Did you miss a session on the Information Summit? Watch On-Demand Right here.
It’s true: The time period unicorn stopped that means “uncommon” years in the past. And right this moment, within the cybersecurity market alone, there are literally dozens of privately held corporations with billion-dollar valuations.
However whereas changing into a unicorn could not imply what it used to, it’s not a meaningless milestone, both. At the least within the safety market, getting a billion-dollar valuation normally does signify that the startup has a fast-growing enterprise underway, amongst different issues.
Dave DeWalt, who is aware of a factor or two about cyber companies, mentioned as a lot to me in an interview final month. Although 30 privately held safety corporations achieved unicorn valuations in 2021 — up from six in 2020 — that doesn’t mechanically indicate there’s a bubble, mentioned DeWalt, who beforehand served as CEO of FireEye and McAfee, and is now a enterprise investor.
Many of those safety corporations are constructing actual companies, he mentioned — and addressing actual threats, typically from state-sponsored adversaries, that aren’t going away.
Why are we seeing so many safety distributors attain unicorn valuations? “It’s as a result of the menace is persistent,” mentioned DeWalt, now the founder and managing director at enterprise agency NightDragon. “And that’s why I believe [these companies are] actual, and that is right here to remain.”
Monitoring the herd
By my tally, there are at present 53 cybersecurity distributors with privately held valuations of $1 billion or extra. My major supply for that is the CB Insights unicorn record, although my rely isn’t similar to theirs (just a few safety distributors had been both lacking or labeled in different classes in addition to cybersecurity on their record).
Regardless, getting the variety of cybersecurity unicorns precisely proper doesn’t appear too necessary. All you might want to know is that there are a ton of them now.
Extra crucially: Which safety corporations, on this ever-expanding unicorn herd, could be value a better search for enterprise and midmarket prospects?
I’ve chosen 10 of the present safety unicorns to focus on right here. My standards is that they’re reporting robust development; they’re in a fast-growing market; and I’ve had the possibility to interview their CEO or president in latest months, giving me a way of their technique, differentiators and traction with prospects.
This isn’t to say the opposite safety unicorns aren’t differentiated, seeing important development and working in sizzling market. However, I couldn’t embody all of them (and haven’t interviewed all of their CEOs, both).
So, what follows are the important thing particulars on these 10 cybersecurity unicorns that I believe are value watching proper now, in areas of the market together with cloud safety, cloud-native utility safety, managed detection and response, passwordless identification authentication and nil belief segmentation.
Distributors are ranked by their newest out there valuation, supplied on the time of their most up-to-date funding spherical. All quotes are from latest VentureBeat interviews, and all metrics had been provided by the distributors.
Valuation: $8.5 billion (September 2021)
Clients: 1,800 on the finish of Q1 (up 100% year-over-year)
Staff: 1,200 on the finish of Q1 (up greater than 100% year-over-year)
Snyk makes a speciality of providing instruments for scanning and fixing code — constructed to be acquainted to builders and built-in into the prevailing improvement course of — with the purpose of making certain that functions are constructed securely from the get-go.
The corporate believes that as a way to present an amazing developer safety platform, “it ought to be weaved into the each day lives of the event groups,” mentioned Snyk cofounder and president Man Podjarny. “We’re there to cowl the total scope of the cloud-native utility — at all times with that developer-first strategy.”
Snyk is now increasing its choices to incorporate cloud safety, with the latest acquisition of Fugue. By combining with Fugue’s cloud safety posture administration know-how, the Snyk platform will be capable to present builders with “continuity all the best way from their code to the cloud deployments,” Podjarny mentioned.
“To equip builders with constructing safe software program and proudly owning it, they should go previous the pipelines into understanding what’s deployed,” Podjarny mentioned. That features “understanding what safety errors are deployed,” he mentioned, “to allow them to personal that and so they will help safe it.”
Valuation: $8.3 billion (November 2021)
Clients: By the tip of 2021, Lacework noticed a 3.5X year-over-year improve in new prospects
Staff: Greater than 1,000 (up from 200 in January 2021)
Lacework presents a cloud safety platform that excels at accumulating, processing and normalizing knowledge throughout cloud environments — after which deriving insights for purchasers, Lacework co-CEO Jay Parikh mentioned. “We essentially deliver a unique strategy,” Parikh mentioned. “And we are able to innovate quicker and we are able to present a way more complete, end-to-end strategy.”
Central to Lacework’s know-how is the Polygraph Information Platform, which collects and correlates knowledge in cloud environments, detects potential safety points and prioritizes the largest threats for response. Key capabilities embody anomaly detection powered by machine studying, in addition to deep visibility throughout cloud and container workloads.
