Corporate cybersecurity today is tasked with protecting connected hardware and cloud-based software from myriad threats such as unauthorized access and data theft. The next-generation of tools leverage AI and machine learning to dominate endpoint protection, detection, and response.
The traditional enterprise network perimeter is fading and enterprise workflows are increasingly reliant on the internet and cloud applications. Personal computing devices and connected industrial hardware connect to corporate networks on a daily basis, leaving many potential entry points for malicious actors. The evolving threat landscape requires a holistic approach to cybersecurity that considers an organization's entire network landscape.
Advances in AI help companies bridge this gap by detecting threats using behavioral analysis. Companies can now use signature-based methods to identify threats proactively, even unknown ones which would have otherwise gone undetected by traditional antivirus programs. AI also allows for efficient monitoring, investigation, and automation of common remediation tasks that would have been traditionally carried out manually—a time-consuming process prone to error.
The rapid shift to remote work has led to new threats:
Phishing attacks grew 220% in 2020, leading to a lack of confidence in current corporate cybersecurity efforts.
The FBI received 3,000 - 4,000 daily complaints related to cybersecurity, that’s up to 4x beyond pre-pandemic rates.
More than 70% of cybersecurity leaders cite remote workers as security risks and 41% blame budgetary restrictions as their top concern.
Prioritizing security translates to double-digit revenue for several disruptors:
Crowdstrike saw 82% year-over-year (YoY) growth in both customers and revenue.
Cato Networks doubled annual recurring revenue (ARR).
Arctic Wolf more than doubled subscription revenue with enterprise clients growing 180%.
Snyk reported a 275% YoY growth in ARR.
SentinelOne expected revenue growth to more than double in 2020.
Security budgets are going up across industries:
More than 50% of surveyed executives plan to increase their cybersecurity budgets in 2021 with the healthcare sector leading the way.
Large incumbents maintain a strong presence in this industry as they expand traditional cybersecurity portfolios with complementary products focused on cloud services produced through a mix of internal development and acquisitions. Some larger disruptors also follow an acquisition strategy, acquiring smaller startups to expand their portfolios. These acquisitive incumbents and larger disruptors are therefore listed across multiple segments of the market map.
The endpoint security space, in particular, has a significant incumbent presence, as traditional antivirus software vendors are adding behavior analytics and artificial intelligence to their products. Symantec (now owned by Accenture) and Trend Micro are some of the largest endpoint protection providers globally, each claiming more than 18% of the segment’s overall market share.
While the market map features more endpoint security companies than any other segment, companies offering cloud security products have attracted the most private funding—more than USD 7.1 billion for the cloud network and cloud-native application security segments as of August 2021. Further, nine out of ten startups in this hub were established over the last decade and have collectively raised over USD 12 billion as of the same date.
A majority of these disruptors offer tools for threat detection and response either as standalone products or along with cloud security and endpoint security offerings. As of August 2021, the highest amount of funding has gone towards companies in the detection and response segment.
Several next-generation cybersecurity companies have already reached valuations of at least USD 1 billion. Cloud-network security startup Netskope has garnered the highest amount of funding (USD 1 billion) as of August 2021. SentinelOne went public in June 2021 which valued the company at USD 8.9 billion, implying a 187% growth from the valuation during its last fundraise in November 2020 (USD 3.1 billion). SentinelOne also leads the endpoint security, industrial IoT/operational technology security, and managed detection and response (MDR) segments in terms of funding, with Arctic Wolf being the highest funded pureplay MDR provider in this space.
More than 90% of these disruptors were established in the last decade and most are in either the early or growth stage. Many also have a footprint across multiple market segments in part by acquiring smaller startups to accelerate product launches and absorb expertise amid a shortage of cybersecurity professionals.
Zscaler offers cloud security products such as cloud access security brokers (CASBs), secure web gateways (SWGs), and other tools to protect cloud networks, under a secure access service edge (SASE) architecture that is distributed across more than 150 data centers globally. Zscaler also offers cloud security posture management (CSPM) tools that enable organizations to identify misconfigurations and vulnerabilities across cloud-native workloads. As of May 2021, the company had more than 200 patents issued and pending, and served more than 5,000 customers including more than 25% of the Fortune 200.
