2020 Cybersecurity Almanac Public Edition

David DeWalt
Chairman
Eric McAlpine
Managing Partner
Michael Tedesco
Managing Partner
Ken Gonzalez
Partner
Keith Skirbe
Director
Dino Boukouris
Director
Jeremy Isagon, CFA

Associate
Tim Van Tuyle

Associate
Evan Gibney
Senior Analyst
Jay Keswani
Analyst
The Authors
World-Class Advisors, Operators, & Investors In Cybersecurity.
Momentum Cyber Team
Dave DeWalt Eric McAlpine Michael Tedesco Ken Gonzalez

Founder & Chairman Founder & Managing Partner Founder & Managing Partner Partner
david@momentumcyber.com eric@momentumcyber.com michael@momentumcyber.com ken@momentumcyber.com
Keith Skirbe Dino Boukouris Jeremy Isagon Tim Van Tuyle Evan Gibney Jay Keswani
Founding Member & Director Founding Member & Director Associate Associate Senior Analyst Analyst
keith@momentumcyber.com dino@momentumcyber.com jeremy@momentumcyber.com tim@momentumcyber.com evan@momentumcyber.com jay@momentumcyber.com
Additional Contributors
Ed Amoroso Bob Ackerman, Jr. Yoav Leitersdorf Alex Weiss Jay Leek Peter Kuper Patrick Heim Alex Doll Mark Hatfield Sid Trivedi Paul Martini
1
About The Firm
Our Principals Are World-Class Advisors & Operators.
Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity
ecosystem. We advise on a broad range of strategic activities, including mergers and acquisitions, board & special situations, corporate strategy
& development, corporate finance, and operational excellence. We are a mission driven firm with a passion for Cybersecurity.
250+ $250B+ 48 $16B

Over A Century Of Experience Total M&A Transactions & Deal Cyber Exit Savvy – Deep Cybersecurity Transactions &
In Cybersecurity As World- Value As A Team Since 1994 Expertise Selling to Strategic Total Deal Value Executed By
Class Advisors & Operators & Financial Buyers Team Members Since 2002
$371M $91M 1M+ cloud
Average & Median Unparalleled Access Across the Categorized Data Points On Unrivaled Thought Leadership In
Cybersecurity M&A Cybersecurity Ecosystem with >3,500 Cybersecurity Cybersecurity Through Insightful
Deal Value Executives, Board Members, Companies (CYBERcloud) Research
Investors, & CISOs
2
cloud | Momentum’s Proprietary Cybersecurity Data Platform
Unparalleled Proprietary Access & Insights Provides A Significant Competitive Advantage For Our Clients.
Thousands Of Hours Dedicated To Building A Robust Cyber Big Data Platform | Deep Relationships, Strategic Market / Industry Insights, & Proprietary Content
CYBERscape
Unrivalled Industry Network Proprietary Industry Content
(720+ Companies)
Cyber Strategic & Investor

3,500+ Companies 14,500+ Contacts 575,000+ 4,500+
Emails Pages Of Content
Sent Created
Frequent Releases Of Content To CYBERscape

Highly Engaged Subscriber Base (800+ Companies)
10,250+ 2,100+ 750+ 380+ 425+

Executives & Investors Leading Channel & Media & NSA / CIA Strong Israel
Board Of Directors (VC / PE) CISOs Service Providers Influencers Contacts Network
Transaction Database | 3,500+ Cybersecurity Transactions
Monthly, Quarterly, Detailed Transaction Profiles

Proprietary Mid-Year, & Annual Reports (1,000+ Profiles)
Insights 1,500+ 2,000+ 300 100 50
Undisclosed M&A Financing Top Funded Top Cyber Most Active
Valuations Transactions Transactions Cyber Companies Investors Cyber Acquirers
Key Ecosystem Partners
Bespoke Industry & Channel Reports /

Sub-Sector Coverage (45+ Sectors) Whitepapers
3
Tremendous Advisory Track Record In Cybersecurity
Unrivalled Deal Experience And Comprehensive Coverage Across The Cybersecurity Landscape.
acquired by acquired by strategic investment in acquired acquired by acquired by acquired by acquired

Strategic Advisor
Security Diversified Security IoT Managed Security Network Network Web Managed Detection
Operations Security Analytics Security Service Provider Security Security Security & Response
acquired acquired by acquired by acquired by acquired acquired acquired acquired acquired
Undisclosed Consumer
Security Company
Consumer Security Cloud Secure Cloud Mobile Endpoint Data Vulnerability

Analytics MDM
Security Security Orchestration Security Security Security Management
acquired by acquired by acquired acquired acquired acquired by acquired acquired acquired by
SIEM Network / Web Network Email Data Email Managed Security Intrusion Vulnerability
Security Security Security Security Security Service Provider Detection Management
4
The Cybersecurity Almanac | 2020
Momentum Cyber Is Pleased To Release Its Third Annual Cybersecurity Almanac.
▪ CEOs ▪ Private Equity ▪ Hedge Funds ▪ Security Teams
Intended Audience ▪ Board of Directors ▪ Corporate Development ▪ Public Investors ▪ Governments & Defense
▪ Venture Capitalists ▪ M&A Professionals ▪ CISOs ▪ Regulators
▪ We are dedicated to consistently providing valuable insights on the fast growing and rapidly evolving Cybersecurity landscape
Purpose ▪ We publish the Almanac with the sole purpose of sharing the document with the growing Cybersecurity ecosystem to create awareness around key industry trends
and strategic activity
▪ The 2020 Almanac takes a deep dive into the year and decade that were and puts focus to key topics and trends
▪ This year’s edition is our most in-depth industry review ever, as we present a detailed view on key industry trends, private and public market activity, major news
and events, and all things “Cyber”. Some key highlights include:
- Highlighted key M&A and financing transactions as well as IPOs and public market performance
Background - The latest version of our often referenced CYBERscape to accurately capture the continuously evolving industry taxonomies
- An examination of the past decade of Cybersecurity transactions (M&A and VC / PE) to provide valuable insights and identify key trends
- Spotlighted our favorite content in 2019, sharing our own original content, as well as others’
- Focused on key breaches and regulatory changes, as well as industry sectors that are center stage for strategic activity
- Spotlighted leading, Cyber-focused buyers and investors that increasingly play an integral role in the industry’s most innovative startups
▪ We maintain the leading proprietary M&A and Financing Transaction Database – unrivaled in its accuracy, quality, and scale (“CYBERCloud”)
Methodology ▪ We complement CYBERCloud with data from various industry leading databases and research publishers, primarily from North America and around the world,
representing over a million data points and decades of institutional industry knowledge and experience
5
Table of Contents | Client vs Public Edition
Momentum Offers Readers A Condensed Public Edition & Client Edition Of The Cybersecurity Almanac.
Client Public
Foreword | Cyberstorm 2.0 & The Evolving Landscape Of Cybersecurity Strategic Activity 7 7
I. Executive Summary 15 15
II. M&A Activity In Cybersecurity 23 23
III. Financing Activity In Cybersecurity 116 41
IV. Public Company Trading Analysis 183 48
V. Cybersecurity Industry Perspectives 196 61
VI. Buyer Spotlight 283 148
VII. Sectors In Focus 327 150
VIII. Transaction Profiles 375 198
▪ Momentum Transactions ▪ Cybersecurity M&A Transactions

▪ Cybersecurity IPOs ▪ Cybersecurity Financing Transactions
IX. Contact Momentum Cyber 895 222
6
Foreword
2020
2020 Foreword | Cyberstorm 2.0 & Evolving Cyber Landscape
In Collaboration With Ed Amoroso | Founder & CEO, TAG Cyber.
Dr. Ed Amoroso is CEO of TAG Cyber, a global

Cybersecurity advisory, training, consulting, and media
services company supporting hundreds of companies
across the world. Ed recently retired from AT&T, beginning
in Unix security R&D at Bell Labs and culminating as
Senior Vice President and Chief Security Officer of AT&T
from 2004 to 2016.
Ed has been Adjunct Professor of Computer Science at the
Stevens Institute of Technology. He is also affiliated with
the Tandon School of Engineering at NYU as a Research
Professor, and the Applied Physics Laboratory at Johns
Hopkins University as a senior advisor. He is author of six
books on Cybersecurity and dozens of major research and
technical papers and articles in peer-reviewed and major
publications.
Ed holds ten patents in the area of Cybersecurity and
media technology and he has served as a Member of the
Board of Directors for M&T Bank, as well as on the NSA
Advisory Board (NSAAB). He has worked directly with four
Presidential administrations on issues related to national
security, critical infrastructure protection, and cyber
policy.
Ed Amoroso
Founder & CEO, d
Return To Table Of Contents 8

Cyberstorm 2.0 | Key Factors In Today’s Threat Landscape…
Various Industry-Wide Developments Are Making It More Difficult To Define & Protect Against The Challenging Threat Landscape.
Automation & AI-Powered Attacks Information Manipulation

▪ Automation is a double-edged sword – it makes defenses better, ▪ Enterprises often focus time & resources protecting against threats
but attackers are also using it to execute wider attack campaigns that are easy; less willing to focus on more challenging threats
▪ Some of the most devasting attacks (ex: Stuxnet, NotPetya) feature ▪ Info manipulation is not as frequently discussed as other Cyber
a form of automated propagation and attack capability threats because there is little known on how to defend against it
▪ Hacking algorithms will only continue to get better, as AI can be ▪ Fake news, deep fakes, etc. are not traditional hacks, but affect
trained to ultimately seek & exploit vulnerabilities in any network information security & trust
▪ Only ~1% of AI research spending goes towards security, while ▪ Use new tactics that traditional Cyber defenses cannot prevent to
plenty is being invested in new, devastating attack methods accomplish similar end-goals of Cyber attacks
▪ Accelerating polymorphic malware can constantly change code, ▪ Less-defined category of Cybersecurity that is quickly becoming an
making threats undetectable and able to subvert traditional emerging & highly dangerous threat vector
security defenses ▪ Since it is a relatively new threat area, it does not fit into Cyber’s
▪ Results in driving hyperscale volume & complexity of threats traditional taxonomy; must adapt to properly address it
Nation States Involvement Growing Sentiment That Things Are Getting Worse
▪ There are “no rules” & nothing is off limits for nation states Data suggests that the overall perception from experts is that broad
▪ Nation States are not afraid to attack where they can inflict the security posture is continuously being degraded, with no evidence that we
most damage on the private sector and government, engaging in are able to effectively predict cyber incidents
guerilla tactics to attack where organizations least expect it
▪ Demonstrated ability & willingness to target elections & other

critical infrastructure that have profound effects on society NYU Index of Cyber Security (ICS): Sentiment-Based Metric Of
▪ It is often difficult to pinpoint the source of where attacks are Perceived Risk (Up 100%+ Since 2015)
coming from (“false flag” attacks) to prevent further action Dec-19: 4,945
▪ Percentage of nation states attacks have increased from 12% of all

attacks in 2017 to 23% in 2018
▪ Increasingly strong & accessible AI capabilities is leading to higher
Mar-15
Jul-15
Nov-15
Mar-16
Jul-16
Nov-16
Mar-17
Jul-17
Nov-17
Mar-18
Jul-18
Nov-18
Mar-19
Jul-19
Nov-19
Jan-15
Jan-16
Jan-17
Jan-18
Jan-19
May-15
Sep-15
May-16
Sep-16
May-17
Sep-17
May-18
Sep-18
May-19
Sep-19
volume and frequency of nation states engaging in cyber warfare
Source: The Index of Cybersecurity; The Future of AI & Cybersecurity; Nation State Attacks & Ransomware In 2020
…Leading Enterprises To Modernize Their Cybersecurity Posture…
Organizations Must Continue To Evolve Their Defense Systems To Be More Adaptable & Nimbler To Handle Modern / Next-Gen Threats.
Automation & AI-Powered Defenses Software-Defined Infrastructure For Dynamic Defense

▪ Automated security tools create a fairer fight against automated ▪ Software-centric infrastructure enables security teams to
attacks with more rapid, accurate, & effective data sequencing dynamically adapt defenses to constantly changing threats
▪ Enables organizations to improve personnel productivity & more ▪ Centralizes management of security network that is continuously
efficiently defend digital assets amid Cybersecurity talent shortages tested & validated for consistent compliance
▪ Enables dynamic policy updates across security products to rapidly ▪ AI can automatically insert, change, & remove security points in
adjust & defend against continuously changing attacks in real-time real-time
▪ Expedites process of creating protections to keep up with rapid ▪ Resulting in lighter-weight, more nimble, flexible defenses that can
pace of attacks adapt to automatically changing attack strategies
▪ Predictive protection against current and future attack behavior ▪ Vendors are moving towards more of a “point-and-click”
instead of static prevention & reactive response deployment model for rapid protection
▪ Intelligently recognize patterns in web requests to automate the ▪ ISPs and public cloud providers are well-positioned to deliver this
blocking of threats rapid deployment functionality
Increased Visibility Across Attack Surface Virtualization & Decentralized Networks

▪ The volume & diversity of devices (BYOD, IoT, ICS / OT, etc.) ▪ Advanced security capabilities that have historically only been
connected to the enterprise network is constantly increasing available in hardware appliances can now be deployed virtually
▪ Increased use of third-party vendors for software & services ▪ Virtualized configuration of connection points for greater security
requires organizations to better understand supply chain risks outside of the traditional network perimeter
▪ Comprehensive visibility solutions for analysis and insight into ▪ Organizations can move away from a singular network framework
potential risks & exploitable vulnerabilities across attack surface ▪ Shift towards scattered, decentralized networks & multi-cloud
▪ Helps organizations understand risk profile & exposure of their strategies to enable more granular security controls & prevent
business to better prioritize security investment and response threats from spreading
▪ Ability to map all assets and monitor data flows in real-time ▪ The ongoing convergence of networking + security results in more
enhances detection of issues as they occur across the enterprise informed security based on telemetry, metadata, & network flow
▪ Rapid investigation of policy violations through automated ▪ Cloud-native network & security solutions are better suited to
comparison against historical observations support digital business transformation & distributed enterprises

…Creating Opportunity For Vendors In Emerging Technology Sectors…
Innovative Companies Are Evolving & Expanding Into New Sectors To Address The Latest Digital Threats.
Emerging Technologies & Trends Impact Radar Select Vendors / Providers Per Sector
Range Of Impact Automated Data Classification
Cloud-Delivered Network Security Services
Now (0 – 1 Year)
Cloud Security Posture Management
1 – 3 Years Cloud-Delivered Network
Security Services Cloud Workload Protection Platforms
3 - 6 Years
Digital Ethics Cloud Security Posture Management Container-Based Network Defense
6 – 8 Years Smart Farming / Metering / Cities, Connected Vehicles, Drones, Healthcare
Cyber-Physical Systems Security Devices, Converging OT-IT, Autonomous Robots
Digital Risk Management Zero-Trust
Networking Decentralized Identity
Homomorphic Automated Data
Encryption Classification Process, Application, Deception for Threat Defense
& Behavioral
Monitoring Systems of values & moral principles for the conduct of electronic interactions,
ML-Based Log Analysis Digital Ethics with the use & sharing of data between people, businesses, & things
Password-less Authentication
Cloud Workload Protection Platforms Digital Risk Management
ML-Based Binary Analysis Homomorphic Encryption
Deception for Threat Defense Integrated Risk Management
Decentralized Identity
Secure Access
Service Edge (SASE) ML-Based Binary Analysis
Integrated Risk Management
Container-Based ML-Based Log Analysis
Market Impact Network Defense
Password-less Authentication
Medium
Cyber-Physical Systems Security Process, Application, & Behavioral Monitoring
Large Secure Access Service Edge (SASE)
Very Large Zero-Trust Networking
Source: Gartner Emerging Technologies & Trends Impact Radar: Security

…Resulting In Record Strategic Volume Across Cybersecurity
$180B+ Deployed Across Cybersecurity M&A & Financing Over The Past Decade (Reached All-Time Highs In 2019).
2010-2014 Strategic Volume ($B) 2015-2019 Strategic Volume ($B)
M&A $46.8B Financing $7.1B M&A $97.5B (108% ) Financing $29.5B (314% )
$27.6
$22.2
$20.4
$16.1
$13.6
$13.6
$11.3
$9.0
$8.9
$5.9 $5.7 $6.4
$4.7 $4.5
$3.9
$1.7 $2.5
$0.8 $0.9 $1.2
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Financing M&A

Cybersecurity M&A Trends
Strategic M&A Is An Inevitable Force In The Development Of The Cybersecurity Industry.
2020
Looking Back Looking Ahead
Start-up companies are better-positioned to more quickly develop CISO preferences for full platforms compared to point solutions as a
solutions to the latest security challenges, creating acquisition interest result of ever-growing talent shortage & vendor fatigue will be a key
from large incumbent platforms driver of industry-wide consolidation
Technology platforms that have established themselves as category
Expanding buyer universe as more out-of-sector buyers look to
leaders can command highly strategic valuations (15x+) at relatively
incorporate Cybersecurity technology into core products & services
early stages
Endpoint & IAM, two of the most mature and long-standing Services & Consulting companies will look to build their Cybersecurity
Cybersecurity subsectors, were some of the most active for product offerings through acquiring technologies that can help them create
M&A activity differentiated, recurring, tech-enabled solutions
Private Equity cemented its position as a serious player for
Long-standing public companies will continue to evaluate strategic
Cybersecurity M&A, demonstrating an ability to compete with strategics
alternatives to unlock growth potential
for high quality assets and pay premium multiples
Most Active Strategic Buyers (# of Deals & Disclosed Cumulative EV)* Sectors To Watch For M&A Activity
1. 2. 3. 4. 5. Next-Gen MSSP / MDR Serverless Security
Security Orchestration, Automation

18 Deals 17 Deals 15 Deals 12 Deals 10 Deals Application Security / DevSecOps
& Response (SOAR)
$9,408M $6,408M $946M $2,130M $2,510M Container Security Secure Access Service Edge (SASE)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database.

* Past Decade: 2010 – 2019 Return To Table Of Contents 13
Cybersecurity Investing Trends
Venture Capital Remains A Key Catalyst Driving Innovation & Strategic Activity Across Cybersecurity.
2020
Looking Back Looking Ahead
Closing the misalignment gap between venture and security buyer
Investor interest is Cybersecurity has risen across the board, making it easier
perspectives; investors will more frequently require sustained commercial
than ever for companies to raise early stage rounds
traction & field validation to merit continued valuation increases
Pure capital is becoming commoditized, and investors need to differentiate Claiming AI & ML will not be enough; companies will need to demonstrate
themselves in the increasingly competitive VC market for top Cybersecurity core product differentiation in order to stand out from increasingly crowded
assets & noisy landscape
Typical check-sizes per round will continue to increase as companies want
VCs demonstrate value as Advisors for Product & GTM, making connections
to accelerate capital deployment as quickly as possible to capitalize on
to key customers / partners / employees prior to investment
windows of opportunity & ever-changing threat landscape
VC experience & insight is highly valuable supporting founders when it Strategic investors will be inclined to explore investment strategies to test
comes to the ultimate exit (M&A or IPO); leverage their networks to out value-add partnerships and “try before you buy”; represent much more
introduce the right advisors strategic and valuable capital than institutional investors
The Rise Of Cyber-Specific Investors Corporate Investors Increasing Cybersecurity Investment Activity
Cyber-specific VCs differentiate themselves from traditional VC’s by offering portfolio companies Broader Technology Players Led Select Sectors To Watch + Representative Vendors
deep domain expertise and a network of other cyber-focused firms Strategic Cyber Investments Banking /
Over The Past Decade Financial Services
Consulting /
Services
Broader IT /
Telecom

I. Executive
Summary
I.
Momentum Cyber’s Snapshot of 2019
[XX]Was Another Transformational Year For The Cybersecurity Industry.
2019
[XX].
5 Billion-Dollar-Plus Deals Increasing Demand For A Record Year For Cybersecurity
$95M
Median 2019
Acquires Acquires Acquires Acquires Acquires
Comprehensive Risk Management
Third-Party Cyber Insurance
$27.6B Total(all-time
M&A Volume
high)
Focused
$8.9B Total (all-time

M&A Deal Value (Enterprise Assets)
VC Investments
$10.7B $3.9B $2.1B $1.4B $1.0B high)
21 Capital Raises ≥ $100M

Largest Cybersecurity M&A
51 Completed Deals Deal Of All-Time
Vulnerability-Based Financially-Oriented
Private Equity ‘s
$10.7B Quantification
$309M $200M $200M $200M $130M
Cybersecurity (Enterprise Assets) $120M $110M $110M $103M $100M

2019 Stock Price Performance Of Public Companies 4 Cybersecurity IPOs In 2019
Continues Positive Momentum
Dominating Cyber M&A
62% 47% 5 Acquisitions
81% 80% 62% 59% 57% Totaling >$1.2B
26% 14%
$560M $47M
Risk & Compliance Was The Most Active Security Services Lead M&A Activity IAM Continues To Attract Investors SOAR Serverless App
Security
Financing Sector For 2nd Year In A Row
62
M&A Transactions across
$1.1B Total Raised
64 MSSP & Consulting $410M
Container
$75M
IoT Security
Capital $150M
Raises 16 Zero-Trust Cloud Security
Cybersecurity Market Year In Review | 2019
Cybersecurity Continues To Be One Of The Most Active Sectors Of Technology Across The Public & Private Markets.
I. Public Market Valuations II. IPO Activity III. M&A Activity IV. Financing Activity
▪ Public markets exited 2019 at all-time market highs, ▪ 4 Cybersecurity IPOs in 2019 (following 5 in 2018), with ▪ 188 M&A deals in 2019 was most active year ever ▪ All-time high for activity; averaged 100+ deals / quarter
with Cybersecurity slightly trailing major indices the average IPO raising $381M in 2019
▪ Total volume of $27.6B shattered prior records by $5B+ ▪ Volume increased 38% in 2019 from $6.4B to $8.9B
▪ High-Growth Cybersecurity stocks still consistently ▪ After hot starts and high multiples from Crowdstrike and
▪ PANW led M&A activity, deploying $1.2B over 5 deals ▪ Overall median round size increased 16% to $9M; late
outperformed the S&P 500, NASDAQ, and other Cloudflare, 2019 average stock price performance
stage (Series C+) accounted for 62% of total volume
technology indices throughout 2019 finished the year up 37% from IPO ▪ 5 billion-dollar plus deals; 4 involving public assets
Cybersecurity vs. Benchmark Performance Avg. IPO Stock Performance Avg. Rev. Mult. At IPO M&A Deal Count & Volume By Quarter ($ in B) Financing Deal Count & Volume By Quarter ($ in B)
140 $13.1 $2.8

$2.5
13.4x
$2.0
120 $7.5 $1.5
73.5% 8.6x
$3.5 $3.5
100
37.0%
80
Q1 2019 Q2 2019 Q3 2019 Q4 2019 Q1 2019 Q2 2019 Q3 2019 Q4 2019
Dec-18 Apr-19 Aug-19 Dec-19 # of
S&P 500 NASDAQ HACK
# of Deals 45 42 40 61 Deals
111 111 107 90
2018 2019 2018 2019
2019 Top Cybersecurity Stock Performance Stock Price Change Since 2019 IPO Most Active Strategic Buyers Financing Deal Volume By Stage ($ in B) (1)
$5.5
* 5
3
81% 80% 62% 3
62% 47% 3
3 $1.5 $1.3
59% 57% 52% 2 $0.5
* 2
26% 14% 2 Early Stage Series A Series B Series C+
# of
47% 43% 37% 9 Others 2 Deals
148 94 53 109

* Since IPO Return To Table Of Contents 17
(1) Excludes grants and straight debt / loan financings. Follow-on financings (e.g., A, A1) in same year combined to represent one deal for that stage.
The Cybersecurity Dashboard
$8.9 Billion 419 $27.6 Billion 188
2019 Financing Volume 2019 Financing Transactions 2019 M&A Volume 2019 M&A Transactions
Notable Financing Transactions 2019 Financing

Financing
Activity Monthly Deal Count Pulse M&A Notable M&A Transactions 2019
Financing M&A
Date Company Amt. ($M) 45
41 40 40 43 43 43 43 Target Acquirer EV ($M)
40 36 40 $27.6
$8.9 38 32
32 34
37 43 38 37 37 37 37
09/25/19 $395.1 35 29 32 35 36 $10,700.0
$6.4 26 36 32 Enterprise Assets
26 33 24 $16.1
26
06/24/19 $309.4 25 28 29 19 21
26
27 $3,948.0
18 18 17 15 17 18 18 14 16 26
21
1714 14 12 15 10 13 13 17 11 10 13 16 16 20
15 13 9 11 11
01/15/19 $261.0 13 15 $2,100.0
11 12
5
09/26/19 $218.9 $1,395.8
2018 2019 Jan-17 May-17 Sep-17 Jan-18 May-18 Sep-18 Jan-19 May-19 Sep-19 Dec-19 2018 2019
11/14/19 $200.0 Deal Value ($B) Public Comps Cyber M&A EV Distribution Deal Value ($B) $1,000.0
Max 23.9x 2018 2019
08/05/19 $200.0 419 183 188 $815.0
402 Max 17.1x
4% 8%
07/11/19 $200.0 16% $780.0
Median 6.9x 18%
40%
11/05/19 $165.0 Median 6.0x 19% 53% $618.5
Min 2.3x 24%
Min 2.0x
03/12/19 $150.0 9% $576.6
2018 2019 10%
2018 2019 2018 2019
(EV / 2018E Rev) (EV / 2019E Rev) $560.0
09/18/19 $147.0 Deal Count Deal Count
Multiple as of 12/31/18 Multiple as of 12/31/19 $0-$50M $50M-$100M $100M-$250M $250M-$1B $1B+
Application Security Financing Activity M&A Activity

Blockchain
Cloud Security
10 17 27 7 12 29 4 16 11 14
Data Security 11 39 12 29 8
40 21 7
Digital Risk Management 25 7 31 8
Endpoint Security 1 1
Fraud & Transaction Security 9 9
Identity & Access Management 45 64 45
51 2018 2019 2018 3 2019 5
IoT 23 11
Messaging Security Total: 402 12 Total: 419 11
Total: 183 Total: 188
Mobile Security 17
13 5 10
MSSP
21 31
Network & Infrastructure Security 40 16 48 13 7
Risk & Compliance 18 16
86 45
SecOps / IR / Threat Intel 9 48 136
11 26
17
15 413 31
Security Consulting & Services 28
Web Security
A Summary Of Strategic Activity | 2019
5 Billion-Dollar-Plus M&A Deals, 21 Capital Raises ≥$100M, & 4 Cyber IPOs Highlighted 2019 Strategic Activity.
Selected Acquisition Activity Selected Financing Activity IPO Activity

(Date (M/DD): Implied Enterprise Value) (Date (M/DD): $ Raised / Funding Stage) (IPO Date (M/YY): $ Proceeds)
12/23: NA 12/19: $1,000M 9/19: $1,396M 11/14: $200M / A 11/05: $165M / E 9/25: $395M / PE
Market Cap: $1,935M
9/19: $188M
6/16: Acq. By Vista Equity: $600M
11/04: NA 11/03: $225M 10/14: $3,948M 9/12: $42M / C 8/05: $200M / E 7/11: $200M / A
Market Cap: $5,121M

(Enterprise Assets) 9/19: $525M
8/22: $2,100M 8/08: $10,700M 6/05: $228M 7/10: $70M / D 7/09: $75M / D 6/24: $309M / PE Pre-IPO Funding (5 Rounds): $404M
5/30: $780M 5/29: $410M 5/28: $250M 6/20: $130M / Later Stage VC 6/10: $100M / E 6/04: $120M / D
Market Cap: $10,251M
6/19: $704M
Pre-IPO Funding (6 Rounds): $481M
5/07: $577M 8/19: $315M 2/19: $560M 5/30: $110M / D 5/20: $103M / E 5/08: $110M / G
Market Cap: $603M

4/19: $108M
2/15: $90M 2/07: $619M 1/15: $276M 5/08: $75M / E 1/29: $55M / Early Stage VC 1/10: $100M / D Pre-IPO Funding (4 Rounds): $26M
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database. Market data updated as of December 31st, 2019.
Denotes Momentum client.
M&A And Financing Activity By Sector
MSSP & Web Security Saw The Greatest Increases In M&A Activity, While Risk & Compliance Remains The Most Active Financing Sector.
M&A Activity Ranking Financing Activity Ranking

Security Consulting 31 7
29 10
MSSP 31 13
15 8
Network & Infrastructure Security 18 48

17 40
Identity & Access Management 17 45

31 48
Application Security 14 29
16 27
SecOps / IR / Threat Intel 11 39

23 40
Web Security 11 12
4 17
Risk & Compliance 10 64

13 51
Endpoint Security 9 5
9 13
Cloud Security 8 25
7 21
Data Security 8 45
7 45
IoT 7 26
3 28
Messaging Security 6 11
1 9
Fraud & Transaction Security 5 21

3 16
Mobile Security 1 6
4 6
1 11
Digital Risk Management 1 12
- 12
Blockchain - 11
2019 Transaction Activity 2018 Transaction Activity

2019 M&A & Financing Volume By Sector
Services Led M&A Activity, While Software Products Across Risk, Network, Identity, & Data Attracted The Most Financing.
Top 10 Sectors By M&A Activity (With Select Representative Targets)

31 31
18 17
14
11 11 10 9 8
Security Network & Application SecOps / IR / Web Risk & Endpoint Cloud
MSSP IAM
Consulting Infrastructure Security Threat Intel Security Compliance Security Security
Top 10 Sectors By Financing Activity (With Select Representative Companies)

64
48
45 45
39
29
26 25
21
13
Risk & Network & Data SecOps / IR / Application Cloud Fraud & Transaction
IAM IoT MSSP
Compliance Infrastructure Security Threat Intel Security Security Security

IV. M&A Activity In
Cybersecurity
II.
Cybersecurity M&A Activity | 2010 – 2019
Cybersecurity M&A Totaled $144B Across 1,405 Deals Since 2010.
Annual M&A Deals And Volume Quarterly M&A Deals And Volume
($B) (2010 – 2019) ($B) (Q1 2010 – Q4 2019)
$27.6
$30.00 200
$13.1
188 61
178 183 180
58
175 $11.5
$25.00 158 160
52
$22.1
$20.4 $9.9
45 44 46 45 46 45 45
$19.0 43 43
140
$20.00 134 42 42
40 39 39 40
36 $7.9 $7.5
120
$13.6 112 $9.9 $16.1 34 34

33 $7.1
104 $9.6 32 32
$15.00 88 $13.6 $2.2 100
30 29 38 $6.6
28 27 28 $5.7
85 $11.3 25
23 24 $5.1
$3.6 80
21 22 22 21 $4.9 $4.8 $4.9

$1.0 19 $4.4
$10.00 $9.0
17 $3.9 $3.3 $3.5$3.5
$10.5
60
15 $3.6
$3.4 $2.8
$5.9 $4.3 $13.9 $3.0 $2.8 $2.6
$12.2 $2.5
$4.7 $11.0 $1.9$2.3
40
$5.00 $9.9 $10.3 $2.1 $1.6

$2.9 $8.6 $1.5 $1.4
$2.1 $1.0 $0.7
$4.6
20
$0.5 $0.8 $0.7 $0.6

$3.1 $3.0 $2.6 $0.3 $0.2 $0.4 $0.2
$0.00 -
Q1'10
Q1'12
Q2'19
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Q1'15
Q2'15
Q3'15
Q4'15
Q1'16
Q2'16
Q3'16
Q4'16
Q1'17
Q2'17
Q3'17
Q4'17
Q1'18
Q2'18
Q3'18
Q4'18
Q1'19
Q3'19
Q4'19
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Private Co. Volume ($B) Public Co. Volume ($B) Number of Deals
Volume ($M) Number of Deals
▪ Cybersecurity M&A activity in 2019 reached record highs ▪ Over the last eight quarters, financial and strategic buyers have completed $43.7B in M&A transactions
with $27.7B in deal value and 188 deals completed ▪ M&A deal volume in Q3 2019 reached $13.1B, the highest deal value in a quarter for Cybersecurity; Q4 2019 deal values
▪ Broadcom and Palo Alto Networks led 2019 M&A spending reached $7.5B, up 31% from Q4 2018; Growth in deal value was primarily driven by five $1B+ deals completed which
with over $11.9B deployed across 7 transactions included Broadcom’s acquisition of Symantec’s Enterprise Assets by for $10.7B, Thoma Bravo’s acquisition of Sophos for
▪ For the first time since 2010, Public Company Asset M&A $3.9B, and VMware’s acquisition of Carbon Black for $2.1B
volume surpassed Private Company volume in 2019 ▪ Quarterly deal activity also reached a record high in Q4 2019 with 61 deals completed, the highest quarter for Cybersecurity
Note: Includes private and public company M&A transactions including acquisitions of public companies and divestures of assets / operations / business units from public companies. Return To Table Of Contents 24
Top 10 M&A Deals By Volume By Period | 2010 – 2019
Strategic & Financials Buyers Continued To Write Large Checks For Highly Prized Assets In 2018 & 2019.
Most Active Buyers
Period Most Active Buyers (No. of Deals)
$26,859 $26,556
Max: $5,842 Max: $10,700
2018 & 2019 (8) (5) (4)
2016 & 2017 (5) (5) (4)
2014 & 2015 (7) (4) (4)
2012 & 2013 (3) (3) (3)
2010 & 2011 (4) (4) (3)
$15,362
Max: $6,892 $14,269 (Enterprise Security Assets)
Max: $2,600 Median: $1,969 Median: $1,645
$8,287
Median: $851 Max: $2,494
Median: $1,145
Median: $660
Min: $400 Min: $337 Min: $635 Min: $1,342 Min: $821
2010 & 2011 2012 & 2013 2014 & 2015 2016 & 2017 2018 & 2019
Note: $ in USD Millions. Return To Table Of Contents 25
Notable Acquisitions Involving Public Company Targets | 2016 – 2019
2019 Was The Most Active Year With 4 Completed Transactions Totaling $18B+ In Deal Value.
Date Target Acquirer EV ($B) EV / LTM Revenue
Nov 2019 $1.4 3.4x
Oct 2019 $3.9 5.5x
Aug 2019 $2.1 9.1x
Aug 2019 $10.7 4.6x

Enterprise Assets
Oct 2018 $1.9 5.5x
Nov 2017 $1.5 4.0x
Oct 2017 $1.6 5.3x
Sep 2016 $1.3 3.7x
Jul 2016 $0.5 4.4x
Jul 2016 / $1.4 3.2x
Median: $1.5 4.5x

M&A Deal Spotlight | 1H 2019
Select M&A Transactions Of Highly Strategic And Potentially Transformational Assets.
Highlighted M&A Transactions Large Technology Players Were Active Acquirers In These Sectors
Date Target Acquirer EV ($M) Impact

Sec Ops &
▪ Establishes large PE-backed threat intel platform Incident Response
05/30/19 $780.0 ▪ Potential to execute on a roll-up strategy to consolidate
fragmented threat intel landscape Network &
Infrastructure
▪ Resulted in PANW’s announcement of its Prisma Cloud Security
Security offering
05/29/19 $410.0
▪ Continued cloud security acquisition spree after Red Lock
and Evident.io acquisitions from 2018
Cloud Security
▪ Complements Mandiant services, helping scale security
05/28/19 $250.2 assessment business
▪ FEYE’s largest upfront acquisition since Mandiant in 2014
Web Security
▪ PANW continues to make big bets on creating a platform
to solve growing security operations challenges
02/19/19 $560.0
▪ Adds SOAR to its Cortex portfolio potentially integrating
with its data lake as well as endpoint & UEBA analytics MSSP
▪ Interset’s analytics engine will supplement the features of

Micro Focus’ ArcSight and Vertica products
02/15/19 $89.7
▪ Proprietary AI & ML algorithms can be leveraged across Endpoint Security
Micro Focus’ portfolio of IT solutions
▪ Big bet on creating data backup + security offering;
Carbonite’s largest acquisition (nearly doubled its revenue)
02/07/19 $618.5 ▪ Accelerates Carbonite’s strategy towards becoming a
Application
leading data protection company for SMB and mid- Security
enterprise
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, 451 Group, and Pitchbook.
M&A Deal Spotlight | 2H 2019
Select M&A Transactions Of Highly Strategic And Potentially Transformational Assets.
Highlighted M&A Transactions Large Technology Players Were Active Acquirers In These Sectors
Date Target Acquirer EV ($M) Impact

Sec Ops &
▪ Accomplishes F5’s goal of shifting towards a software- Incident Response
driven business model
12/19/19 $1,000.0 ▪ Can be integrated with F5's other offerings around web
traffic management (e.g., Anti-DDoS, WAF, etc.). Network &
Infrastructure
▪ Obtains another cloud-centric business with strong Security
channel
11/11/19 $1,395.8 ▪ Enables the ability to continue to compete in the SMB /
‘prosumer' space’
Cloud Security
▪ Proofpoint’s 2nd nine-figure deal of 2019, and 12th
overall since 2014 (4th most over that period)
11/03/19 $225.0 ▪ Adds insider threat capabilities to extend Proofpoint’s
CASB / DLP capabilities with endpoint Identity & Access
Management
▪ 1st UK-based Cybersecurity portfolio company for
Thoma Bravo
10/14/19 $3,948.0 ▪ Thoma Bravo’s 3rd Cybersecurity take-private since 2H
2017 joining Barracuda & Imperva IoT Security
▪ Delivers significantly more visibility and protection

across traditional endpoints and in the cloud
08/22/19 $2,100.0 ▪ Adds complementary endpoint offering to its network- Endpoint Security
centric NSX & management-centric products
▪ Opportunity to optimize returns on an underperforming

asset in a growing enterprise security space Application
08/08/19 $10,700.0 ▪ Expands footprint of mission critical infrastructure Security
Enterprise Assets software within its core Global 2000 customer base
M&A Deal Spotlight | Enterprise Assets
&
Two Multi-Billion Dollar Deals Involving Public Sellers During A 14-Day Period In Mid-August.
Situation Overview
Combined $12.8B EV across Symantec (Enterprise Assets) & Carbon Black transactions more than doubled 2019 YTD M&A volume ($7.1B M&A volume through first 7 months of the year);
resulted in the largest single month of Cybersecurity M&A volume with long-term impact on broader security landscape
Transaction Details
Announced Target Buyer Enterprise EV / LTM Rev Transaction
Target Buyer
Date Sector Sector Value ($M) LTM Rev Growth Rate (%) Commentary
▪ Strategic acquisition expands VMware’s visibility into
Endpoint Cloud / IT activity at endpoints across IT systems
08/22/2019 $2,100.0 9.1x 24%
Security Infrastructure ▪ VMware was previously part of Carbon Black’s “Partner
Community”
▪ Largest Cybersecurity M&A deal of all time involving one of

Endpoint & the original Cybersecurity public companies
Semiconductors / (1)
08/08/2019 Enterprise Diversified $10,700.0 4.6x 1%
IT Infrastructure ▪ Broadcom later spun out Symantec’s Enterprise Managed
Assets Security
Services division to Accenture
Similarities Across Transactions Key Takeaways & Market Impact

Target Buyer Further validation of the convergence of IT infrastructure & Cybersecurity with two
diversified IT solution providers placing large bets on Cybersecurity
✓ Public company assets ✓ Public company with market cap greater
than $60B Carbon Black’s notably higher revenue multiple than Symantec’s Enterprise Business
✓ Mature companies; Symantec founded Unit can be at least partially attributed to its more attractive growth profile
in 1982, Carbon Black in 2002 ✓ Provides broader IT infrastructure
solutions Endpoint strategic activity continues, following CrowdStrike IPO, Cylance acquisition by
✓ Heritage in Endpoint Security Blackberry, and Webroot acquisition by Carbonite over the past 12 months
(1) Pro-forma calculation presented to offset impact of divestiture of PKI / WSS Business in October 2017
Closer Look At Recent Cybersecurity “Exits” | Part 1
Breaking Down The Cybersecurity “Exits” From CY 2018 – CY 2019.
▪ $250M+: 20 companies; Median age of 10 years; Median Amount Raised of $61M; Median EV / LTM Rev multiple of 9.8x
▪ $50M-$250M: 33 companies; Median age of 10 years; Median Amount Raised of $25M; Median EV / LTM Rev multiple of 6.1x
Selected Companies /
$0-$25M
Deal Value
10.6%
8.7% $25M-$50M
36.5% $50M-$100M
22.1% $100M-$250M
$250M-$500M
9.6% 12.5%
$500M+
Note: Excludes deals with undisclosed deal values (typically < $50M). Deals with undisclosed deal values accounted for 65% of total exits.
▪ $10M-$50M: 55 companies; Median EV of $122M; Median Age of 7 years; Most Active Sectors: SecOps & IR (11), Network & Infrastructure Security (11), and Cloud Security (6)
Total $ Raised Prior to Exit
▪ $50M+: 26 companies; Median EV of $400M; Median Age of 10 years; Most Active Sectors: SecOps & IR (5), Endpoint Security (5), and IAM (4)
Selected Companies
20.6% $1M-$10M
35.7%
$10M-$20M
25.4%
$20M-$50M
18.3%
$50M+
Note: “Exits” excludes targets that were previously acquired or listed on a public exchange.
Closer Look At Recent Cybersecurity “Exits” | Part 2
Breaking Down The Cybersecurity “Exits” From CY 2018 – CY 2019.
▪ Series A & B: 72 companies, Median EV of $73M; Median Age of 5 years; Median Amount Raised of $11M
▪ Series C+: 43 companies, Median EV of $315M; Median Age of 11 years; Median Amount Raised of $49M
Last Round Prior to Exit
Selected Companies
Early Stage
22.5%
29.1%
Series A
Series B
16.6% 31.8%
Series C+
Note: Excludes debt financings and self-funded companies.
▪ 7+ years: 172 companies; Median EV of $100M; Median Amount Raised of $18M; Most Active Sectors: Security Consulting & Services (33), MSSP (29), and IAM (24)
▪ 2-7years: 121 companies; Median EV of $30M; Median Amount Raised of $6M; Most Active Sectors: SecOps & IR (16), AppSec (16), and Network & Infrastructure Security (16)
3.6%
Selected Companies
Time to Exit
<2 Years
25.0% 2 to 5 years
42.8%
5 to 7 years
14.8%
7 to 10 years
13.8%
10+ years
Note: “Exits” excludes targets that were previously acquired or listed on a public exchange.
Cybersecurity M&A: A Closer Look At Deal Value & Multiples
Cybersecurity M&A Activity Over The Last Decade With Disclosed Transaction Values.
M&A By Deal Value | CY 2015 - CY 2019 M&A By Valuation Multiples (EV / LTM Rev) | CY 2015 - CY 2019
Year Median Deal Value ($M) Year Median Multiple (EV / LTM Rev)2
64.3% 2019 $89.7 2019 4.8x
2018 $42.9 2018 6.1x
$50M- 22.1% 2017 $61.5 2017 4.5x
100M
51 2016 $42.0 2016 4.1x
2015 $40.0 2015 3.6x
2015 – 2019 $49.2
28.7% 2015– 2019 4.4x
22.2%
77.7%
$0M- 16.4% 17.5%
100M 180
12.3% 49 8.2%
7.0% 7.0%
5.3% 5.3% 5.8% 38 30
44 28
19 19 25 21 14 12
>$0M - $100M $100M - $200M $200M - $300M $300M - $500M $500M - $1B $1B+ >0.0x - 3.0x 3.0x - 5.0x 5.0x - 7.0x 7.0x - 10.0x 10.0x - 15.0x 15.0x+
M&A By Deal Value | CY 2010 - CY 2014 M&A By Valuation Multiples (EV / LTM Rev) | CY 2010 - CY 2014
67.2% Year Median Deal Value ($M) Year15 Median Multiple (EV / LTM Rev)2
2014 14 3.9x
2014
22 28 $49.4
$50M- 17.7% 2013 $25.0 2013 3.4x
100M 28 36.8% 2012 3.7x
2012 $62.6
2011 $20.0 2011 3.6x
2010 $24.7 2010 3.3x
82.3% 24.3% 2010 – 2014 3.5x
2010 – 2014 $32.5
130
$0M-
100M 14.0%
50
9.6% 9.6%
11.9% 33 5.9% 19
6.4% 5.5% 4.7% 4.3% 13 13
28 8
15 13 11 10
>$0M - $100M $100M - $200M $200M - $300M $300M - $500M $500M - $1B $1B+ >0.0x - 3.0x 3.0x - 5.0x 5.0x - 7.0x 7.0x - 10.0x 10.0x - 15.0x 15.0x+

Note: 1Includes acquisitions of public companies and divestures of assets / operations / business units from public companies.
2 EV / LTM Revenue Median Multiples cut off at 25.0x.
Private Equity Continues To Cybersecurity
The Highly Fragmented Cybersecurity Market Lends Itself To The PE Platform / Roll-Up Playbook.
Recent Cybersecurity PE Activity PE Firm Platform Add-Ons Exit
Target
($2.4B / 3.7x) ($280M) ($45M) ($4.7B / 7.8x)
Acquirer ($276 / 2.8x)
Beep Science
EV $3,948M NA $780M $950M $140M $250M $500M $525M ($559M / 1.9x) ($890M / 2.6x)
▪ Private Equity firms remain serious players in the competitive market of Cybersecurity M&A, with None
($887M / 2.5x) ($1.3B / NA)
a demonstrated ability to compete with strategic buyers for high quality assets
($600M / NA) ─
(IPO: $1.3B / 6.2x)
Late Stage / Pre-IPO Activity

($70M) ($210M) ($95M)
─
($800M / 6.7x) ($750M)

─
Series E Series E Series E Series E Later Stage VC Series E Series D Series E
$103M $103M $200M $50M $130M $75M $88M $65M
($1.2B / 6.7x) (Assets)
─
($1.9B / 5.5x) ($100M)

─
PE Growth Series F Series D Series E Series D Series D Series G PE
$309M $169M $90M $165M $100M $120M $110M $200M ($1.5B / 4.0x) ($25M) (Managed Workplace RMM) (Bot Mitigation Assets)
─
($4.2B / NA) ($600M)

─
▪ PE / late stage and public / cross-over investors have strong appetite for break-out Cybersecurity ─
($150M / 4.3x)
stories that could exit via an IPO in 12 – 24 months
Private Equity By The Numbers
Private Equity Activity Has Increased Significantly in Cybersecurity.
M&A Activity By Type of Buyer | 2010 M&A Activity By Type of Buyer | 2019
Private Equity Private Equity
Strategic Strategic
21%
9%
6%
27%
73%
79%
91%
94%
Total Deal Count: 88 Total Amount Spent: $13,606 Total Deal Count: 188 Total Amount Spent: $27,580
Cyber Private Equity Universe Cyber Private Equity Universe

M&A Transactions
With Disclosed Values
Notable Cybersecurity M&A Transactions | 2010 - 2019
Cybersecurity M&A Transactions With Disclosed Transaction Values.
Sellers Snapshot
AuditSec
Just Content
Software
Enterprise Web /
Assets PKI Assets
Enterprise Value ($M) LTM Revenue ($M) EV / LTM Revenue[1]

2010-2014 2015-2019 2010-2019 2010-2014 2015-2019 2010-2019 2010-2014 2015-2019 2010-2019
Mean $199.0 $269.2 $241.4 $94.8 $116.0 $106.6 4.9x 6.1x 5.6x
Median $32.5 $49.0 $42.7 $25.0 $28.6 $25.0 3.5x 4.5x 4.0x
Note: 1 EV / LTM Revenue Median Multiples cut off at 25.0x. Return To Table Of Contents 36
Notable Cybersecurity M&A Transactions | 2010 - 2019
Cybersecurity M&A Transactions With Disclosed Transaction Values.
Buyers Snapshot
Enterprise Value ($M) LTM Revenue ($M) EV / LTM Revenue[1]

2010-2014 2015-2019 2010-2019 2010-2014 2015-2019 2010-2019 2010-2014 2015-2019 2010-2019
Mean $199.0 $269.2 $241.4 $94.8 $116.0 $106.6 4.9x 6.1x 5.6x
Median $32.5 $49.0 $42.7 $25.0 $28.6 $25.0 3.5x 4.5x 4.0x
Note: 1 EV / LTM Revenue Median Multiples cut off at 25.0x. Return To Table Of Contents 37
M&A Transactions With
Non-Disclosed Values
Notable Cybersecurity M&A Transactions | 2010 – 2019
Cybersecurity M&A Transactions With Non-Disclosed Transaction Values.
Sellers Snapshot

Notable Cybersecurity M&A Transactions | 2010 – 2019
Cybersecurity M&A Transactions With Non-Disclosed Transaction Values.
Buyers Snapshot

V. Financing Activity
In Cybersecurity
III.
Cybersecurity Financing Activity | 2010 – 2019
Cybersecurity Startups Have Raised $36.6 Billion Across 2,781 Deals Since 2010.
Annual Investment Deals And Dollars Quarterly Investment Deals And Dollars
($B) (2010 – 2019) ($M) (Q1 2010 – Q4 2019)
$2.8
429 419
123 $2.5
402 450
105 111 111

362 100 104
101 103
400
99 98
$8.9 91 94 90 97 107 90
304 350
$2.0 $2.0
280 79 $1.9
73 74 75 $1.8 $1.7
70 72 $1.6
300
$1.5 $1.5
63 66 $1.5
59 $1.4
201 250
51 49
$6.4 47 $1.2 $1.2 $1.0
156 $5.7 40 42 $1.0
$0.9
200
35 36 $0.8 $1.0
120 $4.5 30 30 31 33
108 27 28 $0.6
$3.9 $0.6
150
23 24
$0.4 $0.5 $0.5$0.6 $0.5 $0.5
100
$0.4
$2.5 $0.2$0.2$0.2$0.1$0.1$0.2$0.3$0.2$0.2$0.3 $0.3 $0.3
$1.7
50
$1.2
$0.8 $0.9
0
Q2'13
Q3'14
Q4'15
Q1'17
Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q3'13
Q4'13
Q1'14
Q2'14
Q4'14
Q1'15
Q2'15
Q3'15
Q1'16
Q2'16
Q3'16
Q4'16
Q2'17
Q3'17
Q4'17
Q1'18
Q2'18
Q3'18
Q4'18
Q1'19
Q2'19
Q3'19
Q4'19
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Investments ($B) Deals Investments ($B) Deals
▪ $8.9B was raised across 419 transactions in 2019 ▪ Over the last eight quarters, investors have invested $15.3B into Cybersecurity
▪ 2019 Financing Activity has reached record highs ▪ $8.9B in 2019 was a record, with $2.0B invested in Q1 2019 (111 deals), $2.8B invested in Q2 2019
by deal volume ($8.9B), surpassing the previous (111 deals), $2.5B invested in Q3 2019 (107 deals), & $1.5B invested in Q4 2019 (90 deals)
year’s high by $2.5B ▪ Q2 2019 ($2.8B) & Q3 2019 ($2.5B) were the two record setting quarters of financing activity; 2019
was highlighted by 21 financing deals that raised $100M+

Cybersecurity Venture-Backed Private Companies & Investors
List of Most Well-Funded Private Companies And Most Active Financial VC Investors.
Top 15 Well-Funded Private Cybersecurity Companies ($M) Top 15 Most Active Financial Investors in Cybersecurity Since 2016 (1)
Investor Number of Cyber Investments Select Cybersecurity Investments Since 2016
$682 36
34
$553
$530
29
$404 $403 $402 $390 $390 25

$358 $346 $333 $331 $328 $311 $310
24
24
22
20
20
▪ The top 15 most well-funded private companies have raised $6.1B during their lifespan
20
▪ Tanium continues to top the list of most well-funded, having raised $375M in 2018,
$212M in 2015, totaling $682M since 2007 19
▪ An additional 52 companies have raised $100M+ for a total of $8.0B, including: 19
($238M) ($230M) ($228M) ($224M) ($223M) ($223M) ($214M) 17
16
($209M) ($208M) ($206M) ($200M) ($193M) ($150M) ($150M)
16
($148M) ($141M) ($129M) ($125M) ($122M) ($111M) ($100M) Denotes pure-play Cybersecurity investors
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Capital IQ, and Pitchbook.
(1) Total number of investments made in rounds with a minimum of $5 million raised; excludes strategic investors
A Breakdown Of Cybersecurity Capital Raises By Stage
Investments Over The Past 3 Years | 2017-2019
# of Deals By Stage Selected Companies By Stage

2018-2019
2.8% 16.0% (5.4%) 5.8%
Growth
152 144 148 Early

2017
111
81
94 95 103 109
Stage
2018 54 56 53
2019
Early Stage Series A Series B Series C+

Median
2017 $1.6 $6.5 $16.0 $26.3 Series A
2018 $2.6 $8.3 $20.0 $30.0
Deal Size
2019 $2.5 $11.4 $20.3 $40.0
Capital Raised By Stage ($M)

2018-2019
Growth
(15.6%) 68.7% (2.3%) 55.8%
Series B
$5,540
2017
$3,214 $3,557
2018
$1,517 $1,345 $1,313
2019 $546 $461
$843 $899
$950
$358
Series C+
Early Stage Series A Series B Series C+
Note: Excludes grants and straight debt / loan financings. Follow-on financings (e.g., A, A1) in same year combined to represent one deal for that stage. Return To Table Of Contents 44
U.S. Cybersecurity Funding By State
Investments Are Still Concentrated In Traditional Hubs, But New Hubs Are Continuing To Attract Investment.
Top 10 Most Active States By Investment Funding Ranking Detail – 274 Total Investments In USA In 2019
Total $ Invested
Ranking State # of Investments
($M)
1. California 119 $2,992
2. New York 36 $638
3. Maryland 17 $123
4. Virginia 13 $142
5. Massachusetts 12 $351
6. Colorado 10 $182
7. Washington 8 $149
8. Texas 6 $173
9. Florida 5 $376
10. Georgia 4 $76

Total Investments By State
0-5 6-10 11-15 16-20 20+ Total 230 $5,202

Notable Cybersecurity Funded Companies
Companies That Have Raised $10M+ Over The Past 5 Years | 2015 – 2019.
$10M - $25M $25M - $50M $50M - $100M
$100M+
Total Amount Raised ($M)1 $27,775.8

For Additional Information On Backup Data Supporting Transaction Data, Please Contact Momentum Cyber.
Median Amount Raised ($M) 1 $25.0
(1) Summary Stats Represent Amounts Raised Since 2017 Within Cohort of Cybersecurity Companies Having Raised $10M+. Return To Table Of Contents 46
Denotes companies that have been acquired since 2017; Denotes companies that have IPO-ed since 2017
Active Cybersecurity Investors
Firms That Led Investments Totaling $10M+ Over The Past 5 Years | 2015 – 2019.
$10M - $25M $25M - $50M $50M - $100M
$100M+
For Additional Information on Backup Data Supporting Transaction Data, Please Contact Momentum Cyber.
Note: Represents aggregate size of total funding rounds led by each investor. Return To Table Of Contents 47
III. Public Company
Trading Analysis
IV.
Cybersecurity Multiples Year-Over-Year
Majority Of Public Company Valuations Have Improved In 2019.
The Majority Of Cybersecurity Revenue Multiples Have Increased Over The Past 12 Months
EV / 2019E Revenue
Company EV / 2018E Revenue EV / 2019E Revenue % Change
Multiple as of 12/31/19
EV / 2018E Revenue
Multiple as of 12/31/18 2019 5.7x 8.6x 51.8%
38.2% Increase
2018 Max 23.9x 3.2x 4.4x 39.3%
Max 17.3x 17.3x 23.9x 38.2%
5.8x 7.6x 31.7%
6.9x 9.1x 30.7%
2.7x 3.2x 21.9%
2.0x 2.5x 21.5%
8.3x 9.8x 17.3%

15.6% Increase
6.2x 7.0x 14.1%
Median 6.9x
Median 6.0x 2.0x 2.3x 13.9%
3.6x 4.1x 13.1%
6.4x 6.9x 8.1%
6.4x 6.8x 5.4%
7.5x 7.6x 2.1%
9.4x 9.2x (1.5%)
2.4x 2.3x (6.9%)
13.2% Increase 4.2x 3.8x (8.6%)

Min 2.3x
Min 2.0x 8.2x 7.0x (15.4%)
Excludes Cybersecurity Companies that went public in 2018 or 2019 (Avast, Cloudflare, CrowdStrike, Ping Identity, SolarWinds, Tenable, Tufin, & Zscaler).
Cybersecurity IPO Insights
There Were 4 IPOs In 2019 | Cybersecurity Stocks Continue To Perform Well Since Their Respective IPOs.
IPO Pipeline | Median Amount Raised: $286M
$500M Acquisition By $4.2B Acquisition By

Raised: $103M Raised: $238M Raised: $193M Raised: $154M Raised: $333M Raised: $333M Raised: $346M Raised: $682M
Implied Multiple At IPO (EV / LTM Revenue)

Implied EV / Revenue Multiple 26.0x
Median At IPO 6.9x
Current Median 8.2x

17.7x 18.3x
11.2x 11.5x
10.6x
8.3x 7.6x 8.3x 7.9x
5.6x 6.2x
5.4x
3.6x 4.2x 3.5x 4.0x
3.1x 2.9x 3.1x
IPO Timing 2012 2013 2014 2015 2016 2017 2018 2019
Stock
Performance 781% 783% 451% 595% (17%) 629% 250% 334% 19% 579% 49% 97% 191% 75% 4% 24% 26% 47% 14% 62%
(since IPO)
EV / LTM Rev
(Current)
10.5x 7.4x 7.2x 9.6x 4.1x 9.4x 9.1x 7.1x 2.3x 25.7x 4.5x 7.1x 16.8x 8.2x 6.3x 8.2x 4.9x 23.0x 17.3x 8.2x
Total Raised
(From IPO)
$230M $82M $260M $91M $304M $86M $103M $78M $112M $187M $116M $240M $192M $786M $251M $375M $108M $612M $525M $188M
Source: Capital IQ. Stock performance and valuation multiples as of December 31st, 2019.
Significant Growth in Public Cyber Companies | 2010 – 2019
Aggregate Market Capitalization For Cybersecurity Has Grown Considerably Over The Last Decade.
Explosive Growth In Public Cybersecurity Companies
Public Company Stats | 2010 Public Company Stats | 2019

379%
Growth in Market
Market
Capitalization ($B) $45.3B
Market
Capitalization ($B) $216.7B Capitalization
Number Number
175%
of Companies 12 of Companies 33 Growth in Number of Public
Cybersecurity Companies
Public Cyber Companies | 2010 Public Cyber Companies | 2019
Source: Capital IQ.

