🌍 Cybersecurity Innovation Pulse #4: Securing Space Tech, SIEM v. Security Data Lake, 2022 VC Funding Recap
Week of Feb. 24th - March 2nd, 2023
👋 Welcome to the fourth issue of the Cybersecurity Market Pulse newsletter where I track the latest events impacting the security industry including new product releases, the innovation intersection, partnerships, funding, earnings, M&A, and more. If you find my content helpful, subscribe to the newsletter to get it sent to your inbox every week. If you’re already subscribed, share it with a friend!
Table of Contents 📚
2022 VC Funding in Security Recap 📰
The Innovation Intersection🌴
Securing Outerspace
Product-related releases
The cloud security landscape and what’s to come
The Market Beat 🥁
Funding
Earnings
M&A Activity
2022 VC Funding in Security Recap 📰
While 2022 paled in comparison to 2021 in terms of VC funding, start-ups were still able to raise over $18B across more than a thousand deals. In comparison, 2021 saw over $30B in VC funding. 95 companies raised over $50M and more than 15 unicorns (companies with over $1B valuation) were born. The IAM Security space led the pack in funding captured with a total of $3.1B. Risk and Compliance came in at second place with $2.9B. For a deeper dive into this and more, check out Momentum Cyber's 5th annual Cybersecurity Almanac report (trust me, it’s GOOD). Also, great work by Eduard Kovacs from SecurityWeek for surfacing this.
The Innovation Intersection 🌴
Securing Outerspace
If you were ever wondering how spacecraft and satellites are secured, look no further. In this 3-part series, Moaz Kamel from IBM Security dives into an overview of space and satellite systems, its most pressing threats, and how the industry is defending against them. (Part 1, Part 2, Part 3)
Product-related releases
OpenAI makes their ChatGPT and Whisper services available over API. With this and ChatGPTs countless use cases, I expect to see an increase of products leveraging ChatGPT for backend operations.
GitHub's secret scanning and alerting feature is now GA after having been in public beta since December '22. This is a big win for developer-driven security and security overall.
DataDog Application Security Monitoring (ASM) adds Suspicious Request Blocking and adds Python and NodeJS to its AWS Lambda coverage.
DataDog Cloud SIEM introduces the "Then" operator which enables the creation of detection rules with a specific flow of execution triggering signals/alerts only when one condition is met after the other. Amazing for tuning out false positives.
Orca Security adds Data Security Posture Management (DSPM) capabilities to its Cloud Security Platform.
Ermetic adds Kubernetes Security Posture Management (KSPM) to its Cloud-Native Application Protection Platform (CNAPP).
Wiz releases capabilities that enable the management of cloud config policies as code via their Terraform provider.
Gmail and Google Calendar adds support for Client-Side Encryption (CSE). This means that "users can send and receive emails or create meeting events within their organizations or to other external parties in a manner that's encrypted "before it reaches Google servers."
Fortinet expands its coverage for OT/ICS security with over 5 releases/enhancements including hardware designed for "harsh" environments and updates to their Privilege Access Management (PAM) solution. FortiPAM has added the capability to enable "secure remote access to critical assets regulated and monitored through workflow-based access approvals and session video recording." As a former IoT security nerd, this is pretty awesome.
Palo Alto Networks releases its Zero Trust Operational Technology (OT) solution which unifies management of its firewalls, 5G, and OT. This solution can integrate with Prisma SASE, Prisma Access, and several other solutions.
Fastly launches a Managed Security Service aimed at protecting against web app. attacks.
Microsoft launches Intune Suite which unifies various products and features for endpoint security management.
Hot Takes on the SIEM v. Security Data Lake Debate
Over the past couple of years, there has been a rise in traction for the "Security Data Lake" which calls for centralizing ALL of your security logs, signals, and metrics into a data lake. This approach allows for building out sophisticated detections that leverage multiple data sources such as XDR, cloud audit logs, host-based logs, etc. At a high level, there are pros and cons to both SIEMs and Security Data Lakes. In Part 1 of his Debating SIEM in 2023 series, Anton Chuvakin from the office of the CISO at Google Cloud debates that while "the SIEM name may die, … the need to analyze logs for security cannot really die in the foreseeable future." and therefore, the SIEM space will continue to thrive. Today, the SIEM space is a $4B+ market.
The cloud security landscape and what’s to come
In this report, Kyle Harrison and Travis McPeak, in collaboration with Contrary Research, take a rather deep dive into the cloud security ecosystem. They discuss the building blocks, the market leaders, the contenders, and ultimately, where the market is headed. They analyze the product and value positioning of DataDog, Wiz, CrowdStrike, Orca, LaceWork, Aqua, and more.
I loved digging into this report as it captures the current state of the cloud security market and backs it with tons of real-world data from reputable sources. Check out the full report here.
The Market Beat 🥁
Fundraising
Wiz raises a $300M Series D round led by non-other than Lightspeed Venture Partners and existing investors Greenoaks Capital Partners and Index Ventures. This puts Wiz at a valuation of about $10B. Wiz will put some of this fresh capital to work by expanding their physical presence in Austin and Dallas, TX, and Washington, D.C.
Vouched, an AI identity verification platform, raised a $6.3M Series B round bringing its total raised to over $18M. The Vouched platform focuses on "regulated and commercial businesses that need to verify individuals quickly and accurately to provide access to services while minimizing fraud risk".
Trackd, a start-up founded by a former NSA engineer, received $3.5M in seed funding led by Flybridge. The company will tackle automated remediation of software vulnerabilities.
CyberSmart, an EU-based start-up with an all-in-one security and insurance platform, raised $15.4M in a Series B round led by Oxx. The company currently has over 4,000 customers with over 1,800 of them also leveraging their insurance policies. This is a pretty interesting business model and I wonder if it has raised questions on conflict of interest *shrugs*
Earnings
Okta beat earnings with quarterly revenue at $510M (+33% YoY). Visit here for the full breakdown.
Splunk beat earnings with quarterly revenue at $1.25B (+39% YoY). Visit here for the full breakdown.
M&A Activity
Noname Security, the API security unicorn founded in 2020, is in talks to be acquired. Potential suitors include Akamai.
Conclusion
We recently surpassed 100 subscribers within a month of launching which is a big milestone for me. Thank you for the support and if you ever have any feedback on how I can improve the newsletter or something I may have missed, please reach out. Until next week!
Disclaimer: Please note that the information provided here is for educational and informational purposes only and should not be construed as financial advice. Any investment decisions you make are solely your responsibility. Always do your own research and consult with a licensed financial advisor before making any investment decisions.