Pulling Together the History of Cybersecurity in 2020
There are many ways to distill a year into a chapter of a history book. While the history of cyber attacks is easily gleaned from news reporting, it is much harder to find a history of the industry. Which companies thrived? Which failed? Which were funded? Which were acquired? I assembled all of that for the new edition of the Security Yearbook.
The following is an excerpt form Security Yearbook 2021 launching May 25, 2021. Available now for pre-order.
Security Yearbook 2021 is the first update to the Security Yearbook, a desktop reference for the entire cybersecurity industry. In addition to new interviews with pioneers Amit Yoran and Renaud Deraison, it sets the stage for becoming an annual report on the state of the industry.
2020: A Year of Disruption
The year 2020 was book-ended by two major events, COVID-19 and the SolarWinds breach. The immediate impact of a novel coronavirus, born in Wuhan, China, in the last days of 2019, was the widespread shutdown of most businesses. Taiwan, Japan, Australia, and New Zealand avoided disastrous case numbers and deaths by imposing stay-at-home orders early and not letting up. With a small case load they could engage in contact tracing and quarantine anyone exposed. China successfully contained the spread of the virus and limited infection to only 84,000 cases. Still, the severe restrictions had lasting impacts on the global supply chain for manufactured goods, just when the rest of the world had immediate need for more laptops, monitors, headphones, and webcams to accommodate work-from-home employees. The year ended with 83 million confirmed cases worldwide and 1.8 million deaths attributed to COVID-19.
Enterprises demonstrated just how resilient they were to disruption by accommodating a shift from 10% remote workers to 100% in a matter of weeks, sometimes days. The new normal at the end of 2020 was a workday filled with video conference calls over Zoom, Webex, GoToMeeting, and Teams.
There was a spike in phishing attacks in March with some sources reporting a 600% increase using interest in the pandemic, unemployment benefits, and COVID-19 relief payments in the United States.
Digital Transformation was already a trend at the beginning of 2020, with organizations pushing to move applications to the cloud and control access to those applications with so-called zero trust network access (ZTNA). Zscaler reports tremendous growth in the number of users on its secure access service edge (SASE) platform. Netskope, Perimeter 81, and Cato Networks all took in new funding.
The RSA Conference in San Francisco was held the last week of February 2020, even as other tech conferences were being postponed or canceled. By the middle of the week the mayor of San Francisco had declared a state of emergency in the city, although there were not yet any confirmed cases. In the first weeks of March, two employees of Exabeam, who were on the Expo floor, tested positive.
Large gatherings were soon banned and the cybersecurity conference circuit was disrupted. Black Hat, always held in Las Vegas in the middle of summer, went online. Then RSAC Asia followed suit. RSAC 2021 was postponed to May 2021 and then moved to an online event when it became apparent that the pandemic was not abating. The virtual Expo area only listed 15% of the number of “exhibitors” compared to the in-person 2020 RSA Conference.
While the US was still deep in the pandemic and drama on the political front after the Presidential election, FireEye announced that it had discovered an intrusion into their systems via a software update from SolarWinds. They named the attack campaign SUNBURST and attributed it to an APT (nation-state team). The general consensus is that it was the Russian SRV (foreign intelligence agency) conducting espionage. This was a supply chain attack in that SolarWinds, a vendor of network management tools, was distributing updates to 18,000 customers of its Orion product that contained backdoors.
Up to sixteen US government agencies found evidence that they had been breached by SUNBURST. Over 100 commercial enterprises have been reported as compromised, although their identities have not been published.
This is not the first attack that used trusted software updates. SUNBURST even resembles the attack on the Ericsson switches of Vodafone in Greece during the 2004 Summer Olympics. In that attack, multiple software updates were used to eventually turn on the lawful intercept function in the switches, which then allowed the attackers to listen in on the conversations on 100 mobile phones. In SolarWinds’ case, the attackers gained access to developers’ workstations and inserted code that the developers would then upload to the software repositories where it was never checked. The production code was duly signed and hashed, meaning the customers had authenticated code when they installed it. This is also similar to the way that NotPetya was uploaded to MeDoc’s servers in Ukraine and distributed to the customers of its accounting software. That devastating attack is attributed to the GRU, the Russian military intelligence agency.
Every widespread attack leads to activity in the security industry. Look to 2021 to produce funded startups that seek to prevent supply chain attacks like SUNBURST.
There were thirteen new security startups in 2020 that made it into the directory. There were 38 startups in 2019. The decrease may be attributable to the uncertain financial conditions that prevailed in 2020. Also, companies founded in 2020 may not come out of stealth until the following years or when they announce their first funding rounds.
There was so much activity in the identity space in 2020 that it felt like it could be called “The Year of Identity.” Yet, every year brings new surprises and identity solutions are going to continue to thrive in 2021. Many identity vendors saw new funding. OneTrust raised $510 million, the third largest round in the year. Axis Security, a young Israeli startup in the zero trust application access space, raised $49 million (with and additional $100 million announced today.)
Startups in the identity space included Beyond Identity, which raised a total of $105 million in the year. Beyond Identity is in the passwordless space. They inject certificates into secure enclaves on devices that are then used to authenticate users. Jim Clark, former CEO of Sun Microsystems and founder/CEO of Netscape, is the co-founder and chairman of Beyond Security, which announced a free offering reminiscent of Netscape’s go-to-market strategy.
Privafy, founded in 2019, came out of stealth with a $22 million seed round for its ZTNA solutions.
New vendors not in the identity space came out of stealth, too.
Startup Wiz launched with a cloud scanning solution in 2020.
Sevco Security entered the asset management space..
Ananda Networks went to market with a micro-segmentation solution for zero trust networking. It rebranded from 8e14 Networks.
Funding rounds in 2020
2020 was a great year for new investments in cybersecurity vendors. 272 received funding based on data published by Crunchbase. The total new investment for 2020 was $10.7 billion. Some of the biggest deals were rounds raised by already public companies like MicroStrategy and Unisys, and although neither is strictly a security vendor, they both have security products.
FireEye took in $400 million in a PIPE (Private Investment in Public Equity) shortly before its researchers discovered SUNBURST.
Mergers and Acquisitions in 2020
There were 225 acquisitions of cybersecurity companies in 2020 according to data provided by AGC Partners. Private equity is continuing to play a role in acquisitions and new strategic acquirers are stepping up to fill the void left by Symantec and, to some extent, McAfee.
Only two failures of funded cybersecurity vendors were added to the Security Yearbook “Failures” chapter, yet close to 300 vendors were removed from the database. Their websites and LinkedIn pages were unresponsive and the founders had updated their profiles to indicate they had taken full-time jobs.
Updates to the Directory
Despite the removal of 300 vendors from the directory, the total number of vendors is now 2,615. Our ongoing research discovers new vendors every day and 600 were added this year. Vendors are encouraged to visit www.security-yearbook.com/test-us and fill out the form to let us know that we left them out. This will ensure inclusion in Security Yearbook 2022.
IT-Harvest adds new data to our research frequently. This year we collected the total headcount for each vendor every quarter and indicated the percent increase (or decrease) in headcount in their directory listing. When looking for a vendor solution, knowing the size of the company by number of employees and the relative momentum is a useful measurement.
In 2021 we have started to compile a complete list of venture investors and their cybersecurity portfolio companies.
2020 was a pivotal year for the cybersecurity industry. Even in a down economy it thrived. Look for more growth in 2021.