Notably, Lacework brings the power to each scan for vulnerabilities and in addition present in manufacturing the place the issues could be exploited, Parikh mentioned.
“Some corporations can simply do the scanning, however they’ll’t do the manufacturing evaluation,” he mentioned. “We are able to do each, and it’s all on the identical platform.”
Valuation: $6 billion (October 2021)
Clients: Whole quantity not disclosed; “greater than 20% of the Fortune 500”
Staff: Greater than 200
Wiz presents a cloud safety product that unifies various completely different capabilities, deploys rapidly, supplies broad visibility and allows prospects to prioritize threats, in keeping with two of the startup’s founders, CEO Assaf Rappaport and vp of product Yinon Costica.
The product’s agentless strategy helps allow the fast deployment, the founders mentioned. “Actually you may end a Wiz deployment in every week, even within the largest enterprises,” Costica mentioned.
Wiz works by implementing a safety graph, permitting for the correlation of the various completely different indicators in cloud environments — prioritizing the dangers “very successfully throughout even the most important environments,” he mentioned. The product “modifications dramatically the best way organizations are capable of acquire visibility to cloud environments,” Costica mentioned.
“I believe these two elements — the power to prioritize successfully and to deploy actually simply — are making the distinction for purchasers, versus what they’ve right this moment,” he mentioned.
Valuation: $4.3 billion (July 2021)
Clients: 2,700 (up from 1,500 a 12 months in the past)
Staff: 1,500 (up from 650 a 12 months in the past)
With Arctic Wolf’s safety operations platform — which presents a full gamut of safety options, paired with the power to ingest safety knowledge from a buyer’s current instruments — the corporate has the potential to “unify the cybersecurity market wholesale,” CEO Nick Schneider mentioned.
The platform contains 24/7 monitoring of endpoints, networks and clouds; detection of threats; and response and restoration if a cyberattack happens. The MDR service is supplied by a concierge safety workforce that serves to eradicate false positives and alert fatigue.
Arctic Wolf’s MDR is complemented by digital danger administration (tailor-made to every particular person buyer); managed safety consciousness (offering safety coaching, phishing checks and training to workers); and cloud detection and response (to assist with bettering cloud safety posture).
Whereas various different safety distributors provide a few of these options, “that mixture of modules, or that mixture of outcomes sitting on high of the platform — we’re actually the one vendor that does that,” Schneider mentioned. “And from a buyer’s perspective, what meaning is that they get a unified expertise throughout these completely different areas of their enterprise — detection, danger, cloud, safety consciousness and coaching.”
Valuation: $2.75 billion (June 2021)
Clients: Whole quantity not disclosed; firm has added greater than 140 prospects prior to now 12 months
Staff: 519 (up from 384 a 12 months in the past)
Illumio presents zero-trust segmentation options for each datacenter and cloud environments, which allow isolation of attackers post-breach.
With the Illumio zero-trust segmentation resolution, a buyer’s cloud and datacenter environments could be damaged down into completely different segments — all the best way all the way down to the extent of workload — which might every be locked down with their very own safety controls.
Illumio stands out as “the one standalone zero-trust segmentation firm,” mentioned cofounder and CEO Andrew Rubin. “We began the corporate to unravel this downside. We’ve constructed our know-how particularly to handle it. And at a few of our largest prospects, we handle it at large world scale.”
Finally, “we’re centered on solely fixing this downside,” Rubin mentioned. “And we consider that that has allowed us to construct a greater platform and a extra scalable platform.”
Valuation: $2.5 billion (December 2021)
Clients: 700 on the finish of 2021 (roughly doubled year-over-year)
Staff: Practically 600 (up from roughly 250 a 12 months in the past)
Container and cloud safety vendor Sysdig presents a safety platform that gives deeper visibility and higher prioritization of threats than different distributors, CEO Suresh Vasudevan mentioned.
The platform’s “open supply basis” — it’s constructed on high of two open-source menace detection tasks — has additionally continued to assist set the corporate aside, Vasudevan mentioned.
Sysdig’s platform presents capabilities spanning cloud-native utility improvement safety; detection and response for runtime threats; and administration of configurations and permissions.
“The truth that we’ve constructed an end-to-end platform permits us to have a significantly better sense of the best way to prioritize, what to concentrate on, and the best way to remediate points on the supply — on the time while you’re constructing your software program reasonably than a lot later while you’re deployed in manufacturing,” Vasudevan mentioned.