Note: Only includes companies with a market capitalization of greater that $150M. Return To Table Of Contents 51
The IPO Pipeline | 2020
The Current Backlog Of Well-Funded Companies Positions 2020 As Another Active Year For Cybersecurity IPOs.
2020 IPO Watchlist

Company Sector Founded Location CEO Select Investors Raised To Date Select Public Competitors
Identity & Access

2013 Bellevue, WA Eugenio Pace $213M
Management
Identity & Access

2004 Santa Clara, CA Tim Steinkopf NM
Management
SecOps & Incident

2013 Cambridge, UK Nicole Eagen $238M
Response
SecOps & Incident

2013 San Mateo, CA Nir Polak $193M
Response
Identity & Access

2009 San Francisco, CA Fran Rosch $150M
Management
Cloud Security 2013 Sunnyvale, CA Andrew Rubin 333M
Endpoint Security 1987 Santa Clara, CA Peter Leav NM
Identity & Access

2011 Atlanta, GA Vijay Balasubramaniyan $223M
Management
SecOps & Incident

2010 Redwood City, CA Ramin Sayar $346M
Response
Endpoint Security 2007 Emeryville, CA Orion Hindawi $687M

Cybersecurity vs. The Benchmarks
High Growth Stocks Cybersecurity Stocks Outperformed Broader Market Benchmarks Over The Past 12 Months.
180 Benchmark Last 3 Mo. Last 6 Mo. Last 12 Mo.
High Growth Cyber 9.5% (0.3%) 42.4%
Low Growth Cyber 15.7% 12.2% 19.5%
S&P 500 8.5% 9.0% 28.9%

160
NASDAQ 12.2% 10.9% 35.2%
HACK Index* 11.0% 4.0% 23.2%
42.4%
140
35.2%
28.9%
23.2%
120 19.5%
100
80
Dec-18 Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19
High Growth Cyber Low Growth Cyber S&P 500 NASDAQ Composite Index HACK Index
Source: Capital IQ. Public Market Data as of December 31st, 2019.

Note: *PureFunds ISE Cybersecurity ETF. Return To Table Of Contents 53
Public Cybersecurity Companies LTM Stock Performance
LTM Stock Performance By Growth %.
81% 80% 66% 62% 57% 52% 47%

$140 $80 $25 $160 $120 $120
$120 $6 $140 $100

$60 $100
$120 $80
$100 $20
$4 $100 $60
$40 $80
$80 $80 $40
$60 $20 $2 $15 $60 $60 $20
D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D J J A S O N D
43% 37% 34% 32% 29% 29% 26%

$160 $140 $60 $4 $50
$22 $22
$140 $120 $19 $50 $40
$18
$3
$16
$120 $100 $14 $40 $30
$13
$100 $80 $10 $10 $30 $2 $20

D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D
26% 26% 19% 14% 12% 8% 8%

$40 $260 $100 $100 $140 $40
$22
$240 $80 $90 $130 $35
$30
$220 $18
$60 $80 $120 $30
$200
$20 $14
$180 $40 $70 $110 $25
$10 $160 $20 $10 $60 $100 $20

A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D
2% 0% (1%) (5%) (14%)

$20 $40 $30 $60 $10
$35 $8
$25 $55
$30 $6
$15 $20 $50
$25 $4
$20 $15 $45 $2
$10 $15 $10 $40 $0
D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D D J F M A M J J A S O N D
Source: Capital IQ. Public Market Data as of December 31st, 2019.

Note: Charts pertaining to Tufin (April 2019), CrowdStrike (June 2019), Cloudflare (August 2019) and Ping Identity (August 2019) reflect monthly stock prices from their respective IPO dates & prices. Return To Table Of Contents 54
Growth & Profitability Remain Highly Correlated To Value…
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.
12.0x
$22,826M
11.0x
$3,232M
10.0x $4,407M
$2,767M
9.0x $5,813M
$1,935M
8.0x
$2,105M
EV / 2019E Revenue
$2,689M
7.0x
$2,347M
$18,260M $5,695M
6.0x
$603M $16,892M
5.0x $1,547M $3,508M $6,480M
$7,186M
$22,653M
4.0x
R2 December 31st: 59.3%
3.0x : 20.3%, 15.9x
$534M
: 69.9%, 20.2x
2.0x
$3,530M : 34.9%, 23.9x
$688M
1.0x $1,353M : 53.0%, 15.7x
Above 4 companies have been excluded
from R2 calculation
0.0x
0% 10% 20% 30% 40% 50% 60%
2019E Revenue Growth + 2019E Operating Margin
Source: Capital IQ. Public Market Data as of December 31st, 2019. Using Latest Spot Exchange Rate.
Note: Size of the bubble indicates Market Cap. In USD. % represents 2019E Revenue Growth + 2019E Operating Margin; the multiple represents EV / 2019E Revenue. Return To Table Of Contents 55
… While The Correlation To Growth Alone Is Much Weaker
Public Markets Today Value A Balance Of Growth & Profitability – Back To Basics.
12.0x
$22,826M
11.0x
10.0x $3,232M $4,407M

$1,935M $2,767M
$16,892M
9.0x $5,695M $22,653M
$5,813M $6,480M
8.0x
$2,105M $2,689M
EV / 2019E Revenue
7.0x
$18,260M $2,347M
6.0x
5.0x $7,186M $3,508M
4.0x $3,530M $603M

R2 December 31st: 15.0%
$1,547M
3.0x : 46.5%, 15.9x
: 86.9%, 20.2x
2.0x : 43.9%, 23.9x
$688M
1.0x $1,353M $534M : 47.3%, 15.7x
Above 4 companies have been excluded
from R2 calculation
0.0x
0% 10% 20% 30%
2019E Revenue Growth
Source: Capital IQ. Public Market Data as of December 31st, 2019. Using Latest Spot Exchange Rate.
Note: Size of the bubble indicates Market Cap. In USD. % represents 2019E Revenue Growth; the multiple represents EV / 2019E Revenue. Return To Table Of Contents 56
Trading Multiples: High Growth & Low Growth
Valuation Multiples For High Growth & Low Growth Cybersecurity Companies.
EV / 2019E Revenue EV / 2020E Revenue
23.9x
20.2x
18.1x
15.9x
15.7x
13.8x
12.0x
11.9x
9.8x
9.1x 8.6x Median: 9.1x 9.2x
7.0x 6.9x 8.0x 7.9x 7.9x 7.6x 7.6x 7.0x 8.0x 7.6x Median: 7.6x 8.1x 7.4x 7.4x
7.0x 7.3x 7.0x 6.6x
6.8x 5.9x 4.9x 4.4x 4.1x 3.8x Median: 4.9x 5.9x 5.7x
5.6x 4.8x
6.0x Median: 4.2x
3.2x 4.2x 3.9x 3.8x 3.6x
2.9x
2.5x 2.3x 2.3x 2.4x 2.1x 2.1x
OKTA CRWD NET ZS SPLK CYBR RPD PFPT PANW MIME TENB QLYS PING AVST SWI CHKP FTNT SAIL TUFN FSCT FEYE TREND BB OSPN FSC1V SCWX OKTA CRWD ZS NET SPLK CYBR RPD PFPT PANW MIME TENB QLYS CHKP AVST PING SWI FTNT SAIL TUFN FSCT FEYE TREND BB OSPN SCWX FSC1V
2018A - 2019E Revenue Growth 2019E - 2020E Revenue Growth

87%
47% 46% 46%

44%
33% 32%
32% 32%
30% Median: 32% 31%
Median: 23%
25% 25% 24% 23% 23%
23% 21% 21% 19% 19% 21% 20%
19% 18% 15% 15% 20% 19% 18%
15% 14% 12% Median: 15% 15% 15% 14% 14%
12% 11% 9% 9% Median: 9%
8% 7% 6%
6% 6% 5% 4% 6% 5%
3% 3%
CRWD ZS NET OKTA RPD TENB SPLK CYBR MIME PFPT PANW TUFN PING FTNT BB OSPN FSC1V QLYS SAIL FSCT SWI SCWX FEYE AVST CHKP TREND CRWD NET OKTA ZS TENB RPD SPLK MIME PANW PFPT CYBR TUFN SAIL FTNT QLYS FSCT SWI PING BB FSC1V FEYE AVST OSPN SCWX TREND CHKP
High Growth Low Growth High Growth Low Growth

Source: Capital IQ. Public Market data as of December 31st, 2019.
Note: High Growth represented by companies with >20% revenue CAGR; Low Growth represented by companies with <20% revenue CAGR. Return To Table Of Contents 57
Security Benchmarking Analysis
Ranking Based On Metrics That Are Principal Valuation Factors.
81% 80%
63% 62% 57% 52%
1-Year 47% 43% 37% 34% 32% 29% 28% 26% 26% 23% Average: 29%
Stock 19% 14% 12% 8% 8% 2% 0%
Performance (1%) (6%) (10%)
* * * *
18.1x
13.8x
12.0x 11.9x
EV / CY20E 8.1x 8.0x 7.6x 7.4x 7.4x 7.3x 7.0x 7.0x 6.6x 6.0x 5.9x 5.7x 5.6x Average: 6.7x
4.8x 4.2x 3.9x 3.8x
Revenue 3.6x 2.9x 2.4x 2.1x 2.1x
OKTA CRWD ZS NET QLYS SPLK CYBR CHKP LSE:AVST PING SWI RPD FTNT SAIL PFPT PANW MIME TENB TUFN FSCT FEYE TSE:4704 TSX:BB OSPN SCWX HLSE:FSC1V
46%
33% 32% 31%
Revenue 24% 23% 23% 21% 20% 20% 19% 18% 15% 15% 14% Average: 17%
Growth 14% 12% 11% 9% 9% 8% 7% 6% 6% 5%
(CY20E) 3%
CRWD NET OKTA ZS TENB RPD SPLK MIME PANW PFPT CYBR TUFN SAIL FTNT QLYS FSCT SWI PING TSX:BB HLSE:FSC1V FEYE LSE:AVST OSPN SCWX TSE:4704 CHKP
56% 51%
EBITDA 46% 42%
32% 28% 28% 23%
Margin 19% 18% 17% 15% 13% 12% 12% 11% 10% 9% 6% 2% (0%)
Average: 16%
(3%) (5%)
(CY20E) (6%) (8%) (16%)
Source: Capital IQ. Public Market data as of December 31st, 2019.

* Denotes stock price performance since IPO in 2019 Return To Table Of Contents 58
Public Company Trading Analysis
High-Growth & Low-Growth Cybersecurity.
LTM Price Market Enterprise Revenue Growth EV / Revenue EV / EBITDA P/E

Company Stock Price
Performance Cap ($M) Value ($M) LTM 2018A-2019E 2019E-2020E LTM CY 2019E CY 2020E LTM CY 2019E CY 2020E LTM CY 2019E CY 2020E
High-Growth Cybersecurity (>20% 2018A – 2021E CAGR)
$149.77 42.8% $22,826 $22,945 33.5% 30.4% 22.5% 10.5x 9.8x 8.0x NM NM 43.1x 81.8x 80.5x 64.0x
$231.25 22.8% 22,653 21,609 24.2% 21.4% 20.5% 7.2x 6.9x 5.7x 28.5x 29.2x 24.7x 43.3x 46.7x 41.2x
$115.37 80.8% 13,983 13,713 48.0% 43.9% 31.8% 25.7x 23.9x 18.1x NM NM NM NM NM NM
* $49.87 46.7% 10,251 9,417 96.9% 86.9% 45.8% 23.0x 20.2x 13.8x NM NM NM NM NM NM
$114.78 37.0% 6,480 6,227 26.7% 23.3% 19.9% 7.4x 7.0x 5.9x 41.9x 40.6x 33.7x 65.6x 66.3x 60.2x
*
$116.58 57.2% 4,407 3,901 31.4% 25.5% 18.7% 9.4x 9.1x 7.6x 29.7x 30.1x 26.9x 43.3x 44.7x 41.9x
$56.02 79.8% 2,767 2,782 30.5% 32.5% 23.1% 9.1x 8.6x 7.0x NM NM NM NA NM NM
$43.38 29.0% 2,689 2,733 26.9% 25.3% 21.0% 7.1x 6.8x 5.6x 41.9x 40.3x 29.7x NM NM 68.3x
Mean 41.5% 37.7% 26.5% 12.7x 11.8x 9.1x 35.5x 35.1x 31.6x 58.5x 59.5x 55.1x
Median 33.5% 31.6% 23.1% 9.4x 9.1x 7.6x 35.8x 35.2x 29.7x 54.5x 56.5x 60.2x
Low-Growth Cybersecurity (<20% 2018A – 2021E CAGR)

$106.76 51.6% $18,260 $16,361 19.8% 19.1% 15.2% 8.0x 7.6x 6.6x 29.5x 28.1x 23.4x 46.4x 44.4x 39.4x
$110.96 8.1% 16,892 15,208 4.2% 4.0% 2.9% 7.7x 7.6x 7.4x 14.9x 14.9x 14.4x 19.1x 18.1x 17.2x
$51.15 (6.0%) 7,186 5,720 2.7% 2.6% 4.6% 3.8x 3.8x 3.6x 11.7x 10.7x 11.3x 26.3x 26.8x 25.4x
$5.91 63.3% 5,813 6,907 13.1% 5.4% 7.1% 8.2x 7.9x 7.4x 14.9x 14.2x 13.2x 20.4x 19.2x 17.4x
$18.55 34.1% 5,695 7,390 11.8% 12.5% 11.6% 8.2x 7.9x 7.0x 16.7x 16.4x 15.4x 23.2x 22.4x 20.9x
$6.39 (10.1%) 3,530 3,417 14.9% 18.6% 9.0% 3.4x 3.2x 2.9x 22.2x 22.2x 20.0x 42.6x 42.6x 44.3x
$16.53 2.0% 3,508 3,601 6.4% 6.0% 7.9% 4.1x 4.1x 3.8x 35.0x 33.3x 31.4x NM NM NM
$83.37 11.5% 3,232 2,972 16.3% 15.3% 14.1% 9.6x 9.2x 8.1x 22.5x 21.5x 19.1x 37.7x 36.5x 33.3x
$23.60 0.5% 2,105 1,984 17.6% 14.5% 15.3% 7.1x 7.0x 6.0x NM NM NM 94.4x NM NM
*
$24.30 62.0% 1,935 1,929 14.8% 19.3% 10.6% 8.2x 8.0x 7.3x 35.5x 40.3x NM NM 50.4x 79.6x
$16.66 (1.4%) 1,353 1,245 6.4% 6.0% 5.5% 2.3x 2.3x 2.1x NM NM NM NA NM NM
$17.12 32.2% 688 621 23.0% 17.6% 5.9% 2.5x 2.5x 2.4x 21.7x 22.5x 18.6x 36.4x 37.1x 28.2x
*
$17.59 25.6% 603 505 NA 21.1% 18.0% 4.9x 4.9x 4.2x NM NM NM NM NM NM
$3.38 27.7% 534 556 18.6% 15.4% 8.8% 2.3x 2.3x 2.1x 23.4x 18.8x 17.3x NA 87.0x 35.8x
Mean 13.5% 12.8% 10.0% 5.7x 5.5x 5.0x 22.5x 22.1x 18.4x 38.5x 38.4x 34.2x
Median 14.8% 14.5% 9.0% 4.9x 4.9x 4.2x 22.2x 21.5x 18.0x 36.4x 36.8x 30.8x
Source: Capital IQ. Market data updated as of December 31st, 2019.

Note: NM – Not Meaningful, NA – Not Available. *Price performance from IPO price. Return To Table Of Contents 59
Public Company Trading Analysis | Operating Metrics
High-Growth & Low-Growth Cybersecurity.
Revenue ($M) Revenue Growth (%) EBITDA ($M) EBITDA Margin (%)
Company
LTM CY 2019E CY 2020E LTM 2018A-2019E 19E-20E LTM CY 2019E CY 2020E LTM CY 2019E CY 2020E
High Growth Cybersecurity (>20% CAGR)
$2,190 $2,350 $2,880 33.5% 30.4% 22.5% $371 $390 $532 17.0% 16.6% 18.5%
3,016 3,146 3,790 24.2% 21.4% 20.5% 759 740 874 25.2% 23.5% 23.1%
534 575 757 48.0% 43.9% 31.8% (35) (41) (39) (6.6%) (7.1%) (5.1%)
410 467 681 96.9% 86.9% 45.8% (67) (53) (0) (16.3%) (11.4%) (0.0%)
843 884 1,060 26.7% 23.3% 19.9% 149 153 185 17.6% 17.4% 17.4%
333 358 469 56.0% 47.3% 31.0% 39 34 45 11.6% 9.5% 9.5%
259 282 376 47.1% 46.5% 33.3% (43) (44) (23) (16.5%) (15.5%) (6.1%)
413 431 511 31.4% 25.5% 18.7% 131 129 145 31.7% 30.1% 28.4%
304 323 398 30.5% 32.5% 23.1% 8 11 26 2.7% 3.4% 6.5%
382 403 487 26.9% 25.3% 21.0% 65 68 92 17.1% 16.8% 18.9%
333 352 436 35.1% 31.6% 23.8% (37) (38) (36) (11.0%) (10.8%) (8.2%)
Low Growth Cybersecurity (<20% CAGR)

$2,049 $2,145 $2,471 19.8% 19.1% 15.2% $556 $582 $701 27.1% 27.2% 28.4%
1,976 1,993 2,052 4.2% 4.0% 2.9% 1,018 1,018 1,055 51.5% 51.0% 51.4%
1,492 1,504 1,573 2.7% 2.6% 4.6% 487 534 507 32.6% 35.5% 32.2%
845 872 934 13.1% 5.4% 7.1% 462 488 521 54.7% 56.0% 55.8%
906 941 1,051 11.8% 12.5% 11.6% 443 451 481 48.8% 48.0% 45.8%
1,013 1,065 1,161 14.9% 18.6% 9.0% 154 154 171 15.2% 14.5% 14.7%
872 881 950 6.4% 6.0% 7.9% 103 108 115 11.8% 12.3% 12.1%
311 322 367 16.3% 15.3% 14.1% 132 138 156 42.5% 43.1% 42.5%
278 285 329 17.6% 14.5% 15.3% 29 23 30 10.5% 7.9% 9.0%
234 240 266 14.8% 19.3% 10.6% 54 48 30 23.2% 19.9% 11.3%
330 340 386 19.7% 14.3% 13.5% (23) (27) (13) (7.0%) (7.8%) (3.3%)
541 550 580 6.4% 6.0% 5.5% 13 11 14 2.4% 2.0% 2.5%
248 250 264 23.0% 17.6% 5.9% 29 28 33 11.5% 11.1% 12.6%
102 103 121 NA 21.1% 18.0% (8) (10) (20) (7.4%) (9.6%) (16.3%)
239 245 266 18.6% 15.4% 8.8% 24 30 32 10.0% 12.1% 12.1%
Source: Capital IQ. Market data updated as of December 31st, 2019.

Note: NM – Not Meaningful, NA – Not Available. Return To Table Of Contents 60
II. Cybersecurity
Industry
V.
Perspectives
Partner Industry
Perspectives
+
By Bob Ackerman (Founder, Managing Director, AllegisCyber).
Featured Author Select Cybersecurity Market Considerations

Bob Navigating the Cybersecurity landscape requires deep rooted experience and domain expertise given the rapid pace of innovation and complex
challenges that are being solved; nonetheless, Cybersecurity remains a highly attractive market, supported by broader macro-economic trends
Ackerman Jr.
Virtually all of Cybersecurity innovation takes place in private companies that are trying to protect a
Driven By Innovation
continuing expanding attack surface; there are no prizes given for “2nd Best”
The infrastructure supporting today’s interconnected, high-speed, high-velocity, data-centric economy
Digital Economy
Bob founded AllegisCyber in 1996 after a successful
was designed for functionality, not security; critical gaps and vulnerabilities remain
career as a serial entrepreneur, with a mission to Last year, Gartner predicted that Global Cybersecurity spend would exceed $124B in 2019, and reach
build a seed and early-stage venture firm that would Largest Subsector Of IT
$170B by 2022
combine operational experience with an
entrepreneurial spirit and a focus on forging true Massive Dedicated CISO budgets are bigger than ever before, yet the frequency and impact of data breaches has not
partnerships with portfolio companies to build Budgets subsided; ROI evaluation becoming increasingly critical
successful and sustainable Cybertechnology
companies. Bob is also a Co-Founder of Datatribe, a Breach Impact Continues More stringent regulations imposing punitive penalties and fines (i.e. GDPR, CCPA), along with the
Cybersecurity Startup Foundry, and has been To Rise impact from negative public perception, is driving widespread demand
recognized as a Fortune 100 Cybersecurity executive
and as one of “Cybersecurity’s Money Men” National Security Critical for Cybersecurity companies to leverage offensive, National Security talent (the deepest pool of
Expertise Cybersecurity domain expertise) to understand and combat adversaries
As an entrepreneur, Bob was the President and CEO
of UniSoft Systems, a global leading UNIX Systems As Cybersecurity staffing shortages are projected to reach 1.8M people by 2022, organizations are
House and the Founder and Chairman of InfoGear Chronic Talent Shortage
focusing their budgets on solutions that alleviate alert fatigue and improve efficiencies
Technology Corporation, a pioneer in the original
integration of web and telephony technology and While IT is the threat vector, Cybersecurity exposure have become more about broader business risk
Broadly Horizontal
creator of the original iPhone. that can affect all aspects of an organization
Outside of Allegis, Bob teaches New Venture Increasing Board-Level Cybersecurity is now recognized as an existential risk to any organization in the digital economy, leading
Finance in the MBA program at the University of Involvement to increasing appointments of Chief Risk Officers
California, co-manages his family’s small Napa Valley
winery – Ackerman Family Vineyards, and enjoys fly Robust Path To Liquidity M&A & IPOs with premium outcomes compared to other enterprise software verticals
fishing.

+
By Bob Ackerman (Founder, Managing Director, AllegisCyber).
Cybersecurity Innovation Types Security Is A Key Element Of The Innovation Landscape Cybersecurity Investment Sector Spotlights
▪ Cybersecurity solutions are primarily categorized into In the era of technology innovation, determinants had historically been Private companies are in a constant race to understand
remedial / reactive and forward-looking / pre-emptive about Storage, Computing, and Communication capabilities. In recent years, where the next wave of challenges are most likely to come
solutions differentiation through enhanced security has established itself as a “4 th leg from, and develop solutions to protect against them before
▪ Remedial solutions help identify and secure gaps of the innovation stool” for design criteria adversaries are able to exploit it
▪ Forward-looking Cybersecurity solutions help us Technology Innovation Determinants Understanding, Measuring, Monitoring,&
understand how to manage data and IT systems in the Mitigating Cyber Risk
global digital economy
▪ It is imperative that we continue to imagine, design, and AI & Defense Against The Weaponization Of AI
Communication
deliver a new technology framework where security is an
essential, mandatory capability for any business objective
Computing
Identity & Access Management
Security
▪ While forward-looking companies are often riskier
Storage
companies, solving more challenging problems, they are Weaponization Of Data / Data Provenance / Data
typically the true leaders of innovation Privacy / Data-Centric Security
Remedial Forward-Looking Industrial Control Systems (ICS)

Over-Capitalized Under-Capitalized
Satellites / Non-Terrestrial Communication
Highly Crowded Market More Fragmented Opportunity Systems
Defined Problems Solved Difficult, Unforeseen Targets
Continuous Controls, Compliance, & Monitoring
Limited Differentiation Highly Differentiated Of Digital Environments
Strategic Elements For Optimizing A Cybersecurity Investment Platform
Deep Thought- Intelligence

Startup Strategic
Domain Leadership Community
Foundry Partnerships
Knowledge Conferences Influence

By Yoav Leitersdorf (Founder, Managing Partner, YL Ventures).
Featured Author The Evolution of Seed Investment Market Dynamics

As seasoned Cybersecurity investors, YL Ventures has witnessed notable changes in the investment landscape over the past decade
Yoav
Larger Seed & More Experienced Faster Decision & Greater Entrepreneur
Leitersdorf Follow-On Rounds Teams GTM Timelines Aspirations
The Makings Of A Cyber-Nation

Yoav Leitersdorf has been a successful tech YL Ventures’ singular focus
Close Proximity To Fellow
entrepreneur and investor for 25 years. on Israeli Cybersecurity
IDF Produces Highly Strong Networks Lead Entrepreneurs Results In
startups has given the firm
Skilled Technical To Rapid Team Collaboration, Mindshare
marked insight into why
YL Ventures, which he founded, manages Personnel Building & Partnership
Israel stands out as a leading Opportunities
$260M focused on seed-stage, deep
nation in the industry
technology Israeli Cybersecurity investments.
With its dual presence in Silicon Valley and
Tel Aviv, extensive global Cybersecurity
Optimizing Investment Strategies In This Competitive Market Recent Cybersecurity Sectors Of Interest
network, and specialized industry expertise, Know the market; establish a
the firm takes a hands-on approach to Immerse yourself in the YL Ventures actively seeks out brilliant teams targeting greenfield opportunities
clear investment thesis before
accelerate its portfolio companies from seed entrepreneur community where there are little-to-few vendors currently addressing key market issues
meeting companies
to lead. Its carefully curated portfolio has
enjoyed a successful track record of high- YL Ventures' Value-Add Advantage Select Sectors YL Portfolio Company
profile exits to major corporations, including
Microsoft, CA, Proofpoint, and Palo Alto Vulnerability Assessment &
Networks. 60 Committed 1,600+ CISOs Management (Assessment) (Management)
Venture Advisors In Network Cybersecurity Asset
Prior to YL Ventures, Yoav founded, grew Management
and sold three tech startups, worked as an
Associate at DFJ Gotham Ventures, studied Threat Hunting
U.S. Market Acumen & Deep Technical Domain &
at IMD, and earned an MBA with honors Access To Key Players GTM Expertise
from Columbia University. IoT Security

The CISO Current | Top CISO Insights
By Yoav Leitersdorf (Founder, Managing Partner, YL Ventures).
YL Ventures released the first edition of its “CISO Current” report in August 2019, which provides the Cybersecurity community with direct insight into the strategies and minds of
some of the world’s leading CISOs based on interviews with members of YL Ventures’ Venture Advisory Board
BIGGEST CHALLENGES CLOUD ADOPTION RISKS

HUMAN CAPITAL ASSET VISIBILITY
Hiring, training, and retaining Cybersecurity talent, and Creating clear and holistic visibility of all organizational
improving cross-organizational Cybersecurity cooperation assets
CYBERSECURITY METRICS DEVSECOPS / SECURE CODING Hybrid & Asset Securing

Multi-Cloud Visibility Legacy
Meaningfully and continuously measuring and quantifying Integrating security early in code development, and Security Applications
the state of Cybersecurity programs, controls, and overall fostering cooperation with developers and DevOps to
posture prioritize security in code development
OVERALL SECURITY PROGRAM MANAGEMENT HUMAN ERROR / PHISHING TRIAGE OVER-HYPED SECTORS
Starting, maturing, and scaling security management Mitigating phishing attempts and leveraging training and
programs technological solutions to reduce click rates
AI & ML Zero-Trust
TOOL MANAGEMENT DETECTION & RESPONSE
Reducing overlap, managing high data volume, Broadening breach detection accuracy and speed, and
developing road mapping capabilities and avoiding alert orchestrating quick and effective countermeasures
fatigue Blockchain SOAR SIEM
MANUAL PROCESSES THAT CAN BE AUTOMATED SEEKING NEW SOLUTIONS FOR OLD PROBLEMS
Detection & Vulnerability / Access Control &
Incident Vulnerability Phishing
Response Management Detection 1 Response (Including 2 Patch 3 Identity & Access
Threat Hunting) Management Management

| The State Of The Israeli Cybersecurity Market 2019
Israel’s Cybersecurity Industry Continues Its Tremendous Growth.
Yoav Leitersdorf Ofer Schreiber

Managing Partner Partner
As the global Cybersecurity market becomes increasingly crowded,

the Start Up Nation remains a bulwark of innovation and
opportunity generation for investors and global cyber companies
alike. It achieved this chiefly in 2019 by adapting to the industry’s
competitive developments and pushing forward its most
accomplished entrepreneurs in larger numbers to meet them.
New data illustrates how Israeli entrepreneurs have seized on the

country’s reputation for building radically cutting-edge technologies
as the number of new Israeli cybersecurity startups addressing
nascent sectors eclipses its more traditional counterparts. Moreover,
related findings highlight how Cybersecurity companies looking to
expand beyond their traditional offerings are entering Israel’s
Cybersecurity ecosystem in larger numbers through highly strategic
acquisitions.
Broadly, new findings also reveal the Israeli Cybersecurity market’s

overall coming of age, seasoned entrepreneurial dominance and
greater appetite for longer-term visions and strategies — the latter
of which received record-breaking investor backing in 2019.
Source: Tech Crunch: Israel’s Cybersecurity Startup Scene Spawned New Entrants In 2019.
By ClearSky Security Investment Team | Alex Weiss, Jay Leek, Peter Kuper, & Patrick Heim
ClearSky Security Fund Overview Cybersecurity Portfolio Overview

ClearSky Security is a venture capital / growth equity firm focused on disruptive investing in technology-based companies since 2012 with offices in
Florida, New York, Boston, and San Francisco. The firm is currently investing out of its $323M dedicated Cybersecurity Fund.
26 Portfolio Investments
Investment Team & Relevant Experience | 60+ Years Of Security Investing & Practitioner Experience
7 Liquidity Events
Company Domain
Alex Weiss Jay Leek Defense Contracting
Co-Founder & Managing Director Co-Founder & Managing Director
SaaS Security
Alex Weiss is a Managing Director and Co-founder of ClearSky Security. He has been the Chief Jay Leek, CISM, CISA, CISSP, is a Managing Director and Co-founder of ClearSky Security. Over
Investment Officer for NextEra Energy, and also has over 20 years of private equity and venture the past 20 years, he was the CISO for Blackstone, where he worked with their Cybersecurity Web Security
capital experience with firms such as Morgan Stanley, Smith Barney, and Paine Webber. investments and portfolio companies. Jay has also held senior security roles at Nokia and Equifax.
Data Privacy & Protection
Peter Kuper Patrick Heim CISO Risk Mgmt.
Managing Director Operating Partner & CISO
Linux Infrastructure Security
Peter Kuper is a Managing Director of ClearSky. Prior to ClearSky, he was a Partner at In-Q-Tel, and Patrick Heim is an Operating Partner and CISO of ClearSky Security. Over the past two decades, he
was also a founder of HypAdvisor Consulting, a Cybersecurity-focused consultancy that advises has been the Head of Trust and Security for Dropbox, Chief Trust Officer for Salesforce.com, and Hybrid-Cloud Security
industry participants including startups, investment and research firms, and large enterprises. CISO of Kaiser Permanente and McKesson, as well as working with startup companies.
3rd Party Risk Mgmt.
Operator Mindset Combined With Valuable Insight Into Public & Private Sectors
Anti-Phishing Protection
Through formal and informal global networks of security professionals, ClearSky Security has access to thought leaders and leading decision makers to
provide valuable insight so ClearSky can invest more confidently in early stage companies with potential Threat Intelligence
Security Resell & Consulting

Decades Of ClearSky Security Deep Government
CISO Experience CISO Board Of Advisors Experience & Access Privileged & Conditional Access
SecOps & IR Automation

CISO Experience Guiding Investment Thesis
Non-Employee Identity Mgmt.
With decades of experience as CISOs of Fortune 500 Companies, ClearSky Security’s Investment Team has bought hundreds of millions
MSSP for SMB
of dollars of Cybersecurity solutions over their collective career. As a firm, ClearSky leverages this operational experience to develop a
market-driven investment thesis to align with the valuable learnings and perspective of typical Cybersecurity customers. Application Security

By ClearSky Security Investment Team | Alex Weiss, Jay Leek, Peter Kuper, & Patrick Heim
Cybersecurity Ecosystem Needs Continued Disruption & Innovation
Market conditions are leading to fundamental inefficiencies in Cybersecurity programs; CISOs and security teams of all sizes need to invest in solutions that minimize overhead &
necessary human-involvement. Companies across the Cybersecurity landscape continue to develop next-gen solutions to drive efficiencies & address elements of these key market trends.
Overarching The Vast & Growing Shifting To Next-Generation Increased Hybrid Cloud Proliferation Of Security
Market Trends Cybersecurity Talent Gap Security Products Adoption Products & Vendors
Leading With Prevention To Alleviate Machine Learning, Artificial Intelligence, Purpose-Built Solutions Designed To Integrated Solutions Or “Mini-Platforms”
Identified The Need For Linear Scaling Of & Advanced Analytics Solutions Are At Protect Hybrid (On-Premise & Cloud) To Consolidate The
Solutions Cybersecurity Talent The Forefront Of This Movement Environments Vendor Ecosystem
▪ 3.5M Cyber job vacancies expected by 2021 ▪ Many ML / AI technologies are features, but ▪ 83% of workloads are virtualized today ▪ The average enterprise environment has 75
Cybersecurity are not truly core to the platform security tools
Market ▪ 44% of alerts are not investigated ▪ More than half of enterprises are running
▪ It is difficult for customers & buyers to make hybrid cloud environments or have a hybrid ▪ Many product companies offer point solutions,
Challenges ▪ 54% of investigated alerts are not remediated sense of the market hype around ML / AI cloud strategy but are not true platforms
Today’s talent shortage will continue to Workloads are rapidly shifting to the
There is minimal “real AI”; most solutions A “Mini-platform” provides 3-5 unique
expand until we stop creating additional cloud, but there are fundamental reasons
are primarily algorithms that are driven by solutions that would have otherwise
deficiencies by simply adding more why some will remain on-prem for the
various types of ML needed 3-5 unique vendors to address
products / alerts foreseeable future
Prevention reduces the need for human High-quality integrated solutions can help
Commentary intervention; focus detection & response
If these solutions provide value and are Unless an organization is cloud-native, it
balance best-in-class capabilities,
& Value truly differentiated, they can be massively will be an extremely long process until it
efforts where it is more difficult to prevent operational efficiencies and agility with
disruptive truly moves 100% to the cloud
Proposition threats cost
Security solutions that are built with the

Expect to see more technology solutions Common use cases include to identifying Allows organizations to maintain or
mindset that workloads will continue to
that are delivered with a managed people- false positives and deriving valuable reduce the total number of vendors in its
be in a hybrid state will be better-
component to help bridge the talent gap insights from complex big data sets security stack, increasing efficiency
positioned to address this large market
Sources: IDC, Global Information Security Workforce Study, Optiv Security “E is for Efficiency” Whitepaper Return To Table Of Contents 69
By Alex Doll & Mark Hatfield | Ten Eleven Ventures, Co-Founders & Partners
Featured Authors
Alex is a Co-Founder and Managing General Partner of Ten Eleven Ventures. Mark is a Co-Founder and General Partner of Ten Eleven Ventures. Mark has led
The founding of Ten Eleven brings together Alex’s breadth of experiences in investments in early stage technology companies in a variety of roles since 2003.
finance, investing, software and security operating roles in Silicon Valley. In Prior to Ten Eleven, Mark was a Partner at Fairhaven Capital and served as a
2002, Alex co-founded PGP Corporation as it pioneered the encryption and Board Member of Co3 Systems and Digital Guardian. Prior to that, Mark was a
data protection marketplaces; PGP was sold in 2010 to Symantec. After PGP Managing Director for Motorola Ventures, and ran their West Coast Operations.
Corp. he continued his involvement with security companies as an angel Mark also previously headed up Strategy and Business Development for
Alex Doll investor, independent director, entrepreneur-in-residence at Khosla Ventures Mark Hatfield Motorola’s CIO and IT organization as well as Corporate Business Development
and security deal team consultant to private equity firm KKR. and IT roles at Bell Canada Enterprises & Bank of Montreal.
The Founding Of Ten Eleven Ventures

The idea to create Ten Eleven Ventures crystalized as Alex and Mark led the Series A investment in Cylance, exposing an opportunity to start the initial cyber-focused fund. Investing in Cylance affirmed Alex and Mark's
conviction that the long-term trust of the entrepreneur is a critical ingredient in building a world-class venture firm. It validated the firm's focus on fostering close relationships with a company's entire executive team. Doing so
not only helps Ten Eleven assist the company in operational matters, but also allows the firm to identify talent: the next great entrepreneur may not be currently carrying a "CEO" title. Lessons learned from the Cylance
investment have become a critical part of Ten Eleven's DNA: supporting Cybersecurity founders first, throughout their journey, and addressing the unique dimensions that succeeding in the Cybersecurity industry requires.
Why Cyber Is Unique

Cybersecurity is a distinct and rapidly evolving sector, impacted by innovation in other technical domains. Its characteristics require a specialized approach to investing, entrepreneurship, and corporate growth.
Ever-Evolving Industry Customer Tension Between Large Legacy Highly Technical Crowded Multiple
Challenges From New Adopting New Solutions & Incumbents With Solutions With Emerging Vendor Global Innovation
Technologies Streamlining Vendors Powerful Distribution Rapid Product Cycles Landscape Centers
Ten Eleven Invests at All Stages, Seeing the Whole Ecosystem and Meeting Entrepreneurs Where They Are
Ten Eleven is a stage-agnostic investment firm, making early stage Investments Across Company Stage
venture through growth stage investments. Later stage investing is
1011 Investments
done with the firm’s Joint Investment Alliance with KKR.

This approach enables the firm not only to take advantage of Series
SeriesAA Growth /
multiple investment opportunities but also to provide multiple Series D, E
windows into ongoing sector dynamics, providing a robust view of Series B Series C
the industry at any given moment in time. Seed
Company Stage

By Alex Doll & Mark Hatfield | Ten Eleven Ventures, Co-Founders & Partners
Innovation & Opportunity Exists Worldwide Entrepreneurs Face Distinct Challenges That Require Domain Expertise & Deep Networks To Address
Innovation hubs for Cybersecurity exist all over the world. To find the best technical founders and Ten Eleven Ventures brings decades of
products, investors must look in multiple geographies. Similarly, early-stage companies must build a operating and investing experience to Finding and Securing
robust “Corporate API” that can be applied to new markets, help the company expand globally, and the highly technical and specialized Specialized Talent
support international clients. domain of Cybersecurity.
Ten Eleven actively covers important geographies with a distributed group of professionals in Silicon
Valley, Boston, Boulder/Denver and London, as well as via strategic relationships in other key regions. The
It is with the lessons learned from these Perfecting Go-to-Market in a Crowded
firm also has extensive knowledge to help its portfolio companies enter international markets.
years in the trenches, along with the
Vendor Landscape
relationships forged along the way, that
the partners of Ten Eleven can advise
entrepreneurs on how to address the
unique challenges they will face. Navigating a Complex Ecosystem of
Influencers and Partners
These challenges are only getting more
intense as more and more new
companies enter the landscape,
Optimizing Strategic Finance &
making it harder to earn brand
awareness, consideration, and trial in Planning
the market.
Talent becomes more difficult to Planning and Executing International

source and retain. Careful planning Expansion
and execution are paramount.
2015 4 ~$500M 100% 19 6 5

Companies Countries
By The Numbers Founded Funds AUM Cyber Focus Investments
Acquired Invested In
Represents Investments In Companies That Were Acquired.

