The next (last?) phase of the OT Detection market as we know it began with Drago’s $110M round in December 2020. It was only a question of time until the other two major independent players, Claroty and Nozomi, responded. Last week Claroty announced they raised $140M in what was called a D round, although the C round was an odd $8M raised six months after the B round at the end of 2018.
This is big and was needed by Claroty. From my Q2 2020 market analysis:
There is something wrong at Claroty. This level of turnover in leadership in one year doesn’t happen in a top startup with a foreseeable lucrative exit.
2019 and 2020 saw a pullback in market presence and sales activity from Claroty as well. In a vacuum this could be attributed to changing the mix based on what was and wasn’t working. With the leadership turbulence and reduced presence, I dropped Claroty out of the top tier in my Q4 2020 analysis.
This $140M raise gives Claroty a chance to get back in the game. It indicates that the investors have faith in the new management team and strategy. The valuation for this round is not known. I’ve seen two articles from Israeli reporters saying sources told them it was $1B. Whether it was $700M or $1B, pre or post money, a raise of this size indicates the investors believe this will be a $2B+ company in the future. With some in the venture community convinced there will be multiple multi-billion dollar companies in the OT security space, perhaps they are making their statements come true. It would be very interesting to know, and we probably never will, if the 2021 incidents and US government focus improved the valuation.
It is also a sign to potential customers and partners that Claroty is on solid footing for at least the next two to three years. And importantly it gives Claroty the resources to keep up with Dragos in product, services, marketing, talent acquisition, etc.
Claroty also announced this month their new Claroty Edge. According to the press release, Claroty Edge
delivers 100% visibility into industrial networks in minutes without requiring network changes, utilizing sensors, or having any physical footprint
I’ve read the press release five times, and I still can’t figure out what Claroty Edge is or how anything would do what they claim. I hope to have Claroty on the show to discuss Claroty Edge soon and learn what it is.
With the Dragos and Claroty $100M+ funding rounds, where does this leave Nozomi?
Back in my Q2 2020 analysis I wrongly predicted that Claroty would be acquired that year by ICS Vendors and B Round Investors Siemens or Schneider Electric. It may be Nozomi that gets acquired as I’ve had double digit people in the space asking me if I knew that Nozomi was about to be acquired. There hasn’t been a single consistent acquirer named in these discussions, like there was prior to SecurityMatters and CyberX acquisitions, so it is just #reckless_speculation at this point.
Whether it is acquisition or another round of funding, Nozomi will do something in 2021. They have been successful enough to date to be able to choose their path forward.
If Nozomi is acquired and rolled into a larger company with broader product and service offerings, it would leave Claroty and Dragos as the Big 2 focused on the OT Detection space … unless the new Mandiant decides to get in. This would be a major turnaround in 2021 for Claroty from falling behind to being one of two.
In the next 2 – 3 years it will be a challenge for the big competitors to grow into and effectively use that $100M+ raised.
Finally, the larger companies that acquired this technology and business should not be ignored. They have a major advantage in asset owners using their systems in the enterprise. In fact, there needs to be a major reason not to use SilentDefense if you are a happy Forescout enterprise customer … or tenable.ot if you are a happy tenable.sc enterprise customer … and so on. There are even more enterprise companies ready to move into OT as the products that did OT detection and asset inventory split into narrower product segments, such as vulnerability management or workflow management or incident response services.