20 Cybersecurity Firms to Watch
A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
November 7, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0d6ae799a463bdb4/64f0d4ff5ad4049589261146/1VendorIntro.png?width=700&auto=webp&quality=80&disable=upscale)
It's been another busy year in the cybersecurity business.
During the course of 2018, many established and new players in the security industry made strategic moves that revealed as much about their plans as it did about where the industry is heading.
The following is a list of organizations, arranged in alphabetical order, that garnered attention in the industry due to investments they made, companies they acquired, funding they attracted, or strategic directions they took.
Their moves paint a picture of an industry in transition. Small pure-play security vendors are quickly growing up and spreading out from their traditional niches. Big technology vendors – particularly those selling cloud services — have increasingly begun acquiring capabilities for securing customer workloads and applications on their software-, Internet- and platform-as-a-service environments. And investors seeking a slice of the still-lucrative cybersecurity pie — global market revenues are expected to top $124 billion in 2019, according to Gartner — continued to pour money into the industry.
Many firms featured on this list are relatively young but are not officially startups anymore; others are established players in the security sector with thousands of customers, hundreds of millions in revenues, and market valuations in the billions. There's also a handful of players that aren't traditional security vendors but made the cut because of the impact they are having on the industry.
Here is our list of 20 security vendors to watch.
2017 Revenues: $177.9 billion
Market Cap: $790 billion (11/1/2018)
Given its sheer size and scale, anything Amazon does in the security space is significant. So the company's acquisition of Sqrrl in January was noteworthy because it highlighted Amazon's confidence in the effectiveness of threat hunting as a way to detect and mitigate cyberthreats quickly.
In recent years, Amazon has also been leading the way with other security initiatives designed to address enterprise concerns about moving sensitive workloads to the cloud. The most significant of these efforts is its work around encryption and the use of artificial intelligence to address security issues. An Amazon unit called the Automated Reasoning Group (ARG) has been doing much of the work in applying automation to diminish cloud security risks for enterprises.
Revenues: N/A
Market Cap: N/A
Analyst firm Gartner and others have consistently ranked Veracode among the leaders in the application security testing market. The company's portfolio of tools for SAST, DAST, and secure code analysis is designed to help organizations integrate security testing into their software development process.
CA Technologies acquired Veracode last year for $614 million and was working on integrating the security vendor's software with its own portfolio of security and DevOps tools. However, Broadcom, which announced plans to buy CA for $18.9 billion this past July and closed the transaction Nov. 5, has now sold Veracode to private equity investment firm Thoma Bravo for $950 million in cash.
The move means that Veracode will likely operate once again as an independent vendor, backed by an investment firm with extensive investments in the cybersecurity space. Sam King, who is currently senior vice president and general manager of Veracode, will become CEO of the company once the acquisition is completed this quarter. She expects the transition will better position Veracode to extend its market reach and fuel innovation at the company.
Revenues: N/A
Valuation: N/A
Industrial control systems (ICS) security vendor Claroty received a major endorsement of its technology this year when a syndicate of investors pumped $60 million into the company in a Series B funding rounding in June. The funding round was significant because the investors included several control system vendors and operators of industrial networks, such as Rockwell Automation, and venture firms backed by companies, such as Schneider Electric and Siemens.
Industrial cybersecurity has emerged as a major concern this year amid news of heightened interest in critical infrastructure targets among nation-state-backed threat actors. Claroty is among a small but rapidly growing group of security vendors addressing the growing demands of this market. The vendor has so far raised $93 million and says it has major customers in a variety of critical infrastructure industries, including oil and gas, utilities, chemical, manufacturing, and water.
Revenues: N/A
Market Valuation: $3 billion
CrowdStrike, the security industry's favorite authority on Russian hackers, is rumored to be preparing for an IPO sometime in the first half of 2019. The firm has hired investment bank Goldman Sachs to help, according to Reuters. Reports of the rumored initial public offering follow a $200 million financing round in June led by Accel, General Atlantic, and IVP that valued the firm at $3 billion.
