10 Top Cybersecurity News Stories Of 2020
The cybersecurity industry in 2020 saw lots of outside money to address challenges around securing a remote workforce, with vendors tapping into the deep pockets of public investors and private equity, while solution provider giants found themselves being targeted with ransomware.
A Year No One Will Forget
The cybersecurity industry in 2020 experienced an array of new CEOs taking the helm, private equity buyouts of category leaders, heavy funding for startups focused on emerging technologies, solution provider giants being targeted with ransomware for the first time, and perhaps the most significant hack in history.
Money continued to flow into the industry to address challenges around authenticating users, securing access and synthesizing massive amounts of data, with 15 startups receiving at least $100 million of venture capital each, eight established cybersecurity vendors being scooped up by private equity firms, and two security companies filing for an IPO.
In addition, three startups focused on Secure Access Service Edge were purchased by larger security vendors, while seven publicly traded companies more than doubled their valuations. On a more somber note, four of the world’s 50 largest solution providers had their systems ransomed this year, while a colossal supply chain breach gave hackers access to U.S. government agencies and private sector firms.
Keep reading to relive the top cybersecurity news stories of 2020.
Get more of CRN’s 2020 tech year in review.
10. Two Cybersecurity Vendors Strike It Rich With IPOs
The economic uncertainty stemming from the COVID-19 pandemic cooled off the initial public offering market in 2020, with just two cybersecurity vendors completing IPOs, down from four in 2019. More public market activity could be on the way, though, with Reuters reporting in September that KnowBe4 was looking into an IPO that would value the security awareness training vendor at more than $2 billion.
Redwood City, Calif.-based SaaS machine data analytics company Sumo Logic kicked things off in September, raising $325.6 million in a $22-per-share Nasdaq public offering valuing the company at $2.2 billion. The company’s stock is currently trading at $32.19 per share, with Sumo Logic’s market cap soaring by nearly 50 percent to $3.29 billion.
A month later, Santa Clara, Calif.-based platform security vendor McAfee raised $740 million in a $20-per-share Nasdaq public offering valuing the company at $9.5 billion. The company’s stock is currently trading at $17.76 per share, with McAfee’s market cap tumbling by more than 20 percent to $7.54 billion.
9. Changing Of The Guard At Eight Cybersecurity Firms
The executive musical chairs started in January when Imperva named longtime Infor COO Pam Murphy as its next CEO, replacing Charles Goodman, who had served as the data protection company’s interim CEO since October 2019. Then in April, Optiv, No. 26 on the 2020 CRN Solution Provider 500, tapped 20-year Deloitte veteran Kevin Lynch to replace Dan Burns, who had led the company since its 2015 formation.
June was a busy month, with RedSeal hiring former Symantec Enterprise Security Group leader Bryn Barney to replace Ray Rothrock, who had been CEO since 2014. Later that month, application security firm Virsec tapped founding investor Dave Furneaux as CEO, replacing Atiq Raza. Also in June, email security firm Area 1 Security brought on ex-SonicWall leader Patrick Sweeney to replace Oren Falkowitz.
Then in October, cyberintelligence vendor 4iq tapped former Waterline Data CEO Kailash Ambwani to replace interim CEO Alberto Yepez. A month later, managed security vendor Trustwave landed former DXC Executive Vice President of Operations Eric Harmon to replace Art Wong as CEO. Also in November, Graylog hired the CEO of SIEM giant LogRhythm, Andy Grolnick, to replace Logan Wrey, who had been Graylog’s CEO since 2017.
8. Nine Vendors Lock In Six-Figure Funding Rounds
Cloud security vendor Netskope kicked off the activity in February with a $340 million Series G round by Sequoia Capital Global Equities. A month later, edge computing firm StackPath followed that up with a $216 billion Series B round led by Juniper Networks and Cox Communications. Then in April, behavioral biometrics firm BioCatch closed a $145 million Series C round led by Bain Capital Tech Opportunities.
