News of two cybersecurity companies reporting unicorn status on Thursday raises at least two questions: With the economy so flat, why do investors keep pouring money into cybersecurity? And, how do investors evaluate these growing companies and decide they are worth the investment?
“While the economy may be down, the cybersecurity threats are certainly not," said Ken Gonzalez, managing director at NightDragon. “We are living among one of the riskiest threat landscapes in history and that demand drives the need for a new supply of innovation to meet this new threat.”
Gonzalez said investors start by looking for the greatest dislocation between the current threats and the innovations available to meet those risks. From there, they identify the company they believe has the best technology, team and total addressable market capacity to meet that need. Gonzalez added that the ability to accelerate go-to-market and scale has become an “essential piece of the valuation conversation,” as it shows the company's ability to get their technology in the hands of the customers that need it to defend their organizations.
“These rounds likely started a long while ago when money was cheaper and the economy wasn’t so precarious," said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group and an ESG Fellow.
For Devo Technology, which raised $100 million in Series F funding at a valuation of $2 billion, and JupiterOne, the cyber asset attack surface management company that raised $70 million in Series C funding for an estimated valuation of more than $1 billion — the good times keep rolling.
Oltsik said Devo goes to market as a cloud-scale security back-end, similar to Humio (acquired by CrowdStrike) and Scalyr (acquired by SentinelOne). Devo targets the security operations center, said Oltsik, who added that there’s a lot of activity in this space as traditional SIEMs are expanding and moving to the cloud.
“Many traditional platforms weren’t built for cloud scale, but Devo was,” Oltsik said. “The bet is that either Devo can capitalize on its scalable cloud-based back-end with MSSPs/MDR service providers and/or enterprise customers, or it will be acquired like Humio and Scalyr.”
In JupiterOne’s case, Oltsik said organizations are moving toward consolidated platforms for cyber-risk management. ESG calls this new market security observability, prioritization, and validation (SOPV). Oltsik views this as a platform play where a vendor like JupiterOne has an opportunity to consolidate functionality (ASM, vulnerability management, and CSPM,) or at least act as a hub for other tools, marginalizing their value in the process.
“This is a big shift and a big market opportunity,” Oltsik said. “JupiterOne is well-positioned to take a leadership role and has already established relationships with leaders like Splunk and Cisco. Finally, the market is valuing JupiterOne as a comp to Axonius, which is also a mega-Unicorn.”