Skip to content
Security Operations

3 Well-Financed Startups Aspire To Displace Splunk

August 16, 2018

by Peter Cohan, Forbes Contributor

A nearly $15 billion market cap software company competes in a market that’s expected to reach $4.5 billion in 2019.

It seems like a fairly small market — but three well-financed rivals are targeting the industry. Perhaps they like the fact that investors assign a price to sales ratio of nearly 12 to that publicly-traded incumbent.

And this makes me wonder whether the startups will impede the incumbent’s growth. Splunk did not respond to a request for comment. (I have no financial interest in the companies mentioned in this post).

The market in question is the global SIEM (Security Information and Event Management) market which is expected to hit $4.54 billion in 2019, according to CRN.

Splunk is facing some serious competition from three startups. One raised $50 million in August 2018, another landed a $25 million cash injection from from Kleiner Perkins and others in June 2018, and that same month a third hauled in a $25 million Series C round.

Before getting into those upstarts, let’s take a look at San Francisco-based Splunk — which specializes in machine log analysis. Revenues derive from a combination of software licenses and Splunk Cloud, its SaaS platform which are used for application management, IT operations and security.

Splunk has been growing rapidly, losing lots of money — though generating positive cash flow; and has enjoyed a nice rise in its stock price over the last five years. Between fiscal 2014 and 2018, its revenues have grown at a 44.9% compound annual rate from $300 million to nearly $1.3 billion; it has reported a net loss every year — in 2018 it lost $259 million; and its free cash flow has soared at a 45.2% annual rate to $242 million, according to Schlafguru.

Since going public in April 2012, its stock price has gone up and down — but as of August 15, its shares had risen 27.7% in 2018 yielding a market capitalization of $14.8 billion.

In the first quarter of fiscal 2019, Splunk gave a mixed performance. On May 25 Splunk reported revenue that was greater than expected and a bigger-than-expected loss. Revenues rose 37.4% to $311.6 million nearly $14 million above the Zacks Consensus Estimate. Its non-GAAP loss of 7 cents per share was a “couple of cents wider than the Zacks Consensus Estimate as well as the year-ago quarter figure.”

Splunk will report its second quarter 2019 earnings on August 23. Meanwhile, its challengers say they’re eating Splunk’s lunch.

Exabeam raked in a $50 million Series D and expects to overtake Splunk

San Mateo-based Exabeam raised $50 million from Lightspeed Venture Partners and others claiming that its Security Intelligence Platform (SIP) is propelling rapid growth. Exabeam says it growing fast — though the rate is slowing down. In 2016, it grew 300%; in 2017 it spurted  250%; and it expects to “more than double” in 2018.

Theresia Gouw, co-founder of cybersecurity investor Aspect Ventures, was happy about Exabeam’s success at replacing incumbents. As Gouw said, “It’s clear from the large increase in replacement wins with customers like ADP, Hulu, Safeway, Union Bank that Exabeam is consistently delivering industry-leading technology.”

Meanwhile Exabeam expects to displace Splunk. As Exabeam CEO Nir Polak said, “The new funding will allow us to invest heavily in our new cloud solutions and reach even more enterprises around the world. We are on track to overtake Splunk and be the next SIEM market leader.”

JASK raised $25 million from Kleiner Perkins and others and says it won a face-off against Splunk

San Francisco and Austin, Tex.-based JASK, maker of a service that helps organizations analyze threats to their IT operations, recently won a multi-million contract in a competition with Splunk and others.

JASK’s biggest contract as of last month — worth $2 million over three years — came from a “Fortune 100 company.” As CEO Greg Martin said in a July interview, “We came in late in the process — competing against Splunk and FireEye. HP ArcSight had been there for 10 years. The company wanted the next generation. They had used Splunk — which was proposing an $8 million, eight year contract — but an internal advocate for JASK added us late in the process. We wrapped ourselves around the customer and addressed their transition process. There was a vote of all the people involved and the chief information officer and chief information security officer finally signed off.”

Devo took in a $25 million Series C and says it’s snatching contracts from Splunk

Madrid and Cambridge, Mass.-based Devo, formerly Logtrust, is a cloud-based big data analytics platform. Devo was founded in 2011 by cofounder and CTO Pedro Castillo, launched in 2014, and has raised a total of $60 million — most recently landing a $25 million round in July 2018.

Devo says it’s winning business from Splunk. According to my August 13 interview with CEO (since September 2017) Walter Scott, “We are hot on Splunk’s heels because Splunk tech can’t keep pace with the speed and scale of the data streaming in. We are particularly successful against Splunk when it comes to selling to enterprises with between one and tens of terabytes worth of data — which requires them to enrich, monitor, visualize, analyze, and automate tens of millions events per second.”

Enterprises with this much data to be analyzed — many of which are Devo customers — include “companies in the telecommunications, financial services, retail, and manufacturing sectors, as well as horizontal IT management and security management groups. Customers use Devo for business analytics, IoT analytics, IT operations management, log management, and security analytics,” said Scott.

Devo sees itself targeting a much bigger market than SIEM. As Scott explained, “IDC estimates that only 0.5% of enterprise data is analyzed because it was not profitable to do so with old technology. Devo can analyze this data much more efficiently and we see a $55 billion total addressable market,” said Scott.

Scott said that Devo’s been hiring fast. “We’ve grown from 75 to 125 people in the last year. We have hundreds of customers signing eight figure deals. We license our technology on the basis of terabytes per day — charging 20% of what Splunk does when you take into account people, hardware and licensing fees,” he said.

Devo attracts top developers because they want to work on the hardest problems. And the company is organized by geography and function. “We have operations in Madrid — where our customer Telefonica is based — and Cambridge. We’ve got people in finance, human resources, sales — we are expanding into Europe, marketing, product development, and business development — which handles partnerships and acquisitions,” he said.

If these startups are really winning business from Splunk we’ll know next week whether it shows up in the form of slower revenue growth for their shared rival.

More Data. More Clarity. More Confidence.