Founded in 2011, CrowdStrike is considered among the leaders in the endpoint security space. In June the company introduced a new breach prevention warranty under which it is offering up to $1 million to customers that experience a data breach in any environment protected by its endpoint protection technology. The company says the warranty is the first to cover breach response costs, as well. CrowdStrike earlier this year said it experienced 140% year-over-year growth in annual revenues, but the vendor has not disclosed an actual amount.
2018 Revenues: $130 million Market Valuation: $1 billion
A $120 million funding round in June led by the Blackstone Group has positioned Cylance for further growth in the endpoint security market. The company plans on using the new funds to boost its sales, marketing, and product development efforts worldwide.
Cylance and its artificial intelligence-enabled endpoint threat prevention and detection tools have attracted considerable enterprise and investor interest in recent years. Launched in 2012, Cylance says it has 20% of the Fortune 100 as its customers and more than 4,000 customers in total worldwide. The company recorded revenues of $130 million in 2018, representing 90% year-over-year growth.
So far, including the latest funding round, Cylance has raised close to $300 million from more than one dozen investment firms.
2018 Revenues: N/A (claimed contracts valued at more than $400 million in July)
Market Value: $1.65 billion
Darktrace became one of the growing number of security unicorns this year when it raised $50 million in a funding round that valuated the UK-based company at $1.65 billion. The funding, led by European private equity firm Vitruvian Partners, was the latest endorsement of investor confidence in Darktrace and its artificial intelligence-powered intrusion detection and response technology.
In July 2017, Darktrace raised $75 million in an investment round led by Insight Venture Partners, with participation from several other existing investors in the company. A year prior to that, Darktrace raised $65 million in growth equity funding from KKR and other investment firms.
Since 2015, investors have poured in at least $230 million in funding through multiple investment rounds. In the process, Darktrace's market valuation has soared from $80 million just three years ago to its current $1.65 billion value. The funding has helped the security vendor accelerate its momentum in various markets and grow its headcount by 60% to 750 employees worldwide in the past 12 months. The company has claimed 100% revenue growth over the past year but has not disclosed the actual amount.
2017 Revenues: $751 million
Market Cap: $3.8 billion (11/1/2018)
A continued shift toward a more services-led business model put FireEye in a position to regain some of its momentum in 2018. Kevin Mandia took over as the CEO in June 2016 at a time when the once high-flying cybersecurity vendor appeared to be running out of steam. In the nearly two-and-a-half years since then, Mandia has transformed FireEye from an appliance-centric security vendor to one with multiple revenue streams, including services, threat intelligence, email security, and endpoint security. From getting almost one-third of its non-services revenues from physical appliances in 2015, a bulk of FireEye's revenues this year have come from newer products, such the company's endpoint defenses, threat intelligence, and Helix cloud-hosted security operations platform.
As a company that investigates more major data breaches than almost any other security vendor, FireEye has the added advantage of being particularly close to some of the latest tactics, techniques, and procedures used by adversaries in attacking enterprises.
2016 Revenues: $1.5 billion
Market Value: N/A (nonprofit)
The federally funded nonprofit Mitre might not seem like an obvious candidate for inclusion in a cybersecurity listing. But Mitre's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework has grown tremendously in popularity within the security industry since it was launched in May 2015. ATT&CK is basically a document that summarizes nearly one dozen top-level tactics and hundreds of techniques that attackers are using to compromise enterprises.
Penetration testers and security groups from both the private sector and government have, in growing numbers, been using the framework to conduct tabletop exercises and identify gaps in security controls and capabilities.
But perhaps the most significant development for organizations over the past year is Mitre's use of ATT&CK for security vendor product evaluations. Since March, Mitre has been offering paid product evaluations for security vendors interested in having their products assessed against the ATT&CK framework. Vendors participating in the program include CrowdStrike, Carbon Black, Microsoft, SentinelOne, Cybereason, and RSA.
2018 Revenues: $39.8 billion
Market Cap: $184 billion (11/1/2018)
Oracle has been quietly building out its security capabilities in a bid to help enterprises using Oracle's cloud services better protect their applications and workloads against cyberthreats.
