Deepwatch Raises $180M in Splunk-Backed Funding to Boost MDRMDR Firm Will Use Money to Boost Threat Analytics, Security Scoring, User Interface
Managed detection and response stalwart Deepwatch has received a $180 million investment to strengthen its threat analytics, user interface and security scoring for customers.
"It's better to raise capital when you don't need it."
– Charlie Thomas, CEO, Deepwatch
The Tampa, Florida-based company says the money from Splunk Ventures, Springcoast Capital Partners and a Vista Equity Partners subsidiary will allow Deepwatch to invest in R&D, platform innovation and threat intelligence. The investment doesn't give any entity a controlling interest or majority stake in Deepwatch, which remains venture-backed, according to CEO Charlie Thomas.
"It's better to raise capital when you don't need it," Thomas tells Information Security Media Group. "This is a great opportunity for us to raise now and mitigate any future risk if there's some prolonged economic slowdown."
Deepwatch remains on track to achieve profitability in the back half of 2024 thanks to annual growth rates of between 50% and 60%, judicious practices around hiring and some cost reductions in the middle of 2022. Thomas says having Splunk's backing is particularly meaningful since Deepwatch standardized on its SIEM product to serve Fortune 2000 organizations with no intention of replacing SIEM with XDR (see: Accelerating Cyberthreat Response Times).
Getting a Three-Dimensional View of SecOps Maturity
Thomas plans to use the $180 million to introduce a new version of Deepwatch's Secure Score that goes beyond examining data ingest types, log types and source types to also consider coverage, geographies and zones when assessing a customer's security operations maturity. The company might take its Secure Score from a 10-point scale to a 100-point scale as Deepwatch gets a more three-dimensional view.
From a threat analytics perspective, Thomas says Deepwatch plans to leverage the data it is receiving from customers to pinpoint the riskiest types of signals and alerts and ignore all the others. Deepwatch assigns each threat a probability value based on a customer's unique threat matrix and addresses the vast majority of issues itself so that only a very small number of alerts are routed to a human, he says.
As far as user interface is concerned, Deepwatch plans to use the money to add more self-service capabilities so CISOs can automatically generate metrics or reports in real time or on a daily basis without having to wait. The company's return on investment tool is popular with C-suite executives, and Thomas says Deepwatch's technology is designed to support a broad ecosystem of technology vendors (see: How to Manage Growing Threats, Tighter Budgets).
Where Do Deepwatch's Customers Come From?
Fifty-two percent of Deepwatch's new customers over the past two years selected the company to replace a legacy managed security services provider, according to Thomas. Customers most often took out Secureworks to install Deepwatch but sometimes came over from IBM or Accenture, which acquired Symantec's cybersecurity services business in early 2020, Thomas says.
The remaining 48% of new customers purchased Deepwatch as they stood up a SOC or SIEM for the first time. In these cases, Thomas says, customers chose Deepwatch over direct competitors such as BlueVoyant, Critical Start, Expel or ReliaQuest.
Deepwatch doesn't encounter Arctic Wolf often since it is more focused on the midmarket, while companies such as CrowdStrike that have positioned XDR as a SIEM replacement haven't gained much traction in Fortune 2000 organizations, according to Thomas.
From a metrics perspective, Thomas says Deepwatch tracks typical SaaS key performance indicators such as annual recurring revenue growth, net new ARR, net dollar retention, gross margin improvement and customer lifetime value-to-customer acquisition cost. Deepwatch's business intelligence team uses Tableau to generate a robust set of metrics and analytics for each individual department, he says.
"We try to run the company today as if we're public, even though we're private," Thomas says. "We want to have that degree of maturity and that degree of governance. We are pretty sophisticated in terms of metrics and how we look at our performance."