🌍 Cybersecurity Innovation Pulse #2 - Quantum (security) Leaps, ~$3B in M&A and VC Funding, and Lightspeed's Busy Week
Week of Feb. 9th - Feb. 16th
Welcome to the second issue of the Cybersecurity Market Pulse newsletter. I’m Darwin Salazar and I track the latest events impacting the security industry including new product releases, the innovation intersection, partnerships, funding, earnings, M&A, and more. I keep a pulse on these areas for fun so I thought it made sense to sift through the noise and curate something valuable (hopefully) for my network. If you think the content is helpful and worth supporting, subscribe to the newsletter to get it sent to your inbox every week. If you’re already subscribed, share it with a friend! Thanks and enjoy this week’s issue!
The Innovation Intersection 🌴
Quantum Security
Have you ever wondered what will happen to traditional cryptography once quantum computing reaches the hands of a few capable nefarious actos? Me too. Some people believe that it'll be a nightmare for security and maybe even bring doomsday. Luckily there are some brilliant and well-funded folks addressing this concern.
Sandbox AQ, which split from Alphabet Inc. last year, raised a whopping $500M this week to continue building out its post-quantum cryptography software which aims to withstand attacks from quantum computing. Breyer Capital, T. Rowe Price, TIME ventures, and former Google CEO, Eric Schmidt, all participated in the round. Aside from its security suite, the company also has simulation and sensing offerings indicating that it will focus on much more than security. This is certainly one to keep your eye on.
Quantum Brilliance, an Australian-based start-up, raised an $18M round led by Breakthrough Victoria, Main Sequence, and Investible. The company focuses on quantum computing hardware and aims to develop miniaturized quantum hardware that can operate at room temp instead of the -459.67 °F (absolute zero temp.) required by other quantum hardware. How are they aiming to do that? See here for more.
Product Releases and Announcements
GitHub Copilot for Business hit general availability and what stood out to me the most are its security improvements. The new release includes detection for several security issues such as hardcoded secrets and keys, blocking Copilot suggestions that may contain vulnerabilities, and identifying code that may enable SQL injection.
Microsoft announced that it'll be doubling down on SaaS Security Posture Management (SSPM) by extending its coverage to Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and other business-critical SaaS solutions.
Cohesity, a data security company, released v7.0 of its' Data Cloud to combat and recover from ransomware attacks. Some of the new features include hardened privileged access controls and improved ransomware recovery for files and objects via its SmartFiles solution.
Orca expands its' API security capabilities with risk prioritization, posture management, and API inventory.
Expel announces their new Managed Detection and Response (MDR) platform for Kubernetes which analyzes audit logs for AWS and GCP's managed Kubernetes solutions, helps identify cluster misconfigurations, and more.
SecDataOps
Ever heard of the term SecDataOps? In this article, CISO at Lightspin, Jonathan Rau, makes a strong case for security teams to embrace and adopt modern data analytics and engineering practices. Rau says that "Harnessing data and building generative adversarial networks and massive business-intelligence dashboards to quantify cyber-risk is the exciting part of SecDataOps." While adopting this approach would require embedding data folks into security teams or vice versa, I'd posit that this is the direction that the security industry is going, especially considering the recent adoption of Security Data Lakes.
Bonus: Eleven Generative AI Security Trends to Watch in 2023 - PWC. The Future of Machine Learning in Cybersecurity - Dr. May Wang
The Market Beat 📈
Descope comes out of stealth with a $53M round led by Lightspeed Venture Partners and GGV Capital. The solution enables passwordless authentication via drag-and-drop workflows and will take on Okta's Auth0, Ping Identity, and the like. The start-up is led by the Demisto founding team and has an absolutely stacked Board of Advisors. The list includes George Kurtz (CEO @ CrowdStrike), John Thompson (Chairman of the Board @ Microsoft), Assaf Rappaport (Co-founder & CEO @ Wiz), Nicole Perlroth (Best-selling author and CISA Advisor), and Eyal Manor (Ex-VP @ Google Cloud). Needless to say, the expectations are high for Descope. Check out the CEO's post on coming out of stealth for more.
Oligo Security came out of stealth this week with a $28M Series A round backed by Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners. The Tel Aviv-based company leverages eBPF to provide runtime application security and observability to help detect open-source vulnerabilities.
CommandK, yet another start-up backed by Lightspeed Venture Partners, received $3M in seed round funding. The company’s developer-focused platform is in private beta but will focus on protecting secrets, PII, PHI and other types of sensitive data. Join their waitlist here.
DeepWatch raised $180M from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners to expand its' MDR solution and its partner ecosystem.
Coincover, a start-up that provides digital asset protection and recovery along with theft insurance raised a $30M Series B round led by Foundation Capital. Nefarious actors stole nearly $3.8B in cryptocurrency in 2022, according to this Chainanalysis report.