By Sid Trivedi (Partner, Foundation Capital).
Featured Author Key Themes Leading To Foundation Capital’s Investment Thesis In Cybersecurity
Key Themes Cybersecurity Investment Thesis
Sid Trivedi I. Focus on post-breach detection and response technologies over pre-breach prevention technologies
I. You can’t keep the bad guys out forever
II. Invest behind companies that enable security of the new hybrid cloud infrastructure
II. The attack surface has increased exponentially III. Protect IT, OT, and supply chain security within the hardware attack vector
IV. Reduce human vulnerability by investing in messaging security and cyber awareness training
Sid’s extensive experience working with early-stage, III. It’s REALLY tough to find security talent
V. Utilize advances in AI to reduce false positives (vs. creating new alerts) & automate existing processes
growth, and public companies has equipped him
with unique perspectives on how brand leaders are Foundation Capital Cybersecurity Market Map Sectors
built and sustained. He started on Wall Street at
Barclays Capital, advising on tech, media, and
telecom companies, spending time on mergers,
Human Vulnerability Software Level Hardware Level
takeovers, and corporate debt / equity financings. Sid
later worked as a private equity investment Identity & Access Firmware Security
professional at Symphony Technology Group and Management Prevention Detection & Surveillance Response
early-stage venture investor at Omidyar Technology
Ventures, with a focus on the enterprise software
sector. Threat Intel IT Security
Digital Risk
At Foundation Capital, Sid seeks to make investments Vuln. Assessment
Management Network & Fraud & Incident
in technologies across the enterprise stack, from
IPS Infrastructure Transaction Forensics
applications to infrastructure, and leads the firm’s Supply Chain
focus on cybersecurity. He works closely with Endpoint Security Security
portfolio companies CloudKnox, Respond Software, Messaging Security Operations
Anvilogic, Fortanix, and MistNet. Additionally, Sid Security Web Security & Incident Response
IoT
uses his network of over 100 Global 2000 CTOs,
Application Security Security
CIOs and CISOs to curate Foundation’s IT + Security
Dinner Series, a bimonthly gathering that brings
together customers to meet with early-stage startups Cyber Awareness Cloud Security
MSSP OT
and share ideas on the evolving infrastructure Training
Data Security Security
landscape and opportunities for innovation.

| Founding An Enterprise-Focused Cybersecurity Start-Up
From The Perspective Of An Early Stage Investor | Sid Trivedi (Partner, Foundation Capital).
Seed Stage Company Milestones
Not every Cybersecurity start-up will choose to go down the venture capital route (there have been plenty of highly successful companies that have bootstrapped their growth), but for those that are
seeking early stage funding, ensuring key milestones (see below) are achieved will be essential to securing funding
Choosing The Right Investor
Founding Team In Place Formulated Business Plan Product In Production Referenceable Customers ▪ It is never too early to begin networking
with potential investors
▪ 2 types of Cybersecurity ▪ It is critical to speak with CISOs ▪ Have a defined product; don’t ▪ Even the best product ideas can fail if ̶ Seed investors can successfully come in as
founders: during this process let potential customers push you they are unable to execute on a GTM early as the incubation stage
around and lose your identity strategy
Those that identified a ▪ Testing product thesis / business plan ▪ Be mindful of your investor’s expertise to
problem through experience with CISOs to confirm product / ▪ Cybersecurity is a more ▪ 6-figure enterprise deals typically ensure they will be the right partner
as a vendor or customer market fit technical sale & production than assign an internal champion since ̶ Investors should have early stage investing
most other sectors of significant budget has been experience, as well as a certain level of
Entrepreneurs that have ̶ If a product resonates with a
technology; requires serious committed; that champion will be domain expertise
identified market demand Global 2000 CISO, it is an
engineering capabilities motivated to see the Company survive
by “reading the headlines” impressive validation ▪ Keep an eye on what investors are doing
▪ Product / market awareness and ̶ These customers will be key prior to writing a check (indicator of future
▪ There is no such thing as a ▪ Important to leverage knowledge of
engineering must be on the references for subsequent funding value-add)
perfect founding team, but CISO preferences & changing budget
same page to build something rounds and future customers ̶ Investors can introduce potential advisors,
strong teams have a mix of these dynamics to confirm your solution is
that truly fulfills the needs of the customers, employees, and get founders in
3 elements: addressing key pain points
CISO front of as many CISOs as possible
Board of Directors Customer Adoption
▪ Investors should advise, but not control
Benchmarks For Series A
Product / ̶ Investors have had many reps of building
GTM companies and can offer highly-valuable
Market Insight ✓ ≥$1M ARR
Awareness advice based on first & second-hand
Security Analysts ✓ ≥10 customers (showing experience at later funding states / exit
Customers / Architects some repeatability in 2-3
̶ Investors can provide valuable
Engineering CISO sectors)
perspective, but should remember they
Skill ✓ At least 3 customers with are a steward of the Company, and that
6-figure deals critical decisions should ultimately be
made by the CEO/founders
Other Security Vendors

| The Future Of Network Security Is In The Cloud
By Paul Martini (CEO, iboss).
Featured Author The Evolution Of Network Security Key Drivers That Are Inverting The Network Perimeter
▪ Reduced number of physical egress points, resulting in fewer Data center network security moves to the cloud where the users,
Past:
Paul Martini Consolidation
appliance deployment opportunities applications, and data live.
▪ Led to creation of NGFW with integrated IDS / IPS, malware Company Data Cloud Applications
of Perimeter protection, advanced threat protection, URL filtering, & Files Move From
Center
into Firewall content blocking, etc. Servers To SaaS
▪ Movement away from traditional perimeters
Paul is the CEO, co-founder, & chief architect of Present:
iboss, where he pioneered the award-winning ▪ Transformational infrastructure shift leading to exponential
Shift of increase in bandwidth of encrypted traffic
iboss platform. Paul has been recognized for his Network Security
leadership and innovation, receiving the EY Perimeter to ▪ $20B+ appliance market presents massive opportunity for Moves To Cloud
Entrepreneur of The Year award and being the Cloud cloud disruption Shift To Exponential
Encrypted Bandwidth
named one of Goldman Sachs’ 100 Most ▪ Digital business requires access from anywhere, at anytime
Intriguing Entrepreneurs. Paul holds 100+ issued Future: ▪ More users, devices, apps, services & data located outside
Traffic Explosion
patents in cybersecurity, networking and Shift Inspection enterprise perimeter

technology and has had his work published in Engines to the ▪ Complexity, latency and need to decrypt and inspect
Users Go Mobile With
Devices & Laptops
many scientific journals. Cloud (SASE) encrypted traffic increases
SASE | The Convergence & Inversion Of Network & Security Architectures

agrees that the fundamental network security delivery model needed to change,
Network-As-A-Service SASE Network-Security-As-A-Service
and in August 2019 defined “SASE” to capture the movement of this inverted perimeter:
Connect Secure
“Demand for consolidation of networking and security-as-a-service capabilities into a
cloud-delivered Secure Access Service Edge (SASE)"
SD-WAN Network-as-a-Service Network Security CASB
Forecasted Enterprise SASE Strategy Adoption
Secure Access Service Edge
Carriers WAAPaaS FWaaS
(“SASE”)
Bandwidth Aggregators
<1% 40% CDN Cloud SWG DNS
WAN Optimization Networking Vendors ZTNA / VPN RBI
2018 2024
Source: Gartner Report: The Future of Network Security Is In The Cloud (August 2019)
Momentum Cyber’s
Industry Insights
Cybersecurity Labor Market Landscape
Large Demand For Cybersecurity Expertise While Global Cybersecurity Talent Shortage Persists Due To A Multitude Of Factors.
Global Workforce Shortage By Region Top Challenges Preventing Key Cybersecurity Initiatives
Global Cybersecurity Workforce Shortage Is ~2.93M
Low Security Awareness Among End Users
North America Europe, The ME, & East Africa Not Enough Skilled Cybersecurity Professionals
Available
~498k ~142k
Inadequate Funding
Latin America APAC
~136k ~2.14M
Too Much Data To Analyze
The Skills Gap Is Still Not Shrinking Lack Of Management Support / Awareness
69% 58% 32%

Say Their Cybersecurity teams are Say it takes six months or more to fill
Have unfilled (open) Cybersecurity Positions
understaffed Cybersecurity jobs at their organizations Top Career Progression Challenges In Cybersecurity
Qualified Candidates Say… Top 3 Reasons Cybersecurity Pros are Changing Jobs
Unclear Career Paths
Say fewer than one- Say University 82% Better Financial Incentives Elsewhere
quarter of job graduated in Lack Of Knowledge By Organizations About
57%
29% candidates for the
Cybersecurity position 40% Cybersecurity are not
prepared for the job
Promotion & Development Opportunities
Skills
for which they applied challenges they’ll face 46% Better Work Culture / Environment
Cost Of Cybersecurity Certifications
Top Needed Cybersecurity Areas Of Expertise
Security Risk Assessment & Security Network Cost Of Formal Education
Awareness Analysis Administration Monitoring
Incident Investigation Intrusion Cloud Security Not Enough Job Experience
& Response Detection Security Engineering
Source: (ISC)2: (ISC)2 Cybersecurity Workforce Study 2018 , Cybersecurity Nexus: State of Cybersecurity 2019: Security Skills Gap By The Numbers.
Evolution Of The SIEM
From A Log Compliance Tool To A Critical Cybersecurity Platform In The SOC.
Evolution of SIEM Ongoing Trends in SIEM

Analytics | UEBA Automation | SOAR
Malicious Insider Orchestration
2000’s 2010’s 2017+
Establishes baseline for user behavior and can detect Integrates with other security solutions, allowing them
suspicious events that might indicate malicious intent to retrieve data and proactively perform actions like
investigating email senders through a DNS tool
Compromised Insider
Identifies that a user account is behaving differently Automation
Generation 1 Generation 2 Generation 3 from normal and alerts security staff Enables users to define security playbooks that act to
Incident & Alert Prioritization (Alert Triage) automatically mitigate known security incidents such
▪ Combination of SIM & SEM ▪ Becomes better equipped to ▪ Combines traditional SIEM
as scanning malware and detonating it in a sandbox
▪ Combines log and event handle big data capabilities with UEBA, using Reduces burden of prioritizing alerts by combining,
management systems ▪ Processes large volumes of ML to track behavior ranking, & adding context to signals from many tools Incident Management & Collaboration
▪ Limited scale of data historical logs ▪ Uses Security Orchestration,
Automation, & Response Data Loss Prevention Adds & organizes contextual information into incident
processing and elementary ▪ Correlates historical log data
▪ Scalable, cloud native, & AI timelines to help analysts investigate an issue
alert sophistication with real time events and data Prioritizes and consolidates DLP alerts
▪ Originally compliance-based from threat intelligence based platform
Additional Capabilities
Key Challenges Key Drivers
Big Data & Advanced Analytics
Alert Tsunami: Internal security sifts through thousands Security data unmanageable with legacy SIEM tools ▪ Conduct risk assessments of assets,
of false positives, searching for real vulnerabilities personnel, and resources
Integration of advanced analytics required ▪ Utilizes ML, statistical analysis,
Blind Spots: Traditional definitions (rules, thresholds, and other big data capabilities
patterns) miss potential exploits
Need for evolving tool sets and capabilities
Disconnected Systems: Analysts unable to easily get
signature updates or threat definitions don’t apply Identification & threat prioritization automation critical
Unified Capabilities Threat Intelligence

Companies in the Space
▪ Event monitoring and analytics ▪ Provides additional security analytics
Driven by cost, technology to track network & user behavior to
Incumbents Next Generation ▪
conversion, and the need to distinguish activity
overcome talent shortage ▪ Proactively detects emerging threats
▪ Eliminates need for other services ▪ Integration with threat intelligence
Source: Gartner, Imperva, SumoLogic, IpSwitch, CSO Online, Exabeam, MSSP Alert
SOAR Is A Critical Component Of The Next-Gen SOC
Vendors Across The Landscape Are Investing In & Modernizing Their Platforms To Create A Unified Platform To Empower The SOC.
The Modernization Of Security Operation Technology | SIEM + SOAR + IR + Case Management + Analytics Key Players & Strategic Activity
Key Benefits Platform Selected Strategic Moves
 Fully Autonomous Platform That Addresses The Widening  Full Enterprise Visibility: Identifies And Mitigates Advanced
02/27/18 | $350.0M | SOAR 07/09/15 | $190.0M | Analytics
Skills Gap, Reduces Fatigue, & Improves ROI Threats Missed By Single (Siloed) Tools
 Faster Problem Triage: Reduction In Mean Time To Resolution  Advanced UEBA / Forensics Capabilities
( ) 02/15/19 | $89.7M | Analytics
(MTTR) & Alert Volume
 Automated Data Enrichment & Contextualization 02/01/16 | $28.2M | IR 01/02/14 | $1.0B | IR
 Advanced Correlation & Analysis Across Multiple Customer
Sources
07/24/16 | NA | Analytics
Adds UEBA Application
Threat Advanced Incident Automated Knowledge Incident
Reporting 07/29/18 | Analytics 02/29/16| $145.0M | IR
Monitoring Analysis Threat Intelligence Management Response
07/10/18 | $600.0M | SIEM
Advanced Security
Operations Center
12/12/19 | $28.0M | SOAR 10/23/18 | $18.0M | Analytics 06/07/16 | $32.0M | SIEM
Incident Case 04/05/18 | NA | Analytics Partnership | SOAR

SIEM SOAR Analytics
Response Management
06/08/17 | $100.0M | SOAR
02/19/19 | $560.0M | SOAR 02/28/17 | $105.0M | SOAR

Total Amt. Raised
11/04/19 | NA | SecOps 01/23/18 | NA| Analytics $314.5M
Adds Case Management Module Total Amt. Raised
09/12/18 | Case Management $193.0M
Empowered Autonomy Meaningful Metrics Knowledge Management Countermeasure Capabilities Other Major Platform Vendors
Provide Oversight to Measure Effectiveness & Improve Depth of Analysis Increased Effectiveness of
Operationalize Cyber Kill Effort & Collaboration Across Sites Countermeasures Through
Chain Solutions Knowledge Management
Selected ASOC Strategic Opportunities (Total Amount Raised)
Security Operations
Activity Incident Incident Self-Funded $54.0M
Center Reporting
Monitoring Analysis Response
$15.7M $19.0M

Security Consulting & Services Industry Overview
Market Demand For Consulting & Services To Ensure Proper Utilization Of Investment In Cybersecurity Solutions.
Security Consulting & Services Market Size Key Drivers

($ in Billions) Massive Cybersecurity Market Growth
Cybersecurity Talent Gap

$30
Operational Security Has An Even Wider Talent Shortage
$16 Key Trends

Security Services Market Will Continue To Grow
Adoption of More Third-Party Security Services
2016A 2022E Hybrid Infrastructure Requires Specialized Competencies & Skill-Sets
Security Consulting & Services M&A Deal Activity Key Differentiators

Innovation With Asset-Based Consulting Capabilities
31
28 ▪ Security Consulting / Services is Flexibility Of Pricing And Distribution Models
consistently one of the most Understanding Of Specificity Of Client's Value Chain And Business Models
active M&A sectors
▪ Annual deal count has steadily
12 increased; equaled MSSP as the Select Providers
most active M&A sector in 2019
2017 2018 2019

Sources: Allied Market Research, Wise Guy Reports, Information Security Consulting Global Market Outlook;
451 Research, 2019 Trends in Information Security Return To Table Of Contents 79
Zero Trust Framework | Drivers & Key Pillars
As Organizational Complexity Grows, Next-Gen Segmentation & Authentication Have Emerged As Critical Zero Trust Components.
Key Drivers Next-Gen Firewalls & Multi-Factor Authentication Play A Critical Role In The ZT Framework
Rooted in the principle of “never trust, always Key Pillars To The Zero Trust Framework
Digital Transformation driving uptick in mobile verify,” Zero Trust enables visibility and context for
device usage, SaaS integrations & cloud offerings all traffic across users, devices, location and I. Next-Generation Firewalls
application in addition to zoning capabilities for
visibility into internal traffic Granular Micro-Segmentation splinters a single
Proliferation Of Digital Boundaries creating an boundary into numerous sub-perimeters, each
exponential increase in identities, devices, and independently defensible
network endpoints to manage
Enables Visibility & Context of traffic flowing both

Increased Attack Sophistication & Rise of Insider into & across the network, increasing verifiability &
Threats driving the need for heightened security auditability
measures & advanced, continuous protection at a
significantly more granular level
II. Multi-Factor Authentication
Unsophisticated Defense Initiatives: 89%+ of
Enforces Verification Integrity beyond the
organizations rely on just a single security strategy password / device level, tracing access to the
to protect mobile networks; traditional perimeter- responsible and authorized individuals / devices
based security falls short as complexity rises restricting lateral movement of adversaries
Rise In Cost, Damage, & Reputational Harm of Shift ‘Burden of Proof’ to the user, requiring multi-
Attack: the cost of a typical data breach rose 6% layered verification approval prior to any access, as
opposed to a highly trusting, “one password fits
in 2018 to $3.9M
all” approach
Sources: Verizon: Mobile Security Index 2018 Report, IBM Security: 2018 Cost Of A Data Breach Study, CSO: What Is Zero Trust? A Model For More Effective Security, & Palo Alto Networks: What Is A Zero Trust Architecture?
Zero Trust Framework | Key Trends Going Forward
Zero Trust Frameworks Continue To Evolve As The Pillars Extend To Include Additional Components Of The Cybersecurity Landscape.
Forrester’s Pillars Of The Zero Trust eXtended (ZTX) Framework Other Key Predictions & Considerations
The concepts underlying the Zero Trust methodology continue to evolve significantly, incorporating a wide array of Behavior-Based Algorithms continue to improve the user
segmentation, automation, analytics & workflow capabilities as well as API integrations across a multitude of experience, calculating risk scores via past access
environments, enabling vendors to ensure maximum effectiveness against an ever-expanding threat surface. attempts, device security posture & OS, location, time of
day, & other factors
Network Security Data Security Workload Security
Increase in MFA Adoption as IP-heavy businesses (AI,

A&D, Chip Design, E-Commerce, & Software) strive to
protect patented technology & ongoing R&D initiatives
IAM / People / Workforce Security Device Security Visibility & Analytics
Smart / IoT Products Will Proliferate, driving increased

difficulty in managing the ever-expanding perimeters of
the modern digital enterprise
Automation & Orchestration Manageability & Usability APIs
Healthcare Providers & Medical Supply Chains will

adopt ZT seeking greater track & traceability, combined
with increasing pressures to secure patient data &
Forrester’s Zero Trust eXtended Ecosystem Providers (Q4 2018) comply with regulations
Machine Learning & Threat Analytics to play an

increasing role in continuous monitoring & layering in
mission-critical threat insights
Source: The Forrester Wave: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018 & Forbes: Predicting the Future of Next-Gen Access And Zero Trust Security In 2019
5G Revolution Expands Cyber Attack Landscape Creating Next-Gen Threats
Increasing Connectivity Enabled By 5G Technology Initiates New Attack Entry Points And Amplifies Attack Consequences.
Performance Attributes of 5G Massive Global 5G TAM Key Security Challenges

▪ Large data volume created by 5G networks increases difficulty to detect
High Peak Data Rate anomalies in user behavior
▪ Mobility of connectivity eliminates the network perimeter and requires a
$277B 111%
more expansive security solution
Expanded Data Capacity
▪ More connected devices expands attack surface and allows for larger scale
Market Size CAGR from 2019 attacks with greater consequences
Improved Connection Mobility By 2025E to 2025E
Security Innovations to Address 5G Security Threats
Advanced Threat Detection
Greater Device Density Support
Use Cases & Risks ▪ AI-powered detection to better spot anomalies in user and
system behavior
Reduced End-to-end Latency Autonomous Connected
Healthcare Cross-Layer Security
Vehicles Homes
• Unified framework to coordinate different security methods for
various security layers
Higher Reliability
End-to-End Security
• Cloud and endpoint security to create virtual security
Rapid Service Deployment Connected driver Connected home Larger medical file environments that travel with mobile connected devices
assistance security devices transfers and
technologies allow enable data theft remote patient Security By Design
for fatal automotive and virtual home monitoring put
Increased Energy Efficiency cyberattacks invasions medical data at risk ▪ Security built into design during development to allow for
maintained protection as the 5G network changes and evolves
Source: SDK Central: What Are The Top 5G Security Challenges?, CPO Magazine: 5G and The Future of Cybersecurity, Tech Radar: The Future of Cybersecurity in a 5G Connected World,
Research & Markets: Global 5G Market (2019-2025) Return To Table Of Contents 82
MITRE ATT&CK + Endpoint | Initial Test Assessment Of Leading Endpoint Vendors
Leading Endpoint Vendors Continue To Invest In Integrating The MITRE ATT&CK Framework Into Their Product Roadmaps.
MITRE ATT&CK is an open knowledgebase used to develop threat models & methodologies for the public & private sectors. The MITRE ATT&CK Assessment tests the ability of organizations to quickly detect
adversarial tactics & respond effectively. Endpoint vendors leverage MITRE test results to improve product capabilities & improve their security platforms. In the first round of evaluations, participants included Carbon
Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, & SentinelOne.
“MITRE is pioneering next-generation testing that reflects the actual “The MITRE framework, & its thorough threat context, is fully
“Objective, transparent, & open testing is critical as a means of
threat environment… As a company, we are committed to integrated into SentinelOne allowing our unique autonomous agent
driving the industry forward, & the MITRE ATT&CK framework
participating in independent & credible third-party testing to to accomplish SOC-level tasks automatically, which saves our
offers a critical look at how real-world attacks play out.” – Scott
demonstrate the effectiveness of our technology.” – Dmitri customers considerable and valuable time.” – Jared Phipps, VP
Lundgren, CTO, Carbon Black
Alperovitch, Co-Founder & CTO, CrowdStrike Worldwide Sales Engineering, SentinelOne
Performance Results Performance Results Performance Results
Zero Zero Most proactive Most complete

Zero 100%
delayed detections humans needed detections of any out-of-the-box
tested solution visibility delayed detections success rate
Zero 100% Deepest context Caught, prevented, & remediated

tainted detections automated for each phase of the simulated attack all stages of replicated attack
Representative Products Representative Products Representative Products
Advances behavior-based threat Combines next-gen AV, EDR, device Enhances EDR capabilities to surface
CB Response hunting across endpoints control, & vulnerability assessment relevant indicators for SOC teams
Simplifies threat detection by Strengthens power of predictive Strengthens attack prevention &
CB ThreatHunter applying MITRE to data collection threat intelligence Single Agent single agent AI technology
Expands visibility into endpoint Automates incident investigations & Improves threat mitigation &
activity offers actionable insights forensic investigations
Source: Company Websites & Press Releases.

GDPR Impact On The Data Privacy Industry
GDPR Has Been In Effect For Over 1.5 Years (Since May 2018), Driving Increased Investment In The Sector.
What is GDPR? Representative Companies With GDPR Solutions

▪ GDPR is a regulation designed to enhance the protection of individuals residing in the EU as well as address
Amount Raised
the export of “personal data” outside the EU Company Founded HQ CEO
($M)
▪ It applies to all organizations that do business in the EU and any organization outside the EU handling EU
citizens’ personal data
▪ It broadens the definition of “personal data” and includes identifiers such as genetic, mental, cultural, 2005 Clearwater, FL $61.1 Ed Holmes
economic, social identity and online (IP addresses, cookies)
GDPR Requirements Tel-Aviv, Israel /

2015 $146.2 Dimitri Sirota
New York, NY
Demonstrate
Penalties: 4% of revenue Users may request a Controllers must comply
25 May 2018: GDPR enforcement of customer
or €20M (whichever is copy of personal data in with breach notification
goes into effect consent for personal data
greater) a portable format windows 2014 Baltimore, MD $36.0 Nick Culbertson
collection
Satisfy customer data portability Implement adequate technical Appointment of data protection
Privacy risk impact assessments
support and enable right-to-be- and organizational measures to officer (DPO) will be mandatory
will be required where privacy 2016 Arlington, VA $13.1 Justin Antonipillai
forgotten and erased from protect persons’ data and for companies processing high
risks are high
records systems volumes of personal data
Increased Investment Activity In Data Privacy Sector 2016 Seattle, WA $16.0 Kristina Bergman
17 $517.1 ▪ As all industries prepared for the impending GDPR regulations in

15
2018, investment Data Privacy companies skyrocketed 2013 London, UK $11.8 Shawn Brown
▪ Artificial intelligence, machine learning, automation, identity

5 $168.7 intelligence and big data expertise are key components of data
2
$31.4
privacy platforms 2015 Atlanta, GA $29.0 David Thomas
$5.1
2016 2017 2018 2019 2016 2017 2018 2019 ▪ High-profile incidents this year such as the Cambridge Analytica
Number of Deals Total Amount Raised ($M)
scandal have also provided strong market tailwinds for Data 2014
Hod HaSharon,
$7.1 Yaniv Avidan
Privacy companies Israel
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, Company Websites, Gartner, Company Websites, IT Governance, and EUGDPR.org.
eLearning & Cybersecurity Awareness Training
Educating Employees On Cybersecurity Best Practices Can Help Avoid Cyber Breaches Resulting From Phishing.
Email Phishing Overview eLearning To Prevent Phishing

Phishing Impact on Organizations eLearning solutions have emerged as an effective way to combat the rise in sophisticated phishing
attacks in enterprises by educating employees on attack methods and training them how to react
Top Increases in 2018 Phishing Volume ▪ Phishing scams trick users into clicking a link or opening a
document in an email that introduces malware or The eLearning market grew 46% in 2019 to $660 million in 2019 and has a projected CAGR of 42%
ransomware, or steals user data through 2023
905%+
▪ 91% of Cybersecurity attacks on an organization begin with
90% of organizations report an increase in attempted phishing attacks, but only 11% continuously
170%+ an email, making email the most common threat vector
train employees on prevention
▪ The US is the most targeted by phishing campaigns,
93%+ accounting for 84% of total phishing volume and increased
eLearning is impactful in training developers in Cybersecurity best practices as part of the “Shift Left”
43% YoY
43%+ movement to integrate security solutions early in the software development lifecycle; developing
▪ Phishing Attacks have grown 65% in 2018, with 76% of more secure software on the front-end improves overall security posture
27%+ businesses suffering from a successful attack in the last year
Business Email Compromise (BEC) scams have accounted eLearning & Anti-Phishing Solutions
9%+ ▪
for over $12 billion in losses
Training Simulated Phishing Attacks Phishing Alert Button
Phishing Attack Process
Hook
Employee opens the email and
clicks the link, sending them to
the fake webpage
Bait Catch Email plugin that allows employees to
Employees undergo mandatory Fully automated simulated phishing
Attacker sends an email to the Employee enters their login training courses to educate them on attacks can be sent out to employees report suspicious emails with a single
victim with a link to the fake credentials, giving the attacker current Cybersecurity threats and how to test for vulnerabilities in firmwide click and automatically forwards the
webpage access to their account to react when encountering a defense email to security teams for analysis
potential phishing attack and response
Webpage Cloning Breach Representative Companies

Attacker clones a legitimate Attacker uses the credentials
webpage to trick a potential gained in the attack to takeover
victim the victims account
Source: Cost of Cybercrime, Cybersecurity Training Neglected by Many Employers, Funding for Cybersecurity Training is Growing, Increases in Phishing
Volume, Alert Button, Phishing Statistics, Security Awareness Training Numbers Return To Table Of Contents 85
Third-Party Risk
Third-Party Risks Pose An Enormous Threat, Driving Innovation To Combat Them.
Threat Landscape Current Activity
A Growing Danger 2019 Notable Third-Party Breaches & Impact
▪ 58% of respondents with a comprehensive

Third-Party Breach Victims inventory of third-parties with access to
% of Respondents Who Have Suffered A 3P Breach
sensitive information say it contains more 3TB 2 Months 100M 24M 100K
than 100 companies Confidential Data Payment Records Personal Records Patient Records License Plates & Photos
% of Above Respondents w/ Breaches Within The Last 12 Months ▪ 29% of respondents say that a third-party Ann. January Ann. February Ann. May Ann. June Ann. June
61% would contact them in the event of a data
56%
49% breach Critical Capabilities For Solutions
16% ▪ 15% of respondents say their companies
14%
know how their information is being Risk Assessment Workflows & Collaboration Validate & Monitor Controls
15%
The ability to categorize Managing workflows, Assessing the validity and
accessed or processed by parties with whom
vendors into different tiers of applying workflow rules, and effectiveness of vendor
they have no direct relationship risk sharing information security and risk controls
42% 45%
34% ▪ 54% of respondents say their companies do Exception Management History Access & User Controls
not monitor the security and privacy Managing vendor risk Analytics and visibility into Various levels of access
practices of vendors with whom they share exceptions in relation to previous vendor risk statuses depending on role and
2016 2017 2018 sensitive or confidential data or are unsure if control requirements across time workflows
monitoring happens User Interface & Navigation Connectors & Integration Configurability
Usability of workflows and Accessing, connecting to, and Ease of configurability, such
screens without extensive populating risk data from as code-free changes and
Key Causes learning curve third parties look and feel alteration
Dashboards & Reporting Remediation Management Vendor Profile Management
Lack Of Visibility Lack Of Focus Lack Of Assessment Lack Of Effectiveness Analytics and visualization of Tracking action plans to Collecting and organizing
vendor risk data in identify and address control vendor information from
dashboards and reports failures and risk deficiencies various sources
Representative Companies
Most organizations do not Managing outsourced The polices and programs of A majority do not believe that
have a comprehensive relationship risks is not a 3rd parties are usually not their 3rd party vetting process
inventory of all 3rd parties priority for most frequently reviewed is very effective
Source: Ponemon: The Cost of Third-Party Cybersecurity Risk Management, Ponemon: Data Risk in the Third-Party Ecosystem (Third Annual Report), Gartner: Critical Capabilities for IT Vendor Risk Management,
Advisory Board: 24.4M patients, 21 companies now say they were affected by AMCA data breach, Bleeping Computer: Topps.com Sports Collectibles Site Exposes Payment Info in MageCart Attack, CyberGRX: Return To Table Of Contents 86
The Worst Third-Party Data Breaches in 2019, and Security Boulevard: The 5 Most Notable Third-Party Data Breaches of 2019 (So Far)
Evolution Of Botnets
Botnets Have Evolved In Both Technical Complexity And Variety Of Attack Cases Demanding Increasingly Sophisticated Solutions.
Botnet Structures Geographic Distribution of Attack Destinations (2018)

Centralized Model Peer-2-Peer Model Proxy Model United States 34.8%
Britain 10.0%
Italy 7.5%
Canada 6.2%
Bots periodically report back to a Bots contact other bots, and not the The individual bots do not contact the
central server. If defenders take control command-and-control (C&C) server. command-and-control (C&C) server Germany 3.9% Low High
of the central server, they are able to Information and control commands are directly, but intermediate machines that
shut down the entire botnet. propagated in the network. serve as relays, or proxies.
Major Botnet Attack Types
Evolution of Botnets Downloads and installs other
Trojan Breaches and takes control of a device Downloader
malware
Steals account-related information

Spies on how the victim is using the
Banker related to card payments and online Spy
computer
banking
Open Source Construction Kits Specialized Botnets Creates a backdoor to allow cyber Sends spam from the breached
Backdoor Spammer
criminals to access the device later device
Recent emergence of professionally
Developers began selling botnets in the
Source code easily available via search developed, highly specialized botnets Trojan Banker Backdoor Downloader Spy Spammer Other
form of construction kits rather than
engines or on criminal online forums aiming at the infection of very specific
freely distributing them for profit
targets 34.5% 13.3% 12.2% 12.2% 10.7% 7.0% 10.3%
Most Active Families Of Botnets Responsible For Unique Attacks Botnet Detection Strategies
BetaBot (13.3%) TrickBot (12.9%) Panda (9.8%) SpyEye (8.1%) Ramnit (8.0%) Seeking a highly specific match to something like a malware signature or specific
Static Botnet Detection
executable or C&C connection address
Representative Vendors
Behavioral Botnet Detection Monitoring IRC traffic and outbound SMTP traffic
Open-Source Solutions Comprehensive and integrated security intelligence offerings
Source: Alien Vault: The Structure of a Botnet , ENISA: Botnets: Detection, Measurement, Disinfection & Defense, Comodo Security: Trojan Horse Virus, Cooperative
Cyber Defence Centre of Excellence: Current Trends in Botnet Development and Defense Expert Opinion, Kaspersky Lab: What are Botnets Downloading? Return To Table Of Contents 87
IoT Medical Devices
Continuous Innovation and Proliferation of IoT-MD Expands Potential Cyberattack Surface, Exposing New Healthcare Risks.
Cybersecurity Concerns IoT-MD Overview

Threat Landscape IoT Market Snapshot Key Drivers
▪ Legacy operating systems and open source systems IoT-MD IoT Healthcare Global IoT
make IoT medical devices vulnerable to infiltration and Healthcare Technological
TYPES OF SECURITY ISSUES ransomware Expenditure Development
▪ Retrofitting traditional IT security on installed medical

devices attains limited results and risks interfering with
22%
18% 19% 18%
clinical operations
$63.4B $158B $318B Aging
Population
Chronic
Disease
▪ The new HIMSS19 information blocking rule increases By 2023 By 2023 By 2023
interoperability, expanding the attack surface without
11% 12%
protective measures
IoT-MD Examples
▪ Healthcare is the leading industry for insider threats as
system breaches come from intentional or unintentional Insulin Delivery
inside sources Uses continuous glucose
monitors and algorithms to
▪ Specific healthcare regulatory compliance needs creates adjust insulin delivery via pump
Comm & Lateral Rogue Old Browser Other
Passwords Movement Applications Versions Usage complexity and solutions lack granularity required in
the event of an audit 3D Printing Ingestible Sensors
Replaces organ transplants, Telecommunicates disease
produces tools, speeds up diagnostics and monitoring to
healthcare providers
Current Industry Vulnerabilities surgical procedures, and more
Lack of Protocols Knowledge Gap Lack of Visibility

Remote Monitoring Vaccine Storage
Gathers patient-generated Monitors temperature, manages
physiological data to send to inventory, and provides easy
healthcare providers access to vaccines
Companies
No standards or security Lack of understanding around Security teams are not notified of
protocols developers must follow Cybersecurity risks in healthcare connected medical devices
Source: Markets and Markets, Zingbox Threat Report Medical Devices, MachineDesign, Verizon Report , Cyber MDX, Global Data
Breach Spotlight
Lack Of Visibility Increases Risk & Frequency Of Data Breaches
Data Breaches Still Remain An Alarming Concern Through 2019.
Capital One Median Time of Compromise to Discovery

106,000,000
Dubsmash Friend Finder UBER
Google+ Carefirst
162,000,000 Equifax Verizon All Mandiant External Internal
143,000,000
Network 57,000,000 Investigations Notification Discovery
Experian / T- 415,000,000 Wendys
78 days 184 days 51 days
MyFitnessPal mobile WordPress Newegg
Quora 150,000,000 Weebly
MSpy Instagram Red Cross Source: 2019 Mandiant M-Trends Report
Telegram Premera TalkTalk
100,000,000 TicketFly
Dropbox
Australian
27,000,000 IRS US Office of
Slack
Immigration
Department
Zomato Securus
Mail.RU Personnel
How Compromises Are Being Detected
Community Technologies Staples 25,000,000 Management
Sony Pictures
Health
Services JP Morgan (2nd Breach)
Internal Notification
59%
Ebay Chase Twitch.tv
of Breach 41%
Anthem Dominios
Pizzas 145,000,000
DaFont
Healthcare.gov
80,000,000 (France) 76,000,000 External Notification
of Breach
Waterly
Nametests European
Central
British
Airways Yahoo Target
Bank
Mozilla 3,000,000,000 110,000,000
Canva Firebase D&B, Altegrity Korea Credit Japan Airlines
100,000,000 Bureau Amazon More than…
139,000,000
Scribd Home Depot NASDAQ Quest UPS 140 Countries
New Diagnostics
56,000,000 York
have some level of cyber weapon
Advocate ShareThis Taxis
Medical Interpark development program
Facebook Group Cellebrite
Neiman
50,000,000 Source: fortune.com
Apple Marriott Living Social Chegg
Marcus Twitter
383,000,000 50,000,000 40,000,000
Yahoo
Panera UbiSoft 330,000,000
Adobe 37,000,000
average cost of a data breach
36,000,000 1,000,000,000
$3.92 Million
increased 12% since 2014
Year 2015 2016 2017 2018 2019
Source: 2019 Ponemon Institute Independent Study
# of U.S. Breaches 780 1,093 1,632 1,257 1,473

Source: Information is Beautiful: World's Biggest Data Breaches, Identity Theft Resource Center (ITRC): 2019 Annual Data Breach Year- End Review, Identity Theft Resource Center
(ITRC): Data Breach Report. Information as of December 31st, 2019. Return To Table Of Contents 90
Timeline Of Major Data Breaches
Large Breaches Have Been A Consistent Factor Over The Past Decade, While The Severity Continues To Escalate.
3,000
Records Affected (In Millions)
885
600
500
360
145 117 143

92 110 85 100 106
80 57 50
9 8 12
Breach
2004 2013 2014 2015 2016 2017 2018 2019
Timing
Compromised
Email Email Employment Email Email Contact Driver’s Passport Passport Contact Payment Driver’s Bank
Information
License License Data

Email Email Interests Login
Email Personal Passwords Insurance Passwords Passwords Driver’s Personal Personal Personal Payment Personal Passwords Payment Payment
License
Personal Passwords Personal Linked
Networks
Phone Personal SSN Username Username Name SSN Travel Travel Personal SSN SSN SSN
Sources: Visual Capitalist: The 15 Biggest Data Breaches In The Last 15 Years, CRN: The 13 Biggest Data Breaches Of 2019
Notable Cybersecurity Threats Of 2019
Threat Landscape Is Constantly Evolving, With New & Long-Standing Threats Impacting Global Civilization In 2019.
Notable Cybersecurity Threats
▪ Ransomware, Cryptojacking, & Cryptomining are increasing in ▪ There is an increase in potential system-wide attacks as systems
Financial frequency & severity, causing billions of dollars in damages Cyber Attacks become more interconnected by cloud platforms
Crimes ▪ Institutions are crossing functional boundaries to enable On The Grid ▪ These systems can have severe impacts on countries’ critical
collaborative resistance against financial crimes and fraud infrastructure capabilities if compromised
▪ There rise in multi-cloud & remote computing is resulting in an ▪ Cyber-bullying & Cyberstalking are on the rise, sometimes with
The Rise of increased attack surface Personal fatal consequences
Multi-Cloud
Computing ▪ There is more access and endpoints to protect with greater Attacks ▪ Personal awareness & education will help balance internet safety
chances of overlooking an exploitable vulnerability for people of all ages
▪ The increase of third-party vendors for software & services have ▪ State-sponsored agents are using technology to cripple
Third-Party & led to an increase in international supply-chain attacks adversaries through widespread attacks on critical systems
State-Sponsored
Supply Chain
▪ Global commerce leads to new challenges including patch Attacks ▪ Nation states are increasingly engaging in guerilla Cybersecurity
Attacks
updates, VPNs, & avoiding generic apps from external libraries tactics in attacks against enterprises and governments
▪ Cybersecurity spending is reaching record highs while there are ▪ Networked devices that connect phones, security systems,
Shortage of 3M+ global Cybersecurity positions that are unfilled IoT & appliances, & cars also increase the risk to security / data integrity
Cybersecurity Autonomous
▪ Lack of personnel to combat cybercrime will lead to greater losses ▪ These devices are often connected to networks where more
Professionals Systems
in money, reputations, & trust in organizations sensitive information is located
▪ Phishing attacks are constantly evolving & becoming more

More sophisticated with hackers turning to AI & ML to craft highly
▪ Healthcare is the one of the biggest targets for Cyber Criminals
Smart Health
Sophisticated targeted, more personalized, harder to detect fake emails traps ▪ Hacking of smart medical devices has major health & safety
Devices
Phishing concerns, while hacking of databases and medical management
▪ Employee awareness & training will be key to help alleviate some & EMR
Exploits networks can lead to exposure of highly sensitive information
of these issues
Source: CSO Online Return To Table Of Contents 92

Emerging Threats At The Half-Year Mark Of 2019
Hackers Take Advantage Of Both New And Traditional Forms Of Attack As Society Struggles To Advance Outdated Security Measures.
Geopolitical Risks with 5G Advancement Recent Security Breaches Reveal Shortfalls of Organizations’ Cybersecurity
A Growing Threat As Huawei Leads 5G Innovation Singapore Health Data Theft Google’s Data Privacy Problems Eternal Blue Ransomware Attacks
Expansive 5G product
offerings enable Huawei
Huawei’s obligations to
the Chinese government
1M+ & 1000s A 2018 Bug in
Google+ API Exposes
Baltimore and other cities
face software vulnerability
put customer data at Health records Records of HIV+ attacks as outdated
to access massive
amounts of data risk of compromise stolen patients exposed
online
50M+ Accounts operating systems are
exploited
5G Impact on Global Security Recent Security Breaches Reveal Shortfalls of Organizations’ Cybersecurity
Large cities and Capital Hill have introduced bans on both the governmental and commercial use of
facial recognition technology
Global reliance on National security and Opponents of facial recognition technology cite racial profiling and privacy violations as top concerns
Chinese 5G products and IP protection are at
infrastructure could result risk as global networks
in widespread use of become compromised
already compromised Supporters of the use of facial recognition argue in favor of its potential to keep communities safer as
devices it enhances police investigations
Source: CSO: Emerging Security Threats At The Half-Year Mark.

Ninth Annual Cost of Cybercrime Study
Unlocking The Value Of Cybersecurity Technologies To Combat The Rising Cost Of Security Breaches.
The Cybercrime Evolution Top 2018 Average Cybercrime Costs
Core systems, rather than data itself, are By Industry By Country

Evolving Targets being hacked to disrupt entire business
systems Banking Utilities United States Japan
$18.4M $17.8M $27.4M $13.6M

Data integrity is the new frontier as more
Evolving Impact attacks seek to destroy rather than copy data
11% 16% 29% 30%
By Type of Attack
The human layer, an organization’s weakest
Evolving
link, is the new path to attacks through
Technologies phishing and insider attacks Highest Average Cost By Type Of Attack Highest Growth By Type Of Attack
$2.6M $2.3M 21% 15%

Benchmarking Cybersecurity Impact | Enterprises With 5,000+ Seats
Malware Web-based Ransomware Malicious Insider
Increasing Frequency & Consequences in 2018
Targeting Technologies That Reduce Rising Costs
145 $13M Security Technology Enablement Investigation Efficiency Technologies
Average number of security Average cost of cybercrime

breaches per organization per organization
+67% +72% Security

Intelligence
Threat
Sharing
Cloud
Services
Automation Advanced
Analytics
Increase in last 5 years Increase in last 5 years
Source: Accenture Security: Ninth Annual Cost of Cybercrime Study.

Breach Spotlight | &
High-Profile Security Incidents Continue To Impact The Business Operations Of Large Enterprises.
Summary
Company Description: Global social network platform Company Description: Producer and manufacturer of aluminum products
Location: Menlo Park, CA Location: Oslo, Norway
$600 Billion Market Cap, 35,000+ Employees, $7 Billion Market Cap, 36,000+ Employees,
Key Stats: Key Stats:
Top 5 Global Technology Company Norway’s 2nd Largest Employer
Breach Overview Incident Overview
Date Breach Volume Breach Description Date Type of Attack Apparent Breach Source
Unencrypted passwords of users were stored in plain According to Norway’s Computer Emergency
3/21/19 ~600M User LockerGoga
text that would have been searchable by 20K+ 3/18/19 Response Team, hackers used Active Directory
(Announced) Passwords (Ransomware)
Facebook employees services to spread Ransomware through endpoints
Background Impact
▪ Facebook addressed the breach in a blog post on March 21, 2019, but acknowledged that the breach ▪ The cyber attack halted parts of Norsk Hydro’s production & impacted most business areas forcing it
was discovered in January 2019 to switch to manual operations; the attack has cost the Company more than $40M in the form of lost
revenue, plus the cost of recovery and IT security services
▪ This announcement follows major security incidents that Facebook has been involved in over the past
year including the 50M User Breach (September 2018) and the Cambridge Analytica Scandal (March ▪ More than a week after the attack, one of the Company’s divisions was still only operating at 70 – 80%
2018) capacity
Commentary Commentary
▪ “Events like this are contradictory to the basics of IT security best practices, which Facebook, with its ▪ “The Norsk Hydro attack goes to show that the reliance of operational technology (OT) systems on
plentiful resources and technical expertise, should be more than capable of achieving.” – Sherban information technology (IT) platforms means that any attack is likely to impact both in industrial
Naum, SVP Corporate Strategy & Technology, Bromium environments.” – Dean Weber, CTO, Mocana
▪ “History has shown that the real problem is internal threat actors, like rogue employees, misusing the ▪ “Because of their dependence on legacy operating systems and configurations, ICS/OT systems are
plain text passwords. Instead of trusting random employees at any organization, including Facebook, especially vulnerable to this type of attack and should take more preventative measures to protect
businesses have to prevent data leakage by securely storing passwords.” – Matthias Ollig, CTO, Avira themselves.” – Casey Ellis, CTO, Co-Founder, Bugcrowd
Source: Company Press Releases, Public Press Releases, KrebsOnSecurity, Fortune, Avira, Facebook, SecurityWeek, Bank Info Security
Breach Spotlight | Government Entities
Government Entities Continue To Be A Common Target For Attackers Given Their Mission-Critical Functions & Susceptibility.
Governmental Breaches Overview

Government entities are frequently targeted by Cyber attacks since adversaries recognize the criticality & consequences for the public if they are breached. Outdated computer systems and
unsuspecting employees make governmental entities a prime target for hackers.
Recent Florida Breach Federal Cybersecurity Risk Determination
Location: Riviera Beach, FL Finding 1 Finding 2 Finding 3 Finding 4
City Size: <50k residents
Security Riviera Beach had to invest more than $900K in new

Infrastructure: hardware to better manage vulnerabilities Agencies do not Agencies lack IT Agencies lack visibility into Agencies lack standardized
understand or have the capabilities, which impacts their networks and and enterprise-wide
Breach Overview resources to combat the their ability to gain visibility especially lack the ability processes for managing
current threat environment and combat threats to detect data exfiltration Cybersecurity risks
Date Breach Cost Breach Description
State And Local Government Ransomware Attacks
5/29/19 $1.5 Million A police department employee opened a phishing email that
(Breached) ($600K ransomware; $900K equipment) shut down the city’s computer network
▪ Target ransomware attacks rising
Scope of Damage ▪ FBI advocates against paying ransom because
there is no guarantee of data return and
▪ A malicious link in the email infected machines and enabled the hacker to encrypt records
creates incentive for more crime
▪ The entire system went down, including email, phones, police records, public works, library, etc.
▪ At least 17% of state and local government
▪ Thousands of 911 calls had to be written down on paper entities pay ransom
Other Recent Breaches
Government & Federal-Focused Service Providers
At least 170 county, city, or state Albany, NY Baltimore, MD
government systems have been
Cleveland, OH Imperial County, CA
attacked since 2013, including at least
45 police and sheriff’s offices. Stuart, FL Atlanta, GA
Source: Recorded Future, White House Report, Palm Beach Post, and Acronis International GmbH.
Breach Spotlight |
Capital One Breach Highlights The Impact Of Insider Threats.
Breach Summary
Company Description: Global Provider Of Financial Services Capital One Stock Price Performance
Locations: McLean, VA (HQ); 755 Branches Across U.S

$102.64
$40B+ Market Cap, 50,000+ Employees,

Key Stats: $98.08
$370B+ In Total Assets, 8th Largest U.S Bank
$93.90 $99.25
$90.71 $97.30
Breach Overview
Date Data Stolen Breach Description
Breach $87.71
Personal information on 100M U.S Announced $84.40
citizens & 6M Canadians
A misconfigured firewall on Capital One’s 7/1 7/15 7/29 8/12 8/26 9/9 9/23 10/7 10/21 11/4 11/18 12/2 12/16 12/30
07/29/19 140K Social Security numbers AWS cloud server enabled a former AWS
(Announced) employee to steal information stored on
Stock Price Reaction
80K Bank account numbers the server by exploiting the vulnerability
▪ Capital One’s stock price fell by nearly 6% following the announcement of the data breach, but has
1M Social insurance numbers
rebounded nicely in Q4
Background ▪ Prior to the breach, Capital One’s stock was up 27% YTD, and finished the year up 33%
▪ Capital One detected the breach on July 19th and announced the breach on July 29th, stating that the Commentary
data of approximately 106 million people had been compromised ▪ “Insider threats are big concerns for companies and when you combine them with the talent of an engineer like
▪ Between March 22nd – 23rd, 2019, a former AWS employee was able to exploit a misconfiguration in this, it’s really concerning. That is tough to prepare for because they’re more sophisticated than other insiders
may be.” – Mark Testoni, CEO, SAP SE’s National Security Services Business
one of Capital One’s AWS servers, allowing them to trick Capital One’s firewall in order to gain access
to the files stored on the server ▪ “This incident underscores that every component added to an organization’s IT environment – even
▪ The data that was stolen was from credit card applications submitted by consumers and businesses security components – can add to the attack surface and become an entry point for attackers.” – Bob
between 2005 and 2019 Rudius, Chief Data Scientist, Rapid7
▪ Capital One expects the breach to cost them as much as $150 million, including paying for credit ▪ “[The attacker] allegedly used web application firewall credentials to obtain privilege escalation. The use
monitoring for individuals that were impacted by the breach of Tor and an offshore VPN for obfuscation are commonly seen in similar data breaches” – Ray Watson,
Cybersecurity Researcher, Masergy
Source: Company Press Releases, Public Press Releases, CNET: Capital One Data Breach: What You Can Do Following bank Hack,, KrebsOnSecurity: Capital One Data Theft Impacts 106M People, New York Times: Capital One
Data Breach Compromises Data Of Over 100 Million, DarkReading: Capital One Breach Affects 100M US Citizens, 6M Canadians, Wall Street Journal, Capital One Breach Highlights Dangers Of Insider Threats. Market Cap & Return To Table Of Contents 97
Financial Information As Of 12/31/19.
Zero-Day Vulnerability Spotlight |
Apple Software Zero-Day Vulnerability Previously Bypassed Anti-Virus Detection.
Apple Products Affected macOS Catalina
▪ Identification of the vulnerability coincided with Apple’s release of macOS Catalina on October
Cloud Storage & Computer Service Apple’s Total 7th, the latest release of the Apple’s operating system for Mac computers
Worldwide Active ▪ As part of the macOS Catalina update, iTunes was replaced with a new Music app on Mac
Install Base Is More computers, although Windows users will still be using iTunes for the foreseeable future
Media Player, Store, & Library Than 1.4 Billion
Unquoted Path Vulnerability
Vulnerability Summary A rare type of vulnerability caused by a programmer assigning a variable with a path but failing to surround that
path with quotes (“\\”).
Vulnerability Type Affected Systems Ransomware Campaign
Unquoted Path BitPaymer / IEncrypt Other Unquoted Path Vulnerabilities
Zero-Day Vulnerability Detection & Prevention Vendor / Program Vulnerability Discovery Date
▪ The vulnerability was discovered by Morphisec, a Boston & Israel-based provider of VPN Sep 2019
Moving Target Defense (MTD) and endpoint protection solutions
▪ Morphisec identified the attack following a successful prevention of the attack on a customer site Jul 2019
▪ The Company first identified this new evasion technique in August 2019 – the same adversaries were
targeting an enterprise in the automotive industry Management Engine Nov 2016
Vulnerability Patch & Remediation Commentary

▪ Morphisec followed responsible disclosure policies and immediately shared details of the attack with Apple
As many detection solutions are based on behavior monitoring, the chain of process
▪ Apple patched the vulnerability on October 7th, and Morphisec is continuing to work with Apple on execution (parent-child) plays a major role in alert fidelity. If a legitimate process signed by a
further vulnerabilities that have yet to be patched or announced known vendor executes a new malicious child process, an associated alert will have a lower
▪ It is recommended that Windows users update iCloud and iTunes to the latest versions to ensure confidence score than it would if the parent was not signed by a known vendor. Since Apple
protection from ransomware and uninstall the Apple Update Software component to iTunes Software Update is signed and known, the adversary uses this to their advantage.
The BitPaymer / IEncrypt group exhibits an advanced innovative spirit, previously with the Michael Gorelik
Vulnerability-Patched Versions identified defender emulator bypass and now with this EDR and AV bypass using the CTO, VP, R&D
unquoted path in the Apple Software Update program. The group must have performed
iCloud 7.14 iTunes 12.10.1 serious reconnaissance research to consistently stay one step ahead of the defenders.
Sources: Morphisec: Apple Zero-Day Exploited In New Bitpaymer Campaign

Next-Gen MSSP & MDR
Market Considerations
Global MSSP Market Observations
American Market Is The Most Robust, But EMEA & APAC Still Represent Significant Opportunities For Security Services.
Overview Global MSSP Market Driven By Continued Security Demand Across Geographies
Global MSSP Market Is Expected To Grow From $24B In 2018 To $48B In 2023 (CAGR Of 15%)
Global MSSP market is expected to grow from $24B in

2018 to $48B in 2023 (CAGR of 15%)
Growth driven by mature, robust markets for security

products & services across the Americas and EMEA, and
accelerating adoption of security solutions across APAC
Security ecosystem expansion with additional vendors and

solutions is resulting in increasingly complex security stacks Americas EMEA APAC
amidst an ever-growing talent shortage ▪ Total Cybersecurity Spend CAGR: 9% ▪ Total Cybersecurity Spend CAGR: 8% ▪ Total Cybersecurity Spend CAGR: 9%
▪ Broader Security Services CAGR: 8% ▪ Broader Security Services CAGR 7% ▪ Broader Security Services CAGR: 9%
$85B $60B $44B

$56B $40B $28B
Combination of factors is driving more organizations to $38B $32B
$26B $22B $25B
outsource the management of their security operations to $16B
MSSPs 2018A 2023E 2018A 2023E 2018A 2023E

Total Cybersecurity Spend Broader Security Services Spend
Sources: Forrester Wave Managed Security Services Provider (Europe); Gartner ‘Europe Context: Magic Quadrant for Managed Security Services, Worldwide’; Cybersecurity Magazine, Technavio (2016).
International MSSP Vendor Coverage
Global Market Full Of Large Players With Global Reach, But Still Plenty Of Opportunity For Smaller Local Providers.
Global MSSP Market Share By 2018 Revenue International MSSP Market Presence | Representative Providers
The Top 15 MSSPs accounted for 40% of global market share, with North The European & APAC markets represent a lucrative market for MSSPs. Large, diversified
America-based providers accounting for 7 of the top 15 spots; 60% of the technology solution providers recognize this opportunity, and most have entered these markets
market is currently served by other providers with varying degrees of scale
IBM North America-Based Providers With Global Presence

5%
4%
3%
3%
Europe-Based Providers
3%
Large Conglomerates Specialized Local Players
3%
3%
Other 3%
60%
2%
2%
APAC-Based Providers
2% Large Conglomerates Specialized Local Players
2%
2%
1%
1%
Sources: Gartner Market Share Analysis for Managed Security Services

MDR Market Overview
Increasing Need For MDR Services & Capabilities Have Spawned A Multitude Of MDR Specific Vendors.
Growth Drivers & Trends MDR Market Snapshot
Widening security gap as Organizations struggle to deploy, 2017A 2022E ▪ The MDR market is expected to grow
advanced threats continue to merge, and use disparate tools to more than 4x from 2017A to 2022E
bypass the 1st line of defense detect advanced insider threats ▪ Most services are still focused on
enterprise & upper-mid market customers
▪ New entrants are targeting smaller,
Significant cybersecurity skills Fragmented landscape without
$1.7B
midsize organizations
shortage paired with lack of in- clearly-defined leader driving
house IT expertise consolidation ▪ By 2020E, 15% of midsize & enterprise
organizations will be using services like
Growing Need From SMBs For MSSP Services

$0.4B MDR; less than 5% today
▪ By 2020E, 80% of worldwide MSSPs will
offer MDR
50% of small businesses have experienced a cyber attack
MDR: A Catalyst To The Transition To ASOC
70% of attacks target small businesses
MDR BENEFITS
75% of employees leave their computers unsecured
Leverages intelligence
analysts versus vendor
Focuses on people,
process, & technology
ASOC ADVANCED SECURITY
OPERATIONS CENTER Enables 24x7 security
coverage without full
Communicates patterns
and trends rather than
Representative MDR Vendors and alert reaction in collaboration time staffing event-by-event analysis
Automated Threat Knowledge
Intelligence Management
Incident
Analysis Intelligence Reporting
Threat Gathering Incident
Monitoring Response
Incident
Analysis Reporting
Activity
Monitoring SECURITY Incident
SOC OPERATIONS
CENTER
Response
Intelligence Empowered Meaningful Knowledge Countermeasure

Analysts Training Autonomy Metrics Management Capabilities
Source: Technavio, Frost & Sullivan, Gartner, Global MDR Market & Market Guide for Managed Detection and Response Services.
‘s MDR & MSSP Partnerships
Backstory Has Announced Partnerships With Select MDR Providers To Improve Threat Hunting And Accelerate Incident Investigations.
About Backstory Chronicle’s MDR & MSSP Partnerships

Backstory (which is architected over a private layer built on core Google infrastructure) brings
unmatched speed and scalability to analyzing massive amounts of security telemetry. Built for a Chronicle is touting more than a dozen relationships with technology companies, managed security services providers
world that thinks in petabytes, Backstory can support security analytics against the largest (MSSPs) and resellers. The Company has announced relationships with MDR (managed detection and response)
customer networks with ease. companies Critical Start, Cyderes, eSentire, and Red Canary.
Unparalleled Telemetry Embedded Threat Signals To Boost Productivity With
Storage At A Low, Fixed Price Immediately Find Issues Strategic Automation Company ‘s MDR Partnership Details
▪ Infinitely Elastic ▪ Built-In Threat Signals ▪ More Volume

▪ Unparalleled Storage ▪ Global Data, Local Results ▪ Faster Answers ▪ Backstory’s extensive security telemetry empowers CriticalStart's CYBERSOC analysts to enhance
▪ Easy To Manage ▪ Smarter Over Time ▪ Automatic Threat Detection potential malicious activity investigations with rich domain and per-user contextual details
▪ Cost-effectively enables instantaneous queries across massive datasets of security logs, network
Platform events, and other data
Incident Investigation Threat Hunting Detection 3rd Party Apps

▪ CYDERES can overlay IR & investigation capabilities to a customer’s own use of Backstory, or
overlaid plus the Backstory platform delivered as a fully managed service
▪ The Backstory platform yields a full year of data that’s searchable in real-time, delivered in a
solution that’s exceptionally cost-effective
Telemetry Aggregation Platform

▪ Backstory’s platform further enhances eSentire’s rapid intrusion detection and response, log
Private Container Proprietary Signals aggregation for threat hunting, and insider and persistent threat detection capabilities
DNS DHCP SIEM DNS File Curated
VT Metadata Endpoint Alerts
3rd Party Verdict / IoCs Resolutions Hashes Indicators ▪ Customers receive unparalleled network visibility with the Backstory UI and sophisticated threat
hunting by eSentire’s security experts
▪ The Red Canary platform & Backstory combination will offer pre-built forwarding of their
security telemetry, giving customers advanced security analytics capabilities that work out of the
3rd Party Data Curated Chronical box
Company Specific
Data
Data ▪ The partnership will offer unique threat intelligence as well as threat hunting & incident
investigation

European MSSP & MDR Spotlight
There Are Mid-Sized MSSPs & MDRs Across Europe That Are Well-Equipped To Service Their Local Market.
Local European MSSP & MDR Considerations

London, England London, England Birmingham, England Zoetermeer, Netherlands Utrecht, Netherlands Oslo, Norway
▪ Multi-national providers (primarily large telcos and 80 Employees 80 Employees 15 Employees 10 Employees 70 Employees 230 Employees
consultancies) typically have local operations in
developed European markets (ie. UK, France,
Germany) and focus on large enterprise customers Hampshire, England
120 Employees Espoo, Finland
▪ While large service providers have a notable 380 Employees
presence, market is predominantly served by
hundreds of smaller local players addressing mid- Brussels, Belgium
enterprise demand at lower price-points 70 Employees
Copenhagen, Denmark
120 Employees
▪ Mid-market providers still offer full-spectrum
Cybersecurity services across MSSP, consulting, Paris, France
implementation and reselling, all in local languages 50 Employees
with regional regulatory expertise
Vienna, Austria
120 Employees
▪ Orange (France) has led recent MSSP strategic Bron, France
10 Employees
activity acquiring SecureData (UK) and SecureLink
(Belgium) in 2019 for a combined EV of $700M+
Budapest, Hungary
▪ Other regional players are beginning to explore Madrid, Spain 40 Employees
150 Employees
M&A for geographic expansion, such as Nixu
(Finland) acquiring Ezenta (Denmark) in Mar-19
Madrid, Spain Barcelona, Spain Préverenges, Switzerland Zurich, Switzerland Athens, Greece
50 Employees 50 Employees 30 Employees 250 Employees 50 Employees
Sources: Pitchbook, LinkedIn, Company Websites, Gartner Information Security & Risk Management Worldwide Forecast
Denotes Companies with listed MDR offerings. Return To Table Of Contents 104
Managed Security Services & MDR Strategic Activity Over The Past 4 Years
MDR Has Quickly Surpassed MSSP For Investment Interest, While MSSP Has Maintained Its High Rate Of M&A Activity.
Financing Activity M&A Activity

9 28
MSSP MSSP
7 7 22
MDR 6 MDR 17
5
4 4 13
1 3 2 3
-
2016 2017 2018 2019 2016 2017 2018 2019

MSSP
MSSP
$3,206 (2.8x) $190 (2.3x) $59 (4.4x) $734 (2.5x)
Median EV / LTM Rev.

