Corporate cybersecurity today is tasked with protecting connected hardware and cloud-based software from myriad threats such as unauthorized access and data theft. The next-generation of tools leverage AI and machine learning to dominate endpoint protection, detection, and response.
The traditional enterprise network perimeter is fading and enterprise workflows are increasingly reliant on the internet and cloud applications. Personal computing devices and connected industrial hardware connect to corporate networks on a daily basis, leaving many potential entry points for malicious actors. The evolving threat landscape requires a holistic approach to cybersecurity that considers an organization's entire network landscape.
Advances in AI help companies bridge this gap by detecting threats using behavioral analysis. Companies can now use signature-based methods to identify threats proactively, even unknown ones which would have otherwise gone undetected by traditional antivirus programs. AI also allows for efficient monitoring, investigation, and automation of common remediation tasks that would have been traditionally carried out manually—a time-consuming process prone to error.
The rapid shift to remote work has led to new threats:
Phishing attacks grew 220% in 2020, leading to a lack of confidence in current corporate cybersecurity efforts.
The FBI received 3,000 - 4,000 daily complaints related to cybersecurity, that’s up to 4x beyond pre-pandemic rates.
More than 70% of cybersecurity leaders cite remote workers as security risks and 41% blame budgetary restrictions as their top concern.
Prioritizing security translates to double-digit revenue for several disruptors:
Crowdstrike saw 82% year-over-year (YoY) growth in both customers and revenue.
Cato Networks doubled annual recurring revenue (ARR).
Arctic Wolf more than doubled subscription revenue with enterprise clients growing 180%.
Snyk reported a 275% YoY growth in ARR.
SentinelOne expected revenue growth to more than double in 2020.
Security budgets are going up across industries:
More than 50% of surveyed executives plan to increase their cybersecurity budgets in 2021 with the healthcare sector leading the way.
Large incumbents maintain a strong presence in this industry as they expand traditional cybersecurity portfolios with complementary products focused on cloud services produced through a mix of internal development and acquisitions. Some larger disruptors also follow an acquisition strategy, acquiring smaller startups to expand their portfolios. These acquisitive incumbents and larger disruptors are therefore listed across multiple segments of the market map.
The endpoint security space, in particular, has a significant incumbent presence, as traditional antivirus software vendors are adding behavior analytics and artificial intelligence to their products. Symantec (now owned by Accenture) and Trend Micro are some of the largest endpoint protection providers globally, each claiming more than 18% of the segment’s overall market share.
While the market map features more endpoint security companies than any other segment, companies offering cloud security products have attracted the most private funding—more than USD 7.1 billion for the cloud network and cloud-native application security segments as of August 2021. Further, nine out of ten startups in this hub were established over the last decade and have collectively raised over USD 12 billion as of the same date.
A majority of these disruptors offer tools for threat detection and response either as standalone products or along with cloud security and endpoint security offerings. As of August 2021, the highest amount of funding has gone towards companies in the detection and response segment.
Several next-generation cybersecurity companies have already reached valuations of at least USD 1 billion. Cloud-network security startup Netskope has garnered the highest amount of funding (USD 1 billion) as of August 2021. SentinelOne went public in June 2021 which valued the company at USD 8.9 billion, implying a 187% growth from the valuation during its last fundraise in November 2020 (USD 3.1 billion). SentinelOne also leads the endpoint security, industrial IoT/operational technology security, and managed detection and response (MDR) segments in terms of funding, with Arctic Wolf being the highest funded pureplay MDR provider in this space.
More than 90% of these disruptors were established in the last decade and most are in either the early or growth stage. Many also have a footprint across multiple market segments in part by acquiring smaller startups to accelerate product launches and absorb expertise amid a shortage of cybersecurity professionals.
Zscaler offers cloud security products such as cloud access security brokers (CASBs), secure web gateways (SWGs), and other tools to protect cloud networks, under a secure access service edge (SASE) architecture that is distributed across more than 150 data centers globally. Zscaler also offers cloud security posture management (CSPM) tools that enable organizations to identify misconfigurations and vulnerabilities across cloud-native workloads. As of May 2021, the company had more than 200 patents issued and pending, and served more than 5,000 customers including more than 25% of the Fortune 200.
For FY2021, Zscaler reported USD 673.1 million in revenues, reflecting a growth of 56% YoY. Zscaler’s adjusted operating income rose to USD 78 million, more than double the USD 38.2 million recorded during FY2020. For Q1 FY2022 (ended October 31, 2021), the company reported a revenue of USD 230.5 million, representing a year-over-year (YoY) growth of 62%. Management guidance for revenue for FY2022 stands in the range of USD 1 billion and USD 1.01 billion, which implies an YoY growth of 48.6% to 50.1%, respectively.
Zscaler has made several acquisitions including the cloud security startup Edgewise Networks, in May 2020 for an undisclosed amount, to enhance application-to-application communication security. In April 2020, the company acquired the CSPM startup Cloudneeti for an undisclosed amount, enabling Zscaler to expand its cloud security offering to offer CSPM solutions. Other notable acquisitions of the company include Trustdome, and Smokescreen Technologies in April 2021 and May 2021, respectively. The company commenced trading on the Nasdaq in March 2018, raising USD 192 million in its initial public offering (IPO).
Cloud network security:
Cloud-native application security:
The cloud service providers, pureplay cybersecurity companies, and endpoint security software providers in this section have either acquired stakes in next-gen startups, or pivoted their business model to offer products and services across multiple segments.
Major cloud providers like Microsoft and Fastly generally bundle security products along with their primary offerings. Pureplay cybersecurity incumbents, such as Palo Alto Networks, have been gradually building their product portfolio to keep up with industry trends, using acquisitions to bridge gaps and speed up go-to-market activities.
Incumbents in the endpoint security segment have historically offered traditional antivirus software to retail and enterprise customers. These companies have improved their offering to feature AI and behavior analytics to detect known and unknown threats. These companies have also started building endpoint detection and response (EDR) tools to leverage automation and machine learning.
No investor data is available