At Oracle OpenWorld in October, the company announced a slew of new cloud security capabilities acquired mostly from its purchase of Zenedge this past March and Palerra in 2016. The new services include a Web application firewall and a distributed denial-of-service protection capability from its Zenedge purchase, and a CASB service built on Oracle's Palerra acquisition. For the moment, at least, Oracle does not appear particularly interested in leveraging its security capabilities beyond addressing the needs of its enterprise cloud customers, though that could change at some point.
2018 Revenues: $2.9 billion
Market Cap: $17.5 billion (11/1/2018)
Enterprise interest in technologies for securing data and workloads in the cloud is driving a flurry of vendor activity. Palo Alto Networks, with two major acquisitions in the cloud security space, was one of more aggressive ones in 2018.
In March, the security vendor announced plans to acquire Evident.io in a $300 million transaction that gave it access to a new set of API-based cloud infrastructure protection capabilities. Palo Alto Networks, which made its name initially in the next-generation firewall market, followed up by acquiring cloud security analytics company RedLock for $173 million in October.
Palo Alto Networks plans to combine the technologies from Evident.io and RedLock into one consolidated cloud security services offering early next year.
2017 Revenues: $145.4 million
Market Cap: $4.7 billion (11/1/2018)
In acquiring Wombat Security Technologies for $225 million in March, Proofpoint demonstrated a different approach to helping organizations address one of their biggest security concerns: phishing. Wombat's phishing simulation and security awareness training platform is designed to give enterprises a way to educate users about phishing threats.
By combining Wombat's security education platform with its own endpoint protection technologies, Proofpoint currently offers security teams the ability to conduct more realistic phishing simulations targeted at specific end users. The combination of the two technologies has given Proofpoint a way to deliver capabilities that allow enterprise security teams to more quickly investigate and mitigate user-reported phishing attacks and automatically quarantine or reset user accounts.
2018 Revenues: $2.9 billion
Market Cap: $30.3 billion (11/1/208)
In October, Red Hat previewed new Ansible integrations designed to give enterprises a way to automate and orchestrate security functions, such as firewalls, intrusion-detection systems (IDS), and security information and event management (SIEM). The goal is to enable faster responses to security incidents by coordinating and orchestrating disparate security technologies. Other potential use cases for the technology include threat hunting and triaging of suspicious activities.
IBM announced plans to acquire Red Hat for $34 billion in October. If the deal gets approved, Red Hat will become part of IBM's Hybrid Cloud group, though it will operate as an independent unit. It is still too early to say how the acquisition will impact Red Hat's plans for moving Ansible forward. IBM itself has said that it plans to stay the course on all of Red Hat's current projects and plans.
2018 Revenues: $1.27 billion
Market Cap: $14.9 billion (11/1/2018)
Splunk positioned itself as a contender in the emerging market for security orchestration automation and response (SOAR) technologies with its acquisition of Phantom Cyber in February. The $350 million purchase has equipped Splunk with capabilities designed to help enterprises respond to security incidents in a quicker and more automated fashion.
Enterprise demand for SOAR capabilities is being driven by alert fatigue and the quest by organizations to reduce mean time to respond to security incidents. A 2018 study by Demisto found that enterprises receive an average of 174,000 alerts each week, review just 12,000 of them because of a lack of available skills, and take more than four days to resolve an incident. Such factors are expected to drive demand for SOAR to the tune of $1.7 billion by 2012.
2018 Revenues: $230 million
Current Pre-Money Valuation: $6.5 billion
Two major investments in 2018 put Tanium among the heavyweights in the cybersecurity industry in terms of market valuation. In May, private equity firm TPG Growth increased its stake in the company with a $175 million investment that valued Tanium at $5 billion. In October, Tanium announced that it had raised another $200 million in a funding round led by Wellington Management. The funding raised Tanium's valuation to $6.5 billion.