$20 $10 $3 $33
Total Volume ($M) &

Total Amount Raised
($M)
MDR
MDR
$46 $241 $132 $245 -- $225 (4.1x) $24 (NA) $9 (NM)
$65 $252 $136 $278

Total
Total
$3,206 (2.8x) $415 (3.0x) $83 (4.4x) $742 (2.1x)
Select Capital Raise Transactions Select M&A Transactions

Date Target Type Lead Investor Amount ($M) Date Target Type Acquirer EV ($M)
12 Australian & New
Sep 2019 MDR $25 Oct 2019 Zealand Based MSSPs
MSSP / NA
Jun 2019 MDR $40 May 2019 MDR NA
Jun 2019 MDR $40 Feb 2019 MSSP $577
Apr 2019 MDR $23 Aug 2017 MDR $150

Momentum’s Select
Favorite Cyber Content
Intelligent Cybersecurity Trends In 2020
NTT Security Identified Five Trends To Watch In 2020 That Will Drive A Secure By Design Methodology.
I. SOAR Rockets To The Moon II. Security Goes To The Cloud

Attacks happen at machine speed and need machine-speed responses Know the risks of moving to the cloud
Steps to take in 2020 Steps to take in 2020
Embed intelligence into Test your security posture

infrastructure and applications across all types of infrastructure
75% of threats detected in NTT’s SOC are Use algorithms to recognize patterns, identify
Attacks on critical infrastructure are one
by supervised machine learning and anomalies, and automatically orchestrate security of the top five issues facing businesses Work with a security vendor that can help you
threat intelligence controls today manage security from the data center to the edge
III. Hyperscaler Patterns Continue To Be Elusive IV. Applications Are The New Attack Vector
When it comes to hyperscalers, one of these things is not like the other Applications are quickly becoming the easiest way to compromise data
Steps to take in 2020 Steps to take in 2020
Apply intelligence to security Run regular hygiene checks

around applications and workloads
NTT analyzes 19.6 billion security events App & web-app-specific attacks accounted for
every day to find the needle in the Find the right partner to get the necessary Evaluate the security hygiene of applications
over 32% hostile traffic, making them the top
haystack. intelligence to respond to breaches faster category of hostile activity
regularly and apply the necessary patches
V. Identity Is Being Redefined

It’s not only human identities that need security controls
Steps to take in 2020
Identify and secure humans, machines and applications
The identity of a digital twin will be just as important to secure, as this is where Monitor their behavior to identify anomalies that indicate a security threat
attackers will focus next
Source: Intelligent Cybersecurity

Verizon 2019 Global Data Breach Investigations Report
Data Breaches Are Prevalent Across Industries & Driven Primarily By Outsider Threats & Hacking Techniques.
Number Of Breaches & Incidents By Sector Who's Behind The Breaches? Tactics Utilized
Public 69% Perpetrated by Outsiders 52% Featured Hacking

330 23,399
Healthcare
304 466 34% Involved Internal Actors 33% Included Social Attacks
Finance
207 927
Professional 2% Involved Partners 28% Involved Malware

157 670
Information
155 1,094
5% Featured Multiple Parties 21% Were Caused by Errors
Retail
139 234
Education
39% Perpetrated by Organized Crime Groups 15% Were Misuse by Authorized Users
99 382
Manufacturing
87 352
23% Involved Nation-State or State-Affiliated Actors 4% Involved Physical Actions
Accommodation
61 87
Breaches Incidents
Source: Verizon: 2019 Data Breach Investigations Report.

The Cybersecurity Technology Consolidation Conundrum /
Organizations Are Poised To Eschew The Traditional “Best-Of-Breed” Purchasing Approach For Vendor-Consolidated Integrated Solutions.
Point Tools Problem How Will All This Play Out?

20-Plus Year Culture Of The Cybersecurity Community CISOs Will Embed Themselves In The Purchasing Cycle
▪ Security technicians test numerous products with little regard for integration or the
operational impact of this approach
▪ Sales people are conditioned to ask customers about budget dollars versus what
security challenges they want to solve 38% 46%
▪ Point tools don’t speak to one another, making end-to-end situational awareness Significantly More
difficult to analyze Involved Involved
▪ Fragmentation has increased operational overhead due to personnel having to glue

disparate tools together
A Positive Outcome For Both Vendors and Customers
The Shift to Solution-Based Purchase Decisions
Demand Side Supply Side
Key Trends
2/3
Of organizations are actively Organizational behavior is Organizations can simplify Winning vendors can garner larger
consolidating the number of shifting to an increase in security Cybersecurity technology and deals and create closer
Cybersecurity vendors with technology purchases but from
processes while improving relationships with customers
which they do business fewer vendors
prevention, detection, and response
I.
Source: Jon Oltsik, CSO: The Cybersecurity Technology Consolidation Conundrum. Enterprise Strategy Group.
Insurers Creating A Consumer Ratings Service For The Cybersecurity Industry
Program That Helps Organizations Navigate The Crowded Cyber Vendor Universe By Evaluating & Scoring Products.
Program Overview
Some of the world’s largest insurers are collaborating to assess the best Cybersecurity defenses available to businesses, highlighting the rising dangers posed by digital hackers.
The “Cyber Catalyst” program will evaluate Cybersecurity software and technology sold to businesses by collating scores from participating insurers, which will individually
evaluate the offerings, and identify the best products and services considered effective in reducing cyber risk.
Market Key Benefits
▪ Rare Growth Opportunity In Cyber-Risk Market : Other insurance lines are experiencing sluggish growth
$120B $4B 3,500

due to market maturity
▪ Insurers May Incur Fewer Claims From Hacking Disruption: This is possible if the global supply chain can
remain well-defended & insulated
▪ Potential To Highlight Weak Cybersecurity Products - Offers organizations an in-depth look into offerings
Global Spending On Information- Annual Global Cybersecurity Vendors Within A
before making a commitment to a single or multiple products
Security Products & Services Insurance Premiums Sold Fragmented Industry
Cyber Catalyst Program Participants Target Areas

Program Lead Participating Insurers Data Business Data Cyber
Breach Interruption Corruption Extortion
Will collate scores from participating insurers and

provide results to the public on its website
Technical Advisor Firewalls Encryption

Threat Monitoring Training & Incident-
Tools Response Planning
Technical Advisor to insurers but wont participate in Will evaluate Cybersecurity software and technology
the decision-making sold to businesses
Source: Wall Street Journal

Enterprise Ransomware | Through The Lens Of Threat & Vulnerability Management
Industry Report Analyzing Dangerous Vulnerabilities Trending In Real-World Malware Attacks.
Report Summary
Ransomware is one of the most damaging cyber threats facing organizations today by taking advantage of vulnerabilities across a myriad of products and vendors, with the goal of causing maximum pain for
businesses. Many businesses do not even know where to start in the fight to address their mountains of vulnerabilities; understanding which vulnerabilities and assets are the most targeted by active ransomware
campaigns enables businesses to more effectively prioritize which at-risk vulnerabilities to patch.
By The Numbers Listed 10 High-Priority Vulnerabilities Key Findings

Vulnerability (CVE) Enterprise Ransomware Hunts High-Value Assets
Global Ransomware Damage Costs Source
Code Most CVEs analyzed were tied to assets such as servers,
application servers, and collaboration tools, with 86% of
those trending in 2018 or 2019
130% Increase CVE-2010-0738 JBOSS_Application_Server
2017 $5.0B “Eternal” Exploits Remain Eternal
CVE-2012-1723 Sun/Oracle JRE MS17-010 vulnerabilities (popularized by EternalBlue and
WannaCry) continue to be popular among multiple families
of ransomware
2019 $11.5B CVE-2012-0507 Sun/Oracle JRE
Older Vulnerabilities Are Causing Big Problems
Vulnerabilities as far back as 2010 continue to be trending
CVE-2015-8651 Adobe Flash_Player with ransomware. 32% of analyzed vulnerabilities dated
57 Vulnerabilities Analyzed In Report | Distribution By Vendor & Ransomware Family
from 2015 or before
CVE-2017-0143 SMB
Vendor Ransomware Family All Analyzed Ransomware Target RCE and PE
Remote code execution and privilege escalation prove
CVE-2017-0144 SMB highly strategic for attackers and serve as important targets
for patching efforts
Other
Cerber CVE-2017-0145 SMB
8 Other Low CVSS Scores Can Carry High Risk
2 17 53% of ransomware vulnerabilities had a CVSS v2 score
24
4
27 lower than 8. Among those vulnerabilities, 80% were
5 11 GandCrab CVE-2017-0146 SMB
7 trending in the wild
5 Locky 9
6 7 9
Satan CVE-2017-0147 SMB Some Vulnerabilities Are Repeat Offenders
Princess
Locker SamSam
26% of vulnerabilities were targeted by multiple families of
enterprise ransomware, and 30% of trending vulnerabilities
CVE-2017-0148 SMB affected >1 vendors
Source: Enterprise Ransomware: Through the Lens of Threat and Vulnerability Management Return To Table Of Contents 111
U.S. Airport Networks Putting Devices & Cloud Apps At Severe Risk
Wi-Fi Vulnerability At Airports Poses A Severe Threat To Devices & Cloud Applications.
Summary Risk Rankings By Airport

Threat Index
A study published by Coronet ranked the top 45 busiest airports in the U.S. by Rating City
Score
their current cyber risk landscape, with a threat index score of 10 being the most Most Vulnerable Airports
vulnerable airport 1. San Diego 10.0 6.4
2. Orange County 8.7
▪ Airport security risks were evaluated by analyzing device and 6.4 7.1
network vulnerabilities and how insecure or deceptive networks can 3. Houston 7.5 4.5
5.1
exploit endpoint devices 4. Fort Meyers 7.1
5.2 5.3 4.9
5. Newark 7.1
5.1 6.4
▪ Study found that the majority of U.S. airports have focused more on 6. Dallas 6.8 8.7
providing a low-cost Wi-Fi solution to maximize traveler experience,
7. Phoenix 6.5 10.0 6.5
in lieu of prioritizing Wi-Fi security 6.8
8. Charlotte 6.4
5.2 5.3
5.2 7.5
9. Detroit 6.4 7.1 5.3
▪ Free airport Wi-Fi networks are often left unencrypted, unsecured, 10. Boston 6.4
or improperly configured
U.S.-Based Domestic
746M
Least Vulnerable Airports
▪ Business travelers unintentionally share information from cloud-

1. Chicago Midway 4.5
Airline Passengers In 2017
2. Raleigh-Durham 4.9
based applications with hackers, providing an entry point to their
3. Nashville 5.1
Commercial Airports In
5,000
broader organization
Washington
4.
D.C.
5.1
The U.S.
▪ Key Reinstallation Attacks (KRACK), Captive Portals, Evil Twins, ARP
5. San Antonio 5.2
Poisoning, VPN Gaps, Honeypots and Compromised Routers are
Coronet-Deemed “Acceptable
6.5
6. New Orleans 5.2
examples of airport network vulnerabilities
7. Kansas City 5.2 Risk Level”
▪ CASB and Application Security vendors provide an additional level 8. St. Louis 5.3
of protection against these security threats, while considering an 9. Miami 5.3
airport’s risk probability is also important to minimize risk 10. Tampa 5.3
Source: Attention All Passengers: Airport Networks Are Putting Your Devices & Cloud Apps At Severe Risk https://www.coro.net/airportthreats/, The 10 US Airports Where You’re Most Likely To Be Hacked, Bureau of
Transportation Statistics Return To Table Of Contents 112
+ | Whitepaper Summary
Optiv & Momentum Cyber Recently Published A Joint Whitepaper To Highlight Cybersecurity Industry Buying Trends.
2019 Security Technology Spend Insights Report

Whitepaper Overview
With hundreds of Cybersecurity companies each pitching different solutions, it can be difficult for companies to decide what merits attention. To address this issue, based on data from Optiv’s engagements with
thousands of clients seeking security solutions and supplemented by Momentum Cyber’s comprehensive proprietary database on strategic activity in the Cybersecurity space, this report covers the top five
Cybersecurity technology spending trends. In addition, it highlights five Cybersecurity technology areas that reflect marketplace activity, signaling future shifts in organizational strategy and buying trends. By
providing information on peer spending behaviors, this report delivers unique industry insights that cut through the noise and enable Cybersecurity technology buyers and influencers to make informed decisions.
Top 5 Cybersecurity Technology Spending Trends Technology Areas To Watch

Category Overview Growth ‘17-’18 Security Awareness
Endpoint Security Zero Trust Architecture
▪ IM programs ensure the right people access the right data in the right
Training
Identity
45%
manner, bringing trust and compliance to the business Revolves around protecting servers, mobile An alternative to perimeter-based security Focuses on educating people about the
devices, and other end-user devices that models. Instead of focusing on whether a threats, risks, and behaviors that influence
Management ▪ The proliferation of identities, devices, data sources, and data-access compose the majority of the attack surface user is inside or outside the network, Zero security outcomes.
controls has made identity management important to prevent attacks from malicious threats. Trust focuses on authenticating users
▪ Comprised of asset discovery and configuration, vulnerability analysis $913M before allowing them access to data. 6
Vulnerability
30%
and remediation, and the process workflow $807M
Management ▪ Device proliferation has resulted in more frequent and often unknown acquired
2
acquired
devices for organizations to manage and protect Network Security Device Security Identity Security
▪ Deals with anti-spam and the filtering out of malicious code in emails,
Email 2017 2018 2017 2018
30%
attachments, and URLs $1.4 Billion $400 Million
App Data Security Security
Capital Investment Notable Acquisition Security M&A Deals Notable Acquisition
Security ▪ Email is the most common attack vector for initial infiltration, and Security Visibility Automation
social attacks like executive fraud are on the rise

▪ Focuses on safeguarding information from potential compromise or Security Automation & Orchestration Serverless & Container Security
Data
25%
loss
Comprised of machine-to-machine execution Serverless Architecture allows companies
Protection ▪ Regulations like the GDPR have extended data privacy protections, of workflows and scripted machine-to- to build and run applications and services
50%
with significant penalties for failure to comply machine execution of tasks. Implementing in the cloud without worrying about the
• Includes controls to secure public cloud services and tools to improve this technology increases efficiency and 80% Reduction underlying infrastructure. Containers are
Cloud visibility and control of IaaS resources
25%
amplifies analyst capabilities. standardized units of software able to run
Serverless Growth
in multiple computing requirements.
Security • Public cloud adoption is 91%, and the pace of cloud activity is rapid Time Spent Evaluating Over 2018
Intelligence
with new approaches constantly being adopted
Source: 2019 Security Technology Spend Insights Report

Key Trends Driving Cybersecurity Trends
Insights Into Peer Buying Trends & Marketplace Activity Provides A Context For Thinking About Cybersecurity & How To Invest Wisely.
+ 2019 Top Five Cybersecurity Technology Buying Trends

Security Technology Spend Insight Report
Identity management solutions are focused less on the network boundary and more on access privileges and protecting critical
assets — the right motion.
Vulnerability management spending offsets the chronic shortage of cybersecurity talent and allows organizations to prioritize
vulnerabilities based on risk.
Email security investments address a top threat vector, and they will be more effective when paired with employee security
awareness and training.
Data protection focuses on where data is secured (on premises or cloud) and whether access to it is secure. Data privacy
regulations and compliance will drive spending.
Cloud security solutions are essential to bring organization-specific security processes and controls into public cloud and multi-
cloud environments.
Cybersecurity Technology Areas to Watch
Endpoint security solutions bring security standards to end-user devices and strengthen security by consolidating toolsets.
Zero Trust architecture offers an alternative to perimeter-based security models by incorporating and automating multiple layers of
security.
Security awareness training programs reflect the reality that people are the weakest link in the security chain, and they often are
paired with user behavior analytics.
Security Automation and Orchestration (SAO) enables machine-to-machine execution to increase the efficiency; threat detection,
analysis and response; and reporting.
Serverless architecture (SA) enables containers and allows businesses to provision and scale on demand without the worry and
cost of managing the underlying infrastructure.
Source: 2019 Security Technology Spend Insights Report.

+
The Top Five Cybersecurity Technology Buying Trends
+ | The Top Five Cybersecurity Technology Buying Trends
116
117
118
119
120
121
122
Notable Industry
Announcements
+ Joint Venture
Establishing A Global Standard For Evaluating And Assessing Cyber Risk For Enterprises.
Partnership Overview
The combined expertise of Moody’s and Team8 will focus on development of innovative methods and technologies that effectively
Strategic Synergies
measure and analyze Cyber risks facing global corporations to develop a Cybersecurity measurement framework.
Gained access to Cybersecurity research & innovation
Developed deeper connections to Cyber leaders across

countries and industries
Started development of new technologies & capabilities for

Experience in developing methodologies and global assessing Cyber risk
standards to measure risk
Expertise in Cybersecurity technologies, unique access to Engaged with best-of-breed product / software and security
talent, distinctive understanding of global threat landscape consulting vendors
Key Offerings
Provides objective Cyber
Assesses Cyber Works toward goal of
risk assessment for Serves as a key measure for
preparedness for companies engaging thousands of
companies to better companies when
engaging in mergers or companies to create a
understand their own Cyber purchasing Cyber insurance
acquisitions and acquired global standard for Cyber
postures and benchmark policies
companies defense and preparedness
Benchmarking against others over time M&A Cyber Insurance Global Standard
Commentary
The combination of Team8’s industry-leading knowledge and experience in There is a real necessity in the marketplace for an efficient, objective and independent
cybersecurity and Moody’s expertise in analyzing and quantifying financial risk assessment mechanism to assess the cyber posture of companies around the world.
allows for the creation of a unique capability to serve as a standard for cyber risk We are excited to embark on this journey with Moody’s and are confident that
assessment. together we can establish a first-of-its-kind global
Derek Vadala standard for evaluating the complex cyber risk. Nadav Zafrir
CEO of Joint Venture, Managing Director, Moody’s Co-Founder, CEO, Team8
Source: Recorded Future, White House Report, Palm Beach Post

Air Combat Command Announces 24th, 25th AirForce Merger
Twenty-Fourth & Twenty-Fifth Air Force Cyber Capabilities.
Merger Between Twenty-Fourth And Twenty-Fifth Numbered Air Forces Will Better Integrate Cyber Effects Synergies & Benefits
Synergies between Cyber

Intelligence, Surveillance, &
Intelligence Reconnaissance (ISR), Electronic
Warfare (EW), and Information
Operations (IO) will increase unity
of effort across capabilities
Surveillance
The integration The new IW NAF bolsters the Air
better aligns these Force’s ability to present
units with priorities electromagnetic spectrum forces
outlined in the
2018 National
Defense Strategy
and delivers the Reconnaissance Operations This will allow for the execution
first “Information of missions alongside joint and
Warfare” NAF for interagency partners
the Air Force
Commentary
Electronic Warfare Operations

The merger of 24th and 25th is the next step in leveraging and
integrating new ideas and technologies to both improve the quality
and speed of decision-making and deliver improved effects for
commanders. This formalizes the existing collaborations between
Cyber and ISR while expanding our competitive space in EW and
Information Operations IO, ultimately improving readiness and increasing lethality across
the range of military operations – all vital to the success of multi-
domain warfighting in the 21st century.
– General Mike Holmes, Commander, Air Combat Command
Source: AF Cyber: Air Forces Cyber

California Consumer Privacy Act (CCPA) vs. GDPR
With A Compliance Deadline Of January 2020, California Organizations Should Be Aware Of The Broad New Privacy Requirements
CCPA Overview Representative Data Security Vendors

In June 2018, California’s state legislature unanimously passed a new data privacy bill that will institute stringent regulations that are
entirely new to the United States. This bill sets a significant precedent in the US, following GDPR’s activation in May 2018, and
during a time when data privacy continues to be a hot-button topic in the media and with lawmakers. The bill will become
operative on January 1, 2020, and affects organizations that serve or employ California residents.
CCPA Comparison to GDPR
CCPA
General Data Protection Regulations (GDPR) California Consumer Privacy Act (CCPA)
Comparison
Scope EU personal data processed California resident’s personal data collected Narrower
Right to access California personal data collected in last 12 months, delineated between sold and
Right To Access Right to access all EU personal data processed
transferred Narrower
Right To Portability Must export and import certain EU personal data in a user-friendly format All access requests must be exported in user-friendly format, but there is no import requirement Narrower
Right To Correction Right to correct errors in EU personal data processed No included in CCPA Absent
Right To Stop Processing Right to withdraw consent or otherwise stop processing EU personal data Right to opt-out of selling personal data only; must include opt-out link on website Narrower
Right To Stop Automated Decision-
making
Right to require human to make decisions that have a legal effect No included in CCPA Absent
Right To Stop Third-Party Transfer Right to withdraw consent for data transfers involving second purposes of special categories of data Right to opt-out of selling personal data to third parties Narrower
Right To Erasure Right to erase EU personal data, under certain conditions Right to erase personal data collected, under certain conditions Similar
Right To Equal Services And Price At most, implicitly required Explicitly required Broader
Private Right Of Action Damages No floor or ceiling Floor of $100 and ceiling at $750 per customer per incident Narrower
Regulator Enforcement Penalties Ceiling of 4% of global annual revenues No ceiling – $7,500 per intentional violation, $2,500 per negligent violation Broader
Source: PWC: Your readiness roadmap for the California Consumer Privacy Act (CCPA)
Upcoming Conferences
& Events | 2020
Major Industry Conferences | 2020
Momentum Cyber Will Be Attending & Speaking At A Number of Cybersecurity Conferences Worldwide.
▪ Cybertech is the most significant conference and Security & Risk ▪ Gartner Security & Risk Management Summit
exhibition of cyber technologies outside of the provides attendees with proven practices and
Management Summit
United States, bringing together global corporates, strategies needed to maintain cost-effective security
January 28-30, 2020 June 1-4, 2020
Tel Aviv, Israel SMBs, start-ups, investors, experts, and clients National Harbor, MD and risk programs to support digital businesses
Tel Aviv Convention Center Gaylord Convention Center
▪ RSA Conference provides an opportunity to learn ▪ AWS re:Inforce is a learning conference focused on
about new approaches to info security, discover the RE:INFORCE cloud security, identity, and compliance. The event
February 24-28, 2020
latest technology and interact with top security June 30 – July 1
includes hundreds of technical sessions, a keynote
San Francisco, CA leaders and pioneers Houston, TX featuring AWS security leadership, and access to
Moscone Center George R. Brown Convention Center cloud security experts in the Security Learning Hub.
▪ SANS 2020 attracts 1,200+ Cybersecurity ▪ Black Hat is the world's leading information security
professionals who are looking to improve their event, providing attendees with the very latest in
April 5-10, 2020 security systems against the most dangerous threats. August 1-6, 2020 research, development and trends, including four
Orlando, FL SANS provides practical training that addresses the Las Vegas, NV days of technical training followed by a two-day
Hyatt Regency Orlando challenges security professionals face daily Mandalay Bay conference
▪ Global Cyber Innovation Summit is an inaugural ▪ Industrial Control Systems (ICS) Cyber Security
event that is intended to match the top-tier level of Conference is the leading global conference series
policy and business discussion found at the annual for Operations, Control Systems, and IT / OT
May 13-14, 2020 October 19-22, 2020
Baltimore Maryland World Economic Forum held in Davos Atlanta, GA Security professionals to connect on SCADA, DCS
The Sagamore Pendry Hotel InterContinental Buckhead Atlanta PLC, and field controller Cybersecurity
▪ Infosecurity Europe is the region's number one ▪ SINET Showcase provides a platform to identify and
information security event featuring over 400 SINET Showcase highlight “best-of-class” security companies that are
June 2-4, 2020 exhibitors showcasing the most relevant information November 4 & 5, 2019 addressing the most pressing needs and
London, UK security solutions and products to 19,500+ Washington DC requirements in Cybersecurity
Olympia London information security professionals National Press Club
Source: Conference Websites.

| Innovation Program Start-Up Contests
High-Value Platform For Companies To Showcase The New Ways They Are Tackling Present & Future Cybersecurity Issues.
RSA Conference 2020 Innovation Programs Overview

HUMAN
Behind every great cybersecurity company is a stroke of genius that started it all; when it comes to getting those ideas off the ground, there’s no better
ELEMENT place than RSA Conference. Launch Pad and Innovation Sandbox are part of the RSA Conference Innovation Programs, which present an opportunity
RSAC Innovation Sandbox RSAC Launch Pad for start-up companies to compete and showcase their brilliant industry solutions. Learn more about the RSAC Innovation Programs here.
RSAC Innovation Sandbox Contest | Monday, February 24 th, 2020 RSAC Launch Pad | Wednesday, February 26 th, 2020
The RSAC Innovation Sandbox Contest brings out Cybersecurity’s boldest new innovators RSAC Launch Pad is designed to give early stage startups a platform to share their brilliant
who have made it their mission to minimize risk. Each year, 10 finalists grab the spotlight for industry solutions. Three finalists will compete in a Shark Tank ®-style format to try to
a three-minute pitch while demonstrating groundbreaking security technologies to the convince Cybersecurity venture capitalists, that their soon-to-be launched product has
broader RSA Conference community. strong potential for success.
Event Details Event Details
▪ RSA Conference attendees with a Full Conference or Expo Plus Pass can watch this ▪ RSA Conference attendees with a Full Conference or Expo Plus Pass can watch these
event live on Monday, Feb 24th in San Francisco start-ups present live on Wednesday, Feb 26th in San Francisco
▪ Winner announced at 4:30 PM PT on Feb 24th ▪ Presenters will deliver a 5-minute live pitch on stage to top venture capitalists; following
▪ Click here to register for RSA Conference the pitch, these VCs will ask the presenter questions
▪ Presenters must be open to signing a convertible bond agreement with one or more of
Judges Panel
the venture capitalists

Moderator
▪ Click here to register for RSA Conference

Hugh Thompson Asheem Chandna Scott Darling Dorit Dor Patrick Heim Paul Kocher
Evaluation Criteria
Judges Panel
RSAC 2020 Top 10 Innovation Sandbox Contest Finalists What is the problem you are trying to solve? And for whom?
Ted Schlein Theresia Gouw Enrique Salem Originality & soundness of idea or product to solve problem.
How much impact / reach will the product have?

Past Conferences
& Events | 2019
’s Rethink Edge Of Chaos
November 5th, 2019 • New York, New York. | Closed Event By Invitation Only.
The Edge Of Chaos Is Known As The Space Between Order And Disorder, Said To Harvest True Productivity
Nasdaq MarketSite NYC • Tuesday, November 5, 2019 • 5:00PM – 10:00PM
The Event Will Investigate Innovation And Order Through The Prisms Of Data And Security, Attempting To
Suggest Ways In Which Enterprises Can Become Future-Ready.
Highlights
▪ Innovation & creativity have become an integral part of enterprises’ digital

transformation
Chaos ▪ In order to maintain their competitive edge, enterprises must encourage creativity and
constantly bring innovation, whether it is in solving big problems or saving on cost
Striking ▪ Can data help strike a balance between creativity, innovation, business operations and
security?
The ▪ How can enterprises use data to make better decisions that will drive business forward
Balance while maintaining their security?
Representative Speakers
▪ Security, Privacy, Collaboration, Operations - how do all the hinges work together to
Justin Berman Beth Smith Rajeev Ronanki Order create an enterprise that can provide sound, secure business both internally and
Head, Security GM, IBM Watson AI SVP, Chief Digital Officer externally in the face of ever-increasing cyber threat?
Schedule
Speakers
Adam S. Lee James Patchett Nadav Zafrir
VP,Chief Security Officer President, CEO CEO, Co-Founder Welcome Reception Keynotes Networking & Dinner
5:00PM – 6:00PM 6:00PM – 8:00PM 8:00PM – 10:00PM
Closed Event, Exclusively For Partners

CISOs, CTOs, CDOs, & CIOs
•
For More Information Visit:
rethink.team8.vc/nyc2019

Black Hat USA 2019 Conference
August 3rd – 8th • Mandalay Bay Hotel, Las Vegas.
The Black Hat USA Conference, now in its 22 nd year, is the world’s leading information security event, offering attendees insight into the very latest in information
security research, development, and trends. Black Hat’s global events are driven by the needs of the security community, striving to bring together the best minds in
the industry. Black Hat USA 2019 opens with four days of technical trainings, followed by a two-day main conference featuring briefings, trainings, and networking
events.
Conference Highlights Speakers Sponsors

Sat, August 3 – Tues, August 6 Keynote
Diamond
Dino oversees security
Training courses taught by some of the most sought-after engineering for Cash App at
Dino Dai Zovi
industry experts provide hands-on offensive and defensive Square. Prior to Square, Dino
Trainings skill-building opportunities in an effort to define and
Head, Sequity
co-founded Capsule8 and
defend tomorrow’s InfoSec landscape. security research firm Trail of
Bits.
Platinum+
Wed, August 7 – Thurs, August 8 Other Select Speakers
Briefings provide a place for security professionals to learn

the very latest in information security risks, research, and
Briefings trends as leading security researchers share their latest
findings. Itzik Kotler Christien Rioux
Andrea Carcano
Co-Founder & CPO Co-Founder & CTO Co-Founder
Wed, August 7 – Thurs, August 8
Other
Network with 19,000 security experts, cutting-edge
researchers, and leading solution providers and evaluate a
Business Hall broad range of security products and solutions presented Mike Price Brandon Edwards Ang Cui
by Black Hat sponsors. CTO Chief Scientist Chief Scientist

Black Hat USA 2019 Recap
Thought Leaders From Around The World Gathered In Las Vegas For A Week Of Networking & Mindshare.
Black Hat USA 2019 At A Glance | One Of The Largest Cybersecurity Events Of The Year
August 3rd – 8th Mandalay Bay Hotel, 22nd 19K 300+

2019 Las Vegas Year Of Operations Attendees Vendors
Select Black Hat Takeaways | Key Trends Continue To Drive Industry Innovation Notable Industry Announcements
Company Announcement
Keynote Speaker Highlighting DevSecOps / Need For Additional Automation /
“Shift Left” Movement Deepening Its Roots Integration IBM X-Force Red Reveals New 'Warshipping' Hack To
Infiltrate Corporate Networks
▪ Security “shifting left” and becoming more intertwined ▪ Trade show vendors continue to highlight automation to IOActive Researcher Discovered Boeing On-Board
in the SDLC / DevOps workflow alleviate alert fatigue and the Cyber skills shortage Network Vulnerable To Remote Hacking
▪ Need tighter feedback loops of security teams working ▪ Products can no longer work in silos; the ability to share Runtime Profiling & Anomaly Detection With Machine
with internal teams to understand challenges a greater volume and variety of data types and sources Learning To Secure Kubernetes Environments At Scale
Dino Dai Zovi across vendors is a competitive advantage
Head, Security ▪ Cultural change of increased collaboration, building
Chronicle Integration To Proactively Stream Telemetry
security responsibility into every team so Cyber risk is ▪ Cross-vendor integration and collaboration is Data Directly From Endpoints To Backstory
shared increasingly highlighted as a key value proposition
Continued Adoption Of Bug Bounty IoT Proliferation Results In An Expanding Strategic Activity Announced During Black Hat
Programs To Discover Vulnerabilities Attack Surface Date Target Buyer
M&A
8/8/19
▪ Large enterprises are expanding the scope of their bug ▪ Smart cities like Las Vegas have more potentially (Enterprise Assets)
hunting programs exploitable assets 8/8/19
▪ Apple greatly increased its payouts across its OS & ▪ Black Hat attendees demonstrated how Cyber-criminals
iCloud programs, with payouts up to $1M can hack everyday things such as hotel smart locks, ATM Date Target Investor
Financing
machines, and traffic signals
▪ Microsoft announced an isolated Azure environment 8/7/19
(Azure Security Lab) for hackers to test against IaaS cloud ▪ Increased demand for IoT security as more connected
scenarios without risk to Microsoft customers devices poses additional both physical and Cyber threats 8/5/19
Sources: CSO Online, LMG Security, Lifehacker, Armis, Darktrace, DarkReading: Boeing 787 On-Board Network Vulnerable,
Forbes: Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks, Sysdig, Tanium Return To Table Of Contents 133
Cyber Week 2019
8th Annual Event Hosted In Tel Aviv From June 23rd - 27th, 2019.
Event Overview
Cyber Week is a large annual international Cybersecurity event, hosted each year at Tel Aviv University in Israel. Over the past eight years, Cyber Week has become internationally
acclaimed as one of the top Cybersecurity events in the world. Cyber Week offers a unique gathering of Cybersecurity experts, industry leaders, startups, investors, academics,
diplomats, and government officials. Events run for a full week and include roundtables, panels, workshops, forums, BSides, competitions, and more.
Event Highlights
8,000 50 400 80 68%

Attendees Events Speakers Countries Senior Mgmt.
Distinguished Benefactor Esteemed Platinum Sponsors Select Highlighted Speakers
Platinum Sponsors Yigal Unna Maj. Gen. Prof. Isaac Ben-Israel Dame Wendy Hall
Director General, Israel National Conference Chairman, Cyber Regius Prof. Computer Science,
Cyber Directorate Week Univ. of Southampton
Hosts
Mayor Muriel E. Bowser Mike Rogers Christopher C. Krebs
Mayor of Former NSA Director, Former Director, CISA, Dept. of
Washington D.C. Head of US Cyber Command Homeland Security
Source: Conference Website

2019 Cyber Week Recap | YL Ventures Fireside Chat
June 25th, 2019 • Convene – Suramare, Tel-Aviv.
Sponsors
Times Events Speakers
7:00 PM – 7:45 PM Networking
David DeWalt Dino Boukouris Yoav Leitersdorf

Founder & Chairman Founding Director Managing Partner
7:45 PM – 7:50 PM Opening Remarks
Predictions and Key Trends

7:50 PM – 8:00 PM Regarding the Cybersecurity
Industry
8:00 PM – 8:50 PM Panel Discussion

Adam Ely Nitin Chopra Richard Seewald
VP & Deputy CISO Partner Founder & Managing
Partner
8:50 PM – 9:15 PM Questions From the Audience
9:15 PM Networking

Cyber Investing Summit Recap
May 16th, 2019 • Convene – Financial District, New York
Celebrating its fourth year, the Cyber Investing Summit was an all-day conference focusing on the widespread investment opportunities and strategies in the high growth Cybersecurity industry. The summit differs from
traditional product centered conferences by highlighting the financial side of the sector. Attendees include Chief Information Security Officers, financial analysts, venture capitalists, private equity managers, institutional and
retail investors, publicly traded firms, privately held companies, startups, and more.
Event Sponsors Keynote Speakers Additional Speakers
Exhibitors
Erel Margalit, PHD Founder Roger Thornton

Joseph Steinberg Dino Boukouris Chris Ahern Mark Hatfield Bob Ackerman
and Chairman VP of Products & Technology
Cybersecurity & Founding Director Principal Co-Founder, General Founder, MD
Emerging Technologies Partner
Partners Advisor
(Moderator)
Advisory Board
Gur Talpaz Gary Berman Merritt Maxim Gary Miliefsky Ido Li-on
Jeff Brown Bob Ackerman Director, Security CEO Principal Analyst CEO Co-Founder
CISO Founder, MD Software & Research

Momentum Cyber At The 2019 Global Cyber Innovation Summit
May 1st & 2nd • The Sagamore Pendry Baltimore, Maryland.
The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, Cyber technology innovators,
policy thought leaders, and members of the Cyber investment community to catalyze the industry into creating more effective C yber defenses. This unique,
invitation-only forum will foster a dynamic exchange of ideas, discussion and collaboration designed to drive true innovation in the efficiency and effectiveness of
global Cybersecurity strategies and solutions.
Agenda GCIS Advisory Council

Day One
Keynote Presentation - State of the Market

Panel Discussion: Leading The Charge - The Four Horseman & The
Future of Cyber
Bob Ackerman* Jim Alkove Rich Baich Mike Chertoff Roland Cloutier Raj De
Panel Discussion: Heat Map - Where's the Innovation in the Ecosystem Founder CISO CISO Chairman SVP, CSO Partner
Panel Discussion: Cyber Risk: Who's Job is It Anyway?
Panel Discussion: Cybersecurity in a Quantum Computing World

Closing Keynote Discussion: Are We Urgent Enough About AI / ML in
Cybersecurity?
Event Sponsors
Day Two
Adam Fletcher Fred Gibbins Ron Gula George Hoyem Mike Janke John Nai
GCIS Opening Keynote CISO CISO Founder Managing Partner Co-Founder CISO
Keynote - IP Theft - The Adversaries Playbook
Panel Discussion: The Government - Industry Collaboration
Panel Discussion: CISO and the Board of Directors
Panel Discussion: Frontiers in Cloud Security

Media Sponsors Douglas Powers Jim Routh John Stewart Eli Sugarman Deborah Wheeler Tom Wilson
Panel Discussion: Data Provenance - The Next Frontier
Managing Director CISO CISO Program Officer CISO CISO
Panel Discussion: Transitioning “Practice” to “Product”
Closing Keynote Interview: Cyber Security: A CEO's Perspective *GCIS Chairman

Momentum Cyber At The 2019 Global Cyber Innovation Summit
May 1st & 2nd • The Sagamore Pendry Baltimore, Maryland.
David DeWalt
Founder & Chairman
Keynote Presentation –
State of the Market Managing Director
SECURITY
Moderator: Panelists:
Panel Discussion: Leading David DeWalt Tom Gillis Wayne Jackson Mike Viscuso
The Charge - The Four Founder & Chairman SVP & GM CEO Founder & CSO
Horseman & The
Future of Cyber Managing Director
Moderator: Panelists:
Panel Discussion: Heat Roland Cloutier Eric McAlpine Matt Hicks Brian White
Map – Where's the SVP & CISO Founder & Managing Partner
Innovation In Managing Partner Director
The Ecosystem

RSA 2019 Recap
Conference Wrap-Up | 2019
RSA 2019 Theme: “BETTER.”
| By The Numbers Momentum Cyber’s Key RSA Themes

Attendees Exhibitors Sessions Lack of cyber talent continues to be a major issue even at the largest companies; Managed services
providers will pull more market share from hardware and software, particularly around detection
and response
1991 <100 - 2
Orchestration & Automation (SOAR) was at the forefront with many vendors touting their
automation and orchestration capabilities
More companies focusing on Risk & Compliance: visibility, assessment, scoring, and management
2001 10,000+ 250 149 of vulnerabilities across an organization, including third-party risk
Cloud Security vendors continue to focus on the importance of encrypting data at rest and in
motion while enabling innovation & agility across the enterprise
Zero Trust architecture continued to be a hot topic with both next-gen firewall & Identity and
2013 24,000+ 360+ 360 Access Management vendors positioning their capabilities within the ZT framework
Alphabet & Microsoft announce their in-house Security Analytics platforms; there was a lot of buzz
and activity at Microsoft Azure Sentinel and Chronicle Backstory booths
Data Privacy continues to be a major issue; expect to see Privacy as another dimension of risk
which should be part of the broader enterprise risk management activity in an organization
2019 45,000+ 700+ 620+
Too much noise (more vendors, more booths); expect to see more consolidation of vendors
deployed in network
Source: Momentum Cyber & RSA Blog.