Sendmarc, a Johannesburg-based start-up, raised a $7M Series A round to combat phishing, spoofing, and email impersonation. As an Africa-based security company, Sendmarc has a good runway of untapped market to help build its customer base.
Ironblocks, a blockchain cybersecurity start-up, raised $7M in a seed funding round led by Collider Ventures and Disruptive AI. The company aims to leverage smart contracts to automate threat detection for Web3 apps.
Procyon, a multi-cloud access management solution, raised $6.5M from Lobby Capital, GTM Capital, and more. The company aims to "reinvent how DevOps teams and developers access cloud services". As more organizations embrace multi-cloud, I think this space gains a lot more traction.
Another Strong Week of Earnings Reports
Akamai beats analyst expectations as it prepares for a battle with the cloud giants, AWS, Azure, and GCP. The company delivered a quarterly revenue of $927.78M (+2.5% YoY).
Arista Networks beats expectations with net income at $427.1M and quarterly revenue at $1.28B (+55% YoY).
Check Point Software Technologies beat analyst expectations for net income and revenue growth in Q4 with quarterly revenue hitting $638M (+7% YoY).
Cisco beats earnings and revenue estimates with revenue coming in at $13.59B (+7% YoY).
Cloudflare reported record operating profit, operating margin and free cash flow in Q4 '22. Quarterly revenue came in at $274.7M (+42% YoY).
CyberArk delivered mixed results with quarterly revenue coming in at $169.2M (up 12% YoY).
Datadog beats both earnings and revenue estimates with quarterly revenue coming in at $469.4M (+43.8% YoY).
Qualys slightly missed analyst expectations with quarterly revenue coming in at $130.8M (+19% YoY)
Synopsys beats earnings and revenue estimates with revenue coming in at $1.36B (+7.1% YoY).
Bonus: European Cloud Security Market Expected to Grow to nearly $33B by 2028 at a CAGR of 14.4%.
Mergers & Acquisitions (M&A)
Sumo Logic is set to be acquired by Francisco Partners at a valuation of $1.7B. This is part of a trend of Private Equity firms acquiring cybersecurity companies to add as part of their portfolio. It's also key to note that Francisco Partners represents 1/2 of the PE firms that acquired LastPass in 2019. LastPass has been in the news a fair amount over the past couple of months due to some pretty nasty attacks.
Accenture acquires Morphus, a Brazil-based cybersecurity services provider, for an undisclosed amount. This is a continuation of Accenture's expansion into Latin America and marks its 16th security company acquisition since 2015.
Zscaler acquires Canonic Security for an undisclosed amount to bolster its CASB and SSPM offerings. Canonic's solution provides visibility into "ungoverned surface areas" and enables SaaS app access governance and enforcement.
Bonus: Roundup of M&A Activity in January 2023
Milestones 🎉
Congratulations to the Armis team for reaching Centaur Status ($100M ARR) in less than 5 years! I remember visiting their small office in Tel Aviv in 2017 and meeting their CEO, Yevgeny Dibrov, and their then lead researcher, Ben Seri. It’s crazy to see their growth and influence in the OT/ICS security space 🚀🎉
What I’ve Been Listening To
404 Security Not Found: Guardrails and Paved Roads with Travis McPeak (Co-Founder & CEO @ Resourcely) and Jason Chan (Fmr. VP of Security @ Netflix)
Both of these gentlemen are industry shapers, angel investors, advisors and all around great people. It was interesting hearing them talk about the origins of the “Netflix Security Mafia” and how they solved the problem of scaling security. Loved the security “Hamster Wheel of Pain” analogy.
Software Snack Bites interview with Emilio Escobar (CISO @ DataDog)
This interview dove into Emilio’s origin story from his early days in Puerto Rico to his current role and everything in between. While I may be a bit biased since he is my CISO, this pod did a great job of delivering actionable takeaways for build vs. buy strategy, managing enterprise security and how we ship product at DataDog.
Hacker Valley Media: ChatGPT Can’t Take My Job and How To Become A Cyber Industry Creative with Chris Cochran and Ron Eddings
The duo tests ChatGPT’s prowess for incident response, Python programming and more. They also dive into the rise of the industry creative and why they believe it’s here to stay.
Conclusion
This past week was fairly active across the public and private markets with a cumulative of ~$3B (est.) in transactions across mergers & acquisitions and VC funding. We also saw 9 cybersecurity companies deliver pretty healthy financial results. At the end of the day, what stood out to me the most was the $500M round raised by Sandbox AQ. I really look forward to what they have in store for the quantum security space. Until next week!
Disclaimer: Please note that the information provided here is for educational and informational purposes only and should not be construed as financial advice. Any investment decisions you make are solely your responsibility. Always do your own research and consult with a licensed financial advisor before making any investment decisions.