PitchBook-信息安全概述-利用最新的风险投资活动更新行业和分类（英）-2023-WN6.pdf

EMERGING TECH RESEARCHInformation Security OverviewIndustry and taxonomy update with latest VC activity2023Published June 16,2023REPORT PREVIEWThe full report is available through the PitchBook Platform.ContentsCONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 2Institutional Research Group Analysis2023 Information Security OverviewBrendan Burke Senior Analyst,Emerging Technology DataMatthew Nacionales Data AnalystPublishingReport designed by Megan Woodard,Julia Midkiff,and Joey Schaffer Published on June 16,2023Vertical overview3Information security landscape5Information security VC ecosystem market map6VC activity8Segment overview12Application security13Data security18Endpoint security22Identity&access management27Network security31Security operations35Appendix40CONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 52023 Information Security OverviewInformation security landscape34512Cloud-based web applications and servicesCorporate-owned endpointsOn-premise networkThreat surfacesOn-premise databasesOn-premise data center servers6Employee-owned endpoints789Cloud-based databasesIoT devices/sensorsIndustrial control systemsNetwork securityIdentity&access managementProduct segments Application securityEndpoint securityData security1724538692023 Information Security OverviewCONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 8VC activityInfosec VC funding in North America and Europe has remained consistently low since the market downturn in Q3 2022,reaching$2.5 billion across 127 deals in Q1 2023nearly the same level as in Q3 and Q4 2022.Late-stage VC deal count exceeded both angel and seed and early-stage deal count yet again,demonstrating a concerning trend for early-stage startups.Deal volume fell too low to gain any reliable insights on valuations,yet only five VC megadeals closed,indicating that unicorns remain constrained in funding outside of venture debt.Leading specialist VC investors remained active in leading early-stage deals yet focused on seed and Series B investments,suggesting a preference for lower valuations.Wiz raised the outstanding round of the quarter,achieving a$10.0 billion pre-money valuation with a$300.0 million Series D.This deal surpasses Tanium for the highest VC valuation we have tracked in infosec,also surpassing Laceworks$8.3 billion valuation.Wiz has shown that outliers in revenue growth rates can be created in cloud security with excellent founding teams.Disclosed exit value continued to dry up in Q1 2023,yet significant acquisitions continued.Data security posture management(DSPM)is a leading innovation theme for infosec startupsas covered in our Q1 2023 Infosec Report and RSA conference analyst notegiven the ability of startups to combine cloud database scanning,access management,and data theft detection.This acquisition offers an outstanding 7.1x multiple on invested capital for seed investors in Polar Security,demonstrating the lack of cloud data controls in existing data security product portfolios.Media outlet Calcalist reported that DSPM startup Laminar is also receiving outsized acquisition offers from infosec leaders,including Datadog and Rubrik,showing that the niche will be a leading driver of M&A activity in the near term.5 A low volume of deals suggests that consolidation is still in a holding pattern yet will likely follow on as a result of diminishing VC deal flow.5:“Cloud Security Startup Laminar Set to Be Acquired for$200-250 Million,”CTech by Calcalist,Meir Orbach,May 11,2023.Source:PitchBook Geography:North America&Europe *As of March 31,2023Median infosec VC pre-money valuation step-up by stageAngel and seedEarly-stage VCLate-stage VCVenture growth2.5x2.1x2.5x1.7x2.0 x1.4x1.6x1.5x0 x0.5x1.0 x1.5x2.0 x2.5x3.0 x20132014201520162017201820192020202120222023*2023 Information Security OverviewCONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 14APPLICATION SECURITYIndustry drivers Cloud-native application development:Increasingly,cloud-based infrastructure has been used for application development and deployment as well as for expansion of container technologies in cloud environments.Container adoption is rising rapidly,with one survey indicating that 45%of databases and data services run on container service Kubernetes.6 Container security has become a leading concern for IT departments as a result.Open-source project adoption:Security products are adopted by developers via open-source repositories and have been growing rapidly as security sophistication rises,rewarding product-led growth for application security vendors.Web application data breaches:Security research indicates that web application data breaches constitute around 70%of a sample of hacking action vectors,suggesting that they are far more likely to be breached than network backdoors,virtual private networks(VPNs),or third-party portals.7Market sizeHigh growth in the relatively immature niche of application security is estimated to yield an$13.1 billion market in 2023.By 2026,the market is estimated to reach$23.2 billion at a 20.8%CAGR.We believe that an increased focus from DevOps practitioners on secure coding has shifted the market up an S-curve in adoption and improved its outlook.Cloud workload protection has grown into a standalone$4.6 billion market with a high-growth forecast due to the necessity of protecting containers and serverless applications.Source:PitchBook Geography:Global *As of May 18,2023Application security market size estimate($B)*0510152025DevOps security platformsCloud workload protectionWeb