RSAC Innovator & Entrepreneur Seminar
Seminar Is Designed To Help Those Interested In Learning More About What It Takes To Become An Entrepreneur.
Dave DeWalt (Founder & Chairman of Momentum Cyber) will be giving the opening remarks at the RSAC Innovation &
Entrepreneur Seminar on March 4th, 2019, kicking-off the opening day of the RSAC and followed by an impressive group of
security experts and investors that will dive into topics that highlight unique aspects of the entrepreneur’s journey.
This half-day info-rich seminar will explore how to start a company from stealth to exit, find funding and financing in today’s
competitive marketplace, provide an inside view of what makes a CISO take a shot on a startup, give tips and insights from brand
Dave DeWalt
makers and marketing gurus on how to rise above the noise. Each segment includes an opportunity for audience members to ask
Founder, Chairman
questions of the panelists and a networking break to meet with fellow entrepreneurs and speakers.
Time (PT) Topic Speaker

Dave DeWalt
9:00 AM – 9:10 AM Opening Remarks
Chris Wysopal Kristina Bergman

9:15 AM – 9:55 AM How to Start a Company; Fireside Chat
How to Get the CISO’s Attention - WSJ PRO Rob Sloan Geoff Belknap Tim McKnight
10:00 AM – 10:40 AM
Interviews 2 Leading CISOs
How to Rise Above the Noise - Industry Expert Mark Kraynak CP Morey Choo Kim-Isgitt
10:55 AM – 11:35 AM
Interviews 2 Successful Startup Marketing Executives
How to Find the Money - CrunchBase Interviews 2 Gene Teare Sarah Guo Ariel Tseitlin
11:40 AM – 12:20 PM
Leading Venture Capitalists
Source: RSA Conference Website
‘s RSA ReThink Trust Event Exclusively For CISOs & CIOs
Bringing Together The World-Leading CIOs & CISOs To Explore New Approaches For How Security Can Enable Business Progress.
NASDAQ Entrepreneurial Center | San Francisco, CA

March 5, 2019 | 4:30 PM – 10:00 PM
Exclusively For CISOs & CIOs
Trust used to be a one-dimensional concept. The rules of the game have changed.
Today trust is multi-dimensional and depending on the context, different models apply. Rethink Trust will explore the evolving l oss of trust in the modern
business world. Where can trust be reconstructed, redefined and where must it be transcended?
Agenda Cocktail Reception | 4:30PM - 5:00PM Keynotes | 5:00PM - 7:00PM Networking Dinner | 7:00PM - 10:00PM
Event Highlights
If you can’t trust your own environment, how do you manage your IP? If cloud implies relinquishing trust on your applications, how do you justify it? If you can’t trust the other
Models Of Trust
side with your data, how do you take leverage AI and ML? It is time to take on a more dynamic approach to trust.
The Most Fundamental In so many cases we have seen the race to leverage data outpace the sensitivity around privacy. How does a once trusted brand — whose product experience has earned it a
“Truth Of All” – People place in customer’s everyday lives, regain their trust after a breach?
Recent headlines around “the big hack - how china used a tiny chip to infiltrate US companies…” have left us all with a confused perception of what, if anything, can be trusted
Trust In Supply Chain
and given the increased sophistication and audacity of attackers, it is critical to rethink the security strategy for what happens if your supply chain is attacked.
A (brutally) honest panel - where are we over-spending? What is being neglected? Why does technology investment not always lead to improved security? By bringing these
Mythbusting Cyber unique perspectives to the forefront, we will offer an extremely relevant perspective in how to keep focused in an increasingly complex environment. The audience may be
integrated to join this “mythbusting” discussion to create a great interactive dynamic.
Partners
Webcast: RSA Conference
Industry Perspective On Innovation For Tomorrow In Today’s Cybersecurity Market.
About The Webcast

Link To Watch The Webcast: The information security company landscape is shifting rapidly. New players from media to hardware verticals are quickly acquiring traditional Cybersecurity
stalwarts. Companies like CrowdStrike, who a few years ago were considered startup darlings, are holding successful billion-dollar IPOs. Small startups that in the
https://www.rsaconference.com/ind
past might take years to gain traction are being courted by multiple venture capitalists with rounds in the tens of millions. With AI and other predictive and
ustry-topics/webcast/venture-
automated technologies applying new solutions across all security categories including firewall, endpoint, identity management and event management, it seems
capitalists-perspective-on- as though there is a huge renaissance in the B2B security industry. In this webcast, RSA Conference invites leading industry experts to share their insights into how
innovation they navigate these shifting tides and identity & support innovation in the industry.
Panelists
Cecilia Marinier (Moderator) Cecilia Marinier leads RSA Conference’s Innovation and Education efforts. She is the creator and steward of the RSAC
Program Manager Security Scholars program and RSAC College Day. In addition, she also heads up the RSAC Innovation Sandbox Contest,
RSAC Early Stage Expo and RSAC Sandbox to expose attendees to cutting-edge technologies and best hands-on practices for
the field.
Dino Boukouris
Dino Boukouris is a Founding Director at Momentum Cyber, the premier strategic advisor to the Cybersecurity industry.
Founding Member & Director
Dino has spent over 15 years in the technology industry with expertise in Cybersecurity, finance, strategy, operations,
venture capital and medical devices.
Niloofar Razi Howe Niloofar Razi Howe has been an investor, executive and entrepreneur in the Cybersecurity and technology industry for the
Cybersecurity Strategist, Entrepreneur past 25 years. Ms. Howe currently serves as a Senior Operating Partner at Energy Impact Partners, a NY based venture
capital firm, and on the boards of several Cybersecurity companies.
Patrick Heim
Patrick Heim is a senior executive with over two decades working in security spanning Fortune 500 enterprises, cloud
Operating Partner, CISO
providers as well as early stage security technology companies. He joined ClearSky, a venture fund focused on security
investments in early 2017.
Source: RSA: Venture Capitalists' Perspective on Innovation for Tomorrow in Today’s Cybersecurity Market.
Selected RSA Announcements
Many Large Cybersecurity Vendors Made Major Announcements On New Products And Strategic Initiatives.
Select Company Announcements
Company Description
▪ Unveils First Proactive Behavioral Analytics With CylancePERSONA: Proactive, native AI behavioral and biometrics analysis solution that adds user monitoring to the Company’s
suite of capabilities and augments its prevention, detection, and response capabilities
▪ Announces Mimecast Threat Center: Will leverage email, web, and anonymized user data to offer threat intelligence insights to security professionals to manage today’s evolving
threats
▪ Announces Orchestration & Automation Solution: Will help organizations reduce their Cybersecurity operations workload and quickly take the right action to contain threats and
eradicate them from their environment
▪ Announces Extension Of Container Security Platform To VMs: Includes support for virtual machines running on-premises or in public clouds
▪ Announces Industry’s First Endpoint Detection And Response Solution For Mobile Devices: Falcon for Mobile enables security teams to hunt for advanced threats on mobile
devices and provides visibility into malicious, unwanted, or accidental access to sensitive corporate data
▪ Unveiled SentinelOne Ranger To Take Endpoint Security To IoT Discovery & Enforcement: Uses endpoints to autonomously map, control, and protect every IoT and connected
device on a network
▪ Announced Integration With Chronicle’s Backstory Security Analytics Platform: Will give joint customer the best of endpoint visibility and control combined with the data
processing and intelligence of the Chronicle platform
▪ Launches Its First Commercial Security Product From Chronicle, A Security Data Platform Called Backstory: Backstory gives security analysts the ability to parse potential threats
from the avalanche of alerts, helping them more quickly pinpoint the real vulnerabilities
▪ Introduced Microsoft Azure Sentinel: Provides intelligent security analytics at cloud scale, making it easy to collect security data across the entire hybrid organization from devices
to users, to apps, to servers on any cloud
Source: Company Press Releases

& Release New Cybersecurity Platforms
These Two Tech Titans Announced Formidable Data & Analytics Platforms.
Overview
Microsoft & Alphabet each chose the week leading up to RSA to introduce their new commercial security solutions that leverages their strong cloud and computing infrastructures. Microsoft and Alphabet
have been long-standing vendors of security solutions and key partners to many security platforms, and these new solutions demonstrate their continued commitment and interest in participating in the
Cybersecurity industry.
Sentinel
Azure Sentinel is a cloud-native SIEM that collects data to uncover and investigate threats, and Backstory is a security data & threat intelligence platform that extracts signals from security telemetry
respond to incidents with orchestration and automation. to find threats instantly
Unparalleled Telemetry Embedded Threat Signals To Boost Productivity With

Collect Detect Investigate Respond Storage At A Low, Fixed Price Immediately Find Issues Strategic Automation
Detects previously uncovered Investigates threats with AI Infinitely Elastic Built-In Threat Signals More Volume
Collects data at cloud-scale Responds to incidents rapidly
threats and minimizes false and hunts suspicious
across all users, devices, with built-in orchestration
positives using analytics and activities at scale, leveraging Unparalleled Storage Global Data, Local Results Faster Answers
apps, and infrastructure, both and automation of common
unparalleled threat decades of Cybersecurity
on-premise and in the cloud tasks
intelligence from Microsoft work at Microsoft Easy To Manage Smarter Over Time Automatic Threat Detection
Potential Market Impact

▪ While both releases are early versions of the products, Microsoft & Alphabet both have extensive resources and top engineering talent, which can enable rapid growth in these highly competitive industries
▪ Chronicle has already announced a differentiated pricing model based on the size of the customer rather than consumption; the Sentinel pricing model has not yet been announced
▪ Azure & Google Cloud are both major public cloud providers, which may factor into the potential integration sources and deployment options for these solutions
▪ Both should be considered as potential acquirers of complementary solutions that will extend their capabilities and could leverage the massive data and scalability that is imbedded in both platforms
Other Notable Security Analytics Vendors
Source: Gartner, Company Websites, Public Press Releases

Sandbox Finalists: Exits & Amount Raised
The Sandbox Brings Out The Year’s Top Cybersecurity Innovators Who Have Made It Their Mission To Minimize InfoSec Risk.
2019 2018 2017 2016 2015
Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer
* 2017 $37.0 -- * 2015 $146.2 -- 2015 $125.0 -- 2013 $160.0 -- 2012 $390.0 --
2016 $30.0 -- 2015 $99.0 -- 2014 $122.0 -- 2013 $82.5 2013 $230.0 --
(Mar ’19: $35M)
2016 $29.3 -- 2015 $42.0 -- 2014 $92.0 -- 2014 $73.9 -- 2012 $222.7 --
2016 $21.0 -- 2014 $39.0 -- 2015 $21.8 -- 2013 $67.0 -- 2011 $51.7 --
(Jan ‘18)
2016 $20.7 -- 2016 $35.0 -- * 2015 $20.0 -- 2012 $57.4 -- 2012 $23.0
(Apr ‘18)
2016 $13.1 -- 2014 $31.2 -- 2015 $16.5 -- 2014 $43.3 -- 2012 $9.8
(Mar ‘19)
2017 $11.1 -- 2016 $31.1 -- 2012 $13.4 2014 $34.0 -- 2013 $6.7 --
(Aug ‘19)
2017 $10.8 -- 2015 $16.8 -- 2015 $11.3 2014 $30.0 -- 2014 $6.2 --
(Oct ‘18: $173M) (Nov ’18: $16M)
2013 $8.4 -- 2017 $2.0 -- 2014 $5.3 2013 $25.0 2013 Undisclosed --
(Jun ’19) (Jul ’18: $141M)
2014 $3.0 -- 2015 Undisclosed (Mar ‘19)

2016 $5.0 -- * 2014 $22.7 (Feb ’18: $350M) * 2002 Undisclosed --
2014 2013 2012 2011 2010
Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer Company Founded Amt. Raised ($M) Acquirer
2012 $327.0 2011 $130.0 -- 2010 $345.5 -- 2007 $108.5 -- 2007 $108.5 --
(Nov ‘18: $1.4B)
2013 $96.8 -- 2011 $115.9 (Sep ’19)

2011 $223.3 -- 2010 $81.4 -- 2008 $26.9
(Oct’ 12: $350M)
2011 $53.7
(Aug ‘17)
2012 $106.7
(Nov ’17: $600M)
2008 $157.2
(Nov ’19)
* 2009 $76.5 * 2007 $17.2
(Feb ’17: $120M) (Dec’ 10: $95M)
2011 $36.0 2012 $58.4 -- 2010 $125.9 -- 2006 $45.9 2000 $12.0
(Feb ‘17: $105M) (Jul ’14) (Nov ‘16: $70M)
2012 $33.0 -- 2011 $56.2 -- 2005 $63.8 --

Out of Business 2008 $26.9 2011 $3.0 --
(Oct ’12: $350M)
* 2011 $28.6
(Aug. ’17: $60M)
2008 $5.0
(Oct ’13)
2011 $29.3
(Oct ’18: $175M)
2007 $11.2 --
Out of Business 2004 Undisclosed
(Jun ‘12)
2012 $27.5
(Apr ‘16)
2011 $3.5
(May ’16)
* 2011 $27.3
(Nov ’18: $10M)
2008 $9.6
(Jun ’14)
2009 Undisclosed
(Aug’ 11: $30M)
2012 $27.5 2012 $2.4 2010 $9.0 2008 $9.0 -- 2007 Undisclosed
(Jul .‘17: $200M) (Aug ’14) (Jan ’14: $9M) (Jul’ 15: $15M)
2010 $17.3
(Feb ‘16: $145M)
* 2012 $2.4
(Jul ’15: $20M)
2011 $4.5 -- 2007 Undisclosed (Aug ’15: $5M)
1998 Undisclosed --
2012 $9.5 2012 $0.1 -- 2010 Undisclosed 2009 Undisclosed (Feb ’14) 2004 Undisclosed --
(May ‘14: $49M) (Feb ’13: $17M)
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database & RSA Conference Website. All funding data is as of December 31st, 2019.
Note: * Denotes RSA Sandbox Winner. Return To Table Of Contents 146
Sandbox Winners
Axonius Wins 2019 RSA Sandbox, Joining A Select Group Of Previous Winners Over The Past Decade.
RSA 2019 Sandbox Winner RSA Sandbox Winners

Company Overview Year Company HQ Founded Amt. Raised ($M) Sector Exit
Axonius’ Cybersecurity Asset Management Platform provides actionable visibility and security
policy enforcement for all assets (e.g. desktops, laptops, servers, cloud instances, mobile devices,
IoT, etc.) and users by aggregating existing business data from 100+ management and security 2019 New York, NY 2017 $37.0 Risk & Compliance --
Description solutions. By enabling ongoing, automated security policy validation and decreasing time, money
and resources spent gathering critical information, Axonius eliminates onerous Cybersecurity asset
management tasks for organizations while increasing the overall value and efficiency of 2018 Tel Aviv, Israel 2015 $146.2 Data Security --
Cybersecurity investments.
Identity & Access

2017 San Francisco, CA 2015 $20.0 --
Management
Security Operations &

Founders / 2016 Palo Alto, CA 2014 $22.7
Incident Response
Management Feb ’18: $350M
Dean Sysman Avidor Bartov Ofri Shur Nathan Burke

2015 Dublin, Ireland 2002 Undisclosed Application Security --
Co-Founder, CEO Co-Founder, CTO Co-Founder CPO CMO
Security Operations &

Founded 2017 2014 Baltimore, MD 2011 $28.6
Incident Response
Aug. ’17: $60M
HQ New York, NY
Total Raised $37.0M Select Investors 2013 San Mateo, CA 2012 $2.4 Mobile Security
Jul ’15: $20M
Platform Overview
2012 San Francisco, CA 2011 $27.3 Mobile Security
Universal Device Visibility Connect Existing Solutions Go From Visibility to Action Nov ’18: $10M
Provides a universal 2011 Fairfax, VA 2009 $76.5 Endpoint Security

view of all devices in Easily integrates with Extensible platform Feb ’17: $120M
order to identify all management and with plugins for cross-
devices security technologies device functionality Network &
2010 Redwood City, CA 2007 $17.2
Infrastructure Security
Dec’ 10: $95M
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database & RSA Conference Website.
VII. Buyer Spotlight
VI.
Select Active Cybersecurity Buyer Summaries
Profiles On Top Cybersecurity Strategic Buyers.
# of Cyber Acquisitions Disclosed Deal Value Market Cap ($M) / # of Cyber Acquisitions Disclosed Deal Value Market Cap ($M) /
Company Company
Since 2014 Since 2014 ($M) Ownership Since 2014 Since 2014 ($M) Ownership
13 $7,622 5 $118 $2,767
12 $3,846 $203,638 5 $154 $534
12 $2,170 $22,653 5 NA
12 $914 $6,480 4 $34 $3,232
9 $274 4 $117 $2,689
8 $464 $13,959 3 $18 $13,983
8 $541 $5,695 3 $370 $7,186
7 $738 $20,954 3 $1,415 $5,813
6 $375 $16,892 3 $53 $2,105
6 $2,007 $3,530 3 $160
6 $1,625 $3,508 2 $45 $916,154
5 $635 $1,203,063 2 $13 $5,950
5 $139 $923,760 2 $78 $2,347
5 $189 $118,706 2 $113 $1,547
5 $689 $22,826 2 $86
5 $78 $18,260 2 $59 $688
5 $115 $4,407 1 $315 $90,968
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, CapitalIQ. Market Data as of December 31st, 2019.
VIII. Sectors In Focus
VII.
Sectors In Focus
A Deep Dive Into All 46 Sectors Across The Cybersecurity Landscape.
Cybersecurity Sector Cybersecurity Sub-Sector Page
Network & Infrastructure Security Advanced Threat Protection 152 scape 2020
Network & Infrastructure Security NAC 153 Network & Infrastructure Security Web Security Endpoint Security Application Security
Network & Infrastructure Security SDN 154 Endpoint Prevention
Network & Infrastructure Security DDoS 155 Advanced Threat

a
Protection
Network & Infrastructure Security DNS 156 Page 152 ICS + OT Endpoint Prevention WAF & Application Security
Network & Infrastructure Security Network Firewall 157 Page 159 Page 162 Page 164
Network & Infrastructure Security Deception 158
Network & Infrastructure Security ICS + OT 159 NAC SDN DDoS DNS Web Security
Network & Infrastructure Security Network Analysis & Forensics 160 Page 153 Page 154 Page 155 Page 156 161
Web Security - 161 Network
Endpoint Security Endpoint Prevention 162 Network Firewall Analysis & Endpoint Detection & Response Application Security Testing
Endpoint Security Endpoint Detection & Response 163 Page 157 Forensics Page 163 Page 165
Application Security WAF & Application Security 164 Deception Page 160
Application Security Application Security Testing 165 Page 158
MSSP Traditional MSSP 166 MSSP Data Security Mobile Security
MSSP MDR 167

Traditional MSSP MDR Encryption DLP Data Privacy Data-Centric Security Mobile Security
Data Security Encryption 168
Page 166 Page 167 Page 168 Page 169 Page 170 Page 171 Page 172
Data Security DLP 169
Data Security Data Privacy 170
Risk & Compliance Security Ops & Incident Response Threat Intelligence IoT Messaging Security
Data Security Data-Centric Security 171 S IE M
Mobile Security - 172 IoT Devices

Risk & Compliance Risk Assessment & Visibility 173 Risk Assessment & Visibility Security Ratings Page 189
Risk & Compliance Security Ratings 174 Page 173 Page 174
SIEM
Risk & Compliance Pen Testing & Breach Simulation 175 Threat Intelligence Messaging Security
Page 183 Automotive
Pen Testing & Sec. Awareness & Page 186 Page 192
Risk & Compliance GRC 176 GRC Page 190
Risk & Compliance Security Awareness & Training 177 Breach Sim. Training
Page 176
Identity & Access Management Authentication 178 Page 175 Page 177 Connected Home
Identity & Access Management IDaaS 179 Page 191
Identity & Access Management
Identity & Access Management Privileged Management 180 Digital Risk Management Security Consulting & Services
Identity & Access Management Identity Governance 181 Security Incident Response Social Media & Digital Security Consulting & Services
Identity & Access Management Consumer Identity 182 Authentication Page 184 Risk Management Page 193
Security Ops & Incident Response SIEM 183 Page 178 Page 187
Security Ops & Incident Response Security Incident Response 184 Blockchain Fraud & Transaction Security
Security Ops & Incident Response Security Analytics 185 IDaaS Blockchain Fraud & Transaction Security
Threat Intelligence - 186 Page 179 Page 194
Page 188
Digital Risk Management - 187 Privileged Management
Blockchain - 188 Page 180 Security Analytics Cloud Security
IoT IoT Devices 189 Identity Governance Page 185
IoT Automotive 190 Page 181 Container Infrastructure CASB
IoT Connected Home 191 Consumer Identity Page 196 Page 195 Page 197
Messaging Security - 192 Page 182
Security Consulting & Services - 193
Fraud & Transaction Security - 194
Cloud Security Infrastructure 195
Cloud Security Container 196
Cloud Security CASB 197

Network & Infrastructure Security | Advanced Threat Protection
Innovative & Automated Solutions Are Needed To Combat The Advanced, Ever-Changing Threat Landscape.
▪ The Advanced Persistent Threat Protection market is expected to grow from $4.3B in 2019 to $9.4B by 2023 (CAGR of 21.6%)
▪ Advanced Persistent Threats are sophisticated, malicious attacks that aim to illicitly capture information or otherwise inflict damage while going unnoticed by security software
▪ Vendors that offer Advanced Threat Protection platforms locate & remediate malware. zero-day threats, phishing attacks, & other malicious activity before they compromise networks by scanning network
traffic & analyzing unusual activity
▪ Advanced Threat Protection offers integrated solutions, including endpoint, network, email, & malware defense, to provide real-time network visibility, threat context, & data awareness to security
organizations, enabling them to prevent attacks
▪ Blue Hexagon provides an automated ▪ Corsa creates network security tools that Advanced Threat Protection Strategic Activity
enterprise network threat defense platform enable enterprises to control SSL traffic
that prevents cyber threats in real-time efficiently & securely Financing Activity
13 $87.9
8 $75.2
▪ The Company’s deep learning platform is ▪ The Company’s network virtualization
used to scan network traffic for data curation, platform increases operational efficiency,
threat detection, attribution, & correlation deploys in minutes to inspect traffic for 100% 2018 2019 2018 2019
Founded: 2017 and delivers threat verdicts in less than a Founded: 2013 visibility, and is vendor agnostic Number of Deals Total Amount Raised ($M)
HQ: Sunnyvale, CA second HQ: Ottawa, Canada M&A Activity

▪ Its private cloud, turnkey security approach is 3 2 $162.8
▪ Its neural network requires minimal updates simple to maintain & maximizes flexibility by $30.0
Amt Raised: $62.9M Amt Raised: $38.6M
and can be used to orchestrate prevention expanding with capacity needs without
CEO: Nayeem Islam across all existing security products in the CEO: Eduardo Cervantes compromising performance 2018 2019 2018 2019
event of an attack Number of Deals Total Disclosed Amount ($M)
▪ Lastline develops an enterprise security ▪ ReversingLabs offers a file intelligence Other Vendors
platform that detects & defends against technology platform that performs real-time
advanced network malware deep inspection & automated analysis of all
content entering an environment
▪ Its AI-based platform eliminates false positives
& completely automates threat response ▪ Its hybrid cloud platform, which integrates
workflows to enable faster defense against with EDR, SIEM, Sandboxes, etc., reduces
Founded: 2011 sophisticated attacks Founded: 2009 incident response times & provides detailed
HQ: San Mateo, CA HQ: Cambridge, MA threat information for security analysts
▪ The Company’s sandbox technology
deconstructs malicious behavior & identifies ▪ The Company’s automated static analysis
unique file behaviors that other tools fail to analyzes objects in as few as 0.005 seconds,
CEO: John DiLullo detect CEO: Mario Vuksan prioritizing the highest risks with actionable
details
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Radicati Group: Advanced Persistent Threat Protection Market 2019-2023,
Digital Guardian: What is ATP?, NetScout: Threat Report 1H 2019, & FireEye: M-Trends 2019 Return To Table Of Contents 152
Network & Infrastructure Security | NAC
NAC Evolving As Network Enterprise Is Expanding Beyond The “Traditional” Secure Walls.
▪ The Network Access Control (NAC) market is expected to grow from $0.9B in 2017 to $2.1B by 2022 (CAGR of 17%), driven by the increasing number and diversity of endpoint devices and operating
systems, with the top 3 vendors (Cisco, Forescout, & HPE Aruba) having 70%+ market share as of 2017
▪ Emerging trends driving NAC demand are the growth of IoT (45B connected devices by 2023), mobility, BYOD, security orchestration, & cloud
▪ NAC evolving beyond “traditional” AAA (Authentication, Authorization, & Accounting) functionality with vendors developing improved visibility, agentless technology, granular policy settings, classification,
segmentation, and contextual awareness
▪ Next-gen NAC providers are delivering solutions for profiling, guest access, & BYOD on-boarding, with the ability to facilitate bi-directional communication with other network IT & security solutions
▪ Pulse Secure offers comprehensive Secure ▪ Forescout provides device visibility, as well as NAC Strategic Activity
Access solutions that provide visibility and control and complete situational awareness of
seamless, protected connectivity between enterprise and government environments Financing Activity
6
users, devices, things and services $42.1
▪ Its NAC solution offers real-time visibility and 2 $31.7
▪ Pulse Policy Secure is a next-gen NAC that control of devices the instant they join a
empowers admins to define, implement & network 2018 2019 2018 2019
Founded: 2009 enforce policy with the flexibility to enable Founded: 2000 Number of Deals Total Amount Raised ($M)
▪ Its technology continuously scans networks &
HQ: San Jose, CA endpoint discovery, monitoring or alerting or HQ: San Jose, CA M&A Activity
monitors the activity of known, company-
invoke strong enforcement
owned devices, as well as unknown devices 1 1 $20.0
Acq. By: Market Cap: $1.5B --
▪ The company delivers suites that uniquely such as personally owned & rogue endpoints
CEO: Sudhakar integrate cloud, mobile, application and CEO: Mike DeCesare regardless of where that networks exists 2018 2019 2018 2019
Ramakrishna network access to enable hybrid IT Number of Deals Total Disclosed Amount ($M)
▪ Netshield is a provider of cost-effective ▪ Portnox develops a cloud-based risk Other Vendors

security solutions for SMEs to enhance their assessment platform that allows CISOs to see,
cyber-risk mitigation strategies control, react, and manage the risk networks
face for any user & any device, anywhere
▪ The Company’s platform delivers critical NAC
to ensure only trusted assets access corporate ▪ It offers a cloud-delivered NAC solution that
networks while providing real-time defense provides actionable network visibility and risk
Founded: 2013 against cyber attacks Founded: 2007 management of endpoints in any
HQ: Nashua, NH HQ: Raanana, Israel environment
▪ It also offers zero-day malware & phishing
attack real-time quarantine, MAC-spoof ▪ It provides complete visibility of all devices
Amt Raised: $7.2M Amt. Raised: NA
detection, TLD blocking, comprehensive the moment they connect to the network,
CEO: Nick Unger auditing, vulnerability assessments, & CEO: Ofer Amitai helping businesses optimize infrastructure
compliance reporting / enforcement while guaranteeing security & compliance
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, and Frost & Sullivan: Network Access Control (NAC) Market.
Market Data as of December 31st.
Network & Infrastructure Security | SDN
Securing Data Access Across An Expanding Surface Is Driving Demand For Solutions To Simplify Network Control.
▪ The broader SDN market is expected to grow from $8.8B in 2018 to $28.9B by 2023 (CAGR of 26.8%); security products and services are a key subset of this market
▪ The rise of cloud, globalization, mobile devices, and IoT has led to more users, devices, applications, services, and data being located outside of the enterprise, resulting in an increased complexity of
managing networks that is difficult to handle with traditional network security architectures
▪ Managing many devices across a range of potentially unsecure environments has triggered the development of scalable solutions that leverage a software layer to provide secure access to distributed devices
▪ The desire for centralized network control and optimization, simplified security, and improved bandwidth quality has fueled the growth of SD-WAN solutions that combine integrated security solutions (e.g.
next-gen firewall) with flexible network security architectures
▪ Versa Networks provides enterprises and ▪ Tempered Networks offers an IIoT SDN Strategic Activity
managed service providers with SD-WAN Cybersecurity platform that enables for the
software and services secure networking of any device, virtual or Financing Activity
physical machine, and cloud environment
▪ The Company’s software is built from the 4 $45.8
across both IT and OT environments 2
$15.0
ground up with integrated stateful firewalls,
next-gen firewalls, segmentation of data, and ▪ It places a software-defined identity layer on 2018 2019 2018 2019
Founded: 2012 UTM, while providing flexible network Founded: 2012 top of the traditional TCP/IP architecture, Number of Deals Total Amount Raised ($M)
HQ: San Jose, CA management and context-aware policy based HQ: Seattle, WA allowing for mutual device authentication, M&A Activity
on user, device, application, and location micro-segmentation, etc. $113.9
2 2
▪ Its solutions allow organizations to achieve ▪ Its solutions enable organizations to ensure -
CEO: Kelly Ahuja both security and scalability in a network that CEO: Jeff Hussey trusted communications, while eliminating
2018 2019 2018 2019
is easy to operate and analyze the need for internal firewalls, VPNs, etc. Number of Deals Total Disclosed Amount ($M)
▪ Cybera offers a purpose-built SD-WAN ▪ Cyxtera provides data centers and secure, Other Vendors
platform that empowers organization to integrated infrastructure platforms for critical
rapidly deploy, secure, and optimize new applications and systems,
cloud-based applications and services
▪ Its Cybersecurity solutions, such as software-
▪ The Company’s solutions are provided defined perimeter and threat management,
through a single plug-and play device that dynamically control access to networks based
Founded: 2001 surrounds each application with a customized Founded: 2017 on what users and doing and where
HQ: Franklin, TN network HQ: Coral Gables, FL ▪ Its software-defined perimeter solutions
▪ Its solutions enable organizations to enable better network security compared to
Acq. By Acq. By:
consolidate multiple network functions into a VPNs, NACs, and firewalls, while still being
CEO: Andrew Lev single edge appliance, while reducing the CEO: Manuel Medina distributed and scalable
environment’s cyber-threat profile
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Network World: A Network for All Edges: Why SD-WAN, SDP, and the Application Edge Must Converge
in the Cloud, Network World: Cisco assesses the top enterprise SD-WAN technology drivers, Gartner: The Future of Network Security Is in the Cloud, and Talari: What Are the Main Drivers of SD-WAN Adoption? Return To Table Of Contents 154
Network & Infrastructure Security | DDoS Protection
Increasing Frequency, Complexity, & Impact Of Network Attacks Is Driving Demand For Robust DDoS Protection.
▪ The global DDoS (distributed denial-of-service) protection market is expected to surpass $3B by 2024, growing at a CAGR of 21%, as the number of DDoS attacks is expected to increase to 17M by 2020
▪ DDoS attacks overwhelm servers, networks, or surrounding infrastructure with a flood of internet traffic to disrupt normal traffic and exhaust target resources
▪ The widespread adoption of IoT devices across verticals and accessibility of effective attack tools to hackers is increasing DDoS attack complexity and is driving significant investment by global DDoS
vendors into solutions with more robust networks and a wider variety of mitigation techniques
▪ DDoS attacks are being conducted more frequently via rented botnets and executed across multiple attack vectors, increasing the scope and risk of an attack
▪ Cloudflare provides a web performance and ▪ Akamai offers globally distributed intelligent DDoS Protection Strategic Activity
security platform designed to stop large edge platforms for services across edge
attacks on the DNS system security, web and mobile performance, and Financing Activity
$159.1
OTT solutions
▪ The Company’s advanced DDoS attack 2
5
$12.5
protection solution uses a layered security ▪ The Company’s security platform protects the
approach that combines multiple DDoS entire architecture core to secure websites, 2018 2019 2018 2019
Founded: 2009 mitigation capabilities into one service Founded: 1998 applications, APIs, and users Number of Deals Total Amount Raised ($M)
HQ: San Francisco, CA ▪ Cloudflare can handle any modern distributed HQ: Cambridge, MA ▪ Its Prolex Routed solution mitigates DDoS M&A Activity
attack including Layer 3, Layer 4, DNS attacks in the cloud and at the edge, 1
Market Cap: $5.1B Market Cap: $15.2B -
amplification, SMURF, Layer 7, and DNS increasing the speed and effectiveness of -- -
CEO: Matthew Prince reflection attacks CEO: Tom Leighton attack response
2018 YTD 2019 2018 2019
Number of Deals Total Disclosed Amount ($M)
▪ L7 Defense provides an AI-based defense ▪ Stackpath provides a secure edge platform Other Vendors
system to mitigate DDoS attacks automatically that enables developers to protect, accelerate,
and efficiently in real-time and innovate cloud properties
▪ The Company’s Ammune platform identifies ▪ The Company’s platform mitigates DDoS
the most malicious patterns from traffic with attacks through an advanced architecture that
real-time, unsupervised learning technology redirects DDoS attacks into sinkholes across
Founded: 2015 Founded: 2015 every server and edge location for any size of
▪ Its platform offers protection from the most
HQ: Be’er Sheva, Israel HQ: Dallas, TX attack
dangerous AI-driven IoT botnet attacks as well
as from attacks utilizing older generations of ▪ Its application layer protection solutions offer
botnet technologies advanced DDoS threshold configuration, JS
CEO: Doron Chema CEO: Lance Crosby validation techniques, and real-time data and
insights
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Market Research Engine: DDoS Protection Market –Global Forecast by 2018-2024,
Mordor Intelligence: DDoS Protection Market—Growth, Trends, And Forecast (2019-2024). Market Data as of December 31st, 2019. Return To Table Of Contents 155
Network & Infrastructure Security | DNS Security
Digital Transformation Inverts Network & Security Design Patterns, Shifting Security Management Vendors’ Focuses.
▪ The Domain Name System (DNS) Security global market is expected to grow from $803.6M in 2018 to $5.9B in 2024 (CAGR of 64.4%)
▪ DNS are decentralized naming systems for devices connected to a network, with the purpose of translating domain names to IP addresses required for identifying services and devices
▪ DNS demand continues to grow, driven by the widespread adoption of cloud computing, the upcoming implementation of 5G networks, and the continued integration of the internet into daily life
▪ Improved technology and the development of cyberattacks via DDoS, domain hijacking, and cache poisoning have increasingly driven vendors companies to create more robust and flexible solutions
▪ Cisco offers network security and recursive ▪ Cyren provides information security solutions DNS Security Strategic Activity
DNS services for all enterprises through its for protecting the web, email, and mobile
security segment transactions Financing Activity
$37.3
▪ The cloud security network stops threats over ▪ Its security technology solutions allows for 2 $16.5
1
all ports and protocols — even direct-to-IP easy-to-use web filter and security by blocking
connections and routes requests to risky access to malicious sites and stopping
Founded: 1984 domains to a selective proxy for deeper URL Founded: 1991 inappropriate/offensive web use
2018
Number of Deals
2019 2018 2019
Total Amount Raised ($M)
HQ: San Jose, CA and file inspection HQ: McLean, VA M&A Activity
▪ The Cybersecurity platform also filters
1
▪ Its platform protects on-network devices, off- malicious HTTP and HTTPS destinations as
Market Cap: $207.9B Market Cap: $75.7M -- --
network laptops, and mobile devices from well as known phishing and ransomware sites, --
CEO: Charles Robbins threats without operational complexity CEO: Brett Jackson leveraging real-time threat intelligence 2018 2019 2018 2019
▪ Infoblox develops network infrastructure ▪ BlueCat Networks provides an Adaptive DNS Other Vendors
automation and security software designed to platform, a scalable solution enabling lower
control and secure networks from the core latency & enhanced visibility into enterprise
infrastructure
▪ The Company's actionable network
intelligence prevents data exfiltration and ▪ Its platform restricts leverages granular DNS
boosts efficiency by automating all DNS, logs & robust API integrations to enable full
Founded: 1999 DHCP and IPAM activities through a single, Founded: 2001 visibility, reporting, auditing, & protection
HQ: Santa Clara, CA unified platform HQ: Toronto, ON across existing IT infrastructure
▪ Its platform ensures that application traffic ▪ The BlueCat platform enables simple,
Acq. By Acq. By
always routes to the most optimal servers and automated IT administration & reporting,
CEO: Jesper Andersen routes away from unavailable servers or data CEO: Michael Harris across hardware, public cloud, & VM
centers to active ones environments
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, MarketWatch: DNS Security Software Market,, Zion Market Research: DNS Service Market,
SecurityTrails: The Most Popular Types of DNS Attacks Return To Table Of Contents 156
Network & Infrastructure Security | Network Firewall
Digital Transformation Inverts Network & Security Design Patterns, Shifting Security Management Vendors’ Focuses.
▪ Rapid digitization of businesses in addition to the proliferation of edge computing have inverted access and frictionless data transfer requirements; more and more users, devices, applications, services, and
data are decentralized enterprise data and are increasingly located outside of the traditional enterprise perimeter
▪ Complexity, latency and the need to decrypt and inspect encrypted traffic has increased demand for consolidation of networking and security-as-a-service capabilities into a cloud-native SASE (Secure
Access Service Edge)
▪ Next-Generation Firewalls are moving beyond port / protocol inspection and blocking, adding capabilities such as application-level inspection and intrusion prevention, as well as incorporating threat data
from outside the firewall
▪ Cato Networks provides secure managed SD- ▪ OPAQ Networks’ cloud platform enables Network Firewall Strategic Activity
WAN services, built with the global reach, self partners to deliver enterprise-grade SaaS
service, and agility of the cloud solutions on infrastructure purpose-built for Financing Activity
security and hyperscale performance $293.9
▪ The Company replaces MPLS and multiple 4
3 $58.5
networking and security point solutions with a ▪ The Company’s single cloud console enables
converged WAN transformation platform built service providers to centrally monitor security 2018 2019 2018 2019
Founded: 2015 for the digital business Founded: 2013 performance & compliance maturity, manage Number of Deals Total Amount Raised ($M)
HQ: Tel Aviv, Israel HQ: Herndon, VA security infrastructure, and enforce policies M&A Activity
▪ Cato Networks provides a SASE platform that
converges SD-WAN and a full network ▪ OPAQ provides Security-as-a-Service by 2
Amt Raised: $125.0M Amt Raised: $45.8M 1 $5.5
security stack to provide enterprise network delivering the core SASE components such as -
CEO: Shlomo Kramer and security capabilities to all edges CEO: Glenn Hazard Secure Web Gateways and FWaaS to protect
2018 2019 2018 2019
digital business transformation investments Number of Deals Total Disclosed Amount ($M)
▪ Untangle helps small-to-medium businesses ▪ Secucloud provides telecommunications and Other Vendors
and distributed enterprises optimize their mobile technology companies with a
networks and safeguard their data and devices comprehensive, cloud-based security system
▪ Its NG Firewall solution provides a browser- ▪ Secucloud combines SD-WAN with cloud-
based, responsive, and intuitive interface, based network security such as FWaaS or
enabling clients to quickly gain visibility into Secure Web Gateways to protect all
Founded: 2003 the traffic on the network Founded: 2013 enterprise locations, mobile users and cloud
HQ: San Jose, CA HQ: Hamburg, Germany resources
▪ The Company’s Network Security Framework
provides cloud-managed security and ▪ The Company links machine learning
Acq. By Amt Raised: $0.7M
connectivity options to ensure protection, technology with the multi-source input
CEO: Scott Devens monitoring, and control across the digital CEO: Dennis Monner network to rapidly classify domains, URLs, IPs,
attack surface and files with coverage, accuracy and speed
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Gartner: The Future of Network Security Is in the Cloud, Gartner: Next-generation Firewalls
(ngfws), MarketsAndMarkets: Network Security Firewall Market worth $5.3 billion by 2023, Network World: Secure Access Service Edge (SASE): A reflection of our times Return To Table Of Contents 157
Network & Infrastructure Security | Deception
Increased Market Demand For Solutions That Reduces Dwell Time By Filling The Detection-To-Infection Gap.
▪ The frequency and complexity of data breaches are resulting in a growing need for solutions where the defender can quickly detect attacks, learn the attacker’s tactics, and create an offensive
playbook of countermeasures to outsmart their adversary
▪ Defenders are given a rare advantage against attackers with deception technology through using early and accurate detection by laying a minefield of attractive decoy systems and content to
trip up attackers and change up the balance of power
▪ The deception technology market size is estimated to grow from $1.0B in 2016 to $2.1B by 2021 (CAGR of 15.1%)
▪ Illusive develops software that utilizes ▪ Attivo Networks is a developer of a deception Deception Strategic Activity
deception technology that creates an technology designed to detect, analyze and
alternate reality, transparently woven into the accelerate response to cyber-attacks Financing Activity
existing network that identifies attackers, 2
▪ The Company's Deception and Response 1 $23.2
triggers high-fidelity alerts, and provides an
Platform detects advanced intrusions in $1.8
endless source of false information, disrupting
networks, public and private data centers and
attacks 2018 2019 2018 2019
Founded: 2014 Founded: 2011 specialized environments Number of Deals Total Amount Raised ($M)
▪ It enables clients to proactively harden their M&A Activity

HQ: Tel Aviv, Israel HQ: Fremont, CA ▪ Provides enterprises with auto-correlated
environment, detect the early presence of an $1.1
analysis and lateral movement tracking for 1 1
Amt Raised: $30.0M attacker, and act first, before they reach Amt Raised: $56.1M evidence-based alerts, forensic reporting, --
critical systems and data
automatic blocking and quarantine of attacks
CEO: Ofer Israeli CEO: Tushar Kothari 2018 2018 2018 2019
▪ Acalvio provides Advanced Threat Defense ▪ TrapX is a developer of a cloud-based Other Vendors
(ATD) solutions to detect, engage and platform designed to detect, analyze and
respond to malicious activity inside the defeat targeted attacks and malicious insiders
perimeter
▪ The Company’s Cybersecurity platform is an
▪ It’s solutions are anchored on patented automated security grid for adaptive
innovations in Deception and Data Science deception and defense that intercepts real-
Founded: 2015 enabling a DevOps approach to ATD Founded: 2012 time threats while providing the actionable
intelligence to block attackers
HQ: Santa Clara, CA ▪ Additionally, it enriches threat intelligence HQ: San Jose, CA
from internal and partner ecosystems data, ▪ Enables enterprises to create a virtual mine
Amt Raised: $16.8M enabling customers to benefit from in depth Amt Raised: $51.0M field for cyberattacks, alerting users of
defense, reduced false positives, & actionable malicious activity with immediate actionable
CEO: Ram Varadarajan CEO: Ori Bach
intelligence for remediation intelligence
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer,Company Websites, and Markets and Markets: Deception Technology Market, PR Newswire TechSci Research Report .
Network & Infrastructure Security | ICS + OT
Increasing Frequency Of Attacks On Critical Infrastructure Is Driving A New Breed Of ICS + OT Security Vendors.
▪ As IT and OT networks converge to support IIoT initiatives (e.g., Smart Manufacturing and SmartGrids), companies can no longer rely on perimeter firewalls and other legacy defenses that
weren’t designed to address targeted threats, zero-day exploits, and careless or malicious insiders
▪ Cyber attacks targeting ICS and other systems are no longer a matter of speculation as hackers are testing the protections for public and private critical infrastructure
▪ The ICS security market size is expected to grow from $10.2B in 2017 to $13.9B by 2022 (CAGR of 6.3%); growth is driven primarily by exponential rise in cyber-attacks and network security
threats, huge investments in smart technologies, and support from government organizations
▪ Claroty’s Operational Technology (OT) ▪ SecurityMatters provides a passive ICS + OT Strategic Activity
network protection platform provides visibility automated network monitoring solution for Financing Activity
into the range of ICS, SCADA and other industrial environments empowering asset
12 $203.5
control system devices, protocols and owners to identify, react, and respond to 7 $41.5
networks using passive monitoring techniques industrial threats and flaws
Founded: 2009
▪ The platform extracts the most granular OT ▪ Its flagship product SilentDefense provides 2018 2019 2018 2019
Founded: 2014 network elements, identifies weaknesses, HQ: Netherlands instant OT network and process visibility, Number of Deals Total Amount Raised ($M)
establishes a fine-grained model of legitimate and reports internal and external cyber M&A Activity
HQ: New York, NY Acq. By 4
communications and detects cyber threats threats, translating complex problems and 1 $113.3 $78.0
Amt Raised: $92.0M with an advanced, real-time anomaly CEO: Damiano detecting threat indicators into clear and
detection engine Bolzoni actionable intelligence 2018 2019 2018 2019
CEO: Thorsten Freitag
▪ Dragos’ platform delivers unprecedented ▪ Aperio is provider of a Cybersecurity and Other Vendors
passive detection and visibility into ICS assets operational resilience systems intended to
and activity, detects threats, and provides the detects artificial manipulation of industrial
context, tools, and knowledge to respond to process data in real-time
attacks with speed and confidence
▪ The company’s Data Forgery Protection
▪ The Company’s services include threat solution utilizes statistical physics and
Founded: 2016 hunting, policy reviews, table-top exercises, Founded: 2016 machine learning techniques to safeguard
HQ: Hanover, MD ICS cybersecurity training, ICS-specific threat HQ: Haifa, Israel and reconstruct the true state of industrial
intelligence, and incident response control systems in real-time, providing true
Amt Raised: $55.7M Amt Raised: $4.5M state awareness, enabling clients for a quick
and effective remediation without disruption
CEO: Robert M. Lee CEO: Jonas Hellgren
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Report Buyer, and Company Websites.
Network & Infrastructure Security | Network Analysis & Forensics
The Diversity Of Network Attacks Is Driving A Need For Intelligent Solutions That Can Preemptively Identify & Prevent New Attacks.
▪ The global Network Analysis & Forensics market is expected to grow from $1.3B in 2016 to $4.2B by 2025 (CAGR of 14.1%)
▪ Given the vast amounts of traffic volume, security teams rely on Network Analysis & Forensics solutions to filter through the noise so they can focus on the most actionable, high-priority threat alerts
▪ As attackers are constantly exploring new ways to circumvent advanced network security systems, network security vendors are pursuing new techniques such as adding machine learning capabilities and
behavior-based analysis to help detect suspicious traffic at scale
▪ Most Network Analysis solutions focus on threat detection, but those that also offer automated response capabilities for forensics investigation and threat hunting can provide more of a full service solution
▪ Awake provides next-gen network security and ▪ Corelight’s network visibility platform enables Network Analysis & Forensics Strategic Activity
analytics designed to improve security team security professionals to gain an in-depth
productivity understanding of network traffic and take Financing Activity
$168.0
action to prevent Cyber attacks $155.1
▪ The Company’s platform analyzes network 9
4
traffic and autonomously identifies, assesses, ▪ The Company’s platform is built on Zeek, an
and processes threats, providing organizations open source network analysis framework that 2018 2019 2018 2019
Founded: 2014 with actionable insights to respond effectively Founded: 2013 generates actionable, real-time data for Number of Deals Total Amount Raised ($M)
HQ: Mountain View, CA HQ: San Francisco, CA security teams worldwide M&A Activity
▪ Its technology can recognize and react to
$141.5
hostile Cybersecurity threats by tracking ▪ Corelight’s combination of both physical and
Amt Raised: $31.2M Amt Raised: $85.3M 5 3 $50.0
entities, processing and storing real-time data, virtual network sensors provides a unifying
CEO: Rahul Kashyap and providing accessible insights to analysts, CEO: Gregory Bell foundation that gives the right amount of data
2018 2019 2018 2019
enabling security teams to quickly hunt threats at the right time in highly actionable logs Number of Deals Total Disclosed Amount ($M)
▪ ExtraHop uses a wire data analytics platform to ▪ Plixer deploys network traffic analytics that Other Vendors
transform the complexity of modern IT into a delivers efficient incident response, enabling
powerful source of intelligence for business users to identify the root cause of security events
operations and minimize business disruption
▪ The Company’s Reveal(x) solution provides ▪ Its platform collects flows and metadata exports
complete east-west visibility, real-time threat from the network infrastructure for advanced
Founded: 2007 detections, and guided investigation workflows Founded: 1999 analytics, improved visibility, and forensics
HQ: Seattle, WA that simplify detection and response HQ: Kennebunk, ME ▪ Its solution blends 3 platforms (Scrutinizer,
▪ The Company uses stream processing to auto- FlowPro, and Replicator) to offer a
Amt Raised: $61.6M Acq. By
discover and classify every transaction, session, comprehensive package that delivers actionable
CEO: Arif Kareem device, and asset in an enterprise while also CEO: Jeff Lindholm intelligence to an organization’s network and
training machine learning models security teams
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Websites, Transparency Market Research: Network Analysis & Forensics Market;
Gartner Market Guide For Network Traffic Analysis. Return To Table Of Contents 160
Web Security
Growth In Bot Usage & Increased Reliance On Third-Party Code Have Resulted In Widespread Web Security Risks For Companies.
▪ The Web Security market is expected to grow from $3.3B in 2018 to $5.7B by 2022 (CAGR of 14.6%)
▪ Bots currently comprise more than 50% of web traffic, and website attacks are seeing large growth in both automation and frequency, with a 59% increase in website attacks through 2018
▪ Rising frequency of supply-chain attacks that target weaknesses such as plug-ins, code from third-party vendors, and open-source libraries, potentially penetrating websites and organizations that use them
▪ To combat these issues, Web Security companies are increasingly leveraging machine learning and automation technologies to optimize the authentication of web traffic and enable better prevention
against advanced bot-driven attacks
▪ PerimeterX is the developer of a Cybersecurity ▪ Authentic8 offers a patented cloud browser Web Security Strategic Activity
platform providing solutions to defend against that allows organizations total control over
automated bot and client-side attacks which code enters and leaves the web while Financing Activity
17
still maintaining full functionality 12 $542.2
▪ The Company leverages machine-learning- $285.1
based behavior analytics focused on ▪ The Company’s browser creates an isolation
scrutinizing network, application, and user layer between the user and the web through 2018 2019 2018 2019
Founded: 2014 behavior to detect attacks and on identifying Founded: 2010 security, identity, and data policies embedded Number of Deals Total Amount Raised ($M)
HQ: San Mateo, CA malicious additions to client-side code HQ: Redwood City, CA directly onto the remote browser accessible M&A Activity
anywhere and from any device $240.1
▪ It enables businesses to prevent sophisticated 11
Amt Raised: $91.5M Amt Raised: $14.2M 4 $45.0
bot techniques in real-time and to preserve ▪ The browser enables businesses to centrally
CEO: Omri Iluz user experiences by protecting them from CEO: Scott Petry manage browser security and shift risk from 2018 2019 2018 2019
attacks such as digital skimming networks and devices to cloud infrastructure Number of Deals Total Disclosed Amount ($M)
▪ Source Defense provides protection against ▪ White Ops provides a platform that detects Other Vendors
website supply-chain attacks through third- advanced bots emulating human characteristics
party code by regulating its behavior without threatening the user experience
▪ Using machine learning and industry best ▪ The platform takes a multilayered approach to
practices, it provides a real-time, automatic, detecting bots that checks for technical
and dynamic set of rules and policies that evidence of compromise, predicts malicious
Founded: 2014 control the access and permissions of third- Founded: 2012 behavior via machine learning, researches new
HQ: Beer Sheva, Israel party tools HQ: New York, NY threats, and adapts continuously
▪ It allows organizations to enjoy the benefits of ▪ It empowers businesses to detect and prevent
Amt Raised: $15.0M Amt Raised: $33.0
third-party vendors while ensuring they are not bot-driven fraudulent activity before it even
CEO: Dan Dinnar vectors for data extraction or website alteration CEO: Tamer Hassan occurs
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, The Radicati Group: Corporate Web Security Market, 2018-2022,
Symantec: Internet Security Threat Report 2019, Osterman Research: The Critical Need to Deal With Bot Attacks,and SiteLock: Website Security Report 2019. Return To Table Of Contents 161
Endpoint Security | Endpoint Prevention
Real-Time Preventative Measures Rising In Importance As Increasing Number Of Endpoints Expands Organizations’ Attack Surface.
▪ The global Endpoint Security market is expected to expand at a CAGR of 7% to $7.5B by 2024, while a portion of this market is pivoting from reactionary detection & response to proactive prevention &
analytics
▪ Recent breaches continue to illustrate the severity of insider threats in an era in which the rise of BYOD preferences & policies greatly exacerbates these dangers – as a result, organizations continue to
double down on Endpoint Security initiatives, particularly around predicting & preventing exploits & visualizing the associated potential threats of the existing endpoint network
▪ Given the increasing importance of deep data analytics & anomaly detection in Endpoint Prevention, vendors such as Carbon Black, CrowdStrike & SentinelOne have begun incorporating the MITRE
ATT&CK framework into their workflows & analytics
▪ Deep Instinct leverages deep learning ▪ Hysolate is a provider of a SaaS-based hybrid Endpoint Prevention Strategic Activity
analytics to proactively prevent, detect, endpoint platform that is designed to provide
respond, & analyze both known & unknown high levels of security without compromising Financing Activity
threats in real-time user productivity 6 $100.8
2 $94.8
▪ It provides full coverage, from prediction to ▪ The Company’s platform splits endpoints into
investigation & remediation, against a wide multiple segregated OS environments to 2018 2019 2018 2019
Founded: 2015 range of threats including malware Founded: 2016 ensure security while maintaining unrestricted Number of Deals Total Amount Raised ($M)
HQ: New York, NY (Ransomware, Spyware, Trojans etc.), active HQ: Tel Aviv, Israel user productivity M&A Activity $17,283.5
adversaries and insider threats. 4 6
▪ Its platform allows users to work freely
Amt Raised: $82.0M Amt Raised: $35.1M $1,428.5
▪ Its deep learning platform is entirely self- between sensitive and non-sensitive
CEO: Guy Caspi dependent, providing rapid, real-time analysis CEO: Marc Gaffan applications within a single, familiar desktop 2018 2019 2018 2019
of raw data environment Number of Deals Total Disclosed Amount ($M)
▪ Morphisec provides a Moving Target Defense ▪ SentinelOne defends users against malware Other Vendors
platform that constantly reduces & shifts and other cyber threats by unifying detection,
organizations’ attack surface to minimize risk prevention, and remediation of attacks on
exposure & thwart potential bad actors their endpoint protection software
▪ The Company prevents all zero-days, ▪ The Company protects organizations from
advanced memory-based threats, malicious advanced attacks and threats with a full
Founded: 2014 docs & browser-based attacks instantly, with Founded: 2013 endpoint cycle software designed to handle
HQ: Beer Sheva, Israel no detection or hunting required HQ: Mountain View, CA the complex dangers initiated by nation-states
and organized crime
▪ Its platform prevents exploitation of
unpatched vulnerabilities & functions across ▪ Its static AI capabilities replace traditional
CEO: Ronen Yehoshua virtual, physical, & hybrid IT CEO: Tomer Weingarten signatures and prevent recurring scans to
preserve end-user productivity
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, MarketWatch:
At 7% CAGR, Endpoint Security Market Size Is Expected To Surpass USD 7.5 billion By 2024, MITRE: ATT&CK Evaluations Return To Table Of Contents 162
Endpoint Security | Endpoint Detection & Response
Innovative EDR Solutions Are Important For Endpoint Visibility And To Combat New Types Of Endpoint Attacks.
▪ The global Endpoint Detection & Response (EDR) market is expected to reach approximately $1.5 billion by 2020
▪ EDR solutions are addressing the need to monitor and respond to advance threats on hosts or endpoints through software that is installed on the host system
▪ These solutions are key to swiftly countering sophisticated data breaches where traditional security toolsets are unable to react quickly 73% of security professionals believe it has become more
difficult to manage endpoint risk, and 69% say endpoint security has become a more important priority of their overall security strategy
▪ 53% of security professionals believe that the biggest problem with their current endpoint protection solution is that it does not protect against the latest attack surfaces
▪ CrowdStrike provides a Cybersecurity ▪ Cylance is the developer of a cloud-based EDR Strategic Activity
platform based in the cloud that is tailored to EDR platform that serves to predict and
attack prevention, detection, and response prevent advanced threats and malware from
manifesting $648.0
▪ By utilizing artificial intelligence and machine 6 $320.0
2
learning, the company is able to ensure ▪ The Company builds antivirus programs along
instant, adaptive visibility and protection for with other cyber defenses that enable the
Founded: 2012 2018 2019 2018 2019
Founded: 2011 large enterprises detection and prevention of viruses and Number of Deals Total Amount Raised ($M)
▪ Comprehensively defends customers from HQ: Irvine, CA malware, thus shielding clients from computer 5 $227.8
HQ: Sunnyvale, CA viruses and malware before malicious 3 $94.0
malware, ransomware, and more with Acq. By
Market Cap: $10.3B software even has the chance to affect
signatureless AI and Indicator-of-Attack based
CEO: Stuart McClure targeted computers 2018 2019 2018 2019
threat protection
CEO: George Kurtz Number of Deals Total Disclosed Amount ($M)
▪ SentinelOne defends users against malware ▪ Cybereason provides an EDR platform Other Vendors
and other cyber threats by unifying detection, powered by a custom-built in-memory graph
prevention, and remediation of attacks on and an automated hunting engine designed to
their endpoint protection software detect behavioral patterns across every
endpoint and surface malicious operations in
▪ Protects organizations from advanced attacks
an user-friendly interface
and threats with a full endpoint cycle software
Founded: 2013 designed to handle the complex dangers Founded: 2012 ▪ Its platform enables enterprises to identify the
initiated by nation-states and organized crime root cause and scope of the attack with
HQ: Mountain View, CA HQ: Boston, MA minimal manual effort and spot the attacker's
▪ Static AI capabilities replace traditional
Amt Raised: $230.0M Amt Raised: $388.4M behavior in real time across various stages of
signatures and prevent recurring scans to
the attack lifecycle
preserve end-user productivity
CEO: Tomer Weingarten CEO: Lior Div
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Gartner, Ponemon Institute, Market data updated as of July 31st, 2018.
Application Security | WAF & Application Security
Web Application Security Market Is Ripe For Disruption.
▪ Incumbent vendors are experiencing increased pressure from new players who are addressing emerging requirements with innovative approaches & more advanced threat detection capabilities
▪ Notable trends: i) applications are moving to the cloud and becoming more complex, ii) shift toward capabilities being delivered as a service, either as a SaaS offering or via a managed service
provider model, iii) more advanced analytic capabilities are playing an increasingly important role, iv) alternate technology approaches such as RASP are gaining interest and v) increase in
workload and risk due to current WAFs not “tuned” to today’s rapid application development cycles
▪ WAF Market size is expected to grow from $2.4B in 2017 to $5.5Billion in 2022 (CAGR of 18.3%)
▪ Signal Sciences provides a Web Protection ▪ Contrast Security is leading provider of self- WAF & Application Security Strategic Activity
Platform designed to protect critical web protecting security solutions for software
applications, APIs, and microservices applications and is designed to protect Financing Activity
against modern cyberattacks 11 12 $143.0 $240.2
▪ Its Web Protection Platform is scalable and
infrastructure agnostic providing enterprise ▪ Its deep security instrumentation enables
buyers with diverse deployment options highly accurate assessments and continuous 2018 2019 2017 2018
(NGWAF, RASP, Reverse Proxy) protection of an entire portfolio, without Number of Deals Total Amount Raised ($M)
Founded: 2014 Founded: 2014 disruptive scanning or costly security experts M&A Activity
▪ The platform utilizes an intelligent, decision-
HQ: Culver City, CA making cloud analysis engine, that assesses HQ: Los Altos, CA ▪ It utilizes sensors that work actively inside
7 11 $2,073.8 $1,897.0
Amt Raised: $66.7M data and attack signals in real-time Amt Raised: $54.6M applications to uncover vulnerabilities,
prevent data breaches, and secure the entire 2018 2019 2018 2019
CEO: Andrew Peterson ▪ It works for entire teams including developers, CEO: Alan Naumann enterprise Number of Deals Total Disclosed Amount ($M)
operations, and security
▪ Wallarm provides adaptive application ▪ ThreatX is a leading provider of next-gen Other Vendors
security solutions that help secure the cloud, WAF solutions that deliver kill-chain based,
micro-services, and CI / CD environments real-time threat detection and neutralization
▪ Its platform blocks attacks, and detects ▪ SaaS-based solutions automate the
vulnerabilities, and is uniquely suited for correlation and analysis required to identify
protecting modern web applications and APIs real and active threats, eliminating costly
Founded: 2013 Founded: 1975 false positives and maintenance
▪ It utilizes machine learning to adaptively
HQ: San Francisco, CA generate security rules and verify the impact HQ: Louisville, CO ▪ Its hackerMind™ technology identifies
Amt Raised: $11.1M of malicious payloads in real-time Amt Raised: $8.5M anomalous behavior by tracking suspicious
client behavior and developing a risk
▪ Architecture enables flexible deployment and
CEO: Ivan Novikov CEO: Bret Settle assessment
simple installation
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. Gartner: Market Trends: Web Application Firewall Market Is Ripe for Disruption,
and Market and Markets: Web Application Firewall Market – Global Forecast to 2022. Return To Table Of Contents 164
Application Security | Application Security Testing
New Development Methods And Increased App Complexity Driving Application Security Testing Market Growth.
▪ AST solutions are adapting to Agile and DevOps methodologies by integrating deeply into the SDLC, addressing newer and more complex applications, incorporating machine-learning into
their offerings to filter out false positives, and providing software composition analysis of third party and open source code
▪ Hacker-powered security is undergoing rapid expansion, not just among the tech fast movers, but among government, e-commerce, retail, and gaming companies
▪ Application Security Testing is one of the fastest growing markets in Cybersecurity, with a projected 14% compound annual growth rate through 2020
▪ Synack provides a scalable, continuous, ▪ Security Compass helps organizations Application Security Testing Strategic Activity
hacker-powered intelligence platform that proactively manage Cybersecurity risk in
provides crowdsourced penetration testing, their mission-critical applications to Financing Activity
vulnerability orchestration, analytics, and risk eliminate vulnerabilities and meet regulatory 17
$191.4
$279.6
16
reporting and compliance standards
▪ Its Crowd Security IntelligenceT solution ▪ The Company offers tailored DevSecOps 2018 2019 2018 2019
Founded: 2013 harnesses the intelligence of a private crowd Founded: 2004 solutions, Advisory Services, Training, SD Number of Deals Total Amount Raised ($M)
of hundreds of the most sought-after skilled Elements (Policy-to-Procedure platform for M&A Activity
HQ: Redwood City, CA and trusted security hackers in the world to HQ: Toronto, Canada security and compliance), and verification 8
$950.0
3
Amt Raised: $62.6M provide proactive application and penetration Backed By services, which include penetration testing, --
testing services from a truly adversarial threat modeling and red teaming
2018 2019 2018 2019
CEO: Jay Kaplan perspective CEO: Rohit Sethi
▪ Bugcrowd’s Crowdcontrol platform is a ▪ HackerOne partners with the global hacker Other Vendors
powerful solution that connects the global community to help organizations receive
security researcher community to the security and resolve critical vulnerabilities before
market they can be exploited
▪ The all-in-one platform simplifies vulnerability ▪ It provides a bug bounty platform that pays
management, validates and prioritizes hackers to find security exploits in an
Founded: 2012 submissions, generates performance metrics Founded: 2012 organization’s software
in real-time, infuses bounty findings into
HQ: San Francisco, CA HQ: San Francisco, CA ▪ HackerOne’s marketplace has resolved over
existing processes with the platform’s API and
72,000 vulnerabilities and awarded over
Amt Raised: $51.7M integrations Amt Raised: $110.4M $30M in bug bounties
CEO: Ashish Gupta CEO: Mårten Mickos
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Gartner: Magic Quadrant for Application Security Testing.
MSSP | Traditional MSSP
With The Increasing Attack Surface & Cybersecurity Skills Shortage, Organizations Have Leaned On Managed Service Providers To Help Keep Their Organizations Safe.
▪ The Managed Security Services Market is expected to grow to $58B by 2024, growing at a 15% CAGR between 2018 – 2024
▪ Spending on software and hardware security tools fell to 41% from 49% of total security-related spending in 2017; while some of that spending has shifted to people, most of it has been reallocated to
third-party-supplied security services
▪ Organizations are changing how Cybersecurity dollars are being spent by increasingly favoring managed services over purchasing and developing Cybersecurity technologies on their own
▪ The Global Managed Security Services Market growth is attributed to the following: (i) increasing attack surface with cyber crimes aimed toward enterprise networks, (ii) Cybersecurity skills shortage and
budgeting constraints, (iii) growing regulatory pressure and Data Security Laws, and (iv) rising acceptance of cloud-based solutions
▪ NTT’s managed security leverages its threat ▪ Trustwave’s managed security services helps Traditional MSSP Strategic Activity
intelligence, advanced analytics, WAF, businesses fight cybercrime, protect data, and
endpoint and vulnerability management, and reduce security risk Financing Activity
security expertise to provide consistent, $33.4
▪ The Company offers a portfolio of managed 4
repeatable, and transparent services to identify 1 $3.4
security services including security event
& stop advanced threats, while providing
monitoring and vulnerability management,
Founded: 1952* insight & metrics into security posture & trends Founded: 1995 2018 2019 2018 2019
security testing, consulting, technology Number of Deals Total Amount Raised ($M)
HQ: Tokyo, Japan* ▪ The Company’s certified SOC threat and HQ: Chicago, IL solutions and Cybersecurity education M&A Activity
$733.6
incident analysts use the NTT Security 28
▪ Trustwave is a Singtel company and the global
Market Cap: $92.2B* purpose-built, proprietary Global Managed Acq By: 12
security arm of Singtel, Optus and NCS, with $30.0
Security Service Platform to collect, analyze,
CEO: Matt Gyde identify, and respond to Security Incidents
CEO: Art Wong customers in 96 countries and a number of 2018 2019 2018 2019
24/7 SOCs globally Number of Deals Total Disclosed Amount ($M)
▪ Nuspire is focused on providing managed ▪ AT&T Cybersecurity is a managed security Other Vendors
Cybersecurity solutions, including unified service provider that protects organizations
threat management services, managed access with 24x7 security monitoring
point monitoring, SIEM log management, and
▪ The Company’s SOC is built on its Unified
real-time incident response support for blue-
Security Management (“USM”) platform to
Founded: 1999 chip enterprises with large and geographically Founded: 1876* provide centralized security visibility across
diversified footprints
cloud, networks, and endpoints, enabling
HQ: Commerce, MI ▪ The Company operates out of three security
HQ: Dallas, TX* early, effective detection, and rapid
Backed By: operations centers (“SOCs”), which provide Market Cap: $278.2B* deployment
24/7 year-round support to more than 3,500
CEO: Lewie Dunsworth President: Barmak ▪ Its USM platform is powered by its own
customer sites
proprietary Alien Labs™ threat intelligence feed
Meftah
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Market Research Engine: Global Managed Security Services Market,
451 Research: Managed Security Services Global Market Overview 2019. Return To Table Of Contents 166
Note: * Denotes Parent company stats. Market data updated as of December 31st, 2019.
MSSP | Managed Detection & Response (MDR)
The Marked For MDR Has Expanded Significantly Now That Top Players Have Developed Solutions For SMBs.
▪ The global MDR market is expected to rapidly grow to $1.7 billion by 2022, at a CAGR of 31.6% from 2017
▪ MDR services are still focused at the enterprise and upper-midmarket customer, but new entrants are targeting smaller midsize organizations
▪ By 2020, 15% of midsize and enterprise organizations will be using services like MDR, up from less than 1% today
▪ By 2020, 50% of worldwide MSSPs will offer MDR
▪ Arctic Wolf is an operator of a SOC designed MDR Strategic Activity

