Cybersecurity's 2022 IPO Pipeline (Part 2)
There are so many cybersecurity companies in the IPO pipeline that it took two weeks to cover them all. If you missed Part 1 of the IPO pipeline analysis, you can catch up on it here:
And the list just keeps growing. Last week, 1Password announced a new $620 million round of funding that values the company at $6.8 billion. Their valuation puts them squarely into the IPO pipeline based on comparable valuations for other companies in the pipeline and ones who have recently gone public.
I chose not to include 1Password in this week's analysis because they've taken such a unique path to reach the point they're at now. The company has grown steadily over the course of 17 years (!!!). Most of those years were bootstrapped until a recent burst of huge funding rounds. Their story is so unique that I'm planning to do a full article and cover them in much more detail.
This article covers the remaining six of twelve total companies who have the potential to go public this year.
What does the company do?
Netskope has built a comprehensive Zero Trust platform that has become the leader in Secure Access Service Edge (SASE). The platform includes multiple products within cloud security, including a Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and more.
SASE ("sassy") is a new cloud-centric networking model coined by Gartner in 2019. Netskope is perhaps the largest and most well known company to focus on the space.
The company was first known for its Cloud Access Security Broker (CASB) product and has since expanded into other areas of Zero Trust. Analyst reports for this space are a moving target. Netskope has been a consistent Leader in Gartner's Magic Quadrant for CASB and has ranked consistently high in adjacent domains.
Where do they fit into the cybersecurity ecosystem?
Netskope generally fits into the Cloud Security domain with products spanning multiple areas of Zero Trust.
How much money have they raised?
The company has raised $1 billion over 12 funding rounds, according to Crunchbase. The most recent round was $300 million in July 2021.
What is their most recent valuation?
Netskope was valued at $7.5 billion as of their latest round of funding.
Have they stated an intention to go public?
No public statements about an IPO have been made, but journalists have speculated the most recent round of funding was its last as a private company.
What is the bull case for an IPO?
Similar to Appgate and Illumio, Netskope should ride the popularity of Zero Trust to an IPO.
Netskope may have even more of a bull case because they essentially own the CASB market. Their products are relatively diversified compared to other companies focused on Zero Trust. They were also around long before SASE gained popularity.
A $7.5 billion valuation is also much higher than many cybersecurity companies who have already gone public. This likely means Netskope is in a good place in terms of revenue and growth, which should set up well for an IPO.
What is the bear case for an IPO?
There's not much of a bear case here. Even if Zero Trust and SASE did miraculously end up being fads, Netskope's products are still useful.
A downside is that the CASB market is relatively small — estimated at $8.74 billion back in 2020. However, this can be overcome by continuing to diversify into adjacent markets and giving the CASB market time to grow.
What is the most likely outcome?
Netskope is likely to IPO in 2022.
What does the company do?
Pindrop provides voice-driven authentication, fraud detection, behavioral analytics, and more. The product was actually built from the Ph.D. thesis of co-founder Vijay Balasubramaniyan. Seriously, here it is.
Voice security is a relatively unique and undefined market, which is part of what makes Pindrop's platform special. However, there aren't many analyst ratings to go by.
Where do they fit into the cybersecurity ecosystem?
Pindrop fits roughly into Biometrics and Fraud and Transaction Security. It's a unique product, though, so this mapping isn't as clean of a fit as other companies.
How much money have they raised?
The company has raised $219.6 million over six rounds, according to Crunchbase. Their most recent round of funding was a $90 million Series D in 2018.
What is their most recent valuation?
According to Bloomberg, Pindrop was valued at $925 million as of their funding round in 2018.
Have they stated an intention to go public?
Co-founder Vijay Balasubramaniyan discussed an IPO as the end goal with no specific timeline. From CNBC:
“If the world is moving to voice and we’re providing all of security and identity for voice, I think we’ll be a very valuable public company, so absolutely that’s where we’re headed."