In July, identity management vendor Auth0 notched a $120 million Series F round led by Salesforce Ventures on a $1.92 billion valuation. A month later, cybersecurity managed service provider ReliaQuest landed $300 million from KKR. Then in October, managed detection and response vendor Arctic Wolf closed a $200 million Series E round led by Viking Global Investors on a valuation of $1.3 billion.
The next month, Secure Web Gateway vendor Menlo Security raised $100 million on a Series E round led by Vista Equity Partners. In December, industrial cybersecurity firm Dragos raised $110 million of Series C money from Koch and National Grid. That same month, cloud security firm Wiz emerged from stealth with $100 million of Series A cash via Index Ventures, Sequoia, Insight Partners and Cyberstarts.
7. SASE Major Driver Behind Three Key Acquisitions
Secure Access Service Edge, or SASE, has become all the rage since Gartner coined the phrase in an August 2019 report, with security vendors pulling out all the stops to strengthen their position around this emerging technology. SASE has caught fire as digital transformation and COVID-19 have teamed up to rapidly shift users, devices, applications, services and data outside the enterprise data center.
SASE combines wide-area networking with network security functions like secure web gateway, cloud access security broker, firewall as a service and zero-trust network access to support company’s dynamic secure access needs. Palo Alto Networks in April bought SD-WAN player CloudGenix for $402.7 million to accelerate the on-boarding of remote branches and retail stores into the company’s SASE platform.
Then in July, Fortinet purchased cloud security startup Opaq for $8 million to strengthen distributed network protection everywhere from data centers and branch offices to remote users and Internet of Things devices. Four months later, Barracuda bought network access startup Fyde to provide remote workers on BYOD equipment with secure access to cloud or on-premises applications and workloads.
6. Private Equity Firms Scoop Up Eight Vendor Giants
Insight Partners kicked off the private equity acquisition spree in January with its announced buy of IoT security startup Armis at a $1.1 billion valuation. A month later, Advent International agreed to buy IoT security firm Forescout for $1.9 billion. Advent then sued Forescout in May to walk away from the deal, and the two sides settled on a $1.4 billion acquisition in July just five days before a trial was set to begin.
Also in February, Dell agreed to sell encryption pioneer RSA Security to STG Partners for $2.08 billion. A month later, application security testing vendor Checkmarx agreed to be bought by Hellman & Friedman for a $1.15 billion valuation. Then in September, Warburg Pincus invested in Vista Equity-controlled Infoblox in a deal valuing the network identity appliance provider at $3 billion, Bloomberg said.
That same month, GI Partners agreed to buy digital identity vendor Sectigo for $900 million, PE Hub reported. In October, defense contractor Raytheon signed a deal to sell cybersecurity subsidiary Forcepoint to tech-heavy private equity firm Francisco Partners. Two months later, Thoma Bravo bought a majority stake in machine identity management software provider Venafi at a $1.15 billion valuation.
5. Six Endpoint, Network Security Companies Name New Leaders
McAfee kicked off the endpoint and network security leadership changes in January with the hire of former BMC Software and Polycom CEO Peter Leav as its new CEO, replacing longtime boss Chris Young. Then in July, former Panoramic Power CEO Yaniv Vardi was selected as the new CEO of industrial cybersecurity vendor Claroty, replacing Thorsten Freitag, who left the company after just eight months.
Two months later, former Symantec CEO Greg Clark was tapped to lead IoT security vendor Forescout, with longtime president and CEO Mike DeCesare exiting day-to-day management after the company’s contentious sale to private equity firm Advent International. The next month, endpoint protection vendor F-Secure tapped former Comptel CEO Juhani Hintikka to replace resigning CEO Samu Konttinen.
Also in October, detection and response vendor Fidelis Cybersecurity tapped former Accenture Security Managing Director Anup Ghosh to lead the company And in November, top Symantec executive Art Gilliland departed after leading the business through a tumultuous $10.7 billion sale to Broadcom, with Rob Greer, Adam Bromwich and Clayton Donley each assuming some of Gilliland’s responsibilities.