▪ Paladion provides Managed Detection and
to offer network security services including
Response Services, DevOps Security, Cyber Financing Activity
continuous monitoring, analysis, and
Forensics, Incident Response, and more
correlations of events, logs and user 7 8 $220.2
▪ The Company’s Fully integrated technology information $132.4
and architecture creates the foundation for an

Founded: 2000 Founded: 2012 ▪ The Company’s CyberSOC relies on human
all-in-one MDR platform that delivers end-to- 2018 2019 2018 2019
expertise and machine intelligence to Number of Deals Total Amount Raised ($M)
end information threat management
HQ: Reston, VA HQ: Sunnyvale, CA effectively combat cyber threats M&A Activity
$24.0
▪ The Company’s MDR Service leverages
Amt Raised: $15.6M Amt Raised: $118.5M ▪ Dedicated Concierge Security Engineers 2 2 $9.0
artificial intelligence, machine learning, and a
tackle security matters using the full spectrum
CEO: Rajat Mohanty large team of cyber specialists to provide CEO: Brian NeSmith
of defense mechanisms for prevention,
high-speed cyber defense 2018 2019 2018 2019
detection, & response Number of Deals Total Disclosed Amount ($M)
▪ eSentire is a provider of MDR that uses

▪ Morphick is a developer of enterprise class Other Vendors
technology-enabled managed cyber defense
purpose-built technology and highly trained
platform delivers 24x7 cyber threat detection,
security analysts to detect, investigate, and
investigation and response
rapidly resolve cyber threats in internal and
cloud environments ▪ The Company combines detection, threat
Founded: 2001 Founded: 2015 hunting, incident response, and tailored
▪ Protects high-risk assets from advanced cyber
threat intelligence to understand an attacker’s
threats that technology alone can miss
HQ: Ontario, Canada HQ: Cincinnati, Ohio unique strategy and then constantly morph a
▪ The Company delivers enterprise-grade company’s defense posture
Acq. By Acq. By
protection and the ability to comply with
CEO: Kerry Bailey growing regulatory requirements with a CEO: Michael Picton
service tailored to mid-sized enterprises
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites; MarketsandMarkets Managed Detection and Response Market,
Gartner Market Guide for Managed Detection & Response Services Return To Table Of Contents 167
Data Security | Encryption
Increasing Cyber Breaches Is Driving A New Breed Of Data Encryption Vendors Securing Data-At-Rest & In-Motion.
▪ The increase of data breaches and cyber-attacks has forced companies to adopt database encryption software with four primary security features: data integrity, data confidentiality, data
availability, and data compliance regulation
▪ Data gathered from usage of applications and smartphones require unique security measures and need to be protected in a special manner to prevent data breaches
▪ The global data encryption market is growing at an 18% CAGR which is expected to reach $4.8B in 2022; the growing use of cloud-based services is driving the rapid growth of the data
encryption market as companies seek to protect data in dynamic cloud environments
▪ Baffle is a comprehensive data protection ▪ ENveil is a data security platform designed Data Encryption Strategic Activity
platform that unifies enhanced data access to cryptographically secure data in use
monitoring and access control with end-to- Financing Activity
▪ Enabling a ZeroReveal™ security posture, 15 12
end encryption $158.6
ENveil’s technology allows enterprises to $57.9
▪ It employs an AES 256-bit encryption securely operate at scale on both encrypted
method, enabling users to securely compute and unencrypted data in the Cloud, on- 2018 2019 2018 2019
Founded: 2015 Founded: 2016
cloud applications and integrates at the SQL prem, or anywhere in between without ever Number of Deals Total Amount Raised ($M)
HQ: Santa Clara, CA layer as a gatekeeper to constrain how HQ: Washington, D.C. revealing the content or results of M&A Activity
applications access sensitive data and help operations, such as searches and analytics 3 2
Amt Raised: $15.5M thwart attacks that were the causes of the Amt Raised: $5.0M $130.0
$110.8
▪ The ENveil platform enables the commercial
CEO: Ameesh Divatia latest high profile data breaches CEO: Ellison Williams sector enterprises to have the same level of 2018 2019 2018 2019
security as the U.S. Intelligence Community Number of Deals Total Disclosed Amount ($M)
▪ Fortanix offers Runtime Encryption that keeps ▪ CryptoMove is a platform designed to Other Vendors
keys, data, and applications completely provide advanced enterprise data defense
protected while in use from external and protection
internal threats, including insiders, cloud
▪ Its platform is a decentralized datastore that
providers, government subpoena, & hackers
breaks the data into pieces and continually
Founded: 2016 ▪ Fortanix uses Intel SGX and creates a portable Founded: 2015 moves it around, making it virtually
security envelope that runs signed impossible for hackers to do anything,
HQ: Mountain View, CA HQ: Walnut Creek, CA
applications in completely protected states protecting enterprise data with dynamic
Amt Raised: $31.1M ▪ It protects applications even if the
Amt Raised: $10.4M movement, mutation, fragmentation and re-
encryption, on any algorithm, in any
CEO: Ambuj Kumar infrastructures are compromised while further CEO: Mike Burshteyn environment cloud, edge, fog, or IoT
providing a HSM and Key Management
solution built using this technology
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Database Encryption Market: Global Industry Analysis,
and Data Encryption Market Research Report . Return To Table Of Contents 168
Data Security | Data Loss Prevention
A Greater Number of Channels Has Increased Data Mobility & Decreased Visibility, Driving A Need For DLP Solutions.
▪ The DLP market is projected to grow from $1.5B in 2017 to $5.2B by 2023 (CAGR of 23.6%)
▪ DLP solutions protect sensitive and proprietary information to help satisfy regulatory and compliance requirements such as the Sarbanes-Oxley Act (SOX) and payment card industry data
security standard (PCI-DSS)
▪ Ongoing BYOD trends are making data and cloud accounts more vulnerable to data breaches (85% of employees access company data on their own devices)
▪ Companies are now adopting stringent DLP solutions to control sharing of data over networks, thus maintaining data integrity and preserving the security of individuals
▪ Digital Guardian is a provider of a cloud- DLP Strategic Activity

▪ Code42 is a provider of a cloud-based data
based data protection platform designed to
security and recovery software that views,
safeguard sensitive data from insider and Financing Activity
analyzes, and restores files from data incident $30.0
outsider threats
▪ The Company’s software allows customers to 1 1
▪ The Company’s advanced analytics and
easily gather, monitor, investigate, preserve, --
reporting solution actively monitors all
Founded: 2001 and recover long-term data Founded: 2003 2018 2019 2018 2019
sensitive information assets from all threats Number of Deals Total Amount Raised ($M)
HQ: Minneapolis, MN ▪ Its software focuses on all files and file activity, HQ: Waltham, MA M&A Activity
▪ Its unified platform converges DLP and
allowing customers full visibility and oversight 2 $2.8
advanced endpoint threat detection and
Amt Raised: $138.1M without complex classification rules and Amt Raised: $208.8M
response to detect threats and prevent data --
policies that block employee collaboration --
CEO: Joe Payne CEO: Mo Rosen exfiltration from all kinds of attacks
2018 2019 2018 2019
▪ Forcepoint is a provider of various Other Vendors

▪ Fidelis is a provider of enterprise network
Cybersecurity solutions including cloud,
security services designed to protect sensitive
network, data and insider threat, and global
data from advanced threats
government security
▪ The Company integrates bi-directional
▪ The Company offers a systems-oriented
network traffic analysis, DLP, deception, and
approach to insider threat detection and
Founded: 2002 EDR across the cloud and internal networks Founded: 1994 analysis, cloud-based user and application
into one unified platform
HQ: Bethesda, MD HQ: Austin, TX protection, next-gen network protection, and
▪ It captures rich metadata and content that data security and systems visibility
Acq By: enables real-time and retrospective analysis, Acq By:
▪ Its encrypts data to empower employees to
allowing security teams to effectively hunt for
CEO: Nick Lantuh urgent threats and protect sensitive data CEO: Matt Moynahan work and connect across multiple devices and
networks to third parties
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Mordor Intelligence: Data Loss Prevention Market,
Digital Journal: Radiant Insights, Bitglass 2018 BYOD Report. Return To Table Of Contents 169
Data Security | Data Privacy
Explosion In Digital Data Clusters Is Creating Complex Challenges For Effectively Managing Data Privacy.
▪ Data protection market is expected to grow from $57.2B in 2017 to $120.0B by 2022 (CAGR of 16.0%); growth is attributed to increasing frequency and severity of high-profile consumer &
company data breaches, stricter regulations requiring the adoption of data protection solutions, and rising concerns of critical data loss in the on-premises environment
▪ Disparate privacy solutions are becoming more integrated, driven by new privacy regulations including GDPR and CCPA; by 2021, over 60% of large organizations will have a privacy
management program fully integrated into the business, up from 10% in 2017
▪ California legislature recently passed the CCPA which will go into effect in January 2020; it will require organizations to provide transparency on the collection, sharing, and usage of user data
▪ Titus provides data classification and ▪ WireWheel provides a cloud-based data Data Privacy Strategic Activity
categorization services that enable privacy & protection platform that drives
organizations to discover, classify, protect, faster and more efficient compliance with Financing Activity
17 15
and confidently share information global privacy regulations like the GDPR and $517.1
CCPA $168.7
▪ Its products enhance DLP by classifying and
protecting sensitive information in emails, Founded: 2016 ▪ Its platform automatically maps companies'
Founded: 2005 2018 2019 2018 2019
documents and other file types on the devices public cloud assets and facilitates the Number of Deals Total Amount Raised ($M)
HQ: Arlington, VA
HQ: Ottawa, Canada and cloud networks management of 3rd relationships, enabling M&A Activity
▪ Its utilizes a policy engine that is highly Amt Raised: $13.1M companies to leverage their compliance $3.0
Acq. By obligations to maximize the potential of their
2 2
--
flexible and interoperable, and is open by CEO: Justin Antonipillai
CEO: Jim Barkdoll data assets and allow privacy priorities to lead
design, integrating seamlessly with existing
to a competitive advantage 2018 2019 2018 2019
security stacks and productivity software Number of Deals Total Disclosed Amount ($M)
▪ BigID is a developer of a data-driven ▪ Integris provides an automated data Other Vendors

protection and privacy compliance platform compliance software platform intended to
designed to transform how enterprises protect help companies to create, validate, and
and manage the privacy of personal data maintain their data maps, respond to subject
rights requests, and manage corporate risk
▪ Its platform utilizes advanced machine
learning and identity intelligence to help ▪ Its software visualizes where personal
enterprises better safeguard and assure the information is located across organizations to
HQ: Tel Aviv, Israel privacy of their most sensitive data, reducing HQ: Seattle, WA prove adherence to regulatory standards and
breach risk and enabling compliance with to fuel strategic decision making, enabling
Amt Raised: $146.2M emerging data protection regulations like Amt Raised: $16.0M clients to handle the complexity of their data
CEO: Dimitri Sirota GDPR CEO: Kristina Bergman risk in an automated and proactive way
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. Gartner: Cool Vendors in Privacy Management .
Report Buyer: Data Protection Market . EMC& IDC: The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things. Return To Table Of Contents 170
Data Security | Data-Centric Security
Focuses On Protecting “The Last Mile” Of Information Protection.
▪ Data-Centric security makes it easier to handle the greater data mobility of today’s workplace – where highly sensitive information is constantly being shared via email, ECM, EFSS and other
collaboration methods – by protecting the file or information itself
▪ The institution of GDPR in May 2018 has made organizations increasingly aware of the need to protect sensitive information, and data-centric security provides more granular control over who
can access data and what they can do with it
▪ The data-centric security market size is estimated to grow from $2.1B in 2017 to $5.83B by 2022 (CAGR of 23.1%)
▪ Seclore provides data protection software that ▪ Vera is a provider of a next-generation data Data-Centric Security Strategic Activity
allows enterprises to protect files when they security platform designed to secure and track
are shared internally and externally across all any kind of data, no matter where it is stored Financing Activity
$437.1
collaboration and file sharing platforms or how it's shared 7
4
▪ The Company offers flexible information ▪ The platform is a robust policy enforcement, $63.3
protection methods, encryption-based with encryption and strict access controls by 2018 2019 2018 2019
Founded: 2010 granular usage controls, secure access and Founded: 2014 including dynamic watermarks, offline access, Number of Deals Total Amount Raised ($M)
usage of protected information, and data- and self-destruct files M&A Activity
HQ: Milpitas, CA centric analytics and compliance HQ: Palo Alto, CA
▪ Enables businesses to collaborate freely while 1
Amt Raised: $22.5M ▪ Seclore offers the highest degree of Amt Raised: $73.9M ensuring the highest levels of security, -- -- -
automation in the market with more pre-built visibility and control of confidential data,
CEO: Vishal Gupta CEO: Carlos Delatorre 2018 2019 2018 2019
connectors than any other solution across any platform or device Number of Deals Total Disclosed Amount ($M)
▪ Ionic provides a data security platform to ▪ Virtru is a provider of a data security platform Other Vendors
systematically help businesses reduce the designed to eliminate the tradeoff between
impact of data breaches data protection and ease-of-use for businesses
▪ Offers access control, intellectual property ▪ The Virtru Platform helps organizations secure
monitoring, data encryption and policy sensitive information and support compliance
management without proxies, gateways or across HIPAA, FERPA, CJIS, ITAR and others
Founded: 2011 changes in user behavior Founded: 2011 ▪ Enables clients to easily protect and control
HQ: Atlanta, GA ▪ Enables clients to secure their businesses HQ: Washington, DC sensitive information regardless of where it's
using contextual analytics, providing been created, stored, or shared by combining
Amt Raised: $192.1M consistent data access, control, and protection Amt Raised: $76.8M the open Trusted Data Format (TDF) standard
to unstructured and structured data across with patented technology
CEO: Eric Hinkle CEO: John Ackerly
any repository or device
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, Company Websites, MarketsandMarkets, Informatica.
Mobile Security
Increased Mobile Application Adoption & Distributed Enterprise Workforce Driving Diverse Mobile Security Demand.
▪ The Mobile Security Market is expected to grow rapidly from $4B in 2018 to $42B in 2024 (CAGR of 48%) Mobile Security Strategic Activity
▪ There are close to 9 billion mobile connections worldwide and 2.7 billion global smartphone users that often each have hundreds of third-party Financing Activity
applications, updates, and libraries that can potentially be exposed to a wide range of threats and vulnerabilities 6 6
$63.3
$31.0
▪ The range of mobile security risks include data leakage, social engineering, Wi-Fi interference, out-of-date devices, cryptojacking attacks, poor
password hygiene, and physical device breaches
2018 YTD 2019 2018 YTD 2019
▪ Mobile security has evolved into an enterprise responsibility through the IT consumerization of BYOD trends & remote employees relying on Number of Deals Total Amount Raised ($M)
their devices as a primary medium of workplace communication M&A Activity
▪ Due to low adoption of solutions addressing malware leading to low visibility of malware risks, mobile malware is perceived as a low-priority 4
1 $14.1
concern, despite recent studies suggesting a mild-to-significant presence of malware on enterprise mobile devices -
2018 YTD 2019 2018 YTD 2019
▪ Mobile security covers a broad range of solutions, with two notable use cases being mobile application security testing and mobile threat defense Number of Deals Total Disclosed Amount ($M)
Mobile Application Security Testing (MAST)

MAST solutions analyze and identify vulnerabilities in the applications that are used
on mobile platforms, mainly engaging in static application security testing (SAST),
Listed Vendors
behavioral testing, and dynamic application security testing (DAST)
MAST often require faster, automated, more frequent, and less detailed testing than
traditional AST due to the nuances associated with mobile apps
MAST is expected to continue close partnerships with broader AST solutions as
( )
technologies mature and mobile platforms converge with PC platforms
Mobile Threat Defense (MTD)

MTD solutions aim to prevent and detect mobile enterprise threats by analyzing
indicators of compromise on the device, network, and application levels
Listed Vendors
MTD use cases include mobile phishing, acting as a mobile EDR, and protecting
unmanaged devices brought into the enterprise network via BYOD
Strategic activity involving endpoint & mobile security providers (i.e. Blackberry <>
Cylance, VMware / Airwatch <> Carbon Black) is demonstrating the convergence
& close relationship between MTD and endpoint security / management tools
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Reuters, Company Websites, Market Research Engine: Mobile Device Security Market Size,
Gartner: Market Guide for Mobile Application Security Testing, and Gartner: Market Guide for Mobile Threat Defense. Return To Table Of Contents 172
Risk & Compliance | Risk Assessment & Visibility
Greater Transparency And Uniformity Are Becoming Norms for Cybersecurity Risk Management Programs.
▪ Global security and vulnerability management market is expected to grow from $5.7B in 2016 to $20.7B by 2027 (12.4% CAGR); primary drivers for growth is the increasing demand for next-
generation security and vulnerability management solutions and collaboration with cloud service providers
▪ Rapidly growing gap between the discovery of vulnerabilities, and the ability and resources available to IT operations to mitigate these within a short time frame
▪ Current vulnerability management methodologies are reduced to a pure metrics exercise and do little to prevent breaches and successful exploitation by threat actors
▪ Greater need for solutions that augment gradual risk reduction with imminent threat elimination to strategically remediate vulnerabilities and combine threat-based & risk-based approaches
▪ RiskSense develops software that reveals ▪ CyberGRX provides a third-party cyber risk Risk Assessment & Visibility Strategic Activity
cyber risk, orchestrates remediation, and management designed to simplify one-click
monitors results access to third party cyber risk assessments Financing Activity
30 $427.0
21 $309.3
▪ Its platform minimizes risk with advanced and ▪ The CyberGRX Exchange platform is an end-
scalable platform for correlating and analyzing to-end third-party analytics platform that
Founded: 2015 evolving threat and vulnerability data identifies, mitigates and monitors an 2018 2019 2018 2019
Founded: 2015
enterprise’s cyber risk exposure Number of Deals Total Amount Raised ($M)
HQ: Sunnyvale, CA ▪ It enables enterprises and governments to
shorten time-to-remediation, increase HQ: Denver, CO ▪ The platform provides risk assessment as a
M&A Activity
Amt Raised: $26.0M operational efficiency, strengthen security service (RAaaS) in the form of an on-site 4 $100.0
Amt Raised: $99.0M 2
--
CEO: Srinivas programs, improve cyber hygiene, heighten assessment or portal based self-assessment,
response readiness, and reduce costs CEO: Fred Kneip enabling collaboration with third parties 2018 2019 YTD
Mukkamala 2018
Number of Deals
2019
Total Disclosed Amount ($M)
▪ Kenna develops a predictive cyber risk ▪ RiskRecon develops a cloud-based risk Other Vendors
analysis platform created for organizations to assessment platform designed to deliver on-
cross-function in order to manage cyber risks demand assessments of any organization’s
security practices
▪ The Company’s predictive cyber risk platform
measures risk and prioritizes remediation ▪ The Company’s cloud-based risk assessment
efforts before an attacker can exploit an platform provides objective and verifiable
Founded: 2010 organization’s weaknesses Founded: 2015 analysis of any security practices based on
HQ: San Francisco, CA HQ: Salt Lake City, UT the assessment of third-party internet
▪ By predicting attacks and prioritizing
infrastructure and application presence
vulnerabilities, Kenna enables security and IT
operations to collaborate and proactively ▪ It allows users to measure security program
CEO: Karim Toubba manage cyber risks CEO: Kelly White quality, control third-party risk, improve
productivity, and ensure accountability
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, CSO: Security From the Start, Deloitte: The Value of Visibility,
and Gartner: Threat-Centric Vulnerability Remediation Prioritization. Return To Table Of Contents 173
Risk & Compliance | Security Ratings (Third-Party Risk)
Organizations Are Increasingly Leveraging Security Rating Solutions To Provide Continuous, Real-Time Scoring For Assessing Third-Party Risk.
▪ Gartner is seeing a growing importance for assessing risk posture of third-parties; 56% of the organizations surveyed had experienced a data breach caused by one of their vendors and only 16% effectively mitigated
third-party risk
▪ Primary uses cases recommended by Gartner for enterprise security ratings include facilitating more effective communication with top management, practicing continuous monitoring, fostering closer business
relationships, positioning service providers in a better light, and integrating insurance company processes
▪ A formalized third-party risk management program is expected to become more of a compliance prerequisite, driving demand for third-party risk ratings and assessment solutions
▪ Current approaches to posture assessments are subjective, labor-intensive and only offer point-in-time snapshots; however, leading vendors are differentiating their offerings by incorporating automation and AI
technologies to contextualize and prioritize the risk information collected, enabling more strategic allocation of resources to mitigate risk
▪ SecurityScorecard provides a security rating ▪ BitSight’s third-party risk management solution Security Ratings Strategic Activity
platform designed to empower every transforms how organizations evaluate risk and
organization with collaborative security security performance by employing the Financing Activity
intelligence enabling users to view and outside-in model used by credit rating agencies 6
$74.1 $79.9
4
continuously monitor security ratings, easily
▪ Its Security Ratings Platform applies
add vendors or partner organizations, and
sophisticated algorithms, producing daily 2018 2019 2018 2019
Founded: 2013 report on the cyberhealth of ecosystems Founded: 2011 security ratings that range from 250 to 900, to Number of Deals Total Amount Raised ($M)
HQ: New York, NY ▪ It provides visibility on individual vendor HQ: Boston, MA help organizations manage security M&A Activity
scorecards and identifies third-party performance, mitigate third-party risk,
Amt Raised: $113.4M Cybersecurity issues that put businesses at risk; Amt Raised: $155.4M underwrite cyber insurance policies, and -- -- -- --
displays both an overall security score as well conduct M&A due diligence and assess
CEO: Dr. Aleksandr as scores broken down across 10 risk factors
CEO: Steve Harvey aggregate risk 2018 2019 2018 2019
Yampolskiy Number of Deals Total Disclosed Amount ($M)
▪ Prevalent provides a purpose-built, unified ▪ Panorays’ platform enables companies to easily Other Vendors
platform that integrates a powerful view, manage, and engage on the security
combination of automated assessments, posture of their third-parties, vendors,
continuous monitoring, and evidence sharing suppliers, and business partners
for collaboration
▪ Through imitating hackers to uncover cyber
▪ Its platform aims to support all third-party risk gaps and through normalized smart
Founded: 2004 management functions and provides common Founded: 2016 questionnaires, the Company provides context-
HQ: Phoenix, AZ GRC platform capabilities (e.g., risk HQ: New York, NY based ratings of third-parties’ risks and
assessments, workflow, and reporting) actionable insights on fixing vulnerabilities
Amt Raised: $72.0M Amt. Raised: $20.0M
▪ It overlays customer-collected data with its own ▪ It enables companies to reduce the time spent
CEO: Kevin Hickey robust risk intelligence to generate three core CEO: Matan Or-El on evaluating third-parties while ensuring
risk scores for each third-party continuous compliances to regulations
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018, Ponemon Institute: Data Risk in
the Third-Party Ecosystem, Gartner: Innovation Insight for Security Rating Services, and Gartner: The Security Ratings Game Grades Third-Party Vendors. Return To Table Of Contents 174
Risk & Compliance | Pen Testing & Breach Simulation
Need Of Automated Testing & Simulation Solutions That Validate The Efficacy Of Security Infrastructures.
▪ Most current penetration testing solutions have limited effectiveness because they require significant human involvement (extremely manual process) and are of limited duration
and frequency (point in time snapshots)
▪ Annual penetration testing delivers infrequent and outdated reports whereas continuous, automated testing enables companies to keep up with new and advanced attack methods
▪ The overall penetration testing market is expected to reach $12B by 2020, with automated breach and penetration and simulation expected to reach $1B
▪ In 2016, less than 1% of penetration testing was conducted by machine learning-based platforms – but that figure is expected to reach 10% by 2020
▪ AttackIQ provides an open-system, ▪ SafeBreach is a provider of a Cybersecurity Pen Testing & Breach Sim Strategic Activity
automated security testing platform that helps platform intended to simulate hacks on
companies strengthen their security posture, companies' systems to help them identify Financing Activity
and exercise incident response capabilities holes 7 10
$80.0 $76.1
▪ Its FireDrill™ platform is utilized for security ▪ The Company's platform constantly runs
control validation, SECOPS operator exercise, breach simulations (e.g., brute force attack) 2018 2019 2018 2019
Founded: 2013 Red Team augmentation, and analytics Founded: 2014 and exploits malware on a client's network to Number of Deals Total Amount Raised ($M)
theoretically and proactively locate and M&A Activity
HQ: San Diego, CA ▪ The platform enables teams to maximize their HQ: Sunnyvale, CA remediate security issues 2
reach and capabilities, continuously test 1
-- --
Amt Raised: $30.8M security infrastructure, launch automated or Amt Raised: $34.0M ▪ It enables users to analyze the impact of
on-demand attack scenarios, and leverage the attacks on a company's systems and the 2018 2019 2018 2019
CEO: Brett Galloway CEO: Guy Bejerano
expertise of a global security community efficacy of its defenses Number of Deals Total Disclosed Amount ($M)
▪ XM Cyber is a developer of an automated ▪ Verodin provides an Instrumented Security™ Other Vendors

threat simulation platform designed to driven platform that takes a new approach to
continuously expose all attack vectors from the Cybersecurity lifecycle
the breach point to any organizational critical
▪ Its Verodin SIP platform proves the
asset
effectiveness of an organization's investments,
▪ The Company's platform continuously proactively identifies configuration issues in a
Founded: 2016 identifies attack vectors to target assets, Founded: 2014 security stack, and exposes true gaps across
HQ: Herzlyia, Israel prioritizes actionable remediation, addresses HQ: McLean, VA people, process, and technology
the whole spectrum of real user behavior and
Amt Raised: $37.0M Acq. By ▪ The platform performs on a continuous basis,
exploits, and provides best practices and
ensuring that, as threats evolve and
CEO: Noam Erez policies with clear facts – enabling CEO: Christopher Key environments change, security effectiveness is
organizations to protect their digital contents
always understood and improving
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. CyberDB: Automated Breach Simulation Market,
and Gartner: Predicts 2017: Threat and Vulnerability Management. Return To Table Of Contents 175
Risk & Compliance | Governance, Risk, & Compliance (GRC)
The Global Movement To The Cloud Is Creating Compliance Challenges For Organizations To Balance Regulatory Pressures.
▪ The eGRC market (software and services) is expected to grow from $24.8B in 2017 to $64.6B by 2025 (CAGR of 12.8%)
▪ Managing constantly evolving regulations has increasingly become the responsibility of IT and security teams as technology has resulted in greater data and business operations distribution
▪ The difficulty of achieving compliance with today’s preferences for cloud-based infrastructure is rooted in the volume and complexity of laws and regulations that need to be observed in environments
▪ GRC solutions provide a framework and strategy for pursuing GRC initiatives across organizations and align IT and business objectives, with an increased focus on accountability for managing risk and
ensuring compliance in a challenging business environment
▪ Galvanize (formerly ACL &Rsam) offers a GRC ▪ Lockpath provides an enterprise GRC GRC Strategic Activity
platform that delivers enhanced governance platform that simplifies risk management and
and reliable execution of org strategy that regulatory challenges Financing Activity
helps identify and manage high-impact risks 9
▪ The Company’s Keylight product discovers 5
$36.3 $31.3
▪ The Company’s core products are designed to unknown risks, delivers immediate insights,
work independently or together, allowing it to centralizes data, and provides visibility on the 2018 2019 2018 2019
Founded: 1987 grow and evolve with an organization’s needs Founded: 2009 full risk impact Number of Deals Total Amount Raised ($M)
HQ: Vancouver, Canada ▪ Its platform centralizes all GRC activities, HQ: Overland Park, KS ▪ Lockpath’s Blacklight product collects changes M&A Activity
4
automates data access, reporting, and in configuration states, syncs data with cloud $100.0
Amt Raised: $50.0M Acq. By 1
remediation workflows, and provides a environments, audits data against CIS, and -
CEO: Laurie Schultz Content & Intelligence gallery filled with CEO: Chris Caldwell delivers real-time reporting that enhances
2018 2019 2018 2019
frameworks and best practices compliance reporting & remediation findings Number of Deals Total Disclosed Amount ($M)
▪ MetricStream provides a cloud-based GRC ▪ Onspring provides solutions for GRC, ITSM Other Vendors
platform that manages regulatory and and Business Operations on a mobile-
industry-mandated compliance and corporate friendly, cloud-based platform that improves
governance visibility and coordination across the
organization
▪ The Company’s applications integrate
technologies across business, IT, and security ▪ The Company offers a variety of solutions
Founded: 1999 functions, enabling organizations to realize Founded: 2010 including Audit & Assurance, Controls &
HQ: Palo Alto, CA the vision of pervasive GRC HQ: Overland Park, KS Compliance, Risk Management, and Vendor
Management
▪ Its cloud offering is built on state-of-the-art
Amt Raised: $314.9M Amt Raised: NA
virtualization and containerization ▪ Its no-code platform offers a modern and
CEO: Mikael Hagstroem technologies that enable its GRC apps to run CEO: Chris Pantaenius flexible way to manage data, workflow
at optimal reliability, security, and scalability automation, and customizable reporting
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Websites, Markets&Markets: Governance, Risk & Compliance Market ,
Applied Sciences: Governance, Risk, and Compliance in Cloud Scenarios. Return To Table Of Contents 176
Risk & Compliance | Security Awareness & Training
Humans Remain The Weakest Link In The Cybersecurity Chain Of Defense Due To A Lack Of Applicable Training.
▪ The Security Awareness & Training market experienced ~25% growth to $450M in 2018, but Gartner expects growth to rapidly accelerate to 47% in 2019 and continue at a CAGR of 42% through 2023
▪ Recent breaches highlight the importance of Security Awareness & Training in a company’s overall security and risk position as cybercriminals continue to exploit human behavior
▪ Security training solutions educate employees on how to avoid common threat vectors such as spear phishing attacks, which continue to be one of the largest drivers of data breaches; 91% of successful
breaches start with a spear phishing attack
▪ Organizations are turning to new methods of training which include the gamification of training programs as well as various content forms and mobile capabilities, in hopes of increasing employee
knowledge & understanding of the threats facing an organization
▪ KnowBe4 provides comprehensive security ▪ Cofense is a provider of an anti-phishing Security Awareness & Training Strategic Activity
awareness training and a simulated phishing solutions designed to train users to spot and
platform designed to train employees to make report phishing attacks Financing Activity
$436.0
smarter security decisions 10 12
▪ The Company’s Cofense Platform enables
▪ The Company’s subscription solution provides users to report suspected phishing emails to $39.4
access to the world’s largest security enable organizations to better identify, 2018 2019 2018 2019
Founded: 2010 awareness training library with dozens of Founded: 2007 analyze, and respond to email threats Number of Deals Total Amount Raised ($M)
HQ: Clearwater, FL categories to choose from HQ: Leesburg, VA M&A Activity

▪ Cofense’s Phishing Defense Center provides $665.5
6
▪ Its Kevin Mitnick Security Awareness Training actionable indicators on threats to an
Amt Raised: $402.6M Acq By 1
--
solution provides baseline testing to train organizations network, enabling a rapid
CEO: Stu Sjouwerman users, phish users, and deliver results of the CEO: Rohyt Belani response to verified threats to reduce the time 2018 2019 2018 2019
training between detection and resolution Number of Deals Total Disclosed Amount ($M)
▪ Circadence is a provider of Cybersecurity ▪ CyberVista provides a Cybersecurity training Other Vendors

learning platforms that leverage artificial designed to create a cyber-ready workforce
intelligence and custom content to address through personalized training programs
critical security challenges for enterprises,
▪ The Company’s solutions are personalized
governments, and academic institutions
based on an organization’s unique needs,
▪ The Company’s platform utilizes gamification designing training programs to select modules,
Founded: 1995 and active-learning models to provide a Founded: 2015 topics, and case studies most relevant to the
HQ: Boulder, CO unique approach to Cybersecurity learning HQ: Arlington, VA organization
▪ Its solutions combine AI, NLP, & Machine ▪ CyberVista’s Advance solution is a more
Learning to augment and automate efficient, effective, and less expensive way to
CEO: Michael Moniz Cybersecurity capabilities CEO: Simone Petrella train employees by leveraging job-specific
cyber training programs
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Gartner: Magic
Quadrant for Security Awareness Computer-Based Training, KnowBe4: 91% Of Cyberattacks Begin With Spear Phishing Email Return To Table Of Contents 177
Identity & Access Management | Authentication
Authentication Is Taking Center Stage As Companies Are Prioritizing The Security of Access To Critical Information.
▪ A growing number of organizations are rapidly adopting authentication solutions with the intent of monitoring individuals who are trying to gain access to unauthorized data and tamper with
highly sensitive information
▪ Advanced solutions have evolved to include verification techniques such as hardware OTP authentication, smart card-based authentication, phone-based authentication, and biometrics
▪ Gartner estimates that the worldwide Identity and Access Management (IAM), IDaaS, and User Authentication market will reach $3.4 billion by 2020
▪ Averon provides a fully automated mobile ▪ Auth0 is a developer of an Identity-as-a- Authentication Strategic Activity
authentication platform that requires zero Service (IDaaS) platform that seamlessly
installations and no involvement by end users authenticates and secures more than 50M Financing Activity
logins per day 30 $642.7
▪ Direct Autonomous Authentication is an API 27 $387.3
solution that securely confirms user identity via ▪ Auth0’s IDaaS platform is an enterprise-
real-time mobile network signaling, carrier data grade platform that provides single sign-on 2018 2019 2018 2019
Founded: 2015 packets, and verifying SIM / eSIM as “Chip Founded: 2013 and user management for web, mobile, Number of Deals Total Amount Raised ($M)
Present” to instantly authenticate connected internal applications, and APIs, enabling M&A Activity
HQ: San Francisco, CA devices HQ: Bellevue, WA developers and IT architects to eliminate the 14 10 $3,577.0
cost and risk of thousands of lines of code in $320.0
Amt Raised: $35.1M ▪ It enables users to secure mobile activity across Amt Raised: $213.5M
their own applications through a developer
the entire digital world, fraud prevention, smart 2018 2019 2018 2019
CEO: Wendell Brown vehicles / homes, blockchain, and IoT devices
CEO: Eugenio Pace friendly dashboard
▪ Callsign provides an artificial intelligence- ▪ Secret Double Octopus is a provider of Other Vendors
based authentication platform for enterprises, password-free, keyless authentication
financial institutions, and consumer-facing technology to protect identity and data
digital services across cloud, mobile, and IoT environments
▪ Its unique Intelligence Driven Authentication ▪ The platform’s technology prevents cyber
(IDA) solution uses multiple layers to attackers from accessing enough critical
Founded: 2012 recognize users through deep learning based Founded: 2015 information to be useful for attacks,
HQ: London, U.K. upon location, behavior, device, and HQ: Be’er Sheva, Israel eliminating brute force, man-in-the-middle,
biometrics in order to create frictionless PKI manipulation, key theft, and certificate
Amt Raised: $35.0M access for users, while reducing false rejection Amt Raised: $7.5M authority weaknesses
rates and increasing security
CEO: Zia Hayat CEO: Raz Rafaeli
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. Gartner: Forecasts Worldwide Cloud Based Security Services To Grow 21 Percent in 2017.
Identity & Access Management | IDaaS
In An Increasingly Fragmented & Borderless World, Identity Is Becoming The New Centralized Authority For Control.
▪ The Identity-as-a-Service market is expected to grow from $1.3B in 2018 to $7.7B by 2025 (CAGR of 29.6%)
▪ Securing the identities of employees, contractors, partners, and customers amidst an expanding portfolio of cloud applications and BYOD trends has challenged the limits of traditional identity solutions
▪ IDaaS is a cloud-based authentication and identity management service that verifies user identity and grants them appropriate access to software applications, files, and other resources
▪ IDaaS provides a modernized IAM framework that enables secure access to business-critical systems and unified identity management for both cloud-based and legacy apps
▪ Idaptive protects organizations through a zero ▪ OneLogin provides an access management IDaaS Strategic Activity
trust approach, intelligently limiting and solution that unifies users from all corporate
securing access to applications and endpoints, directories in a single view with a flexible Financing Activity
$110.5
verifying every user, and validating devices schema
3 3 $23.6
▪ The Company’s platform delivers an ▪ The Company’s platform enables a unified
integrated core of SSO, adaptive MFA, approach to managing access for both SaaS 2018 2019 2018 2019
Founded: 2019 endpoint & mobile context, and UBA Founded: 2009 and on-prem app environments by translating Number of Deals Total Amount Raised ($M)
HQ: Santa Clara, CA functionality HQ: San Francisco, CA user info from the cloud into HTTP headers M&A Activity
that on-prem apps natively understand 5
$680.0
▪ It generates risk-based policy that can be
Spun Out From Centrify Amt Raised: $208.0M -
enforced in real time at the point of access, ▪ It employs machine learning to detect high- -
In Jan-19 where high-risk threats can be blocked CEO: Brad Brooks risk login attempts and trigger additional
2018 2019 2018 2019
CEO: Danny Kibel authentication factor requests Number of Deals Total Disclosed Amount ($M)
▪ Okta provides enterprise customers identity ▪ Ping Identity securely and intelligently grants Other Vendors
management solutions for their workforce and employees, partners and customer access to
customers cloud, mobile, SaaS applications, and APIs
▪ The Company’s platform enables customers ▪ The Company’s platform is a central
to secure users and connect them to authentication authority that enables
technology via API access management organizations to leverage a unified digital
Founded: 2009 Founded: 2001 identity for a secure and seamless user
▪ It provides reliable integration for SSO to all
HQ: San Francisco, CA HQ: Denver, CO experiences across all business initiatives
web and mobile apps, with a full-featured
federation engine and flexible access policy ▪ Its combined software and IDaaS offerings
Market Cap: $14.0B Market Cap: $1.9B
enables the Company to support customers
CEO: Todd McKinnon CEO: Andre Durand with complex, hybrid on-premises and cloud
application target systems
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Reuters, and Company Websites, Adroit Market Research: Identity and Access Management as a Service Market.
Market Data as of December 31st, 2019. Return To Table Of Contents 179
Identity & Access Management | Privileged Management
Vital To Secure The Sensitive Information That System Endpoints And Credentials Protect.
▪ Privileged management solutions make it more difficult for attackers to access privileged accounts that are highly targeted by security threats due to the valuable information they can access
▪ Privileged identity management is one of the fastest growing subsectors of cybersecurity, with a market size estimated at $922M in 2016, expected to grow at a CAGR of 33% to $3.8B by 2021
▪ According to an upcoming EMA Privileged Access Management Research Report, 76% of organizations were aware of at least one violation of their privileged access policy in the past year
(average was 3.2 incidents / year) while 84% of large businesses (10k+ employees) plan to adopt a more comprehensive Privileged Access Management solution
▪ Gartner ranked privileged account management as the #1 security project for 2018
▪ Remediant is the newest entrant in PAM, ▪ Centrify secures enterprises against cyber Privileged Access Management Activity
providing protection for privileged access threats by ensuring safe access to
without requiring agents or password vaults infrastructure Financing Activity
$85.1
5 5
▪ The modern solution is built from the API up, ▪ The Company develops an identity and
$19.8
and integrates with other existing infosec access management platform that secures
tools, including IGA, EDR and SIEM solutions enterprises through the utilization and
2018 2019 2018 2019
Founded: 2015 management of identity services
▪ Users who need privileged access are granted Founded: 2004 Number of Deals Total Amount Raised ($M)
M&A Activity
HQ: San Francisco that access on a Just-In-Time-Admin (JITA) ▪ End users and privileged users gain access to 7 $2,250.0
basis and then the access is removed.
HQ: Santa Clara, CA protocols and infrastructure without 2
Amt Raised: $15.0M Computers are continuously scanned for Acq. By boundaries, permitting a static perimeter- $22.4
unauthorized privileged access; if detected, based approach to Cybersecurity 2018 2019 2018 2019
CEO: Tim Keeler CEO: Tim Steinkopf
the access is revoked and an alert generated Number of Deals Total Disclosed Amount ($M)
▪ Fudo Security provides Intelligent Privileged ▪ Thycotic provides a password management Other Vendors
Access Management solutions to monitor the platform to secure enterprises. The platform
activity of users with access to critical assets defends against cyber attacks with an array of
Cybersecurity services including password
▪ Offers one-day deployments due to an all-in-
security, endpoint protection, and application
one and agentless product without the need
access control
for third party plugins
Founded: 2012 Founded: 1996 ▪ The Company helps users secure and manage
▪ The Company’s solutions include remote
privileged account passwords in an effective
HQ: Newark, CA session monitoring and sophisticated AI- HQ: Washington, DC
and affordable manner unmatched by
powered prevention tools to detect and
Amt Raised: NA terminate suspicious activity
Backed By competitors
CEO: James Legg ▪ Uses a combination of privilege management,
CEO: Patryk Brozek
application whitelisting, and more
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, Company Websites, Gartner, Research and Markets, Forrester, EMA Privileged Access Management Research Report 2018.
Identity & Access Management | Identity Governance
Organizations Are Seeking Solutions To Minimize Access To Sensitive Data Without Disrupting Business Workflow.
▪ The Identity Governance market is expected to grow from $2.8B in 2018 to $4.2B by 2023 (CAGR of 10.7%) due to a rising demand for solutions that provide granular control over increasingly distributed
digital identities
▪ Identity Governance enables organizations to define, enforce, review, and audit IAM policy; map these functions to regulatory requirements; and audit user access to support compliance reporting
▪ Limiting access to data reduces the potential risk of insider threats, while also keeping organizations in compliance with regulations such as GDPR and SOX
▪ These providers integrate and connect with the majority of public cloud providers (e.g. AWS, Azure, Google Cloud) and applications (e.g. ERP, HCM, Collaboration) to improve access and security and
provide consistent identity governance solutions across the enterprise
▪ SailPoint provides solutions to govern user ▪ Saviynt provides solutions to secure Identity Governance Strategic Activity
access to critical systems and data and applications, data, and infrastructure in a
efficiently manage digital identities single platform for cloud and enterprise Financing Activity
applications
▪ Its identity tools connect to all apps and data 1 1
$40.0
in complex, hybrid IT environments and learn ▪ Its software combines granular application -
how organizations work through AI and ML to access, risk and usage analytics, real-time 2018 2019 2018 2019
Founded: 2005 provide recommendations and suggest tasks Founded: 2009 prevention with risk signatures, and SOD Number of Deals Total Amount Raised ($M)
HQ: Austin, TX to automate HQ: El Segundo, CA rules for applications M&A Activity
▪ The Company’s IdentityIQ solution enables ▪ The Company imports access and usage data 3
Market Cap: $2.1B Amt Raised: $40.0M 1 $16.5
administrators to determine who has access to in real time or on a batch basis analyzing data -
CEO: Mark McCain applications and data and understand how CEO: Amit Saha against industry-leading controls provides
2018 2019 2018 2019
this access is being used violations and exceptions Number of Deals Total Disclosed Amount ($M)
▪ Simeio provides enterprise-grade identity ▪ Deep Identity provides identity governance Other Vendors
security capabilities as a managed service by solutions with granular and comprehensive
analyzing the use of digital identities and information for a complete attestation process
access privileges
▪ Its platform offers a layered approach that
▪ Its platform automates compliance and enables visibility and controls to address
protects enterprises with access certifications, compliance management and data
Founded: 2007 segregation of duties enforcement, role Founded: 2009 governance requirements to improve IT
HQ: Atlanta, GA management, and identity proofing HQ: Singapore, SG security and minimize business risk
▪ The Company offers a service-first philosophy ▪ The Company’s Deep IM and Deep IACM
Backed By: Acq. By:
that is backed by unique configurations and enable enterprises to have complete
CEO: Hemen Vimadalal customizations to fit any business, leading to CEO: Whee Teck Ong administrative capabilities and analysis for
stronger solutions employee management
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Gartner: Information Security Forecast 2019, and Gartner: Gartner IGA Magic Quadrant
Market Data as of December 31st, 2019.
Identity & Access Management | Consumer Identity
CIAM Solutions Are Evolving Rapidly And Now Include Complex Features Found In Traditional IAM Platforms; Growing Importance Within Core Cyber Architecture.
▪ The Consumer Identity market is projected to grow from $16.0B in 2018 to $37.8B by 2023E (CAGR of 18.8%)
▪ CIAM solutions are driving the unification of siloed customer data, enabling better insights on user behavior through analytics
▪ Increasing overlap of features for CIAM and workforce IAM solutions means more and more sophisticated features are bridging the gap (e.g., additional context-based elements including
users’ device, IP address, geolocation, and past behavior)
▪ Future solutions will evolve to prevent breaches and threats via API protection, which involves securing APIs from malicious attacks and threats
▪ Auth0 is a provider of an identity ▪ ForgeRock is a developer of a digital identity Consumer Identity Strategic Activity
management and authentication platform that management platform designed to transform
helps any third-party website or application organizational identity and access Financing Activity
9 $260.1
securely verify users and enable them to log in management 8
and access their online accounts ▪ The Company’s platform features identity $58.8
▪ The Company’s IDaaS platform includes management, access management, identity

