Investments in cybersecurity companies are beginning to turn a corner, seemingly.
After a brutal summer, VC funding to security startups saw a slight (12%) uptick from Q3, according to Crunchbase — reaching nearly $1.9 billion compared to $1.7 billion in the second quarter. That’s still down 30% annually. But it’s a tepid sign that venture’s appetite for cyber is growing anew.
Increasing enterprise cybersecurity budgets could be the reason.
Per an IANS Research report, corporate budgets for IT security grew 6% between 2022 and 2023 — a modest but noteworthy amount. Most respondents cited “increased risk” and “digital transformation” — i.e. digitizing legacy apps, products and services — as the motivators behind the budget upticks.
One startup to benefit from all this is Censys, which provides customers with insights about critical internet-connected infrastructure. Cynses this morning announced that it raised $50 million in a Series C funding round plus a $25 million debt round, bringing its total raised to $178.1 million.
Censys has its roots in an internet scanning program, ZMap, developed by the company’s chief scientist Zakir Durumeric in 2013. By 2015, after coming to the realization that the software could be used to actually improve, rather than simply monitor, the state of security online, Durumeric had assembled a team to refine and improve ZMap’s capabilities.
“We believe that perfect visibility of anything exposed to the internet is the only way to allow individuals and organizations to protect themselves from external threats,” Brad Brooks, Censys’ CEO, told TechCrunch in an email interview. “With the help of early investors, including Google Ventures, Greylock, Decibel and Intel Capital, our mission evolved, and we set out to create the best, most comprehensive, internet scanning engine in the world.”
Today, Censys offers a range of tools to keep tabs on internet hosts and services and their security statuses. Customers get a database of vulnerable infrastructure “enriched with context,” as well as a platform for monitoring and analyzing their internet-facing assets (e.g. servers and desktops).
Brooks says that most customers use the platform for threat hunting — that is, spotting and investigating signs of security compromise — and triaging exploits detected through Censys’ asset monitoring tech. Some also tap Censys to understand the impact of their security efforts, according to Brooks, including the duration and severity of risks.
“Powered by leading internet intelligence, Censys gives leaders and their teams the data and capabilities needed to stay ahead of advanced threat actors,” Brooks said. “They can use Censys’ benchmarks to track performance over time and generate industry-standard metrics.”
Recently — climbing aboard the generative AI hype train — Censys launched a chatbot that enables users to perform searches across its security database in natural language. For example, they can ask things like “Show me all servers in Australia that have both FTP and HTTP services” to have the platform surface the corresponding data. Or they can have the chatbot translate search syntax from a third-party threat-hunting platform, like Shodan or Zoomeye, into a format that Censys can understand.
Censys, which claims to have 350,000 users on its free service and over 180 paying customers, including government agencies ranging from the FBI to the Department of Homeland Security, plans to put the proceeds from the most recent funding toward expanding its 134-person workforce. By the end of 2023, Censys — which is based in Ann Arbor, Michigan — expects to have 150 employees.
“We’re lucky in that cybersecurity is still in high demand despite economic uncertainty,” Brooks said. “In fact, the pandemic provided a tailwind as major enterprises had to shift to cloud solutions and resituate thousands to a remote work setup, which drove demand and inquiries.”
The challenge for Censys will maintaining momentum in the face of increasingly strong headwinds.
Issues in Europe and between the U.S. and China threaten to keep venture funding in cyber relatively flat — or possibly even in decline — for the remainder of the year. Higher interest rates are hurting the ability for investors to raise new funds, in turn hurting startups’ ability to raise money.
Meanwhile, hedge funds, late-stage and crossover funds that invest in both public and private companies have pulled back from the cyber market over fears of a recession — and disruption in the wider tech market.
On the other hand — as alluded to earlier — there’s reason for optimism.
According to a recent Spiceworks report, while the vast majority of companies are concerned about a recession in 2024, two-thirds (66%) still intend to increase their year-on-year IT spend, including spending on cybersecurity, while only 4% plan to decrease their spend. And IDC predicts that global cybersecurity spending will top $219 billion this year, growing to nearly $300 billion in 2026.