application protectionWeb3 security202320266:“2022 Container Adoption Survey,”Portworx,2022.7:“2021 Data Breach Investigations Report,”Verizon,2021.2023 Information Security OverviewCONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 18Data securityOverviewData security uses encryption,monitoring,filtering,blocking,and remediating technologies to address the risks of inadvertent or accidental data loss and the exposure of sensitive data.As data analytics become ubiquitous within enterprises and data-focused regulation increases,there is a growing need for data security platforms that can monitor access to databases and provide data back-up and protection services.Data security platforms integrate directly with databases to enable permission and authorization features,track the movement of data,encrypt data,and provide back-up copies of those databases.Data security subsegments include:Database monitoring&loss prevention:Companies that provide analytics of database activity including access,data in transit,and data at rest.These technologies allow users to block data exfiltration attempts at the database level.Related technologies include data loss prevention platforms(DLP),DSPM,and secure multiparty computation.Data protection and encryption:Companies that protect databases from intrusions and develop novel encryption algorithms and applications for data in transit.Related technologies include data backup&recovery,tokenization,distributed ledgers,and post-quantum cryptography.Data privacy and compliance:Companies that enable customers to address emerging data regulations including the EUs General Data Privacy Regulation(GDPR)and the California Consumer Privacy Act(CCPA).These platforms identify data that could violate specific policies,remediate those regulatory vulnerabilities,and generate reports and documentation for audits.Many infosec companies claim to address a range of compliance issues,however,this subsegment addresses platforms that have built-in compliance rules and specialized workflows to meet emerging governmental privacy regulations.Industry drivers Regulations including GDPR and CCPA encourage enterprises to use third-party data security tools to ensure privacy,including database monitoring tools and secure data protection platforms.GDPR violations can cost up to 4%of revenue in fines,pushing enterprises to spend on data mapping solutions.Meta was recently assessed a 1.2 billion fine,the highest on record and the companys fifth in two years.Data backups are used to recover encrypted data in 70%of ransomware cases,while paying the ransom only recovers data in 46%of cases.9 Additionally,data is stolen in 30%of ransomware cases.This trend encourages advanced data backup&recovery solutions.Quantum computing development risks the obsolescence of existing encryption methods over the next 15 years,encouraging innovation in post-quantum cryptography algorithms.9:“The State of Ransomware 2023,”Sophos,May 2023.CONFIDENTIAL.NOT FOR REDISTRIBUTION.PG 412023 Information Security OverviewAPPENDIXCompanyCategoryVC($M)raised to datePost-money valuation($M)LaceworkCloud security$1,857.4$8,300.0NetskopeCloud security$1,445.3$7,500.0FireblocksWeb3 security$1,227.9$8,000.0SecuronixLog ingestion&SIEM$2,388.1$8,000.0SnykDevOps security platforms$1,071.0$7,400.0OneTrustData privacy&compliance$970.0$5,500.01PasswordIdentity governance&administration$950.1$6,800.0RubrikData protection&encryption$926.5$3,300.0WizCloud security$921.0$10,300.0Arctic WolfManaged security services$899.5$4,300.0Source:PitchBook Geography:North America&Europe *As of March 31,2023Top VC-backed infosec companies by total VC raised to date*John Gabbert Founder,CEONizar Tarhuni Vice President,Institutional Research and EditorialPaul Condra Head of Emerging Technology ResearchAbout PitchBook Emerging Tech ResearchIndependent,objective,and timely market intelAs the private markets continue to grow in complexity and competition,its essential for investors to understand the industries,sectors and companies driving the asset class.Our Emerging Tech Research provides detailed analysis of nascent tech sectors so you can better navigate the changing markets you operate inand pursue new opportunities with confidence.2023 by PitchBook Data,Inc.All rights reserved.No part of this publication may be reproduced in any form or by any meansgraphic,electronic,or mechanical,including photocopying,recording,taping,and information storage and retrieval systemswithout the express written permission of PitchBook Data,Inc.Contents are based on information from sources believed to be reliable,but accuracy and completeness cannot be guaranteed.Nothing herein should be construed as any past,current or future recommendation to buy or sell any security or an offer to sell,or a solicitation of an offer to buy any security.This material does not purport to contain all of the information that a prospective investor may wish to consider and is not to be relied upon as such or used in substitution for the exercise of independent judgment.Additional researchEric Bellomo Gaming E-CommerceBrendan Burke Internet of Things Information Security Artificial Intelligence&Machine LearningAaron DeGagne Medtech Digital HealthAlex Frederick Agtech FoodtechJonathan Geurkink Supply Chain Tech Mobility TechDerek Hernandez Enterprise SaaSAli Javaheri Emerging SpacesRobert Le Insurtech CryptoJohn MacDonagh Carbon&Emissions Tech Clean Energy TechRebecca Springer Healthcare Services Healthcare ITRudy Yang Enterprise Fintech Retail FintechComing soon Biotech PharmatechPitchBook Data,Inc.