Deep Pocket Inspection: RSAC Innovation Sandbox Retrospective & Perspective

Introduction

A key part of the RSAC is the RSAC Innovation Sandbox (ISB) contest. For the last 20 years, start-ups have submitted applications to become one of ten finalists. The ISB contest features the finalists to give a two-minute pitch to judges. Judges then consider the solution and company’s viability and select first place and runner-up winners that are best poised for market success. Past judges have included inventors, security leaders, successful entrepreneurs, and investors alike, including Asheem Chandna of Greylock Ventures, Niloofar Razi Howe of Capitol Meridian Partners and Dorit Dor, Chief Product Officer of Checkpoint. Starting in 2025, the Top 10 Finalists will each receive a $5 million uncapped Simple Agreement for Future Equity (SAFE) investment, provided by Crosspoint Capital Partners. Innovation Sandbox has been emceed by Hugh Thompson, a managing partner of Crosspoint Capital. Based on data from S&P Global CapIQ and 451 Research M&A Knowledge Base, this report aggregates the funding, outcome and industry trends for the 110 ISB finalists from 2014-2024. 514 total transactions in funding and acquisition were analyzed for this report.

The Take

While finalists in the ISB have displayed product innovations, go-to-market innovations have lagged. The ways buyers buy have changed; the ways sellers sell needs more innovation. As a result, money from the investors’ deep pockets is frequently wasted because Go-To-Market Fit (GTMF) growth phases are difficult to achieve. For vendors, the large investment rounds are both market signal and obligation; vendors spend enormous sums to match the obligation that a given funding round signals. Vendors frequently confuse their sales and marketing activity with actual customer progress and repeatable customer journeys.

Given large funding rounds, the investor’s closest positive exit might have been behind them. Founder and investor expectations also require reality checks. Of the 110 finalists in the last 10 years, 46 have been acquired, just 1 completed its IPO. Of the 46 acquisitions so far, just 11 have been acquired for more than the sum of venture funds received and the remaining 64 continue to operate independently. Yet finalists keep raising rounds of financing committing to scale to IPO readiness. Cato Networks and Abnormal Security have respectively raised more than $750M and $550M; Wiz raised $1.4B before its blockbuster $32B acquisition with Google last week. For investors, entrepreneurs and strategic acquirers, the path ahead remains to be seen and more analysis from 451 Research will follow suite.

Commentary

Of the 110 finalists from 2014-2024, the vast majority have been geared towards large enterprise customers. While initial product (PMF) or idea market fit (IMF) might have occurred among the finalists, successful go-to-market-fit phases (GTMF) are more difficult to achieve. GTMF success occurs when the customer buying journey fits the finalist’s go-to-market efforts. The repeatability of customer deals and the cadence of co-sellers are based on enterprise customer readiness.

The landscape among enterprise customers is changing with the growing diversity of economic buyers and technical influencers. While the CISO persona is important, there are other parts of the organization required to operationalize or act upon a new control. Many disciplines of security like AppSec, Identity & Access Management, Cloud Security, Security for GenAI and Data Security require buy-in from others beyond information security teams. As indicated last year at RSAC 2024, the democratization of PAM highlights wider ranges of use cases with very different stakeholders. AppSec responsibility has been placed with everyone – developer, operator and security teams alike that frequently ensure no one is really responsible. In addition, information security teams are not increasing their personnel to operate or implement new tools. According to Voice of the Enterprise, Organizational Behavior 2024, just 18% of security teams are adding staff. These teams said that managed services to augment both staffing and tooling were the biggest way their teams were changing.

Large enterprises are changing, with many of them have become or are becoming technology companies in their own right, with technology decentralizing towards different business lines. The largest financial institutions have thousands of technical development staff, and their business lines heavily invest in technologies with greater autonomy. For finalists selling into these organizations, they must not only understand how their technology will work their customer’s environments, but they must also better uncover and understand the business value. They must navigate these organizations, understand their business goals and only then understand how their solutions help the right personas achieve the right goals.

Given the limited number of tools that enterprise customers can operationalize, finalists must be pragmatic. If existing budget categories can be leveraged, so be it. For example, for finalists in endpoint detection & response like Cylance, SentinelOne or Cybereason, it might have been perfectly suitable to pursue expiring legacy endpoint contracts to land quicker wins. While each finalist would like to truly be a disruptor everywhere, not every enterprise customer wants to be disrupted.

