Cyber Trends: Notable Tech and Market Moves in 2024
.png)
Cybersecurity has been a core focus for Dell Technologies Capital since we started investing as a team more than a decade ago. We’ve backed 40+ early-stage cyber companies across the cyber technology spectrum. Some of our earliest and more notable investments include Zscaler, Adallom, Cylance, Netskope, RedLock, Twistlock, and Humio. Cybersecurity is ever evolving and we are committed to supporting the people innovating in it.
2024 proved to be a dynamic year in security investment and innovation:
- The Israeli cyber scene continued to increase its leadership role both in new product innovation and F500 enterprise penetration. See Yair Snir’s more detailed take on this.
- Identity security resurfaced as a hot area; next-gen Data Security Posture Management (DSPM) solutions gained traction; early AI security solutions showed promise.
- M&A trended towards consolidation and platformization with plenty of room for more of the same in 2025.
🔑 Identity Security's Renaissance
Identity Security is not a new cybersecurity category. But we’d argue that it has seen under investment in recent years as VCs focused on backing innovation in “weaker link” areas such as network security, endpoint security, and cloud security. As these weak links have been sufficiently addressed by the “Big Five” of cyber (Zscaler, Palo Alto Networks, CrowdStrike, Cloudflare, and Microsoft), hackers are turning their attention towards identity exploits once again.
The identity attack surface is increasing exponentially with developer-driven app modernization, CIO-driven digital transformation, spread of APIs, and the surging adoption of AI. The above trends have resulted in the explosive growth of non-human identities (NHI), which now outnumber human identities at least 10-to-1 (some surveys say 100-to-1). Also, the automation trends we have seen in other areas of cyber (like SOAR in SOC) have not happened in identity security yet.
Established market leaders continue to dominate the broader IAM category, with companies like Okta, Ping Identity, and ForgeRock maintaining strong positions. Newer entrants are focusing on more unique challenges and use cases. The recent years have also seen billion dollar M&A in identity from both strategic buyers and PE firms (Okta’s acquisition of Auth0, Cisco’s acquisition of Duo Security and Permira’s majority stake in BioCatch.)
At DTC, we started our journey in identity security with CloudKnox (now part of Microsoft), Remediant (now part of Netwrix) and BastionZero (now part of Cloudflare). We doubled down in this space with investments in Entro and Twine Security in 2024, following an investment in Descope in 2023. The customer demand for solutions in these categories reminds us of the early days of cloud security with RedLock and Twistlock.
🔑 AI Adoption is turbocharging next gen Data Security Posture Management
The rise of AI has added new complexity to data security challenges. Organizations must now protect not only traditional structured and unstructured data but also AI models, training data, and the insights generated by these systems. This has led to the development of specialized solutions for AI-specific data security challenges, including protection against training data poisoning and model theft.
Several trends defined the Data Security Posture Management (DSPM) market in 2023/2024. Market maturity was one of them, with major security firms acquiring DSPM companies - Palo Alto’s acquisition of Dig Security, Rubrik’s acquisition of Laminar, CrowdStrike’s acquisition of Flow Security and Netskope’s acquisition of Dasera. We are also starting to see a convergence of DSPM and DLP (e.g. Cyera’s acquisition of Trail Security). We anticipate that the need to provide data protection across multi-cloud environments and AI systems will drive the appetite for more of these types of deals.
🔑 M&A landscape characterized by strategic consolidation…and platformization
The major platform players made interesting moves this year. Palo Alto Networks made a non-obvious move when it bought the IBM Qradar unit for $500M. This is an acquisition with an interesting twist - a fascinating new partnership between the two behemoths. While IBM will continue to support and enhance the QRadar product for its on-prem clients and partners, they will also work with PAN to facilitate the migration of QRadar SaaS clients to Cortex XSIAM, a next-generation security operations center (SOC) platform.
Also notable, Cisco became, acquiring Robust Intelligence (probably the first acquisition in the industry in the nascent AI security space), DeepFactor, Isovalent, Oort, ArmorBlox, Valtix and Lightspin (a DTC portfolio company). That’s in addition to the massive $28B Splunk acquisition.
Private equity firms continue to be active. The Chertoff Group's acquisition of Trustwave ($205M), Thoma Bravo’s acquisition of Darktrace ($5.2B), EQT’s acquisition of Acronis ($4B) and other PE-backed transactions involving companies such as Authomize, Biocatch, and Exabeam suggest continued interest in cybersecurity assets that can be optimized and grown through operational improvements. This level of activity could significantly increase in 2025 if interest rates continue to fall gradually.
Extending that thought, cybersecurity continues to be a less concentrated and more diffuse innovation area than, say, semiconductors or cloud services. As such, we think strategic M&A may continue to be a healthy driver of exits in 2025 for early-to-mid-stage startups, especially in Israel.
Deepak Jeevankumar
Yair Snir
Barrel Kefir