What is the bull case for an IPO?
Pindrop is the clear leader in the market for voice authentication, fraud, and security. They acquired their top competitor in 2021. Owning a market with no close competitors and holding a significant intellectual property advantage sure sounds like a nice case for an IPO.
From a strategy perspective, their product has more upside than a typical security product because it's customer-facing. Authenticating yourself on a customer service call with your mom's maiden name and the last four digits of your SSN is something none of us enjoy doing. I'll take voice authentication, thanks.
Pindrop also prevents fraud, which is a big problem for many enterprise businesses with large customer service operations. According to the CNBC interview with Vijay Balasubramaniyan, the product caught $350 million worth of fraud attempts in 2018. Delivering that kind of quantifiable value is a big deal.
What is the bear case for an IPO?
Contact center platforms like Talkdesk are growing quickly (Talkdesk is currently valued at $10 billion). These platforms already have or will develop authentication features to include natively. The question for Pindrop is whether voice-based security is a standalone product or a feature within larger contact center platforms.
Pindrop is a case where switching costs could help fend off competition. Once their platform has been integrated into a company's IVR system and call center workflows, it's unlikely to be removed any time soon. The product is stickier than an average product after the initial sale is made.
What is the most likely outcome?
Details and speculation are scarce, so it's hard to tell what this year will bring. I expect either an IPO or another large funding round in 2022 based on the timing of their last round of funding.
What does the company do?
QOMPLX is a cloud risk analytics platform. The platform is focused on cybersecurity. However, it's capable of handling other risk-based use cases in various industries. Broadly speaking, think Palantir.
Analyst ratings are out the window here because it's such a new and different product category. Public discussion is surprisingly limited for a company nearing an IPO.
Where do they fit into the cybersecurity ecosystem?
Their product is unique and doesn't map cleanly into existing categories. It roughly maps to Security Analytics or Risk Ratings, but the product does much more.
How much money have they raised?
QOMPLX has raised $107 million across four rounds of funding. The most recent round was a $78.6 million Series A in 2019.
What is their most recent valuation?
Their valuation is tricker than usual, mainly because of a planned SPAC that was called off (more on that in a second).
The company was valued at approximately $1.4 billion in post-transaction equity value, including proceeds and acquisitions from the SPAC shell company.
Have they stated an intention to go public?
QOMPLX announced a SPAC in March 2021. As SPACs do, the intent was to take the merged company public that year. They even acquired two companies to round out the company's product portfolio.
By August, the SPAC merger was off. The chairman of the SPAC company stated "market conditions" as the reason the plans were scrapped.
This was a curious answer since, well, a bunch of other cybersecurity companies managed to go public in 2021 under the same "market conditions." Intuitively, it seems likely there were more factors in play.
What is the bull case for an IPO?
QOMPLX's platform appears to be ahead of its time. The company has grown quickly. Analytics is a solid foundation for doing lots of interesting things, and security teams need the best analytics they can get.
The company's founders have world-class backgrounds, including institutions like Oxford, West Point, and the Air Force Academy. QOMPLX's vibe is Palantir-esque — a semi-mysterious company with radically different tech and tone than the rest of the industry.
What is the bear case for an IPO?
I worry their product isn't well understood or accepted yet. People buy based on existing models, and QOMPLX doesn't seem to fit nicely into a buying category most traditional companies already have. The pessimistic case is "technology in search of a problem."
In terms of growth, Palantir was able to become a massive company because it won the public sector. QOMPLX needs to find a similar growth driver.
What is the most likely outcome?
They were already close in 2021, so I would expect another attempt in 2022. SPACs can be a slow moving game, so it's possible we could see an announcement that doesn't have the time to fully materialize this year.
What does the company do?
Snyk is a developer security platform that performs real-time scans of source code to identify and fix security issues.
The company was recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing. The market is relatively mature and led by companies that have been around much longer, including Synopsys and Veracode. Achieving a Visionary ranking in this market is a significant accomplishment.