Solid PMF phases are foundational to GTMF phase success. Three fundamental questions must be answered in PMF phases: Why do enterprises need to make a change? Why do they need to do it now? Why is their product the solution for the need for this immediate change? Answering these questions helps finalists graduate from the typical founder-led-sales or ‘friends-and-family’ sales mechanism. While start-ups need early scrappy tactics, scale-ups need GTMF to sustainably grow. So, it is essential for finalists to document and institutionalize PMF and ICP in objective, customer orientated terms.

GTMF phases are the most expensive for finalists, with industry-wide selling efficiency is projected to worsen, even for publicly traded companies. Though presumably they have greater brand recognition and pricing leverage among different solution modules in their suites, on average in 2025 they are still forecasted to spend $2.43 in sales and marketing expense for every new $1 in ARR. (See Figure 1).

Within information security, the valuations of price/sales remain significantly higher than other industries, with 2024 valuations at 5.5x sales in 2024, according to SaaS gross margins north of 80%, finalists are obliged to lean heavily into GTM scale to achieve the valuations on revenue and growth multiples. Investors have reached deep pockets to fund GTM efforts. Among 2014-2024 ISB finalists, there have been a total of 447 equity funding events. Of the 155 funding events that were Series C or later, the median funding round was $70M and the average was $100M. Given high valuation multiples of 10x, 15x or even 25x from the heady 2021 days, and even assuming similar selling efficiencies ratios of 243%, heavy sales and marketing expenses are certain to follow to make the revenue growth goal.

These large funding rounds signal both ambition and obligation to finalists. In turn, finalists must always be mindful that their GTMF phases will only succeed based on a solid PMF success. ICP includes understanding the customer journey, not just the enterprise’s demographic attributes. Finalists need to understand how their enterprise customers realize that they need to make immediate changes. The sequence and pattern to navigate multiple stakeholders, to build internal enterprise champions and anticipate the path enterprise customers take to buy a start-up’s security solution are critical.

Too often, the large funding rounds drive finalists to focus on the growth of their GTM activity rather than understanding customer activity. GTMF phases are the most expensive for finalists in terms of both financial resources and time. Generous partner programs, marketing events, and sales staff on non-recoverable draw compensation and staff on-boarding don’t become worth it if the enterprise deals aren’t forthcoming.

As an approximate measure of GTMF phase readiness, the timing finalists have between their Series B and Series C funding varies significantly. 34 finalists have received a Series C round. For Bastille Networks, 25 quarters separated their Series B from Series C, Wiz closed their Series C just 97 days after their Series B. Deal cycle length determined in PMF phases can be used to model the CAC payback periods and customer logo add rates to determine this readiness.

GTMF success also deepens and widens competitive moats. Network effects from product telemetry or user data make solutions inherently stickier and revenues more recurring. While direct or indirect incorporation of GenAI lowers barriers to product entry, better harnessing of this data could increase the K-shape of market traction. Better distribution can also have outsized impacts; any solution that accelerates or enhances the offering of a larger co-travelling vendor will be far more likely to penetrate key enterprise accounts. In turn, the accretive value to strategic acquirers is more attractive. Out of 46 acquired finalists, 39 were by strategic players in adjacent markets.

The IPO remains an important albeit very high milestone. At their recent IPOs, Sailpoint and Rubrik had $700M and $784M ARR, respectively. Wiz crossed the $700M ARR mark just before Google announced its blockbuster $32B acquisition. Abnormal and Cato Networks, have respectively crossed the $200M and $250M ARR thresholds and their high growth rates are promising. All three have grown quickly, with Cato Networks making its ISB appearance in 2017, Wiz and Abnormal Security debuting in 2021.

In addition to the large volumes of venture funding raised, the diversity of investors is also striking, with 526 distinct venture funds or investors participating in various funding rounds. While familiar investors like Bessemer, Accel, Clear Sky and General Catalyst have all made at least 15 different or follow-on investments in these finalists, no single investor dominated the list of transactions. Likewise, no single acquirer dominated as McAfee had from 2005-2015.

For investors, strategic acquirers and entrepreneurs alike, the road ahead remains to be seen. 451 Research has provided individual and sector coverage for the vast majority of ISB finalists from 2014-2024 to better understand and contextualize industry trends. The slowdown in infosec M&A may continue to test venture investors' liquidity needs; multiple investors in each round complicates consensus for M&A. 451 Research invites all its readers to our RSAC breakfast where further research on the M&A and venture landscape is presented in context of industry trends covered by the 451 Research security team. Please register here to learn more.