Founded: 2013 Founded: 2009 gateway, directory services, profile, and 2018 2019 2018 2019
features such as Rules and customizable code Number of Deals Total Amount Raised ($M)
HQ: Bellevue, WA HQ: San Francisco, CA privacy management M&A Activity

▪ Its platform enables developers and 4 115.4 $125.0
companies to stipulate exactly how people ▪ It securely connects people devices, and
Amt Raised: $213.5M Amt Raised: $150.3M 1
access a specific online system things, enabling organizations to deliver
CEO: Eugenio Pace CEO: Fran Rosch trusted digital relationships 2018 2019 2018 2019
▪ ID.me is a provider of a digital ID wallet ▪ LoginRadius is a developer of a customer Other Vendors

designed to make online transactions more identity and access management platform
efficient, trusted, and transparent designed to define a unified profile and better
▪ The Company's platform streamlines

manage the customer identities /
authentication, identity proofing, and ▪ The Company's cloud-based platform helps
federation of external identity and attribute users websites and mobile applications to
Founded: 2010 Founded: 2012 implement social login, capture user social
providers through a single API
HQ: McLean, VA HQ: Vancouver, Canada data, enable social sharing and add single
▪ It enables the military, students, first sign-on
Amt Raised: $47.1M responders, teachers and government Amt Raised: $20.8M
employees to easily prove their identity online ▪ It enables businesses to integrate websites and
CEO: Blake Hall via a single login and avail discounts on CEO: Rakesh Soni mobile applications with social media and
various networks scale up
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, Yahoo Finance: Consumer IAM Market 2018,
Gartner Report: Top 5 Trends in CIAM, CIAM, Digital Transformation Webinar. Return To Table Of Contents 182
SecOps & Incident Response | SIEM
Once Reserved For Large Orgs With Advanced Security Capabilities, SIEMs Are Now Addressing Needs Of SMBs.
▪ The Global SIEM market is expected to grow to $5.9B by 2021, a CAGR of 12% from 2017-2021
▪ Most Fortune 500 and Global 2000 corporations have adopted SIEM solutions by now. Small to midsized businesses (SMBs) are the next frontier for SIEM vendors
▪ While security budgets are stable or increasing for almost all organizations, security managers reported significant obstacles in fully realizing the benefits of SIEM solutions because of lack of staff
expertise (44.4%) and inadequate staffing (27.8%)
▪ Alien Vault provides a digital security ▪ Splunk develops operational intelligence SIEM Strategic Activity
management and crowdsourced threat platforms that are designed to collect, index
intelligence platform that is designed to offer and harness machine data generated by Financing Activity
unified security for threat detection and applications, servers and devices 4 $173.0
incident response 1 $50.0
▪ The company's operational intelligence
▪ Its security management and threat platform provides design, installation, 2018 2019 2018 2019
Founded: 1876* intelligence platform offers Unified Security configuration, customization and integration
Founded: 2003 Number of Deals Total Amount Raised ($M)
HQ: Dallas, TX* Management to address compliance and services for Microsoft Exchange that provides M&A Activity
threat-management needs and also provides HQ: San Francisco, CA continuous monitoring and reporting systems 7
$1,340.0
Market Cap: $278.2B* Open Threat Exchange, an open and as well as enables Exchange administrators 1 $100.0
Market Cap: $22.8B
President: Barmak Meftah collaborative initiative for security
professionals to connect with their peers CEO: Doug Merritt 2018 2019 2018 2019
▪ LogRhythm provides a security intelligence ▪ Logpoint develops a next-generation security Other Vendors
and analytics platform that is designed to information, event management and big data
protect its customers from the risks associated analytics platform that is designed to simplify
with cyber threats information technology processes and adhere
to compliance
▪ Its platform uniquely unifies next-generation
SIEM, log management, network and ▪ Its next-generation security information, event
Founded: 2003 endpoint monitoring, user entity and behavior Founded: 2001 management and big data analytics platform
HQ: Boulder, CO analytics (UEBA), security automation and provides reporting templates for compliance,
orchestration and advanced security analytics HQ: Copenhagen, dashboards to manage critical events and
Acq. By Denmark security incidents in real-time along with
▪ The platform enables organizations to rapidly
Amt Raised: $10.0M built-in scaling architecture enabling finance,
CEO: Mark Logan detect, respond to, and neutralize damaging
healthcare, defense and aerospace and
cyber threats CEO: Jesper Zerlang government sectors
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Technavio, Global Security Information and Event Management Market.
Note: * Denotes Parent company stats. Market data updated as of December 31st, 2019. Return To Table Of Contents 183
SecOps & Incident Response | Security Incident Response
Talent Shortage & Increasing Threat Landscape Is Accelerating Move Towards SOC Orchestration And Automation.
▪ SecOps teams struggle to keep up with the deluge of security alerts from an increasing arsenal of threat detection technologies and still primarily rely on manually created and maintained,
document-based procedures for operations, which leads to issues such as longer onboarding times, stale procedures, tribal knowledge, and inconsistent execution of operational functions
▪ By 2020, 15% of organizations with a security team of more than five people will leverage Security Orchestration, Automation, & Response (SOAR) tools for orchestration and automation
reasons; currently at 1%
▪ The SOAR market is expected to grow to $1.7B by 2021; 100%+ increase from today
▪ Demisto is a developer of a SecOps Platform ▪ D3 Security is a provider of a unified Security Incident Response Strategic Activity
that combines security orchestration, incident configurable SOAR platform
management, machine learning, and Financing Activity
▪ The Company’s automated incident response
interactive investigation 11 11 $148.7 $161.5
and case management solution enables full-
▪ Its orchestration engine automates security lifecycle incident management, lessening the
product tasks and weaves in the human pressure on analysts and SOCs, while helping 2018 2019 2018 2019
Founded: 2015 analyst tasks and workflows Founded: 2002 organizations to rapidly remediate incidents Number of Deals Total Amount Raised ($M)
and generate a comprehensive log of M&A Activity
HQ: Santa Clara, CA ▪ The platform delivers a complete solution that HQ: Vancouver, Canada incidents and actions taken 6 $628.0
helps Tier-1 to Tier-3 analysts and SOC 3 $355.8
Acq. By managers optimize the entire incident life Amt Raised: NA ▪ Its unique architecture enables orchestration
cycle while auto documenting and journaling of manual & automatic activities & provides 2018 2019 2018 2019
CEO: Slavik Markovich CEO: Gordon Benoit
all the evidence dynamic link analysis capabilities Number of Deals Total Disclosed Amount ($M)
▪ Siemplify is a provider of an online ▪ Splunk recently acquired Phantom Cyber, a Other Vendors
information security platform, transforming leader in Security Orchestration, Automation
various information gathered from different and Response (SOAR)
security sources into intelligence
▪ Phantom’s platform integrates with existing
▪ The Company’s platform prioritizes and security technologies to provide a layer of
consolidates cases, serving as the analyst’s connective tissue between them
Founded: 2015 single interface for the security operations Founded: 2014
▪ It automates repetitive tasks to multiply team
HQ: New York, NY processes and providing tools needed to HQ: Palo Alto, CA efforts, automatically triages events, pre-
investigate, analyze, and remediate alerts
Amt Raised: $58.0M Acq. By fetches threat intelligence, and orchestrates
▪ It also enables security operation centers to complex workflows, enabling organizations to
CEO: Amos Stern leverage their existing security infrastructure CEO: Oliver Friedrichs respond to incidents at machine speed
and mitigate attacks quickly and efficiently
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. Gartner: Innovation Insight for Security Orchestration, Automation, and Response, &
Markets & Markets: Security Orchestration Market.. Return To Table Of Contents 184
SecOps & Incident Response | Security Analytics
Provide Vital, Actionable Intelligence From The Massive Amounts Of Data Generated From Security Events.
▪ Security analytics tools are capable of detecting and analyzing possible threats and targeted attacks, giving a holistic view of the security of an organization’s digital infrastructure
▪ Machine Learning and Artificial Intelligence are often a key feature of security analytics platforms that allow them to handle big data
▪ Security analytics has become an increasing priority for enterprises, as 39% are already using analytics in 2018, and 35% are planning to use analytics
▪ The broader security analytics market is estimated to grow from $2.8B in 2016 to $9.4B by 2021 (CAGR of 27.1%)
▪ Interset develops cyber-threat protection ▪ Jask is a developer of a Cybersecurity analytics Security Analytics Strategic Activity
software that detects and responds to insider software that utilizes AI based algorithms to
and outsider threats deliver autonomous alert triage and threat Financing Activity
analysis, enabling security analysts to make
▪ Uses behavioral analytics, machine learning, 8 10
$173.3
informed decisions faster with precision $112.5
big data and risk forensics, enabling users to
deliver accuracy and speed in threat detection ▪ The platform Improves contextual visibility, 2018 2019 2018 2019
Founded: 2002 Founded: 2015 exposes blind spots & initiates faster response Number of Deals Total Amount Raised ($M)
▪ Data-science driven platform powered by
times M&A Activity
HQ: Ottawa, Canada 350+ proprietary models leverages artificial HQ: Austin, TX $1,129.7
intelligence and a scalable architecture to ▪ It identifies, monitors, and protects critical 9 5
Acq. By distill billions of security events into a Acq. By assets and data across legacy and point $83.0
manageable amount of actionable leads solutions

CEO: Mark Smialowicz CEO: Greg Martin 2018 2019 2018 2019
▪ Exabeam provides a modern analytics-led ▪ Securonix is a provider of a SaaS-based big Other Vendors
security intelligence platform designed to data security analytics platform designed to
detect data breaches transform security management with risk
intelligence
▪ Platform combines unlimited data collection,
machine learning, and automated incident ▪ The Company's security intelligence platform
response into an integrated set of products uses Hadoop and machine learning
Founded: 2013 Founded: 2008 technology to consume, enrich and analyze
▪ Provides solutions for threat detection, end-
massive volumes of data in real-time
HQ: San Mateo, CA to-end detection and provides an automated HQ: Addison, TX
incident response by minimizing their security ▪ Enables clients to detect and prioritize insider
Amt Raised: $193.0M blind spots Amt Raised: $29.0M threat, cyber threat, cloud and fraud attacks
automatically and accurately
CEO: Nir Polak CEO: Sachin Nayyar
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, Company Websites, MarketsandMarkets, Research and Markets.
Threat Intelligence
Provide Predictive Remedies For Advanced Threats & Exploits On Enterprise’s Security Infrastructures.
▪ The global threat intelligence market accounted for $3B in 2016 and is expected to grow at a CAGR of ~17% from 2017 to 2025
▪ Increasingly sophisticated cyber attacks are pushing organizations to invest proactively in threat intelligence solutions to identify potential risks, and the motives of attackers
▪ Forensic analytics is expected to be highly sought after for its ability to determine the root causes of breaches, as well as mitigating the damage of attacks
▪ Cloud-based threat intelligence solutions are preferred to on-premise solutions since it stops unwanted traffic from entering the network, and eliminates upfront investment of on-premise
equipment
▪ Anomali provides a threat intelligence ▪ Recorded Future reveals unknown threats Threat Intelligence Strategic Activity
platform that is designed to help organizations before they impact business, and enable
find and respond to cyber threats teams to respond to alerts 10 times faster Financing Activity
20
13 $193.0 $193.7
▪ Its platform integrates with internal ▪ Its platform automatically collects and
infrastructure to identify new attacks, or analyzes intelligence from technical, open
search forensically over the past year to web, and dark web sources and aggregates 2018 2019 2018 2019
Founded: 2013 discover existing breaches as well as offers a Founded: 2009 customer-proprietary data Number of Deals Total Amount Raised ($M)
HQ: Redwood City, CA free tool to collect and share threat HQ: Somerville, MA M&A Activity
▪ It delivers more context than threat feeds, $866.8
intelligence and provides a free, out of the 2
Amt Raised: $96.9M Acq. By updates in real time so intelligence stays 1
box intelligence feed --
relevant, and centralizes information ready for
CEO: Hugh Njemanze CEO: Christopher Ahlberg human analysis, collaboration, and integration 2018 2019 2018 2019
with security technologies Number of Deals Total Disclosed Amount ($M)
▪ ThreatConnect provides a threat intelligence ▪ ThreatQuotient develops an open and Other Vendors
products and services software that is extensible threat intelligence platform that is
designed to deliver a single platform in the designed to empower security teams to
cloud or on-premises to effectively aggregate, respond to cyber threats
analyze and act to counter sophisticated
▪ Its threat intelligence platform accelerates
cyber-attacks
security operations through context,
Founded: 2011 ▪ Its threat intelligence products and services Founded: 2013 prioritization and automation, enabling
HQ: Arlington, VA software offer threat data collection, analysis HQ: Reston, VA companies to identify, understand, prioritize
and collaboration, enabling the security and act on high-priority threats facing their
Amt Raised: $30.1M community to develop an understanding of Amt Raised: $64.6M organization based on customer-defined
CEO: Adam Vincent threats targeting their organizations and other CEO: John Czupak parameters
business operations
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Grand View Research: Threat Intelligence Market.
Social Media & Digital Risk Management
Digital Presence And Online Branding Are Increasingly Becoming More Susceptible To Attacks.
▪ Social Media and Digital Risk Management tools help customers reduce the impact of risk events with quicker detection and remediation while minimizing the likelihood of such events with
better governance and automated controls
▪ Without persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand (impersonations, scams, or fraud), cyber (data theft or malware), and physical
risk events (acts of terror, social activism, or supply chain disruption)
▪ By 2020, 60% of digital businesses will suffer major service failures due to the inability of it security teams to manage digital risk
▪ SafeGuard Cyber powers security, risk and ▪ Digital Shadows is a provider of cyber Digital Risk Management Strategic Activity
compliance professionals to protect their digital monitoring services designed to improve Financing Activity
and social assets while enabling the adoption of cyber situational awareness 12 $169.1
digital technologies across the enterprise 11
$90.5
▪ Digital Shadows’, SearchLight is a scalable
▪ The SafeGuard Cyber Platform, provides a data analytics platform with human data
2018 2019 2018 2019
reduced security risk exposure for enterprise and analysts to manage and mitigate digital risks,
Founded: 2014 mid-market organizations, and supports social Founded: 2011 enabling organizations to get insight of
M&A Activity
HQ: Charlottesville, VA collaboration to foster corporate productivity HQ: San Francisco, CA external digital risks and offer protection 1 1 $143.0
against cyber-attacks, loss of intellectual --
Amt Raised: $13.4M Amt Raised: $58.5M property, loss of brand and reputational
CEO: Jim Zuffoletti CEO: Alastair Paterson integrity 2018 2019 2018 2019
▪ ZeroFox is developer of social media security ▪ RiskIQ provides the discovery, intelligence, Types of Typical Attack Vectors:
platform designed to protect modern and mitigation of threats associated with an
organizations from dynamic security, brand organization’s digital presence
and physical risks across social, mobile, Web &
▪ Allows enterprises to gain unified insight and Imposter Malicious
collaboration platforms
control over web, social, and mobile Accounts Posts
Founded: 2013 ▪ ZeroFox’s social media security platform offers Founded: 2009 exposures
a cloud-based technology & predictive analytic
HQ: Baltimore, MD services to identify and prevent malicious HQ: San Francisco, CA ▪ RiskIQ’s platform combines advanced internet
cyber attacks, enabling clients to gain insight, data reconnaissance and analytics to expedite
Amt Raised: $123.1M Amt Raised: $68.0M investigations, understand digital attack Account
intelligence and context to defend their Malware
CEO: James Foster organization proactively, stopping complex CEO: Elias Manousos surfaces, assess risk, and take action to protect Takeover
and targeted attacks business, brand, and customers
Source: Forrester Wave: Digital Risk Monitoring Q3 2016, Gartner: Cybersecurity at the Speed of Digital Business, and Momentum Cyber Proprietary M&A & Financing Transaction Database, and Company Website.
Blockchain
Addresses The Weaknesses Of Current Cyber Technology To Better Protect Against Highly Sophisticated Attacks.
▪ Blockchain can enhance and improve existing cybersecurity capabilities for applications including digital authentication, data integrity management, DDoS attack protection, etc.
▪ One of the biggest challenges with current IAM methodologies is that passwords run on a PKI model that rely on a central authority to issue, revoke, and store key pairs (stored in a database);
centralized databases and systems are easier to hack; blockchain IAM market is expected to grow from $90.4M in 2018 to $1.9B by 2023 (CAGR of 84.5%)
▪ Blockchain technology also offers safeguards to ensure data integrity across the enterprise; data can never be removed from a blockchain, new or edited data is added on top of old blocks (with
a digital signature and time stamp) and is therefore fully traceable and enables visibility of what data hackers have changed and from which account
▪ Valid Network’s Blockchain Security Platform ▪ Manifold Technology is a developer of a Blockchain Strategic Activity
(BSP) is blending Blockchain transactions with blockchain-based data privacy platform
traditional enterprise systems designed to improve data access management Financing Activity
$140.4 $130.1
11 12
▪ Its BSP technology stack is a mix of advanced ▪ The Company's blockchain-based data
algorithms from machine learning, data privacy platform integrates with an enterprise's
Founded: 2018 mining and distributed systems that exposes a Founded: 2014 private or public infrastructure and provides 2018 2019 2018 2019
visual stream of insights for Internal Auditors, an immutable record of all access events Number of Deals Total Amount Raised ($M)
HQ: Be'er Sheva, Israel Risk, Financial and Security officers HQ: Menlo Park, CA M&A Activity
▪ It allows companies to easily address data
Amt Raised: $2.0M ▪ Its intelligent security layer detects and blocks Amt Raised: $6.7M privacy requirements with blockchain-based
any attempts to modify business logic or auditing and purpose-based access control -- -- -- --
CEO: Kfir Nissan CEO: Chris Finan
perform malicious actions
2018 2019 2018 2019
▪ Guardtime is a provider of an industrial

▪ Xage Security is a provider of a blockchain- Other Vendors
blockchain platform designed to provide
protected security platform for IoT, securing
massive scale data authentication without
authentication & data exchange
reliance on centralized trust authorities
▪ The Company's platform creates a trusted
▪ Its KSI (Keyless Signature Infrastructure)
foundation for secure cooperation and data
Founded: 2007 platform is designed to ensure the integrity of Founded: 2016 exchange
systems, network, and data at an industrial
HQ: Lausanne, scale HQ: Palo Alto, CA ▪ It distributes authentication and private data
Switzerland across the network of devices, creating a
▪ The platform enables database owners to Amt Raised: $16.9M
tamper-proof fabric for communication,
Amt Raised: $24.5M deliver independent verification of the
CEO: Duncan Greatwood authentication, and trust that assures security
integrity of records, backups, and audit logs
CEO: Mike Gault at scale
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites, Deloitte: Blockchain & Cybersecurity Whitepaper, PR Newswire,
Capterra: The Benefits of Blockchain for IT, Part 2: Cybersecurity, Computerworld, and Crypto Exchanges Loss. Return To Table Of Contents 188
IoT | IoT Devices
The Proliferation Of IOT Devices Has Expanded The Attack Surface And Is Exposing Organizations To New Types Of Threats.
▪ The global IoT market is expected to grow from $130B in 2018 to $318B by 2023 (CAGR of 20%), fueling the tangential IoT Security market that is expected to grow to $10B by 2025E (CAGR of 30% from
2015-2025E)
▪ As physical infrastructure becomes increasingly connected and citizens adopt more IoT devices & technology, hackers have identified the opportunity to target and exploit these new vectors by hacking
connected devices to execute commands that change physical environments and steal user data
▪ IoT security companies are differentiating their offerings with advanced capabilities such as analytics and AI to combat a wider range of IoT-specific threats
▪ Armis provides an agentless IoT security ▪ Cybeats provides a cloud-based platform to IoT Security Strategic Activity
platform for enterprises created to identify protect IoT devices in smart buildings, and
unmanaged devices or networks medical & critical infrastructure environments Financing Activity
▪ Its platform is designed to discover and ▪ The Company’s solution builds and maintains 18 $219.2
17 $113.3
continuously monitor all devices in an dynamic models of healthy device behaviors
environment and automatically learns the IPs & ports that
Founded: 2015 Founded: 2016 IoT devices normally communicate with, and 2018 2019 2018 2019
▪ Its Risk Analysis Engine utilizes automation to Number of Deals Total Amount Raised ($M)
HQ: Palo Alto, CA HQ: Ontario, Canada flags and alerts behavioral anomalies
assign scores based on factors including M&A Activity $152.0
vulnerabilities that it detects, known attack ▪ Its Microagent technology has strict CPU and 6
Acq. By Amt Raised: $2.4M
patterns, and observed behaviors in the IO consumption, and heavy processing is 1 $28.6
CEO: Yevgeny Dibrov network CEO: Dmitry Raidman performed by its cloud service
2018 2019 2018 2019
▪ Medigate provides a security and asset ▪ Zingbox provides an IoT security platform Other Vendors
management platform designed to deliver designed to leverage device personality and
secure and connected care enforce acceptable behavior
▪ Medigate’s product discovers & classifies ▪ Its IoT Guardian platform detects devices as
medical devices in a clinical network, which they transmit data, discerns their individual
enables device risk assessment and profiling behavior, defends and alerts against irregular
Founded: 2017 Founded: 2014 behaviors, and proactively identifies potential
▪ The Company’s anomaly detection engine
HQ: New York, NY HQ: Mountain View, CA risks and corrects device to appropriate action
compares network behavior with contextual
understanding of medical work flows to ▪ The Company’s IoT Insights product
identify attacks optimizes intelligence and utilization
CEO: Jonathan Langer CEO: Xu Zou reporting
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Websites, Bain: Cybersecurity Is the Key to Unlocking Demand in the Internet of Things,
Grand View Research: IoT Security Market, Forrester: Predictions 2019: The Internet of Things, Getapp: Cloud Data Protection, IoT, & Active Threat Detection:, Windpower: Global IoT market to reach $318 billion by 2023, says GlobalData,
Gartner: How the Internet of Things Is Changing Cybersecurity, IoT Security Spend.
IoT | Automotive
Growth In Connected & Autonomous Vehicles Driving The Need For Advanced Automotive Cybersecurity Solutions.
▪ The automotive Cybersecurity market is projected to grow from $1.3B in 2018E to $5.8 billion by 2025E (CAGR of 23.2%)
▪ Increasing amount of vehicle electronics and rapid adoption of advanced vehicle technologies (connected vehicles & self-driving vehicles) have made vehicles vulnerable to cyberattacks; there
will be a projected 100 million connected vehicles on the road by 2020, 5% of the total number of vehicles currently in commission
▪ Hackers are able get access to cars’ internal networks and hijack the electronic control units (ECU) that control everything from infotainment and the climate control system to the engine,
brakes, and steering
▪ Trillium is provider of subscription services IoT (Automotive) Strategic Activity

▪ Karamba Security provides self-protecting
that utilizes multi-layered cybersecurity
security software products that enable end-to- Financing Activity
technology that hardens modern vehicles and $86.2
end in-vehicle Cybersecurity for the
fleets against cyber-attacks and enables 5 6
endpoints and the internal messaging bus $29.0
companies to securely extract vehicle data
▪ Its solutions are designed to prevent
Founded: 2015 Founded: 2014 ▪ Its solutions include lightweight encryption,
cyberattacks with zero false positives and 2018 2019 2018 2019
authentication, cryptographic key Number of Deals Total Amount Raised ($M)
secure communications, including OTA
HQ: Bloomfield Hills, MI HQ: Sunnyvale, CA management, IDS / IPS and secure, over-the- M&A Activity
updates
air software updates
▪ Its technology seamlessly integrates into the
▪ Customers include fleet operators, aerospace 0 -- --
CEO: Amiram Dotan software development lifecycle; fits modern CEO: Keith McDonnell
and defense organizations, & automotive
architectures in vehicles and IOT devices 2018 2019 2018 2019
OEMs Number of Deals Total Disclosed Amount ($M)
▪ Otonomo is provider of a neutral automotive

▪ SafeRide Technologies is the provider of Other Vendors
vSentry™, a multi-layer Cybersecurity solution
data services platform that paves the way for
for connected and autonomous vehicles that
new apps and services that benefits all parties
combines state-of-the-art deterministic
in the global transportation ecosystem
security solution with a groundbreaking AI
▪ Its Automotive Data Services platform shares profiling and anomaly detection technology
Founded: 2015 and integrates vehicle data, auto OEMs and Founded: 2016 to provide future-proof security
increases the ability of cars to exchange data
HQ: Herzliya, Israel HQ: Tel Aviv, Israel ▪ The Company provides OEMs, fleet operators
with the outside world
and automotive suppliers early detection and
▪ It utilizes patented technology to ingest, prevention of cyber-attacks, and helps to
CEO: Ben Volkow secure, cleanse, normalize, aggregate, and CEO: Yossi Vardi avoid financial damage, prevent reputation
enrich automotive data from multiple sources loss, and save lives
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, MarketsandMarkets: Automotive Cyber Security Market ,
and McKinsey & Company: Shifting gears in Cybersecurity for connected cars . Return To Table Of Contents 190
IoT | Connected Home
The Broad Range Of Connectable Home Devices Creates A Myriad Of Connection Attacker Entry Points.
▪ The IoT connected homes market is expected to grow from $42B in 2017 to $138B by 2026 (CAGR of 14.2%) as a part of the broader IoT market, which was already $130B in 2018 and is expected to
surpass $300B in 2023 (CAGR of 20%)
▪ As consumers bring additional connected devices into their home, it increases the complexity within the smart home system, which translates to an expanded attack surface
▪ Consequences of connected home attacks can involve breaches of personal information, but also involve safety and privacy concerns, as attackers can seize control of automated platforms (such as
entryways or security alarms) and monitor home activity
▪ IoT connected home security companies are differentiating their offerings with capabilities such as AI, machine learning, and botnet detection to combat a wider range of IoT-specific threats
▪ Cujo AI provides a smart home device that ▪ SAM Seamless Network provides a IoT Connected Home Strategic Activity
applies machine-learning to protect against Cybersecurity platform that virtually patches
home hacking through fortifying software and vulnerabilities in the home network and Financing Activity
hardware against virtual threats secures devices from such attacks 6 $19.5
1 $10.0
▪ Device identification algorithms automatically ▪ The Company’s software-only solution is
recognize, name, and group devices on the deployed into the home router, leaving no
Founded: 2015 home network Founded: 2016 impact on the home network itself
2018 2019 2018 2019
HQ: El Segundo, CA ▪ Its clients control devices through features HQ: Tel Aviv, Israel ▪ Its offerings include network segmentation to M&A Activity
$14.4
such as filtering, blocking, and scheduling, control device access along with device
and can leverage machine learning to analyze fingerprinting and virtual hot patching to -- --
CEO: Einaras von threats, spots patterns, and proactively protect CEO: Sivan Rauscher permit only user-initiated connections
2018 2019 2018 2019
Gravrock their homes between devices Number of Deals Total Disclosed Amount ($M)
▪ F-Secure provides SaaS solutions through ▪ McAfee provides threat visibility and Other Vendors
operators for online security and privacy, antimalware protection, including endpoint
offering internet security, antivirus, mobile protection, network security, and cloud
security, and anti-theft software security
▪ The F-Secure SENSE security router provides ▪ The McAfee Secure Home Platform provides
WiFi while protecting web surfing by blocking automatic protection for the entire home
Founded: 1988 malicious sites and securing devices against Founded: 1987 network, including devices without a display
HQ: Helsinki, Finland cyber attacks HQ: Santa Clara, CA ▪ Its features include IoT anomaly and botnet
▪ Its features include device discovery to adapt detection, advanced network controls, and
Market Cap: $533.8M Acq. By:
to security needs, IoT security to protect malicious site blocking, among others
CEO: Samu Konttinen devices with no available security software, CEO: Peter Leav
and an up-to-date, secure router
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Websites, Windpower: Global IoT market to reach $318 billion by 2023, says GlobalData,
MarketWatch: Connected Homes Market to Reach a Valuation Higher than US$ 138Bn by 2026, TrendMicro: Threats and Risks to Complex IoT Environments, Return To Table Of Contents 191
Deloitte: Cyber Risk n an Internet of Things World. Market Data as of December 31st, 2019.
Messaging Security
Email Is The Leading Threat Vector For Ransomware, Phishing, And Data Theft, Accounting For >90% of Malware Vectors.
▪ The Secure Email Gateway Market is expected to grow from $2.8B in 2018 to over $3.9B by 2022 (a 14% CAGR); rising penetration of cloud-based services in enterprises is expected to drive
the adoption rate for cloud-based email security
▪ Market continues to see strong growth as email remains one of the leading vectors for malware attack and penetration, with organizations investing heavily in solutions to protect against all
forms of email borne threats, particularly ransomware, phishing and spear-phishing attacks
▪ Vendors are increasingly adding DLP and email encryption, and integrating EDR and ATP solutions with their email security solutions
▪ Agari is a provider of a cloud-based data ▪ Area 1 is a provider of a cloud-based service Messaging Security Strategic Activity
security platform designed to prevent all types that eliminates targeted and socially engineered
of advanced email attacks using predictive AI cyber attacks across all traffic vectors Financing Activity
▪ The Company’s solution detects, defends, and ▪ The Company’s solutions address email, web, 9 11 $223.6
$122.8
deters email attacks by leveraging data sets, or network attacks using cloud-based MTA,
data science, and cloud computing cloud APIs / connectors, recursive DNS service, 2018 2019 2018 2019
Founded: 2009 Founded: 2013 and automated integration across all network Number of Deals Total Amount Raised ($M)
▪ Its predictive AI understands identities,
HQ: Foster City, CA HQ: Redwood City, CA edge devices M&A Activity
behaviors, and trust relationships behind $289.0
emails to secure complete protection and ▪ Its performance-based solution uses 6
allow users to confidently trust everything in comprehensive and decisive actions to detect --
CEO: Patrick Peterson their inbox CEO: Oren Falkowitz and mediate attacks ahead of industry
2018 2019 2018 2019
benchmarks Number of Deals Total Disclosed Amount ($M)
▪ Ironscales is a developer of an automated Other Vendors

▪ Vade Secure develops email protection
phishing-mitigation platform
solutions designed to detect email threats and
▪ The Company’s platform combines human attacks while filtering harmful emails
intelligence and machine learning to
▪ The Company utilizes cloud and AI
automatically analyze, detect, and remove
technology to prevent spam, scams, phishing,
malicious emails and phishing attacks using
Founded: 2013 Founded: 2009 malware, ransomware, and targeted attacks
advanced malware and URL / link protection
while detecting pages and protecting
HQ: Tel Aviv, Israel in real-time HQ: Hem, France messages from cyberattacks in real-time
▪ It incorporates intelligence from other users’
Amt Raised: $25.0M Amt Raised: $90.3M ▪ It improves UX and user security by sorting
mailbox and communication habits to detect
and managing undesired & non-priority
CEO: Eyal Benishti email spoofing and impersonation attempts to CEO: Georges Lotigier emails along with AI driven email protection
offer business email compromise protection
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Company Websites, The Radicati Group: Secure Email Gateway Market..
Security Consulting & Services
Security Consulting Enables Firms To Maximize The Technical & Operational Efficiency Of Their Security Strategy.
▪ The massive growth of the broader Cybersecurity market that is on pace to exceed $150B in 2018 is leading to widespread demand for security consulting practices
▪ With a growing Cybersecurity talent gap that is expected to hit 1.8M by 2022, skilled security consultants are highly sought after
▪ The significant increase in security initiatives from the operational side (not traditional CISO/IT) for manufacturing, chemicals, pharmaceutical, defense, utilities, oil & gas, and transportation
industries, where the talent shortage is even more acute, continues to drive increased demand for security consulting services
▪ The security consulting service market grew from an estimated $17.4 billion in 2016 to $19.0 billion in 2017, representing a CAGR of 9.2%
▪ Nisos Group is a premier risk advisory and ▪ Revolutionary Security provides knowledge & Security Consulting Strategic Activity
research organization specializing in cyber expertise to enterprise clients to defend their IT
Financing Activity
and operational risk and OT/ICS environments from cyber attacks $233.6
10
▪ Offers overarching Active Defense services, ▪ The Company emphasizes improving internal 7
$48.1
including protection of network operations, defenses across the entire spectrum of people,
and informing and defending information process, and technology 2018 2019
Founded: 2015 Founded: 2016 2018 2019
operations Number of Deals Total Amount Raised ($M)
▪ The Company’s services focus on OT/ICS, SOC, M&A Activity
HQ: Alexandria, VA ▪ Nisos’ team members bring various HQ: Blue Bell, PA security program build, GRC, insider threat, $644.1
29 31
Amt Raised: $6.7M government expertise that is used to Amt Raised: $2.5M architecture, cloud security, security
$22.5
selectively choose clients that are facing the assessments, road maps, vulnerability
CEO: Justin Zeefe most pressing and relevant threats CEO: Rich Mahler management, security testing, and incident 2018 2019 2018 2019
response and remediation Number of Deals Total Disclosed Amount ($M)
▪ LEO Cyber Security is a consulting firm that ▪ A-LIGN specializes in helping businesses Other Vendors
leverages deep experience and operational across a variety of industries navigate the
knowledge to combat the cyber skills gap complexities of their specific audit and
security assessment needs
▪ The Company creatively architects and
executes customized Cybersecurity programs ▪ The Company's range of offerings includes
Founded: 2016 to improve security posture and protect Founded: 2009 security and compliance services in the form
intellectual property and business of assessments, audits, cyber risk advisory
HQ: Fort Worth, TX HQ: Tampa, FL and testing services for companies ranging
▪ LEO offers cybersecurity advisory services,
from small-medium sized businesses to large
Amt Raised: Undisclosed cyber regulatory compliance services, cyber Amt. Raised: $54.5M
enterprise, enabling organizations to address
risk management and assessment services
CEO: David Deering CEO: Scott Price third-party risks, security controls and
privacy concerns
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, Report Buyer, Company Websites, MarketsandMarkets, Gartner Report, Optiv E’ Is For Efficiency.
Fraud & Transaction Security
A Growing Number Of Transaction Mediums Is Increasing The Surface Area & Potential For Fraudulent Payments & Stolen Consumer Data.
▪ The Fraud Detection market is forecasted to grow from $19.5B in 2018 to $63.5B by 2023 (CAGR of 26.6%); the Payment Security market is expected to grow from $11.4B in 2017 to
$24.6B by 2022 (CAGR of 16.7%)
▪ The increased frequency of mobile and e-commerce transactions has complicated payment fraud prevention with additional threat vectors, yet merchants are still expected to protect
consumers with a high degree of security without drastically impacting customer experience
▪ New, sophisticated fraud techniques such as long-term sleeper frauds and synthetic identities have shifted the focus of payment providers towards prevention, detection, & remediation
▪ Emailage provides solutions to help ▪ Forter provides a Decision-as-a-Service (DaaS) Fraud & Transaction Security Strategic Activity
companies realize savings from identifying based online fraud prevention tool that helps
and stopping fraudulent transactions retailers detect and eliminate transaction risks Financing Activity
$981.5
21
▪ The Company builds multi-dimensional ▪ The Company’s DaaS platform is fully 16
$320.8
profiles and renders predictive risk scores to automated by blending machine learning and
assess risk using email address reputation, human insight to deliver precise fraud-related 2018 2019 2018 2019
Founded: 2012 behavior, and metadata Founded: 2013 decisions at every customer touchpoint Number of Deals Total Amount Raised ($M)
HQ: Chandler, AZ ▪ Its solutions leverage proprietary data, HQ: New York, NY ▪ Its platform uses a proprietary algorithm to M&A Activity
4 $225.1
machine learning, and key partnerships to gather data from interactions to drive 3
Amt Raised: $55.7M Amt Raised: $100.0M --
drive a more efficient and secure client decisions, build databases to separate
CEO: Rei Carvalho experience while reducing fraud CEO: Michael Reitblat fraudsters, and uncover connections between 2018 2019 2018 2019
accounts to understand customer behaviors Number of Deals Total Disclosed Amount ($M)
▪ Sift develops a machine-learning, fraud Other Vendors

▪ Uniken’s Cybersecurity technologies provide
detection software that helps businesses
safe connection through its authentication
detect and fight fraud
technology for financial institutions
▪ The Company’s payment protection platform
▪ Its REL-ID platform is deployed as a client-
proactively blocks fraudsters, streamlines
side SDK with a set of server components to
operations by reducing manual review, and
Founded: 2011 Founded: 2003 integrate with an organization’s security
separates good users from bad actors
infrastructure
HQ: San Francisco, CA ▪ Its platform emphasizes speed, accuracy, and HQ: Chatham, NJ
▪ Its platform allows for interaction with clients
scalability in real-time through diverse data
Amt Raised: $108.3M Amt Raised: $19.8M over any channel of their choosing, providing
with 16,000 unique fraud signals to help
bulletproof security, zero fraud, and full
CEO: Jason Tan prevent attacks before they occur CEO: Bimal Gandhi regulatory compliance
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Pitchbook, and Company Websites, Markets&Markets: Fraud Detection and Prevention Market, Payment Security Market,
Accenture: Securing Customer Trust, McKinsey&Company: Combating Payments Fraud. Return To Table Of Contents 194
Cloud Security | Infrastructure
Increased Cloud Migration Is Rapidly Expanding The Attack Surface, Creating A Need For Next-Gen Cloud Security.
▪ Total spending on IT infrastructure products for deployment in cloud environments is forecasted to reach $52.3B in 2018 (YoY growth of 10.9%)
▪ The rapid migration to the cloud is causing many security challenges for companies due to increased complexity and lack of visibility resulting from virtualized infrastructure and existing siloed
cloud security services
▪ The global cloud security market is expected to grow from $4.1B in 2017 to $12.7B by 2022E (CAGR of 25.5% ); growth will be driven primarily by increasing adoption of BYOD and IoT, rise
of cloud-based security solutions, increasing demand for high-performance cloud computing, and increasing government compliance initiatives
▪ Aporeto develops a Zero Trust cloud-native ▪ Cavirin delivers cyberposture intelligence for Cloud Infrastructure Strategic Activity
security software solution for microservices, the hybrid cloud by providing real-time risk &
container, and the cloud Cybersecurity posture management, Financing Activity
$179.6 $208.5
continuous compliance, while further 15
▪ The platform protects cloud applications from 10
integrating security into DevOps
attack by authenticating and authorizing all
communications with a cryptographically ▪ Additionally, it utilizes automated discovery,
Founded: 2015 Founded: 2012 2018 2019 2018 2019
signed identity assigned to every workload security posture assessment, predictive Number of Deals Total Amount Raised ($M)
HQ: San Jose, CA ▪ It enforces a distributed homogenous security HQ: Santa Clara, CA analytics, and intelligent remediation M&A Activity
guidance to deliver intelligence to the user $648.0
Acq. By policy per workload independent of network Amt Raised: $32.0M 5 5
$255.0
or infrastructure configuration, enabling ▪ It provides an agentless approach to discover,
CEO: Jason Schmitt uniform security orchestration across multi- CEO: Toru Kashima assess, and help remediate both cloud
2018 2019 2018 2019
cloud environments accounts and workloads Number of Deals Total Disclosed Amount ($M)
▪ Lacework is a provider of a zero-touch Other Vendors

▪ Cloud Conformity is a cloud security
security platform designed to redefine security
Company that provides a software platform to
for the cloud
help organizations monitor and secure their
AWS infrastructure, making it easier for ▪ The Company's platform automates every
IT/DevOps staff to handle cloud security aspect of security, including configuration
operations assessment, behavior monitoring, anomaly
and threat detection as well as incident
▪ The Company’s detective, corrective, and
HQ: Sydney, Australia HQ: Mountain View, CA investigation, and allows for continuous
preventative security controls make it a true
monitoring of all cloud components
Acq. By end-to-end cloud security solution and Amt Raised: $74.4M
governance platform ▪ It enables security teams to protect data and
CEO: Michael Watts CEO: Dan Hubbard workloads in the cloud, and maintain
continuous compliance
Source: MarketsandMarkets™: Cloud Security Market . IDC: Worldwide Quarterly Cloud IT Infrastructure Tracker. Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites.
Cloud Security | Container
Container Security Is Accelerating Container Adoption And Bridging The Gap Between DevOps And IT Security.
▪ Speed and agility in deployment and the ability to monitor applications once deployed is accelerating the adoption of containers in production environments. According to Docker over 3.5M
applications have been placed in containers using Docker technology and over 37 billion containerized applications have been downloaded
▪ Container security providers offer tools for organizations using Docker, Kubernetes, and other platforms and provide full lifecycle vulnerability management, application runtime defense,
workload isolation, policy enforcement, and regulatory compliance
▪ Container Security market expected to reach $2.7B by 2020, representing a 34% CAGR from 2017-202E
▪ Twistlock provides a cloud-based container ▪ Capsule8 provides a real-time, zero-day Container Security Strategic Activity
security platform created to maximize the attack detection platform, delivering
benefits of virtual containers in the continuous security across production Financing Activity
production environment environments – containerized, virtualized, 7 5
$153.5 $117.5
and bare metal
▪ Its platform uses Docker, Kubernetes, and
other cloud-native tools to offer precise, full- ▪ The platform utilizes distributed, expert- 2018 2019 2018 2019
Founded: 2015 lifecycle vulnerability management and Founded: 2016 driven analytics to detect attacks and deliver Number of Deals Total Amount Raised ($M)
application tailored runtime defense high value, high context alerts of real attacks M&A Activity
HQ: Portland, OR HQ: New York, NY 1 1 $410.0
▪ Twistlock allows organizations to consistently ▪ Capsule8’s API-first approach allows for
$16.0
Acq. By enforce their security policies, monitor and Amt Raised: $30.0M easy 3rd party integration with security tools
audit activity, and identify and isolate threats and systems and big data stores 2018 2019 2018 2019
CEO: Ben Bernstein CEO: John Viega
in a container Number of Deals Total Disclosed Amount ($M)
▪ Aqua Security develops scalable security ▪ StackRox is a developer of an adaptive Other Vendors
control for virtual containers in order to threat protection platform designed to
provide fully visibility and control over secure the contents in containers
containerized environments
▪ Its platform combines scalable security
▪ Its security control system offers full visibility architecture and machine learning to
into container activity, with automated full protect containers from emerging threats
Founded: 2015 stack security for all containers Founded: 2014 such as code injection, privilege escalation,
HQ: Ramat Gan, Israel HQ: Mountain View, CA and malicious lateral movement
▪ Aqua Security allows organizations to detect
Amt Raised: $100.3M and prevent suspicious activity and attacks, Amt Raised: $39.0M ▪ StackRox enables enterprises to detect and
providing transparent and automated security disrupt attacks, allowing for more resilient
CEO: Dror Davidoff from development to production – it bridges CEO: Kamal Shah container environments and for security
the gaps between DevOps and IT security teams to defend against risks
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, and Company Websites. Blue Hill Research: Developing Trends for DevOps & Application Containers Will Be A $2.7B Market By 2020. Virtualization & Cloud Review.
Cloud Security | Cloud Access Security Brokers (CASB)
Helps Organizations Govern The Use Of Cloud And Protect Sensitive Data In The Cloud.
▪ By 2020, 83% of enterprise workloads will be in the cloud, with 41% running on public cloud platforms such as AWS, Google Cloud, IBM Cloud and Microsoft Azure
▪ CASB solutions address cloud service risks, enforce security policies, and comply with regulations that are increasingly challenging given that cloud services are outside of their perimeter and
out of their direct control
▪ While CASB is only employed in <10% of large enterprises today, it is becoming an increasing priority and will be utilized by 60% of enterprises by 2020.
▪ The global cloud access security brokers market is projected to grow from $3.3B in 2015 to $7.5B by 2020 (CAGR of 17.6%)
▪ Bitglass provides a variety of different cloud ▪ Coronet provides cloud-based security CASB Strategic Activity
security services with an emphasis on software designed to monitor wireless
sensitive data discovery, classification and environments for threats Financing Activity
projection, and document management and $194.8
▪ Software detects and evades eavesdropping, 3 3
protection $98.5
interception and manipulation of Wi-Fi and
▪ The Company’s Zero-Day CASB Core cellular networks 2018 2019 2018 2019
Founded: 2013 solution enables enterprises to securely adopt Founded: 2014 Number of Deals Total Amount Raised ($M)
▪ The Company attacks CASB through a
any managed or unmanaged cloud M&A Activity
HQ: Campbell, CA HQ: Tel Aviv, Israel condensed platform including its access
application
control application, cloud control console, 1 1 $19.0
Amt Raised: $150.0M ▪ Next-Gen CASB automatically learns and Amt Raised: $20.0M and automatic detection and mitigation --
adapts to new cloud applications, malware schemes
CEO: Nat Kausik CEO: Guy Moskowitz 2018 2019 2018 2019
threats, behaviors and devices Number of Deals Total Disclosed Amount ($M)
▪ Netskope is built upon an emphasis in cloud ▪ CipherCloud enables companies to adopt the Other Vendors
application discovery and SaaS security cloud while ensuring data protection,
posture assessment compliance, and control
▪ The Company’s DLP engine is one of the few ▪ CipherCloud delivers a comprehensive multi-
CASB’s that runs its own distributed network cloud security platform that integrates
fabric advanced data protection, adaptive policy
Founded: 2012 Founded: 2010 controls, monitoring, cloud risk analysis
▪ Netskope has further expanded its threat
HQ: Santa Clara, CA protection features by adding in-line proxy HQ: San Jose, CA ▪ The Company has capabilities to cover a
and API-based inspection of content for broader range of structured and unstructured
Amt Raised: $404.3M malware Amt Raised: $81.4M data with SaaS applications
CEO: Sanjay Beri CEO: Pravin Kothari
Source: Momentum Cyber Proprietary M&A & Financing Transaction Database, Report Buyer, Company Websites, Gartner CASB, Gartner Cloud Services, MarketsandMarkets,
and Logic Monitor Cloud Vision 2020. Return To Table Of Contents 197
VI. Transaction
Profiles
VIII.
Recent Momentum
Transactions
Sumo Logic Acquires JASK
Momentum Cyber Served As Exclusive Financial & Strategic Advisor To JASK.
Transaction Overview Notable Strategic Activity

▪ On November 4th, 2019, Sumo Logic, Inc. (“Sumo Logic”) announced the acquisition of JASK Labs, Inc. (“JASK”) $110M Series G
▪ “Security in the modern world is moving from a human-scale problem to a machine-scale problem. Customers Date: 05/08/19
are looking for a new approach to help them overcome the pain and complexity around an increasingly
perimeter-less world. The JASK team are experts in helping customers navigate this new world. By aligning our HQ: Redwood City, CA
efforts as a single team, we are able to democratize security intelligence for all.” – Ramin Sayar, President & Chief
Founded: 2010
Executive Officer, SumoLogic
has been acquired by ▪ “The team at JASK set out to fundamentally disrupt traditional security solutions that are no longer meeting the Investors:
needs of modern security teams. Over the past five years, we’ve worked with customers and experts on the front
lines of this disruption to uncover what will truly have an impact on improving the performance of security
$75M Series E
analysts that have been mired with alert fatigue. We’re excited to bring together our collective security DNA and Date: 05/07/19
joint customers and partners to create a powerful security intelligence solution that provides a cloud-native best-
in-class modern SOC and analytics solution.” – Greg Martin, Chief Executive Officer, JASK HQ: San Mateo, CA
Founded: 2013
Transaction Significance
Investors:
▪ The acquisition of JASK brings together Sumo Logic’s industry leading Continuous Intelligence Platform,
Momentum Cyber served as exclusive including its pioneering Cloud SIEM and Security Compliance Solutions, with JASK’s ASOC offering to deliver acquires
financial & strategic advisor to JASK a leading Cloud-Native security intelligence solution built for today’s digital businesses that leverage modern
Date: 07/10/18
applications, architectures, and multi-cloud infrastructures
▪ As part of Sumo Logic’s Continuous Intelligence Platform, the company will expand its security intelligence HQ: San Mateo, CA
portfolio with the launch of the Sumo Logic ASOC solution, as well as a Spec Ops offering for threat hunting Founded: 2007
▪ The acquisition broadens Sumo Logic’s portfolio as well as a rich joint ecosystem of customers and partners
EV: $600M
including MSPs, MDRs and VARs, while accelerating the companies’ mutual strategy to deliver the automation
needed to reduce the noise for security teams and help them modernize the SOC acquires
Momentum Cyber’s Role Date: 05/31/18
HQ: Boulder, CO
▪ Momentum Cyber acted as exclusive Financial & Strategic Advisor to JASK
November 4th, 2019
▪ This transaction demonstrates Momentum Cyber’s continued success in advising innovative, next-generation Founded: 2003
Cybersecurity companies and further establishes the firm’s leadership position as the ‘go to’ advisor EV: $525M
exclusively focused on Cybersecurity

Featured Announcement | +
Momentum Cyber To Support NTT’s Global Cybersecurity Strategy And Growth Initiatives Through Acquisitions, Partnerships, & Strategic Investments.
Strategic Partnership Overview Notable NTT Ltd. Strategic Activity(1)

▪ On August 1st, 2019, NTT Security announced its strategic partnership with Momentum Cyber Acquisition of
▪ Momentum Cyber will serve as a strategic advisor to NTT Security to support NTT Security’s global
Date: 03/05/2019
Cybersecurity growth strategy in its mission to deliver total resilient business solutions for its clients’
digital transformation needs HQ: San Jose, CA
Founded: 2000
▪ The partnership will enable NTT Security to expand and enhance its portfolio to accommodate new
and evolving trends, leading its clients to benefit from the right mix of Managed Security Services, EV: $315M
has formed a
Security Consulting Services, and security technology, now and in the future
strategic partnership with Acquisition of
“We are thrilled to welcome Momentum Cyber as a partner of NTT Security and form this strategic Date: 07/15/2010
relationship between our two companies. By combining our global capabilities with Momentum Cyber’s
HQ: Johannesburg, South Africa
unrivalled M&A knowledge and experience advising both emerging and large companies, we are well
positioned to complement our current solutions with additional capabilities. Together, we will extend Founded: 1983
the NTT brand globally and further NTT as a global leader in a dynamic and high-growth industry.” – EV: $2.6B
Matt Gyde, CEO, NTT Security
$90M Series D
“Speaking for the entire firm, we are honored to be working with NTT Security and embrace this Date: 12/05/2018
opportunity to further its mission and extend its global reach. We look forward to supporting the HQ: Atlanta, GA
Momentum Cyber to serve as strategic specialized security division of NTT as a trusted advisor through its next chapter of growth – bringing to
Founded: 2011
advisor to support NTT’s global bear our firm’s extensive capabilities and vast network to help NTT Security achieve its strategic
objectives.” – Eric McAlpine & Michael Tedesco, Managing Partners, Momentum Cyber Investors:
Cybersecurity growth strategy
$25M Series B
Momentum Cyber Strategic Advisory Focus
Date: 12/11/2017
HQ: San Jose, CA

August 1st, 2019
Founded: 2015
Acquisitions Partnerships Strategic Investments Investors:
Source: Company Website & Press Releases, 451 Research, PitchBook.