4. Four Vendors Notch Multiple Big Funding Rounds
Four cybersecurity startups enjoying stratospheric growth went to the venture capital well for six-figure funding rounds not once but twice in 2020. Fast-growing privacy and compliance superstar OneTrust hauled in $210 million of Series B funding in a February round led by Insight Partners and $300 million of Series C funding in a December round led by TCV on its way to notching a massive $5.1 billion valuation.
Rising endpoint security star SentinelOne raised $267 million in a November Series F round led by Tiger Global Management on a valuation of more than $3 billion to address demand for its Singularity XDR Platform. That came nine months after SentinelOne closed a $200 million Series E round led by Insight Partners to boost head count and coverage in Asia, Southern Europe and the Persian Gulf states.
Open-source security startup Synk brought in $150 million of Series C funding in a January round led by Stripes and $200 million of Series D funding in a September round led by Additon on a valuation of $2.6 billion. Endpoint visibility and control firm Tanium raised $117.2 million in a June round led by Salesforce Ventures and $150 million in an October round with existing investors on a valuation of $9 billion.
3. Seven Vendors Double Their Valuations (At Least)
Seven vendors that excelled at securely facilitating remote work during the COVID-19 pandemic were rewarded handsomely by Wall Street, with their valuations more than doubling over 2020. Cloudflare led the way, with the security and performance services vendor’s stock price for the year skyrocketing 332 percent to $76.40 per share on a valuation of $23.46 billion.
Taking the silver was cloud security vendor Zscaler, whose stock was boosted 312 percent on a valuation of $26.71 billion. Holding the bronze was endpoint security vendor CrowdStrike, which saw its stock price increase 283 percent on a valuation of $46.47 billion. In fourth place was identity and access management vendor SailPoint, whose stock is up 122 percent thus far in 2020 on a valuation of $4.89 billion.
Coming in fifth place was identity management vendor Okta, whose stock price catapulted by 112 percent in 2020 on a valuation of $33.68 billion. In sixth place was data security vendor Varonis, whose stock price is up 107 percent thus far in 2020 on a valuation of $5.24 billion. And coming in seventh was cyber exposure vendor Tenable, whose stock price has surged 106 percent with a market cap of $5.39 billion.
2. Four Solution Provider Behemoths Ransomed
The profile of the ransomware victim has moved upmarket in 2020. The victims are no longer the small MSP who runs IT for dentists and local law firms, but the well-monied technology firms that manage the data and web traffic for the top of the Fortune 500. Despite having the resources to hire the best IT professionals and install top-notch security, these channel giants have also been rattled by ransomware.
Vicious ransomware infections hobbled four of the world’s 50 largest solution providers in 2020—Cognizant, Conduent, DXC Technology and Tyler Technologies. The four channel behemoths that succumbed to ransomware in 2020 have combined revenue of $41.93 billion and a joint market cap of $54.36 billion.
The emergence of publicity-hungry, extortion-seeking ransomware operators, such as the group behind Maze, unleashed an entirely different animal on the IT services industry in 2020. Ransomware groups have embraced a new approach that puts the threat of public dissemination of private company data—rather than merely encrypting stolen files—at the center of everything they do.
1. SolarWinds Hack Sent Shockwaves Throughout World
The manual supply chain attack against SolarWinds’ Orion network monitoring platform was uncovered in December and has sent shockwaves throughout the world, with suspected Russian government hackers gaining access to U.S. government agencies, critical infrastructure entities and private sector organizations.
The injection of malicious code into Orion between March and June 2020 allowed hackers believed to be with the Russian foreign intelligence service, or APT29, to compromise Microsoft, VMware, Cisco and FireEye, as well as U.S. Departments of Commerce, Defense, Energy, Health and Human Services, Homeland Security, State and Treasury, according to reports from Reuters and The Washington Post.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies Dec. 13 to power down SolarWinds Orion products until all hacker-controlled accounts and identified persistence mechanisms have been removed. CISA said it has evidence of additional initial access vectors beyond SolarWinds Orion, but noted those other intrusion methods are still being investigated.