The infusion of cash follows a year during which revenues grew 80% and is expected to accelerate the company's growth in the endpoint security space. Tanium says more than half of the Fortune 100 companies and many large government organizations currently use its technology. Besides TPG Growth and Wellington Management, other current major investors in the company include Andreessen Horowitz, Citi Ventures, and Franklin Templeton Investments.
Revenues: Approximately $3 billion (aggregate total from its portfolio of software companies)
Thoma Bravo's claim to fame in the cybersecurity industry comes by virtue of its recent purchases of and investments in a growing number of security vendors. The private equity investment firm is best known for its investments in the application and infrastructure software segments. But recently it has begun snapping up cybersecurity firms at an impressive rate. Its most recent buy came just this week, when it announced it will acquire CA Veracode from Broadcom, which officially closed its purchase of CA Technologies and plans to sell its application security platform for $950 million in cash.
In July, Thoma Bravo purchased a majority stake in identity and access management technology vendor Centrify. Just a month prior, the firm made a similar investment in LogRhythm and its SIEM technology. In addition, in February Thoma Bravo completed a $1.6 billion acquisition of cloud security vendor Barracuda Networks. Other companies in Thoma Bravo's rapidly growing cybersecurity portfolio include Blue Coat Systems, SonicWall, and Entrust.
Thoma Bravo describes its investment strategy as being based on the notion of creating value through accretive acquisitions, operational improvements, and internal expansion. It's too soon to say how the investment firm plans to leverage that strategy in the cybersecurity sector, but the sheer number of security firms it owns or has a major stake in makes Thoma Bravo a player in the sector.
Revenues: $200.9 million
Market Cap: $1.72 billion (11/1/2018)
Rapid7 broadened its SecOps capabilities this year by acquiring Web application security provider tCell for an undisclosed sum in October. The purchase has equipped Rapid7 with technology that allows it to offer runtime application self-protection (RASP) and Web application monitoring capabilities for enterprise customers. Both are considered key capabilities for security in DevOps and continuous integration/continuous delivery environments.
Rapid7's Insight Platform, which now includes tCell's technology, combines a variety of functions designed to help organizations assess, monitor, and protect against application-level attacks, right from the coding stage through testing, deployment, and while running. Each new capability and functionality that the company has added to the platform has helped Rapid7 expand beyond its original niche in the vulnerability assessment and pen testing space.
Revenues: $200.9 million
Market Cap: $1.72 billion (11/1/2018)
Rapid7 broadened its SecOps capabilities this year by acquiring Web application security provider tCell for an undisclosed sum in October. The purchase has equipped Rapid7 with technology that allows it to offer runtime application self-protection (RASP) and Web application monitoring capabilities for enterprise customers. Both are considered key capabilities for security in DevOps and continuous integration/continuous delivery environments.
Rapid7's Insight Platform, which now includes tCell's technology, combines a variety of functions designed to help organizations assess, monitor, and protect against application-level attacks, right from the coding stage through testing, deployment, and while running. Each new capability and functionality that the company has added to the platform has helped Rapid7 expand beyond its original niche in the vulnerability assessment and pen testing space.
It's been another busy year in the cybersecurity business.
During the course of 2018, many established and new players in the security industry made strategic moves that revealed as much about their plans as it did about where the industry is heading.
The following is a list of organizations, arranged in alphabetical order, that garnered attention in the industry due to investments they made, companies they acquired, funding they attracted, or strategic directions they took.
Their moves paint a picture of an industry in transition. Small pure-play security vendors are quickly growing up and spreading out from their traditional niches. Big technology vendors – particularly those selling cloud services — have increasingly begun acquiring capabilities for securing customer workloads and applications on their software-, Internet- and platform-as-a-service environments. And investors seeking a slice of the still-lucrative cybersecurity pie — global market revenues are expected to top $124 billion in 2019, according to Gartner — continued to pour money into the industry.
Many firms featured on this list are relatively young but are not officially startups anymore; others are established players in the security sector with thousands of customers, hundreds of millions in revenues, and market valuations in the billions. There's also a handful of players that aren't traditional security vendors but made the cut because of the impact they are having on the industry.
Here is our list of 20 security vendors to watch.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024