Valuation: $1.8 billion (October 2021)
Clients: “Lots of of consumers” (up 400% year-over-year)
Staff: 307 (up from 71 a 12 months in the past)
Orca Safety presents a cloud safety platform that unites various completely different instruments and doesn’t require an agent, simplifying and expediting the deployment of the platform.
The largest worth for purchasers is “having one platform that leverages knowledge from the whole stack to prioritize danger,” CEO and cofounder Avi Shua mentioned. In that means, Orca is ready to floor not simply the underlying safety subject, but in addition its enterprise impression, Shua mentioned.
Utilizing Orca’s “SideScanning” know-how that collects knowledge from cloud environments, the platform supplies full visibility of cloud environments and connects the dots in safety alert knowledge to allow danger prioritization, Shua mentioned.
Key capabilities embody options for managing cloud vulnerabilities; recognizing misconfigurations in cloud accounts and workloads; and detecting malware and lateral motion in cloud environments.
Valuation: $1.1 billion (February 2022)
Clients: Whole quantity not disclosed; buyer base grew 640% in 2021, year-over-year
Staff: 185 (up from 118 a 12 months in the past)
Past Id has developed an answer for multifactor authentication (MFA) that’s centered on “reducing out the friction — making it actually invisible to a consumer, or to an organization, that they’ve turned on MFA,” mentioned cofounder and CEO Tom “TJ” Jermoluk.
A key component is that the MFA resolution is passwordless, achieved by cryptographically embedding a consumer’s identities into their gadgets. “Our customers don’t have to take a look at a one-time code or a push notification, or any of that,” Jermoluk mentioned. When a consumer opens an utility on their PC or smartphone, utilizing the corporate’s system, the consumer could be mechanically logged in with no need to enter any info.
Past Id additionally supplies a zero belief “danger engine” that ensures solely legitimate customers can authenticate, Jermoluk mentioned — which “permits us to have this visibility that no person else can get” in an identification safety resolution. Among the many targets for Past Id, he mentioned, is “to have this platform be adopted because the de facto zero belief platform.”
Finally, Past Id brings the chance to “resolve so lots of the completely different issues which have existed [in security] with one platform,” Jermoluk mentioned.
Valuation: “Considerably greater than $1 billion” (February 2022)
Clients: Greater than 700 on the finish of 2021 (up 80% year-over-year)
Staff: Practically 600 (nearly doubled from a 12 months in the past)
BlueVoyant supplies each inside safety and exterior cyber danger administration for purchasers. The corporate’s managed detection and response (MDR) providing stands out with capabilities for analyzing large quantities of knowledge as a part of its menace detection, in keeping with BlueVoyant cofounder and CEO Jim Rosenthal.
And in the case of exterior cyber danger administration, what BlueVoyant presents is one-of-a-kind, Rosenthal mentioned. “We do provide chain protection, versus provide chain danger scoring,” he mentioned.
BlueVoyant seems at each participant in a buyer’s provide chain, and identifies any externally detectable, extreme vulnerabilities that an attacker would see. The corporate then interacts with the provider to be sure that the problems are remedied — fixing the issue on the shopper’s behalf, Rosenthal mentioned.
As of proper now, in the case of provide chain protection of this kind, “nobody else does it,” Rosenthal mentioned. “And it’s what the world wants — if you wish to forestall attackers from both disrupting your operations, or disrupting the availability chain, or transferring upstream in an operation to the enterprise itself.”
Valuation: “In extra of $1 billion” (March 2021)
Clients: Greater than 450 (up from 400 a 12 months in the past)
Staff: 530 (up from 300 a 12 months in the past)
Aqua Safety presents a cloud-native utility safety platform that spans the app improvement lifecycle, with capabilities for securing the construct, infrastructure and workload/runtime. The corporate acquired a startup in December, Argon, that provides an answer for securing the software program provide chain to the platform, as effectively.
Relating to securing cloud-native applied sciences resembling containers and microservices, there may be now “a transparent realization out there that [companies’] current safety options don’t apply for this new stack,” mentioned cofounder and CEO Dror Davidoff.
Aqua’s varied modules are provided individually, however are additionally built-in as a way to “join the dots” and supply a full safety image for a buyer’s cloud-native stack, Davidoff mentioned. The corporate has been investing closely to “create quite a lot of complementary worth between the completely different modules — and actually flip it into one resolution,” he mentioned.
Finally, “I can say very comfortably that we’re the one which’s actually trying on the full lifecycle — out of your software program provide chain all the best way to your manufacturing, and having all of the [solutions] alongside the best way,” Davidoff mentioned.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise know-how and transact. Be taught Extra