Where do they fit into the cybersecurity ecosystem?
Snyk's products map to the Static and Dynamic Application Security Testing (SAST/DAST) category of the cybersecurity ecosystem.
How much money have they raised?
The company has raised $1.4B in funding over 11 rounds, according to Crunchbase.
What is their most recent valuation?
Snyk was valued at $8.6 billion as of their most recent round of funding in September 2021.
Have they stated an intention to go public?
Snyk CEO Peter McKay has set an approximate IPO timeline for the next couple years. From Yahoo! Finance:
Snyk Chief Executive Officer Peter McKay said in an interview in March 2021 that the Boston-based company’s goal is to go public over the next couple years.
What is the bull case for an IPO?
Snyk is a fan favorite among developers because it's a new and cool way to secure code without needing to deal with people doing time-consuming security reviews. Developer productivity and security are both high priorities for modern companies. Snyk is a force multiplier because it improves security with the least amount of friction possible. That's an appealing value prop for any company.
Their competitors are much older products that aren't innovating at the same rate Snyk does. Snyk doesn't really have a modern, publicly traded competitor to dethrone. There is no CrowdStrike or Okta of application security testing. Snyk has a huge opportunity to be that kind of company.
What is the bear case for an IPO?
Basically none. I'd like to be more skeptical, but there's no reason to be. Snyk is clearly leading the reform in the application security testing category. They're improving their product rapidly and seem to have won the affection of developers in this category of products.
They likely have significant losses because of investing in growth, but so does every cybersecurity company at IPO. The only reason for them to hold back on going public is to be better prepared and have their financial house a little more in order before opening it up to the public.
What is the most likely outcome?
I expect an IPO in 2022.
What does the company do?
Tanium is an endpoint security platform with modules covering multiple areas of the domain.
A father and son team spent five years developing the technology before going to market. It's not just another endpoint security platform. Tanium's approach to endpoint security and management is highly differentiated IP.
As described by a Reddit commenter when clarifying the difference between Tanium and other Endpoint Detection and Response (EDR) products:
First of all, Tanium is not an AV solution, though it can manage the native Microsoft Windows Defender AV at scale across your enterprise from a central platform console. It’s currently doing this for the US Airforce with over 1 million endpoints under management with Tanium. You can search for the articles discussing this use of Tanium.
Second, the communication technology is what differentiates Tanium and is what they have patented. Instead of the traditional hub and spoke model that you typically see in server to client connections, Tanium uses a linear chain, so there is no need for the server to connect to each endpoint.
Or, for a much more detailed rendition, check out Steven Sinofsky's a16z investment memo from 2014.
Where do they fit into the cybersecurity ecosystem?
Tanium is an endpoint management platform that covers multiple domains in the cybersecurity ecosystem. A few of the primary ones include Asset Management, Patch and System Management, Vulnerability Management and Testing, and more.
How much money have they raised?
Over $1 billion, according to a press release in October 2020 and an additional $150 million round in January 2021.
What is their most recent valuation?
Tanium is valued at over $9 billion, according to a press release in October 2020.
Have they stated an intention to go public?
Tanium's founders haven't officially stated a date to take the company public. However, Tanium has been in the IPO pipeline for several years.
What is the bull case for an IPO?
Tanium is a unique company that has the potential to join the ranks of very hyped public cybersecurity companies (Cloudflare, CrowdStrike, Zscaler, and Okta) once they IPO.
Tanium has a stellar list of customers, including half the Fortune 100 and 8 of the top 10 U.S. financial institutions. They don't need an IPO to reach the level of enterprise customers — Tanium has been an enterprise-grade company since the beginning.
They publicly disclosed having $430 million in revenue back in October 2020. They've likely eclipsed $500 million in the time since. $500 million is more revenue than many cybersecurity companies who are already public.
What is the bear case for an IPO?