(1) NTT Ltd. is a leading global technology services company bringing together 28 brands including NTT Communications, Dimension Data, and NTT Security. Return To Table Of Contents 201
Micro Focus Acquires Interset
Momentum Cyber Served As Exclusive Financial Advisor To Interset.

▪ On February 15 th, 2019, Micro Focus acquired Interset Software, Inc. (“Interset”)
acquires
▪ “Security is at the heart of every organization, and perhaps never more so than as they implement their digital transformation
initiatives and leverage emerging technologies to better predict and take action on credible threats. Micro Focus recognized Date: 10/23/18
that an even more advanced analytics ecosystem was needed to assist in this journey, and we identified Interset as a critical
addition to our strategy.” – John Delk, Senior Vice President & General Manager of Security, Risk & Governance, Micro Focus
HQ: Seattle, WA
▪ “The combination of the Interset technology with Micro Focus’ broad security portfolio is a powerful combination that will Founded: 2012
has been acquired by produce a level of protection that will be unmatched in the market. Our ‘Data In, Intelligence Out’ methodology will deliver
an even-more complete set of benefits for our combined customers – allowing them to leverage near real-time information to $50M Series D
address both immediate- and long-term threats.” – Mark Smialowicz, Chief Executive Officer, Interset
Date: 08/14/18
Transaction Significance HQ: San Mateo, CA
▪ Interset’s predictive analytics technology adds depth to Micro Focus’ Security, Risk & Governance portfolio, and aligns with the Founded: 2013
Company’s strategy to help customers quickly and accurately validate and assess risk as they digitally transform their businesses
Investors:
▪ The Company’s technology will accelerate Micro Focus’ delivery of a more-robust UEBA offering, and help drive deeper data
insights across security and operations that are necessary to execute on the Company’s SecOps Analytics vision
acquires
Momentum Cyber served as exclusive ▪ Interset will supplement Micro Focus’ Big Data analytics software, Vertica, and add additional value to Micro Focus ArcSight –
the world’s leading real-time correlation engine – to deliver a highly differentiated Cybersecurity solution Date: 08/28/17
financial advisor to Interset
▪ Key Attributes of the Interset technology includes: HQ: Baltimore, MD
- Extensible Analytics: The technology eliminates the need for expensive product consultations and customization
Founded: 2011
- Principled Math: Utilizes a growing library of 350+ proven machine-learning and advanced-analytics models, applying them
to both events and entities, to yield a highly accurate means of detecting, connecting, and quantifying high-risk behaviors EV: $60M
- Scalable Big Data: The flexible, open platform combines an advanced-analytics engine with open-source, big-data
acquires
technology and can be deployed in the Vertica, Hortonworks or Cloudera infrastructures, scaling to meet the needs of the
largest, most-sophisticated environments
Date: 02/28/17
Transaction Significance HQ: Israel
February 15th, 2019 ▪ Momentum Cyber acted as exclusive Financial Advisor to Interset
Founded: 2011
▪ This transaction demonstrates Momentum Cyber’s continued success in advising innovative, next-generation Cybersecurity
companies and further establishes the firm’s leadership position as the ‘go to’ advisor exclusively focused on Cybersecurity EV: $105M

SAM Seamless Network Raises Strategic Investment
Momentum Cyber Advised ADT & NightDragon On The Investment & Will Maintain An Ongoing Advisory Role To SAM.
Transaction Overview Notable IoT Strategic Activity

▪ On November 14th, 2018, SAM Seamless Network (“SAM”) announced a $12M Series A financing round led by Series B
Intel Capital (“Intel”) with participation from NightDragon Security (“NightDragon”), The ADT Corporation (“ADT”),
& Blumberg Capital. Dave DeWalt has also been named Chairman of the Board
Date: 05/15/18
▪ “Now more than ever before, home security goes beyond the physical premise. The secure home of the future must
include Cybersecurity. We’re invested in working with new technology providers to continue to meet the needs of HQ: El Segundo, CA
have made a strategic investment in today’s customer, and SAM’s technology provides advanced enterprise-grade security capabilities that help keep
homes and their devices secure.” - Jay Darfler, Senior Vice President, Emerging Markets, ADT Founded: 2015
▪ “As the world continues to be more connected, every home, small business, place to congregate and mode of
transportation becomes a target for attack. SAM is solving this problem with next-generation, enterprise grade Investors:
security for WiFi routers. Their technology is making cyber attack prevention both simpler, stronger, and more
comprehensive than ever before.” – Dave DeWalt, Founder, NightDragon Security $3M Seed
▪ “We were impressed with SAM’s technology and level of security for the home network, which is a critical part of
building out the future of 5G. Unlike existing solutions, which necessitate buying a new gateway or replacing it with Date: 04/30/18
a secure gateway, SAM’s solution provides end-users security, without them needing to do anything. And for
Momentum Cyber advised ADT and
telecommunications companies and ISPs, its AI and machine learning capabilities monitor behavior on the network HQ: Manchester, NH
NightDragon on the investment and will
to detect unusual activity and prevent attacks.” - Dave Flanagan, VP, Intel Corp. & Group Managing Director, Intel
maintain an ongoing advisory role to SAM Capital Founded: 2017
and its investors as it deploys the capital
Strategic Rationale
Investors:
▪ SAM plans to utilize this new influx of capital to expand its machine learning research and to continue its growth in the
US and European markets to meet its customers’ increasing security needs acquires
▪ Intel is leveraging SAM to further enrich its security offerings, while ADT continues to explore the possibilities of
utilizing SAM’s seamless security to enhance its Digital Security offerings for residential customers across North America Date: 01/16/18
Momentum Cyber’s Role HQ: Tel Aviv, Israel

November 14th, 2018
▪ Momentum Cyber advised ADT and NightDragon on the investment and will maintain an ongoing advisory role to
SAM and its investors as it deploys the capital Founded: 2017

ADT Acquires Secure Designs Inc.
Momentum Cyber Acted As ADT’s Exclusive Strategic Cybersecurity Advisor.
Transaction Overview Notable MSSP Strategic Activity
▪ On August 2nd, 2018, The ADT Corporation (“ADT”) announced it has acquired Secure Designs Inc. acquires
(“SDI”)
▪ “ADT and SDI are the perfect match; two companies dedicated to providing business owners with Date: 11/14/2017
peace-of-mind knowing their greatest investment is monitored and more secure. Cybercrime is a real
threat to the livelihood of small businesses across the country. It is imperative that we provide our HQ: Scottsdale, AZ
customers with a complete suite of solutions to help ensure every point of entry, whether physical or
has acquired digital, is protected.” - Michael Keen, Vice President, ADT Cybersecurity
Founded: 2009
▪ “Together with ADT, we’ll now be able to extend our reach to give new and existing small business
customers the network security that is needed to operate in today’s world.” - Larry Cecchini, SDI
Owner & now Vice President / General Manager, ADT Cybersecurity Small Business acquires
Transaction Significance Date: 10/20/2017
▪ With SDI’s resources and technology, ADT will now be able to provide real-time insights to Internet HQ: Cincinnati, OH
risks and behaviors, coupled with bundled solutions to improve small business performance. Best of
Momentum Cyber acted as ADT’s all, solutions are customizable to suit the needs of a historically underserved customer segment
strategic Cybersecurity advisor Founded: 2015
▪ ADT Cybersecurity services for small business will now include customization, installation,
monitoring, and management of enterprise-grade firewalls. This multi-layered security approach
provides active perimeter defense, vulnerability scanning and secure remote access to help eliminate acquires
data loss
Date: 08/21/2017
Momentum Cyber’s Role
HQ: Cambridge, Ontario
▪ Momentum Cyber acted as ADT’s exclusive strategic Cybersecurity advisor
▪ This transaction demonstrates Momentum Cyber's continued success in advising innovative, next- Founded: 2011
August 2nd, 2018 generation Cybersecurity companies and further establishes the firm's leadership position as the ‘go
to’ advisor exclusively focused on Cybersecurity EV ~$150M

Gigamon Acquires ICEBRG
Momentum Cyber Acted As Exclusive Financial Advisor To ICEBRG.

▪ On July 23rd, 2018, Gigamon, Inc. (“Gigamon”) acquired ICEBRG, Inc. (“ICEBRG”) acquires
▪ “The market is primed for a new approach to enterprise security that reduces risk, lowers cost, and increases
leverage for SOC teams. Building on our success supporting Mobile Service Providers with a visibility solution, we Date: 05/31/18
see a similar opportunity to disrupt the security market with the addition of ICEBRG to the Gigamon Platform. This HQ: Boulder, CO
combination provides a compelling new way to enable Security Operations professionals to regain the upper-hand.”
Founded: 2003
– Paul Hooper, Chief Executive Officer, Gigamon
has been acquired by $78M Series B
▪ “The combination of the high-quality network data from the GigaSECURE® Security Delivery Platform and the
ICEBRG cloud-based platform will power the next generation of security capabilities. Together, our expertise in
Date: 05/03/18
networking and security will help SOC teams focus on defending against the most severe threats in their
environments.” – William Peteroy, Chief Executive Officer, ICEBRG HQ: Fulton, MD
Transaction Significance Founded: 2014

Investors:
▪ Represents Gigamon’s first acquisition since inception and marks the start of a new M&A strategy, which includes
moving deeper into security
$36M Series D
▪ The combination of network traffic visibility from Gigamon’s platform and the next-generation approach that
Momentum Cyber acted as exclusive ICEBRG employs for the detection and triage of threats, will allow enterprises to reduce risk and keep pace with the Date: 02/21/18
financial advisor to ICEBRG rapidly evolving threat landscape
HQ: San Jose, CA
▪ “The acquisition of ICEBRG brings Gigamon the cloud-based data management capability essential for delivering 2010
Founded:
advanced network security as a service. The Gigamon-ICEBRG combination offers security teams a better way to
prioritize and respond to the most urgent threats, potentially changing how we view security in the SOC of the Investors:
future.“ – Eric Ogden, Senior Research Analyst, 451 Research
$75M Series D
Momentum Cyber’s Role
Date: 07/11/17
▪ Momentum Cyber acted as exclusive Financial Advisor to ICEBRG
HQ: Cambridge, United Kingdom
July 23rd, 2018 ▪ This transaction demonstrates Momentum Cyber's continued success in advising innovative, next-generation
Founded: 2013
Cybersecurity companies and further establishes the firm's leadership position as the ‘go to’ advisor exclusively
focused on Cybersecurity Investors:

Fortinet Acquires Bradford Networks
Momentum Cyber Acted As Exclusive Financial Advisor To Bradford Networks.
Transaction Overview Notable Network / IoT Activity

▪ On June 4th, 2018, Fortinet, Inc. (“Fortinet”) announced it acquired Bradford Networks Inc. (“Bradford Networks”)
IPO
▪ “… The integration of Bradford Networks’ technology with Fortinet’s security fabric enables large enterprises with the
continuous visibility, micro-segmentation and access control technology they need to contain threats and block IPO Date: October 27, 2017
untrusted devices from accessing the network.” – Ken Xie, Founder & CEO, Fortinet
▪ “Bradford Networks’ technology is already integrated with Fortinet’s Security Fabric including FortiGate, FortiSIEM, Amount Raised ($M): $116.2
FortiSwitch and FortiAP products to minimize the risk and impact of cyber threats in even the toughest security
has been acquired by Current Stock Price: $37.92
environments such as critical infrastructure - power, oil and gas and manufacturing.” – Rob Scott, CEO, Bradford
Networks
Stock Performance
72.4%
Since IPO%:
Market Cap ($M): $1,752.3
▪ Bradford Networks will further enhance the Fortinet Security Fabric by converging access control and IoT security
solutions to provide large enterprise with broader visibility and security for their complex networks including:
Enterprise Value ($M): $1,689.9
- Complete, continuous, agentless visibility of endpoints, users, trusted and untrusted devices and applications
accessing the network including IoT and headless devices
Momentum Cyber acted as exclusive EV / 2019E Revenue: 4.6x
financial advisor to Bradford Networks - Enhanced IoT security through device micro segmentation, dynamic classification of headless devices by type,
profile, as well as automatic policy assignment to enable granular isolation of unsecure devices
: $30M Series B
- Accurate event triage and threat containment in seconds through automated workflow integrations that prevent
lateral movement Date: April 9, 2018
- Easy, cost-effective deployment due to highly scalable architecture that eliminates deployment at every location
of a multi-site installation HQ: Palo Alto, California
Momentum Cyber’s Role Founded: 2015
▪ Momentum Cyber acted as exclusive Financial Advisor to Bradford Networks

CEO: Yevgeny Dibrov
June 4th, 2018 ▪ This transaction demonstrates Momentum Cyber's continued success in advising innovative, next-generation
Cybersecurity companies and further establishes the firm's leadership position as the ‘go to’ advisor exclusively Investors:
focused on Cybersecurity
Note: Market Data as of September 30th, 2019.

Proofpoint Acquires Weblife
Momentum Cyber Acted As Exclusive Financial Advisor To Weblife.
Transaction Overview Other Notable Web Isolation Transactions

▪ On November 29, 2017, Proofpoint, Inc (“Proofpoint”) announced it acquired Weblife Balance Inc. Date: 07/06/17
(“Weblife”) for a total consideration of $60M, representing a 17.1x multiple of invested capital
▪ “In an era of constant connectivity and eroding boundaries between a professional and personal digital life, HQ: Tel Aviv, Israel
it is critical to have email protection that is both broad and deep. The acquisition of Weblife gives us greater acquired
ability to help protect our customers from today’s rapidly evolving cyberattacks, as cybercriminals look for Founded: 2014
has been acquired by
new ways to abuse email channels. We are thrilled to welcome Weblife’s employees to the Proofpoint
team.” – Gary Steele, CEO, Proofpoint CEO: Guy Guzner
▪ “Organizations are having to confront the reality that employees will check their personal webmail from
$225 Million
the corporate network, and will also use their corporate devices to check their webmail at home after work,
on the road, and everywhere in between. By combining Proofpoint’s advanced threat detection capabilities
with our unique browser isolation solution, enterprises can now secure both corporate and personal email Date: 05/09/16
from advanced threats and compliance risks.” – David Melnick, CEO, Weblife
for total consideration of HQ: Los Gatos California
Transaction Significance acquired
$60M ▪ By combining Weblife’s web-isolation technology with Proofpoint’s industry leading threat detection and
Founded: 2012
intelligence, companies can now secure both corporate and personal email from advanced threats and
CEO: Branden Spikes
Momentum Cyber acted as exclusive compliance risks
financial advisor to Weblife - Unique combination of web-isolation and advanced threat detection delivers comprehensive Undisclosed
protection from both malware and credential stealing phishing links
▪ The integrated solution will become part of Proofpoint’s Targeted Attack Protection advanced threat Other Primary Competitors
solution suite, and will be available in the first half of 2018
Company Headquarters Amount Raised
Momentum’s Role Mountain View,
$14.2M
California
▪ Momentum Cyber acted as exclusive Financial Advisor to Weblife
Baltimore,
November 29th, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next-generation Maryland
Undisclosed
Cybersecurity companies and further establishes the firm's leadership position as the ‘go to’ advisor
Menlo Park,
exclusively focused on Cybersecurity $160.0M
California

ADT Acquires DATASHIELD
Momentum Cyber Acted As Exclusive Financial Advisor To DATASHIELD & Strategic Cybersecurity Advisor To ADT.
Transaction Overview Other Notable MSSP Transactions

▪ On November 14, 2017, The ADT Corporation (“ADT”) announced it has acquired
Date: 10/20/17
DATASHIELD, LLC (“DATASHIELD”)
▪ DATASHIELD was founded in 2009 and is the premier Managed Detection & Response (MDR) HQ: Cincinnati, Ohio
provider offering the next-generation of managed security services for Mid-Market and Enterprise acquired
businesses
Founded: 2015
- DATASHIELD is the only MDR Provider to provide full packet capture and inspection
beyond headers and metadata behind the firewall CEO: Brian Minick
has acquired - DATASHIELD’s SHIELDVision™ is a unified platform for organizing, managing and
collecting cyber intelligence in real-time as well as automating security analyst workflows to Undisclosed
close the gap between cyberattack and breach detection time and remediation for
customers Date: 08/21/17
Transaction Significance HQ: Cambridge, Ontario

acquired a majority stake in
▪ ADT launches “ADT Cybersecurity” with the newly combined entity utilizing DATASHIELD’s
cutting-edge SHIELDVision™platform and deep security industry expertise to create an Founded: 2011
Momentum Cyber acted as exclusive financial unmatched real-time Cyber detection and response solution
advisor to DATASHIELD & is serving CEO: J.Paul Haynes
as ADT’s strategic Cybersecurity advisor ▪ MDR is a Top 10 Cybersecurity technology for 2017 according to Gartner
▪ Data breaches are on the rise and increasingly more damaging to companies and individuals – ~$150 Million
MDR reduces time to detection from months to minutes
Date: 04/28/17
Momentum’s Role
▪ Momentum Cyber acted as exclusive Financial Advisor to DATASHIELD and is serving as ADT’s HQ: Zurich, Switzerland
Strategic Cybersecurity Advisor has acquired
▪ Momentum Cyber identified MDR as a strategic category to leverage ADT’s security footprint Founded: 1990
and sourced DATASHIELD as a proprietary target
November 14th, 2017 ▪ This transaction demonstrates Momentum's continued success in advising innovative, next- CEO: Martin Bosshardt
generation Cybersecurity companies and further establishes the firm's leadership position as the
‘go to’ advisor exclusively focused on Cybersecurity Undisclosed
* Transaction Values were not disclosed at the time of announcement.

Juniper Networks Acquires Cyphort
Momentum Cyber Acted As Exclusive Financial Advisor To Cyphort.
Transaction Overview Recent Cybersecurity AI-Driven & Analytics M&A

▪ On August 31, 2017, Cyphort, Inc. (“Cyphort”) announced it had entered into a definitive Date Target Acquirer TV ($M)
agreement to be acquired by Juniper Networks (“Juniper”)
▪ The acquisition is subject to customary closing conditions and expected to close by the end of
September 08/31/17 NA*
▪ Headquartered in Santa Clara, CA, Cyphort was founded in 2011 and provides a Security
Analytics and Mitigation Platform for Advanced Threat Defense
has been acquired by
- Cyphort is the only comprehensive Advanced Threat Protection platform, for on-prem and
cloud across Web, Email, Lateral Spread, File & CASB upload
08/28/17 $60M
- Cyphort’s machine learning and behavioral analytics target the SIEM “gap” by combining
detection and analytics on raw data and ingested 3rd party sources
- Investors included Sapphire Ventures, Foundation Capital, Matrix Partners, Trinity
Ventures, Zouk Capital and Dell Technologies Capital
06/08/17 $100M
Momentum Cyber acted as exclusive ▪ Acquisition strengthens Juniper’s leadership position in the next-gen firewall market and is a
financial advisor to Cyphort critical addition to Juniper’s Software-Defined Secure Network vision
02/28/17 $105M
▪ Cyphort will integrate into Juniper’s Sky ATP platform to provide customers with improved
performance, an increased range of supported file types and additional threat detection
capabilities
▪ Cyphort marks Juniper’s return to Cybersecurity M&A after an over 4 year absence
02/08/17 $120M
Momentum’s Role
▪ Momentum Cyber served as exclusive Financial Advisor to Cyphort
▪ This transaction demonstrates Momentum's continued success in advising innovative, next-
August 31st, 2017 generation Cybersecurity companies and further establishes the firm's leadership position as the 02/01/17 $40M
‘go to’ advisor exclusively focused on Cybersecurity
* Transaction Values were not disclosed at the time of announcement. Return To Table Of Contents 209
2019
Cybersecurity IPOs
12,500,000 Shares 35,000,000 Shares 20,700,000 Shares 7,700,000 Shares
Common Stock Common Stock Common Stock Common Stock
$15.00 Per Share $15.00 Per Share $34.00 Per Share $14.00 Per Share
$187,500,000 $525,000,000 $703,800,000 $107,800,000
September 19th, 2019 September 13th, 2019 June 11th, 2019 April 10th, 2019
2019 Cybersecurity
M&A Transaction
Profiles
acquires acquires acquires acquires acquires acquires acquires acquires acquires
Dec. ’19 | NA Dec. ’19 | NA Dec. ’19 | $1M Dec. ’19 | $1.0B Dec. ’19 | NA Dec. ’19 | NA Dec. ’19 | NA Dec. ’19 | $28M Dec. ’19 | NA
(Cybersecurity Operations)
Dec. ’19 | $6M Dec. ’19 | NA Dec. ’19 | NA Dec. ’19 | NA Dec. ’19 | $78M Dec. ’19 | $40M Nov. ’19 | $150M Nov. ’19 | NA Nov. ’19 | NA
Nov. ’19 | $128M Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | $21M Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | $8M Nov. ’19 | NA Nov. ’19 | $1.4B
Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | NA Nov. ’19 | $225M Nov. ’19 | $11M Nov. ’19 | NA Oct. ’19 | NA
Oct. ’19 | $20M Oct. ’19 | $70M Oct. ’19 | $17M Oct. ’19 | $21M Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA
Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | $3.9B Oct. ’19 | NA
acquires acquires acquires acquires acquires acquires acquires
Oct. ’19 | $15M Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Oct. ’19 | NA Q4 2019
acquires acquires acquires acquires acquires acquires acquires acquires
Technology Assets
Sep. ’19 | NA Sep. ’19 | $45M Sep. ’19 | NA Sep. ’19 | NA Sep. ’19 | NA Sep. ’19 | NA Sep. ’19 | NA Sep. ’19 | NA
Sep. ’19 | NA Sep. ’19 | $75M Sep. ’19 | NA Sep. ’19 | NA Aug. ’19 | $2,100M Aug. ’19 | NA Aug. ’19 | NA Aug. ’19 | NA
Bot Mitigation Assets Enterprise Assets

Aug. ’19 | NA Aug. ’19 | NA Aug. ’19 | NA Aug. ’19 | NA Aug. ’19 | NA Aug. ’19 | $10,700M Aug. ’19 | NA Aug. ’19 | $100M
Security Business (MBO)

Aug. ’19 | NA Aug. ’19 | $83M Aug. ’19 | NA Aug. ’19 | NA Jul ’19 | NA Jul ’19 | NA Jul ’19 | NA Jul ’19 | NA
Braes Capital /
acquires acquires acquires acquires acquires acquires acquires
(Highwinds Capital & Cloak
Q3 2019
Holdings Assets)
Jul ’19 | NA Jul ’19 | $1M Jul ’19 | NA Jul ’19 | NA Jul ’19 | NA Jul ’19 | NA Jul ’19 | NA
Jun. ’19 | NA Jun. ’19 | $5M Jun. ’19 | NA Jun. ’19 | NA Jun. ’19 | NA Jun. ’19 | NA Jun. ’19 | $234M Jun. ’19 | $13M
Jun. ’19 | $100M Jun. ’19 | NA Jun. ’19 | NA May ’19 | NA May ’19 | NA May ’19 | NA May ’19 | $780M May ’19 | $47M
May ’19 | $410M May ’19 | NA May ’19 | NA May ’19 | $250M May ’19 | NA May ’19 | NA May ’19 | NA May ’19 | NA
(Advisory Business)
May ’19 | NA May ’19 | NA May ’19 | $14M May ’19 | $577M May ’19 | NA May ’19 | $120M Apr. ’19 | NA Apr. ’19 | NA
(Online Security Business)

Apr. ’19 | NA Apr. ’19 | $815M Apr. ’19 | NA Apr. ’19 | NA Apr. ’19 | NA Apr. ’19 | NA Apr. ’19 | NA Apr. ’19 | $100M
acquires acquires
Apr. ’19 | NA Apr. ’19 | $15M Q2 2019

Mar. ’19 | $9M Mar. ’19 | NA Mar. ’19 | $20M Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | NA
Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | NA Mar. ’19 | $315M Mar. ’19 | $30M Mar. ’19 | $35M Mar. ’19 | NA
Feb. ’19 | NA Feb. ’19 | NA Feb. ’19 | NA Feb. ’19 | $560M Feb. ’19 | $89.7M Feb. ’19 | NA Feb. ’19 | NA Feb. ’19 | $170M
( Assets)
Feb. ’19 | NA Feb. ’19 | $300M Feb. ’19 | $619M Feb. ’19 | NA Feb. ’19 | NA Feb. ’19 | NA Feb. ’19 | $100M Feb. ’19 | $157M
Jan. ’19 | $108M Jan. ’19 | NA Jan. ’19 | NA Jan. ’19 | $77M Jan. ’19 | $480M Jan. ’19 | NA Jan. ’19 | NA Jan. ’19 | $275M
acquires acquires acquires acquires acquires
Jan. ’19 | NA Jan. ’19 | $15M Jan. ’19 | $125M Jan. ’19 | < $100k Jan. ’19 | NA Q1 2019
2019 Financing
Transaction Profiles
Mo An
Technology
Angel Angel Convertible Debt Series A Early Stage VC Series B Series B Seed Later Stage VC Private Equity Series A Series A
Dec. ‘19 | $1M Dec. ’19 | $1M Dec. ‘19 | $10M Dec. ‘19 | $5M Dec. ‘19 | Undiscl. Dec. ‘19 | $25M Dec. ‘19 | $11M Dec. ‘19| $5M Dec. ‘19 | $3M Dec. ‘19 | $3M Dec. ‘19 | $28M Dec. ‘19 | $15M
Series B Later Stage VC Series B Early Stage VC Seed Series D Seed Series A Series A Later Stage VC Seed Series A
Dec. ’19 | $28M Dec. ‘19 | $9M Dec. ‘19 | $48M Dec. ’19 | $6M Dec. ‘19 | $8M Dec. ‘19 | $40M Dec. ‘19 | $4M Dec. ‘19 | $13M Dec. ‘19 | $6M Dec. ‘19 | $9M Dec. ‘19 | $1M Dec. ‘19 | $12M
7-CAI
Series A Later Stage VC Seed Series A Series A Series A Series A Series A Private Equity Later Stage VC Seed Series A
Dec. ‘19 | $15M Dec. ‘19 | $7M Dec. ‘19 | $5M Nov. ‘19 | $23M Nov. ‘19 | $10M Nov. ‘19 | $7M Nov. ‘19 | $15M Nov. ‘19 | Undiscl. Nov. ‘19 | Undiscl Nov. ‘19 | $23M Nov. ‘19 | $2M Nov. ‘19 | $17M
Series B Series B Series D Series A Series A Later Stage VC Seed Series A Series A Later Stage VC Series A2 Angel
Nov. ‘19 | $16M Nov. ‘19 | $35M Nov. ‘19 | $30M Nov. ‘19 | $24M Nov. ‘19 | $18M Nov. ‘19 | $1M Nov. ‘19 | $2M Nov. ‘19 | $200M Nov. ‘19 | $10M Nov.‘19 | $8M Nov. ‘19 | $6M Nov. ‘19 | $1M
Private Equity Series B Later Stage VC Series A Series B Early StageVC Series A Series B Early Stage VC Later Stage VC Angel Series E
Nov. ‘19 | $64M Nov. ‘19 | $15M Nov. ‘19 | $8M Nov. ‘19 | $14M Nov. ‘19 | $10M Nov. ‘19 | $16M Nov. ‘19 | $7M Nov. ‘19 | $40M Nov. ‘19 | Undicl. Nov. ‘19 | $2M Nov. ‘19 | $1M Nov. ‘19 | $165M
Series A Series B1 Later Stage VC Venture Series C Private Equity Seed Series A Series B Series A Early Stage VC Series B
Nov. ‘19 | $10M Nov. ‘19 | $3M Nov. ‘19 | $12M Nov. ‘19 | <$1M Oct. ‘19 | $40M Oct. ‘19 | $40M Oct. ‘19 | $5M Oct. ‘19 | $7M Oct. ‘19 | $35M Oct. ‘19 | $10M Oct. ‘19 | Undiscl. Oct. ‘19 | $30M
Series E Series C Seed Later Stage VC Seed Seed Angel Convertible Debt Private Equity Series A Angel Early Stage VC
Oct. ‘19 | $20M Oct. ‘19 | $50M Oct. ‘19 | $1M Oct. ‘19 | $34M Oct. ‘19 | $3M Oct. ‘19 | $1M Oct. ‘19 | <$1M Oct. ‘19 | $2M Oct. ‘19 | Undiscl. Oct. ‘19 | $16M Oct. ‘19 | $3M Oct. ‘19 | Undiscl.
Series C
Oct. ‘19 | $100M
Series A
Oct. ‘19 | $2M
Series A
Oct. ‘19 | $1M
Seed
Oct. ‘19 | $5M
Seed
Oct. ‘19 | $1M
Angel
Oct. ‘19 | <$1M Q4 2019
Series D Angel Series A Angel Later Stage VC Early Stage VC Private Equity Early Stage VC Later Stage VC Seed Convertible Debt
Sep. ‘19 | $48M Sep. ‘19 | <$1M Sep. ‘19 | $6M Sep. ‘19 | <$1M Sep. ‘19 | $219M Sep. ‘19 | $8M Sep. ‘19 | $395M Sep. ‘19 | $37M Sep. ‘19 | $5M Sep ‘19 | $4M Sep. ‘19 | $6M
Seed Grant Seed Seed Seed Seed Seed Angel Accelerator Later Stage VC Series A
Sep. ‘19 | $3M Sep. ‘19 | $2M Sep. ‘19 | $3M Sep. ‘19 | $4M Sep. ‘19 | $8M Sep. ‘19 | $3M Sep. ‘19 | $5M Sep. ‘19 | $1M Sep. ‘19 | <$1M Sep. ‘19 | $6M Sep. ‘19 | $9M
Seed Series A Series B Later Stage VC Series B Series A Series C Series B Private Equity Later Stage VC Series A
Sep. ‘19 | $4M Sep. ‘19 | $12M Sep. ‘19 | $25M Sep. ‘19 | $147M Sep. ‘19 | $7M Sep. ‘19 | $12M Sep. ‘19 | $53M Sep. ‘19 | $10M Sep. ‘19 | $9M Sep. ‘19 | $1M Sep. ‘19 | $10M
Series D Seed Series F Series C Angel Series C Early Stage VC Series D Series C Series C Later Stage VC
Sep. ‘19 | $30M Sep. ‘19 | $3M Sep. ‘19 | $51M Sep. ‘19 | $42M Sep. ‘19 | $1M Sep. ‘19 | $70M Sep. ‘19 | $6M Sep. ‘19 | $36M Sep. 19 | $100M Sep. ‘19 | $57M Aug. ‘19 | Undiscl.
Angel Series B Early Stage VC Early Stage VC Series A Series D Angel Debt Series C Private Equity Series A1
Aug. ‘19 | $1M Aug. ‘19 | $20M Aug. ‘19 | $1M Aug. ‘19 | $2M Aug. ‘19 | $15M Aug. ‘19 | $4M Aug. ‘19 | <$1M Aug. ‘19 | Undiscl. Aug. ‘19 | $17M Aug. ‘19 | $60M Aug. ‘19 | $18M
Early Stage VC Convertible Debt Convertible Debt Early Stage VC Series E Seed Series A1 Early Stage VC Seed Series A Series A
Aug. ‘19 | $1M Aug. ‘19 | $8M Aug. ‘19 | <$1M Aug. ‘19 | $7M Aug. ‘19 | $200M Aug. ‘19 | $7M Aug. ‘19 | $6M Aug. ‘19 | Undiscl. Aug. ‘19 | $3M Jul. ‘19 | $10M Jul. ‘19 | $9M
Series A1 Series A Series A Seed Early Stage VC Convertible Debt Series A Early Stage VC Seed Seed Series A
Jul. ‘19 | $5M Jul. ‘19 | $12M Jul. ‘19 | $9M Jul. ‘19 | $5M Jul. ‘19 | $2M Jul. ‘19 | $1M Jul. ‘19 | $23M Jul. ‘19 | <$1M Jul. ‘19 | $5M Jul. ‘19 | $2M Jul. ‘19 | $79M
Series A Angel Later Stage VC Early Stage VC Series C Series A Series A Seed Convertible Debt Series A Series A
Jul. ‘19 | $9M Jul. ‘19 | Undiscl. Jul. ‘19 | $15M Jul. ‘19 | $3M Jul. ‘19 | $15M Jul. ‘19 | $15M Jul. ‘19 | $10M Jul. ‘19 | $3M Jul. ‘19 | $1M Jul. ‘19 | $15M Jul. ‘19 | $10M
Angel Angel Angel Early Stage VC Series B Series A Early Stage VC Early Stage VC Series D Series B Series D
Jul. ‘19 | $1M Jul. ‘19 | <$1M Jul. ‘19 | $4M Jul. ‘19 | $4M Jul. ‘19 | $24M Jul. ‘19 | $200M Jul. ‘19 | $2M Jul. ‘19 | <$1M Jul. ‘19 | $70M Jul. ‘19 | $40M Jul. ‘19 | $75M
Series C
Jul. ‘19 | $10M
Early Stage VC
Jul. ‘19 | $1M
Angel
Jul. ‘19 | <$1M
Early Stage VC
Jul. ‘19 | $1M
Seed
Jul. ‘19 | $4M
Series C
Jul. ‘19 | $18M
Series B2
Jul. ‘19 | $5M
Early Stage VC
Jul. ‘19 | Undiscl. Q3 2019
Series B Series B Series A Early Stage VC PE Growth Later Stage VC Series A Early Stage VC Series C Series C Series A Seed
Jun. ‘19 | $15M Jun. ‘19 | $13M Jun. ‘19 | $10M Jun. ‘19 | Undiscl. Jun. ‘19 | $309M Jun. ‘19 | $130M Jun. ‘19 | $14M Jun. ‘19 | $1M Jun. ‘19 | $45M Jun. ‘19 | $40M Jun. ‘19 | $14M Jun. ‘19 | $2M
Early Stage VC Series B Series A1 Series D Later Stage VC Series A PE Growth Seed Series A Series E Series B Series A
Jun. ‘19 | $2M Jun. ‘19 | $15M Jun. ‘19 | Undiscl. Jun. ‘19 | $50M Jun. ‘19 | $82M Jun. ‘19 | $23M Jun. ‘19 | $40M Jun. ‘19 | $7M Jun. ‘19 | $11M Jun. ‘19 | $100M Jun. ‘19 | $40M Jun. ‘19 | $12M
Seed Series A Early Stage VC Series D Series A Series B1 Later Stage VC Private Equity Series D Series B Series B Series A
Jun. ‘19 | $2M Jun. ‘19 | $2M Jun. ‘19 | Undiscl. Jun. ‘19 | $120M Jun. ‘19 | $21M Jun. ‘19 | Undiscl Jun. ‘19 | Undiscl. Jun. ‘19 | Undiscl. May ‘19 | $110M May ‘19 | $83M May ‘19 | $23M May ‘19 | $6M
Series D Series B Seed Seed Angel Convertible Debt Series D Seed Early Stage VC Series C Series A Series E
May ‘19 | $52M May ‘19 | $18M May ‘19 | $5M May ‘19 | $2M May ‘19 | <$1M May ‘19 | $3M May ‘19 | $50M May ‘19 | $5M May ‘19 | Undiscl. May ‘19 | $60M May ‘19 | $7M May ‘19 | $103M
Series C Series A Early Stage VC Angel Convertible Debt Series A Series B Series A2 Private Equity Seed Series B Series B
May ‘19 | $30M May ‘19 | $16M May ‘19 | $2M May ‘19 | $3M May ‘19 | <$1M May ‘19 | $3M May ‘19 | $20M May ‘19 | $6M May ‘19 | Undiscl. May ‘19 | <$1M May ‘19 | $22M May ‘19 | $40M
Seed Series B Seed Series G Series E Early Stage VC Series A Accelerator Seed Accelerator Series B1 Series B2
May ‘19 | $12M May ‘19 | $20M May ‘19 | $3M May ‘19 | $110M May ‘19 | $75M May ‘19 | $7M May ‘19 | $5M May ‘19 | <$1M May ‘19 | $7M May ‘19 | Undiscl. May ‘19 | $7M May ‘19 | $8M
Early Stage VC Series A Early Stage VC Series B Series A Seed Debt Early Stage VC Grant Series B Private Equity Series B
May ‘19 | $5M May ‘19 | $4M May ‘19 | $1M Apr. ‘19 | $34M Apr. ‘19 | $10M Apr. ‘19 | $2M Apr. ‘19 | <$1M Apr. ‘19 | $3M Apr. ‘19 | $7M Apr. ‘19 | $32M Apr. ‘19 | $30M Apr. ‘19 | $10M
Seed Series D Seed Later Stage VC Series A Early Stage VC Series B Debt Series C Angel Early Stage VC Early Stage VC
Apr. ‘19 | $4M Apr. ‘19 | $100M Apr. ‘19 | $3M Apr. ‘19 | $24M Apr. ‘19 | $15M Apr. ‘19 | $1M Apr. ‘19 | $36M Apr. ‘19 | $30M Apr. ‘19 | $65M Apr. ‘19 | $3M Apr. ‘19 | $2M Apr. ‘19 | <$1M
Seed Series C Early Stage VC Series D Angel Series B Seed Later Stage VC Early Stage VC Series C
Seed Series B
Apr. ‘19 | Undiscl. Apr. ‘19 | $70M Apr. ‘19 | Undiscl. Apr. ‘19 | $70M Apr. ‘19 | $1M Apr. ‘19 | $21M Apr. ‘19 | $4M Apr. ‘19 | $86M Apr. ‘19 | Undiscl. Apr. ‘19 | $62M
Apr. ‘19 | Undiscl. Apr. ‘19 | $23M
Series A
Apr. ‘19 | $23M
Seed
Apr. ‘19 | $3M
Series A
Apr. ‘19 | $14M
Q2 2019
Later Stage VC Seed Series A Venture Convertible Debt Series A Series A Seed Series B Seed Early Stage VC Early Stage VC
Mar. ‘19 | $1M Mar. ‘19 | $2M Mar. ‘19 | $14M Mar. ‘19 | $15M Mar. ‘19 | <$1M Mar. ‘19 | $2M Mar. ‘19 | $15M Mar. ‘19 | $7M Mar. ‘19 | $9M Mar. ‘19 | Undiscl. Mar. ‘19 | Undiscl. Mar. ‘19 | $5M
Series C1 Early Stage VC Series B Angel Series B Series B Angel Accelerator Later Stage VC Series A Later Stage VC Angel
Mar. ‘19 | $5M Mar. ‘19 | $4M Mar. ‘19 | $10M Mar. ‘19 | <$1M Mar. ‘19 | $17M Mar. ‘19 | $26M Mar. ‘19 | $9M Mar. ‘19 | <$1M Mar. ‘19 | $1M Mar. ‘19 | $8M Mar. ‘19 | $150M Mar. ‘19 | $4M
Series C Series A3 Accelerator Seed Later Stage VC PE Growth Later Stage VC Series C Series A1 Series A Early Stage VC Angel
Mar. ‘19 | $18M Mar. ‘19 | $2M Mar. ‘19 | Undiscl. Mar. ‘19 | Undiscl. Mar. ‘19 | $5M Mar. ‘19 | $48M Mar. ‘19 | $15M Mar. ‘19 | $60M Mar. ‘19 | $15M Mar. ‘19 | $5M Mar. ‘19 | $2M Mar. ‘19 | <$1M
PE Growth Series D Series C Later Stage VC Series E Series A Series B Series B Series B Series A Series B Series A
Mar. ‘19 | $50M Feb. ‘19 | $65M Feb. ‘19 | $30M Feb. ‘19 | <$1M Feb. ‘19 | $40M Feb. ‘19 | $11M Feb. ‘19 | $17M Feb. ‘19 | $20M Feb. ‘19 | $21M Feb. ‘19 | $37M Feb. ‘19 | $15M Feb. ‘19 | $17M
Series A Seed Convertible Debt Series A Series A Series A Seed Series A Series A Series A Seed Early Stage VC
Feb. ‘19 | $13M Feb. ‘19 | $7M Feb. ‘19 | $1M Feb. ‘19 | $10M Feb. ‘19 | $17M Feb. ‘19 | $10M Feb. ‘19 | $6M Feb. ‘19 | $6M Feb. ‘19 | $15M Feb. ‘19 | $15M Feb. ‘19 | $5M Feb. ‘19 | $5M
Series A Series B Later Stage VC Angel Series A Series A Seed Series E Seed Series E Series C Series B
Feb. ‘19 | $8M Feb. ‘19 | $20M Feb. ‘19 | Undiscl. Feb. ‘19 | $1M Feb. ‘19 | $12M Feb. ‘19 | $7M Feb. ‘19 | $3M Feb. ‘19 | $65M Feb. ‘19 | $3M Feb. ‘19 | $44M Feb. ‘19 | $35M Feb. ‘19 | $31M
Series A Accelerator Series B Private Equity Series B Early Stage VC Early Stage VC Series A Convertible Debt Later Stage VC Early Stage VC Accelerator
Feb. ‘19 | $13M Feb. ‘19 | <$1M Jan. ‘19 | $30M Jan. ‘19 | $29M Jan. ‘19 | $20M Jan. ‘19 | $55M Jan. ‘19 | $10M Jan. ‘19 | $15M Jan. ‘19 | $1M Jan. ‘19 | $33M Jan. ‘19 | Undiscl. Jan. ‘19 | Undiscl.
Series A PE Growth Series A Early Stage VC Series A Seed Seed Series B PE Growth Series E Series A Series C3
Jan. ‘19 | Undiscl. Jan. ‘19 | Undiscl. Jan. ‘19 | $9M Jan. ‘19 | <$1M Jan. ‘19 | $14M Jan. ‘19 | $4M Jan. ‘19 | $1M Jan. ‘19 | $42M Jan. ‘19 | Undiscl. Jan. ‘19 | $261M Jan. ‘19 | $19M Jan. ‘19 | $1M
Seed Series A Series A Seed Seed Series D Later Stage VC Seed Series B Angel Seed Later Stage VC
Jan. ‘19 | $1M Jan. ‘19 | $8M Jan. ‘19 | $5M Jan. ‘19 | $2M Jan. ‘19 | $1M Jan. ‘19 | $100M Jan. ‘19 | $4M Jan. ‘19 | $4M Jan. ‘19 | $131M Jan. ‘19 | $4M Jan. ‘19 | $2M Jan. ‘19 | $4M
PE Growth
Jan. ‘19 | $10M
Angel
Jan. ‘19 | <$1M
Series C
Jan. ‘19 | $19M Q1 2019
Advice. Access.
Momentum Cybersecurity Group, LLC
101 2nd Street | Suite 1275
San Francisco, California 94105
For Inquiries Or Information On The Cybersecurity Almanac

Please Contact Momentum Cyber

2020 Cybersecurity Almanac Public Edition

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

2020 Cybersecurity Almanac Public Edition

Hochgeladen von

Copyright:

Verfügbare Formate

David DeWalt

Jeremy Isagon, CFA

Tim Van Tuyle

Momentum Cyber Team

Dave DeWalt Eric McAlpine Michael Tedesco Ken Gonzalez

250+ $250B+ 48 $16B

$371M $91M 1M+ cloud

Cyber Strategic & Investor

Frequent Releases Of Content To CYBERscape

10,250+ 2,100+ 750+ 380+ 425+

Transaction Database | 3,500+ Cybersecurity Transactions

Monthly, Quarterly, Detailed Transaction Profiles

Key Ecosystem Partners

Bespoke Industry & Channel Reports /

acquired by acquired by strategic investment in acquired acquired by acquired by acquired by acquired

acquired acquired by acquired by acquired by acquired acquired acquired acquired acquired

Consumer Security Cloud Secure Cloud Mobile Endpoint Data Vulnerability

acquired by acquired by acquired acquired acquired acquired by acquired acquired acquired by

▪ CEOs ▪ Private Equity ▪ Hedge Funds ▪ Security Teams

II. M&A Activity In Cybersecurity 23 23

III. Financing Activity In Cybersecurity 116 41

IV. Public Company Trading Analysis 183 48

V. Cybersecurity Industry Perspectives 196 61

VI. Buyer Spotlight 283 148

VII. Sectors In Focus 327 150

VIII. Transaction Profiles 375 198

▪ Momentum Transactions ▪ Cybersecurity M&A Transactions

IX. Contact Momentum Cyber 895 222

Dr. Ed Amoroso is CEO of TAG Cyber, a global

Return To Table Of Contents 8

Automation & AI-Powered Attacks Information Manipulation

▪ Demonstrated ability & willingness to target elections & other

▪ Percentage of nation states attacks have increased from 12% of all

Automation & AI-Powered Defenses Software-Defined Infrastructure For Dynamic Defense

Increased Visibility Across Attack Surface Virtualization & Decentralized Networks

Return To Table Of Contents 10

Source: Gartner Emerging Technologies & Trends Impact Radar: Security

2010-2014 Strategic Volume ($B) 2015-2019 Strategic Volume ($B)

Return To Table Of Contents 12

1. 2. 3. 4. 5. Next-Gen MSSP / MDR Serverless Security

Security Orchestration, Automation

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database.

Return To Table Of Contents 14

$8.9B Total (all-time

21 Capital Raises ≥ $100M

Cybersecurity (Enterprise Assets) $120M $110M $110M $103M $100M

140 $13.1 $2.8

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database.

Notable Financing Transactions 2019 Financing

Application Security Financing Activity M&A Activity

Selected Acquisition Activity Selected Financing Activity IPO Activity

Market Cap: $5,121M

Market Cap: $603M

M&A Activity Ranking Financing Activity Ranking

Network & Infrastructure Security 18 48

Identity & Access Management 17 45

SecOps / IR / Threat Intel 11 39

Risk & Compliance 10 64

Fraud & Transaction Security 5 21

2019 Transaction Activity 2018 Transaction Activity

Source: Momentum Cyber Proprietary M&A & Financing Transaction Database.

Top 10 Sectors By M&A Activity (With Select Representative Targets)

Top 10 Sectors By Financing Activity (With Select Representative Companies)