Discover more from What's Hot 🔥 in Enterprise IT/VC
What's 🔥 in Enterprise IT/VC #316
Carnage in security to come, a game of musical chairs but still massive outcomes for the winners
There are way too many cybersecurity companies with way too much funding, and the road ahead is not going to be smooth for many. Palo Alto Networks just announced its latest acquisition of Cider Security at a price or $195M in cash and perhaps up to $300M with other incentives. In fact, PANW apparently “walked away from a $600 million deal for Apiiro in favor of a $200 million purchase of Cider Security, Calcalist reported.” To Apiiro’s credit it parlayed that into a $100M round of funding to go the distance. All of this got me thinking - what has PANW’s acquisition history been and along those lines how about Crowdstrike? What does this mean for cybersecurity startups, and the amount of capital they raise?
When you have two of the largest pure play cybersecurity companies in PANW with a market cap of $50B and Crowdstrike at $32B mostly focused on adding new product to upsell to its installed base, this doesn’t bode well for the many hundreds of startups with way too much funding. Here’s PANW’s list of 18 companies, and other than Expanse which added $67M ARR, most of PANW’s acquisitions were pure play tech buys in the $150 -$300M range. Here’s Crowdstrike’s list of 5 acquisitions with Humio at $392M and the rest undisclosed which likely indicates acquihires.
Let’s now look at the amount of capital raised from Cider and Humio. CiderSecurity raised $38M and if the full price of $300M is realized, the value is about 8x the cash raised. For Humio, it looks like it raised about $31.8M so this ratio is about 12.3x the cash raised. These are solid outcomes for sure, especially if the companies raised $30M or less, but as of now, there are 46 cybersecurity 🦄 and not all of them will go public. In addition, many of these companies raised from $1B+ funds so these acquisitions won’t move the needle much. (BTW, I don’t know what the valuations of the latest rounds were and this ratio is more of a rough estimate of capital efficiency vs. pure returns).
Here’s another reason why 2023 will be tough for many startups - vendor consolidation. (CNBC)
Palo Alto Networks is seeing tailwinds from customers looking to slash costs in the worsening economy, CEO Nikesh Arora said Thursday.
“The silver lining in the current environment is that we’re having more consolidation conversations —because suddenly, the number one priority in addition to being secure is: ‘Can you help me do that without me increasing costs?’” he told Jim Cramer.
“You go in there and say, ’Listen, I can replace seven vendors for you. I can get you to a better security outcome. And I can do it at a lower cost,” he said, adding, “we’ve got to increase the activity and the focus that we need to have in the market and hope that our better execution can help us right the macro trends that we’re seeing.”
And with that, PANW is going on the offensive. Here’s more from its earnings transcript from this past week. They are going for the kill and ramping up sales reps while others pull back. This an aggressive and expensive move, and it will be interesting to see how much more market share PANW is able to gain.
Coming off Q4, Q1 tends to be a seasonally more challenging quarter, but we were able to tame some of these early trends by doubling down on execution. FY '23 will require continued excellent execution to overcome some of these macro impacts. Towards that end, we have already taken concrete action. We have front-loaded hiring of our field teams to increase coverage across our customer base.
Here’s more from the PANW CFO:
Look, Saket, as I mentioned, you know, we are seeing customers spend more time trying to understand what they're spending money on. There's more questions. The CFOs are getting involved. So, larger deals are getting more scrutiny.
We noticed that early in the quarter, so we accelerated our efforts in trying to get those deals in front of those CFOs much faster and earlier in the quarter as opposed to waiting toward the end. In certain cases, customers came back and said, "I'd like this now. I'd like to hold off on this and buy it next quarter." That just means we have to go far more pipeline much faster and much harder to make sure we can make up for those deals with other deals in our pipeline. At any point in time, our pipeline, as you would expect, is larger than what we expect to deliver in that quarter.
So, we have deals in the pipeline. We just have to work with our customers to solidify them. And what we have done is, because of that behavior, we have increased scrutiny internally. We've increased efforts with our sales teams to get ahead of this, and we're just increasing the activity of execution.
We front-loaded our hires. We hired 550 direct sales rep as quickly as we could in the quarter because we think this environment is going to continue. And the only way to fight this is to get more coverage out of the field, get more coverage, get more focused on getting deals done, get them across the line. There's not a demand problem, right? All that is happening is that people are pushing out some of their purchase.
This means you just need to get more active with our customer base to make sure we get more business into our pipeline. This is what we're doing.
It’s going to be an interesting 2023 in cybersecurity. The space is absolutely huge and growing, and there are still lots of opportunities for founders, especially those creating new categories under the radar of the 🦍. For those founders, keep innovating on product, be capital efficient, and remember that each subsequent round of capital you raise also limits your exit options as your investors will also be looking for a solid return. To be fair, PANW and CRWD are not the only acquirers as Google Cloud and Microsoft have made some large acquisitions over time, but you get my point. I’m sure PANW’s acquisition will kick off a domino effect as the game of musical chairs begins
and a few more companies in the CNAPP space get acquired. If you’re the last man standing, I hope you are the one who can go the distance and reap the rewards because those will be huge. Let the games begin 💪🏼!
As always, 🙏🏼 for reading and please share with your friends and colleagues.
Scaling Startups
Capital efficiency at its best
Copy.ai October Update $10.8m ARR, +12% m/m Cash burn -86% m/m Our team is lean, low ego, doesn't care about titles, prefers more equity and wants to build for the next decade. Just 31 of us.💯 most founders we back at company formation will already have their 3-5 core folks ready to join and build, many of whom worked with them in the past - so important to have that right core nucleus from day one
🔥
Enterprise Tech
Well said by Vitalik (creator of Ethereum) on decentralized vs. centralized exchanges like FTX…so much more room to build
According to Buterin, DeFi and self-custody options work better and people instead use centralized platforms as they provide convenience which self-custody does not.
“Like setting up self-custody is still hard. You have to figure out a way to have safe wallets, you have to carry your hardware wallet around, and you have to write down all the words and lots of complexities. But centralized options are like, you know, he's a nice guy. His face is all over San Francisco. So just put the coins on this platform, and it is trustworthy,” he said.
Along those lines - self custody is the future
Everyone will add Generative AI into their application…then what?
More great research from Contrary, now with a comprehensive view on security - great to see port cos Snyk and BigID on this
Vote for the DevOps Dozen Top Products and People - great list for those to follow as well and please make sure to vote for Slim.ai (a portfolio co) in the “Best Cloud-Native Security Solution/Service” and for Palette (by SpectroCloud, a portfolio co also) under the “Best Kubernetes Platform/Service
Great 🧵 on pluses and minuses of each
Markets
💪🏼
❤️ Twitter @JerryCap asked how many companies trading at >10x sales have been multi-baggers @jaminball did the excellent analysis: cloudedjudgement.substack.com/p/clouded-judg… 27 companies (not including M&A like Mulesoft) all beat the Nasdaq with > 10% CAGR trading > 10x NTM sales at one point
Subscribe to What's Hot 🔥 in Enterprise IT/VC
Ed Sim's (@boldstartvc) weekly readings and notes on enterprise VC, software, and scaling startups
Well said on PLG which is why we continue investing on shift left movement in cos like Snyk, Slim, Jit, cloudquery, and dope.security. All also quite focused, even if for devs, on user experience.
Agree that the space is too crowded which makes it difficult for any startup to make a dent on the market. But these big players have failed to keep any type of PLG and rely on sales tactics to keep their customers. Sadly, the security industry isn’t as critical of products as others and put up with painful UX and workflows. My hope is that the tolerance levels will decrease as more devops folks are asked to handle security.