Tanium doesn't directly compete with CrowdStrike and SentinelOne, but many parts of their platform are adjacent. They're on a collision course due to the inevitable bundling of products that's happening within the endpoint security space.
Endpoint security is already a brutally competitive market for public companies. It will get more competitive when Cybereason (likely) joins the ranks in 2022.
What is the most likely outcome?
Tanium's decision is hard to predict since they've been IPO-ready for a few years. I expect 2022 will be the year Tanium finally goes public.
What does the company do?
Transmit Security is an authentication platform focused on passwordless auth for customer and workforce identity.
The product wasn't included in Gartner's 2021 Access Management Magic Quadrant; however, it's a competitor to cloud authentication platforms like Okta, Auth0, Forgerock, Ping Identity, and others. They have received some analyst recognition, including Gartner's 2019 Cool Vendors in Identity and Access Management.
Where do they fit into the cybersecurity ecosystem?
Transmit Security is an Authentication product that has features across several domains within the market, including Adaptive Authentication, Multi-Factor Authentication (MFA), and Biometrics.
How much money have they raised?
The company has raised $583 million across two rounds of funding, according to Crunchbase. Their most recent funding was a massive $543 million Series A in June 2021. This was the largest fundraising round in Israeli cyber history.
Founders Mickey Boodaei and Rakesh Loonkar have done this before — most famously for Imperva. Successful exits put the founders in a position to self-finance the company for seven years (!) before raising outside capital.
What is their most recent valuation?
Transmit Security was valued at $2.2 billion as of their most recent round of funding.
Have they stated an intention to go public?
Co-founder Mickey Boodaei outlined the goal for an IPO in a 2021 interview:
"An IPO has always been a goal, and when VC funds come in it only emphasizes it. Every fund has that expectation and while it's not something I have a set date for, it's something that will come."
The entire article is a great read about much more than big valuations and IPOs. Multiple Israeli founders describe the ethos for second-time founders and their desire to spend a long time building large, enduring companies.
What is the bull case for an IPO?
When Transmit Security goes public, it will likely join an elite group of decacorn cybersecurity companies. As third time founders, Mickey Boodaei and Rakesh Loonkar look to be in it for the long run. An IPO is just one milestone on the path towards building a much larger public company.
What is the bear case for an IPO?
There are a lot of great cloud authentication companies. A lot. Like, this is the golden era for authentication, and we need to appreciate it.
A market shared among so many great companies inevitably means intense competition. In that sense, Transmit Security is in a similar situation as Cybereason — they're competing against some of the very top companies in cybersecurity.
Intense competition isn't a shock to multiple time founders, though. They were fully aware of the challenge as they started and grew the company, so they're ready for it.
What is the most likely outcome?
It's possible, but not probable, that Transmit Security could IPO in 2022. The founders have taken their time building the company and clearly have plans to create something that lasts. Whether that means an IPO this year or not, you can trust it will be the right long-term decision.
Cybersecurity is (Still) Going Public
Despite my best efforts, it's hard to predict exactly how many companies in the cybersecurity IPO pipeline will actually go public this year. Making predictions is a fun game to play, but the final number ultimately doesn't matter.
When you zoom out a bit, more IPOs mean more legitimacy for cybersecurity companies. As I wrote in Cybersecurity is Going Public:
The number and size of public cybersecurity companies is a factor in the legitimization of cybersecurity as a standalone industry. The same was true of tech as a whole two decades ago. The next evolution is for segments of the tech industry to establish themselves as viable cohorts of public companies. Cybersecurity is one of those segments.
Even with current market volatility, cybersecurity companies have proven to be relatively resilient. Security isn't a problem that varies or goes away in uncertain economic times. Unless there is a major market correction, we're going to see a lot of IPOs this year.
I'll be updating and tracking the IPOs in a running list of public cybersecurity companies. I have some updates planned that will make this more than just a list of companies. For now, you can follow the current list here: