Data Protection, Firewall Stocks Surge as Vulnerability Management Stocks Struggle
Fortunes diverged for publicly-traded cybersecurity companies in 2024, with companies in the data protection space buoyed by the artificial intelligence boom but some security mainstays seeing their sheen worn down.
See Also: How to Take the Complexity Out of Cybersecurity
Longtime public company Commvault and newly-public Rubrik each recorded stock price gains of at least 75%, primary beneficiaries of increased spending around generative AI and large language models and the need for data security to safeguard LLMs inputs and outputs.
Conversely, all three incumbents in the vulnerability management market – Qualys, Rapid7 and Tenable – recorded double-digit stock price drops as growth in the rapidly-maturing $2.3 billion market slows and the technology becomes commoditized. All three companies have reportedly kicked the tires on becoming private – with activist investors taking a stake in Rapid7 – but no offers have materialized.
Scale has become even more important as investors increasingly see each security technology category as winner-take-all. Of the eight vendors with valuations exceeding $16 billion, seven of them saw their stock jump by at least 20% in 2024, with only Zscaler recording a stock price drop. Of the 11 vendors with valuations between $2.5 billion and $15 billion, eight saw their market cap decline during 2024.
In total, 16 companies that derive much of their revenue from cybersecurity recorded stock price gains in 2024, while 12 recorded drops in their stock price, with a median stock price gain of 14.5%. That’s far better than during the depths of the economic downturn in 2022, when the median cyber stock saw a 40% decline in price and only two of the then-32 publicly traded security companies recorded gains in price (see: Stock Sell-Off: CISO Global, Trend Micro, Okta Hardest Hit).
Below is a look at how each of the publicly traded cybersecurity vendors fared in 2024 with a deep dive into some of the more interesting case studies.
The Big Winners
| Company | Valuation | Dec. 31, 2024, Close | Jan. 2, 2024, Opening | Change |
|---|---|---|---|---|
| CISO Global | $41M | $3.29 | $1.56 | 109% |
| Commvault | $6.6B | $150.91 | $76.97 | 96.1% |
| Yubico | $1.89B | $21.99 | $12.21 | 80.1% |
| Rubrik | $5.69B | $65.30 | $37.00 | 76.5% |
| OneSpan | $704M | $18.54 | $10.57 | 75.4% |
| Fortinet | $72.41B | $94.25 | $57.78 | 63.1% |
| CyberArk | $16.42B | $333.15 | $216.13 | 54.1% |
Investor interest in data protection fueled Commvault’s purchase of data protection startup Clumio and cyber resilience vendor Appranix. Rubrik was the industry’s only initial public offering in 2024, with analysts seeing significant share gains in the backup and recovery market thanks to the firm’s focus on cyber resilience.
Fortinet has taken advantage of the technological culling to scoop up once-promising companies at deep discounts, buying data loss prevention company Next DLP for $105 million, cloud security firm Lacework for $152.3 million, and email security vendor Perception Point for a reported $100 million. The company sees the firewall market recovering and expects a record refresh cycle for FortiGates beginning in 2025.
CyberArk in October bought machine identity management startup Venafi for $1.54 billion, bringing the former’s skill in secrets management together with the latter’s expertise in certificate lifecycle management. Investors expect at least 20% year-over-year growth from the company’s core privileged access management business as well as at least 13% growth in the Venafi business as investments grow (see: CyberArk CEO on Why Venafi’s Machine Identity Chops Matter)
Staying in the Black
| Company | Valuation | Dec. 31, 2024, Close | Jan. 2, 2024, Opening | Change |
|---|---|---|---|---|
| CrowdStrike | $84.28B | $342.32 | $246.89 | 38.7% |
| Radware | $946M | $22.53 | $16.34 | 37.9% |
| Cloudflare | $36.96B | $107.38 | $79.35 | 35.3% |
| Palo Alto Networks | $119.4B | $182.05 | $144.46 | 26% |
| Check Point | $20.53B | $187.40 | $152.27 | 23.1% |
| Gen Digital | $16.87B | $27.38 | $22.79 | 20.1% |
| Secureworks | $752M | $8.46 | $7.14 | 18.5% |
| BlackBerry | $2.24B | $3.82 | $3.43 | 11.4% |
| Trend Micro | $7.65B | $8.46 | $7.14 | 2.5% |
CrowdStrike demonstrated resilience in the wake of its massive July 19 outage, recording a dollar-based net retention rate of 115% and a gross retention rate of 97% in its first quarter since the incident, said CFO Burt Podbere. The faulty July 19 software update led to longer sales cycles and lower net new ARR for CrowdStrike, but customer commitment packages drove higher upsell rates and customer retention (see: Here’s Where Top Cybersecurity Vendors Stand as 2025 Nears).
Cloudflare carried out five tuck-in deals during 2024, acquiring cloud security startup Kivera, zero trust infrastructure access startup BastionZero for $13.1 million, observability startup Baselime, open-source deployment platform PartyKit, and multi-cloud networking startup Nefeli Networks. Cloudflare added 219 large organizations in its most recent quarter and now has 35% of the Fortune 500 as customers.
Palo Alto Networks plans to capture a substantial share of the SIEM market, with the Silicon Valley-based platform security titan onboarding more than 550 IBM SaaS customers and establishing a pipeline worth more than $1 billion, said CEO Nikesh Arora. His prediction is that the company will ride its $500 million buy of IBM’s QRadar SaaS business to become a top-three SIEM player globally within a few years.
Check Point in December got just its second CEO in the firewall behemoth’s 32-year history, with Team8 co-founder and Managing Partner Nadav Zafrir replacing longtime leader Gil Shwed. The company also bought Tel Aviv-area external risk management vendor Cyberint Technologies to boost managed threat intelligence and make it easier for organizations to defend against internal and external cyberthreats.
Secureworks agreed in October to be acquired by Sophos for $859 million, and will bring its capabilities in identity threat detection and response and OT security to the latter’s base of SMB and mid-market customers. Although a third of Sophos’ revenue already comes from enterprise customers thanks to its growing MDR business, buying Secureworks will allow Sophos to get much closer to large organizations.
BlackBerry agreed in December to sell its beleaguered Cylance endpoint security business to Arctic Wolf for $160 million, two months after CFO Tim Foote told investors that investing heavily in Cylance is no longer “the optimal use of the company’s capital.” CEO John Giamatteo told investors the sale will give BlackBerry a path to greater profitability and allow for more focus on the secure communications unit.
Giving Up Ground
| Company | Valuation | Dec. 31, 2024, Close | Jan. 2, 2024, Opening | Change |
|---|---|---|---|---|
| Varonis | $5B | $44.43 | $44.52 | -0.2% |
| Elastic | $10.27B | $99.08 | $106.54 | -7% |
| Okta | $13.5B | $78.71 | $87 | -9.5% |
| F-Secure | $323M | $1.85 | $2.06 | -10.2% |
| Tenable | $4.73B | $39.38 | $43.97 | -10.4% |
| SentinelOne | $7.13B | $22.20 | $25.87 | -14.2% |
| Zscaler | $27.68B | $180.40 | $212.37 | -15.1% |
| Akamai | $14.37B | $95.65 | $116.88 | -18.2% |
| Rapid7 | $2.54B | $40.23 | $54.98 | -26.8% |
| Qualys | $5.13B | $140.22 | $191.88 | -26.9% |
| WithSecure | $138M | $0.79 | $1.09 | -27.5% |
| Hub Cyber Security | $24M | $0.69 | $2.36 | -70.8% |
Okta CEO Todd McKinnon said the company’s new products are starting to flourish, with identity governance now representing 30% of the value of deals it’s included in. But Okta’s growth rate keeps decelerating, with net recurring revenue continuing to decline each successive quarter and new client additions remaining less than half the quarterly additions being delivered as recently as a year ago.
Longtime Tenable CEO Amit Yoran temporarily stepped aside in December for cancer treatment and recovery, with top deputies Stephen Vintz and Mark Thurmond stepping up to lead the organization. The company in June agreed to buy Tel Aviv, Israel-based data security posture management startup Eureka for $29.2 million to provide data discovery, classification and risk assessment to customers (see: Tenable’s Amit Yoran Takes Medical Leave; Interim CEOs Named).
Analysts remain cautious about the size of the CrowdStrike displacement opportunity for SentinelOne, and are concerned about the firm’s ability to deliver strong growth and meaningful margin improvement in the highly competitive endpoint security space. They’re also tracking the expect to which SentinelOne can meaningful expand into adjacencies like SIEM, CNAPP, identity security and generative AI defense.
Zscaler historically didn’t position its technology as an alternative to firewalls but has now embraced the displacement opportunity as organizations increasingly recognize the inadequacy of perimeter-based security models. Total billings growth beat analyst estimates by lower-than-average historical standards, and Zscaler expects it to take until late 2025 for newly onboarded sales reps to ramp to full productivity.
Akamai in November axed 2.5% of its workforce – about 250 people – to shift investment from legacy delivery and cloud web application firewalls to fast-growing areas like API security, enterprise security and cloud computing. The firm bought Noname Security for $450 million to help spot exposed APIs, identify vulnerabilities and stop breaches in new sectors like manufacturing and food processing.
Activist investor Jana Partners in October took a 13% economic interest in Boston-based Rapid7 and is evaluating potential buyer interest in the vulnerability management vendor. In December, investment firm Cannae Holdings said it plans to engage with Rapid7 in confidential talks about a potential deal. Rapid7 has spoken with private equity firms Advent, Bain Capital and EQT about a deal, Reuters said (see: Tenable’s Amit Yoran Takes Medical Leave; Interim CEOs Named).