For FY2021, Zscaler reported USD 673.1 million in revenues, reflecting a growth of 56% YoY. Zscaler’s adjusted operating income rose to USD 78 million, more than double the USD 38.2 million recorded during FY2020. Management guidance for revenue for FY2022 stands in the range of USD 940 million and USD 950 million, which implies an YoY growth of 39.7% to 41.1%, respectively.
Zscaler has made several acquisitions including the cloud security startup Edgewise Networks, in May 2020 for an undisclosed amount, to enhance application-to-application communication security. In April 2020, the company acquired the CSPM startup Cloudneeti for an undisclosed amount, enabling Zscaler to expand its cloud security offering to offer CSPM solutions. Other notable acquisitions of the company include Trustdome, and Smokescreen Technologies in April 2021 and May 2021, respectively. The company commenced trading on the Nasdaq in March 2018, raising USD 192 million in its initial public offering (IPO).
Cloud network security:
Cloud-native application security:
The cloud service providers, pureplay cybersecurity companies, and endpoint security software providers in this section have either acquired stakes in next-gen startups, or pivoted their business model to offer products and services across multiple segments.
Major cloud providers like Microsoft and Fastly generally bundle security products along with their primary offerings. Pureplay cybersecurity incumbents, such as Palo Alto Networks, have been gradually building their product portfolio to keep up with industry trends, using acquisitions to bridge gaps and speed up go-to-market activities.
Incumbents in the endpoint security segment have historically offered traditional antivirus software to retail and enterprise customers. These companies have improved their offering to feature AI and behavior analytics to detect known and unknown threats. These companies have also started building endpoint detection and response (EDR) tools to leverage automation and machine learning.
Microsoft bundles cybersecurity solutions with its Microsoft Azure and Microsoft 365 products. Under Microsoft Azure, the company offers solutions to protect cloud workloads using a combination of tools for identity and access management, monitoring, and response which leverage AI and behavioral analytics. Microsoft's cloud security offerings are delivered via the “Azure Security Center'' platform that since 2016 has allowed users to manage security features in their Azure cloud deployments. Microsoft also offers the ability for developers creating applications on Azure’s service to protect their cloud-native applications.
Microsoft 365 includes Microsoft Defender for enterprise endpoint protection which includes next-generation antivirus (NGAV) solutions and endpoint detection and response (EDR) tools. Microsoft also offers protection for industrial internet of things (IoT) applications and in 2017 committed an annual investment of USD 1 billion per year toward cybersecurity R&D.
Microsoft has also acquired startups in this space to strengthen its product offerings. The company acquired Refirm Labs in June 2021 for an undisclosed amount. Refirm Labs was founded in 2017 and is the developer of the analysis tool Binwalk Enterprise, an open-source software used by over 50,000 businesses globally to identify firmware and security issues on IoT devices. This acquisition was the company's second in the IoT security space following the acquisition of CyberX for USD 165 million in June 2020. CyberX was founded in 2013 with a focus on detecting and predicting risks to IoT devices. Other notable acquisitions include the Israeli cloud security startup Aorato for USD 200 million in 2014 and Adallom for USD 320 million in 2015. In July 2021, Microsoft had reportedly agreed to acquire RiskIQ for an all-cash consideration of more than USD 500 million. RiskIQ provides an attack surface management software for organizations to detect security threats over corporate networks and devices to secure their Enterprise Digital Footprint (EDP). The acquisition will integrate RiskIQ’s technology to Microsoft Azure cloud services and expand Microsoft’s security products and services, to provide improved protection for its customers. Microsoft also acquired the CIEM startup CloudKnox Security during the same period. CloudKnox uses its patented activity-based authorization protocol to provide continuous monitoring, enforcement of least-privilege principles, and analytics to provide automated remediation across hybrid and multi-cloud environments. The acquisition expanded Microsoft’s cloud security and zero-trust monitoring with the integration of CloudKnox’s privileged access and CIEM tools in Microsoft Azure Active Directory services. The acquisition will also offer Microsoft customers a unified multi-cloud platform that provides access policy enforcement for all identities, ML-based anomaly detections, and integration with other Microsoft cloud security services, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
In January 2021, Microsoft claimed that its cybersecurity business has recorded revenues in excess of USD 10 billion over the preceding twelve months with a cybersecurity unit serving more than 400,000 customers.