company indicated that it had received takeover interest from multiple potential buyers. For more: Source 1. Source 2.
Fortinet (NASDAQ:FTNT) - Missed analyst expectations for the quarter by a hair. Revenue came in at $1.28B while analysts expected $1.3B. Product revenue jumped to $540.1M (up 43% YoY) while service revenue came in at $742.9M (up 27% YoY). For more: Source
Tenable (NASDAQ:TENB) - Beat analyst expectations with a revenue of $184.6M vs. $181.4M expected indicating a 24% YoY increase. Revenue for 2022 closed out at $683.2M, an increase of 26% compared to 2021. For more: Source
JFrog (NASDAQ:FROG) - Beat analyst expectations for the quarter with a net loss of $23.2M with revenue up to $76.5M (up 29% YoY). JFrog CEO, Shlomi Ben Haim highlighted that the company is excited to see the continued adoption of their software supply chain platform and that "… JFrog Advanced Security saw rapid adoption by both new and existing customers looking to incorporate the comprehensive set of capabilities and consolidate current security point solutions." For more: Source
With CloudFlare, Okta, CrowdStrike and Palo Alto Networks still left to report in the coming weeks, it’ll be interesting to see how the macroeconomic turmoil continues to impact the security sector.
🌴 The Innovation Intersection🌴
Microsoft's early investment in OpenAI has really paid off and if the hype from the past couple of months isn't an indicator of that, then you should pay attention to what comes next. I mean, OpenAI and ChatGPT have put the entire tech industry on notice with their thousands of use cases for the tech. Even Google is gearing up for an AI arms race with their $300M investment in Anthropic and their release of Bard, a ChatGPT competitor. Okay, you may be asking yourself, "What does this mean for the security industry?"
Well, with a few products having already implemented ChatGPT-based solutions for customer use, there's no need to wonder. The cloud security vendor Orca implemented ChatGPT for cloud resource misconfiguration remediation last month. While, ARMO, an open-source security provider, released a ChatGPT extension that allows users to ask for a Kubernetes security policy in natural language and receive enforceable Open Policy Agent (OPA) Rego policies in return. While many security products leverage AI/ML on the back end today, I think we’ll see cloud providers and other vendors begin exposing interactive AI to customers in the near future. Is this form of adoption good or bad? Are users ready for it? Will it entice prospective customers? We shall see 🤔
Unrelated but related: Check out the Official NIST AI Risk Management Framework that was released on Jan. 26th, ‘23.
📰 Product News 📰
On Tuesday, Feb. 7th, Snowflake and Wiz announced a partnership and an integration that enables Wiz customers to send and store security data in Snowflake's centralized security data lake. This is another win for the security data lake movement which aims to knock down silos and revolutionize the way security teams operate (i.e., skill set and solutions). This Cloud Security Podcast episode with Omer Singer of Snowflake is actually a great place to get started if you'd like to learn more about the concept of security data lakes.
In the same vein, Matano (YC W23), an open-source security lake platform for AWS, added 5 new integrations that allow customers to centralize their identity logs. New log sources supported include Azure AD, Okta, 1Password, and Google Workspace. The neat thing about Matano is that it is compatible with SQL for log querying and with Python for writing detection rules. I'll certainly be keeping an eye on what the Matano team is building.
🗞️ Funding News 🗞️
Skybox Security raised $50M from JP Morgan, CVC Growth Funds, and Pantheon in a new round and welcomed Mo Rosen as the new CEO. (Source)
Magic AI, an AI code-generating platform, raised $23M in their Series A round led by Alphabet's CapitalG and joined by Elad Gil, Nat Friedman, and Amplify Partners. While their solution is similar to GitHub Copilot, it goes the extra mile in allowing users to define what they want to be developed in natural language and receive the code for it in return. While the product is not live yet, you can sign up for their waitlist here.
Build38, a European mobile security and app monitoring provider, raised a €13M Series A round led by Tikehau Capital.
Riot, a security awareness start-up, snapped up a $12M Series A led by the Base10 fund. Much of our industry woes can be attributed to human error after all so it makes sense that this space is feeling the love.
Gem Security, an Israeli-based cloud security start-up backed by Team8, came out of stealth with an $11M seed round. The company was founded by former IDF Unit 8200 members and their platform focuses on cloud threat detection and incident response. (source)
Blockfenders, a blockchain-powered platform that aims to enable companies to share data more securely with one another raised $1.5M in pre-seed funding from over a dozen firms and angel investors. (source)
🌞 Labor Market Bright Spots 🌞
While we can sit here and talk about the ongoing tech layoffs all day, there are some bright spots in our current labor market. The US Bureau of Labor Statistics jobs report for last month highlighted that the US economy added 379K jobs in January and that the unemployment rate fell to 6.3% from 6.7% in December. After all of the macroeconomic turbulence, this is definitely a step in the right direction.
Another bright spot is that the US National Security Agency (NSA) is placing a heavy focus on recruiting laid-off tech workers for intelligence and cybersecurity roles. This is great because folks get to keep a roof over their heads while our national cybersecurity posture benefits from the new talent.
📚 Reports and Studies 📚
Sysdig's 2023 Cloud Native Security Usage Report which highlights the most common security challenges in cloud-native environments, including the complexity of cloud infrastructure, lack of visibility and security expertise, and the use of open-source components with known vulnerabilities. The report has good insights into the cost of unused compute, the state cloud permissions, and container vulnerabilities.
The 2023 State of the Cloud report by Wiz takes a look at multi-cloud adoption, cloud API increase, and the state of cloud vulnerabilities. The most interesting fact that I found is that Azure provides nearly 4,000 more privileges to control API access than AWS and about 9,000 more than GCP. The first thing that came to mind here is "Attack Surface"…
👋 Conclusion 👋
Well, I hope you enjoyed the first issue of the Cybersecurity Market Pulse newsletter. If you did, share with friends and subscribe to ensure you never miss an issue! That's all for now. Thanks y'all!