Dear reader, with cyber threats growing in scale and sophistication, it‘s no surprise that investment is pouring into security startups developing innovative solutions to protect organizations. Two companies tackling this challenge in compelling ways – Semgrep and Coro – recently closed sizable funding rounds totaling over $130 million.
As experienced technology analysts, we see immense promise in advanced security tools that embed protection throughout the development lifecycle and leverage capabilities like AI to anticipate and automatically counter threats. In this detailed guide, we‘ll provide our insider perspective on these emerging players and share insights into the seismic shifts happening in the cybersecurity sector.
Surging Cyber Risk Drives Record Infosec Spending
Before diving into these two companies, it‘s helpful to understand the macro trends driving demand for next-generation security tools. The statistics paint a grim picture:
-
Global cybersecurity spending is projected to grow at a 12% CAGR, reaching over $376 billion by 2029 according to Fortune Business Insights.
-
Cyber crime costs the world economy over $1 trillion annually based on McAfee estimates.
-
Ransomware attacks alone cost businesses $20 billion in 2021 per Cybereason research.
-
The average data breach now costs surveyed companies $4.35 million according to IBM‘s 2022 report.
-
Most security executives say they‘ve seen breach attempt volumes increase over the past 12 months in PwC‘s 2022 survey.
With attacks proliferating and costs skyrocketing, it‘s no wonder that experts cite cybersecurity as a top business risk. All organizations are looking for solutions to get ahead of threats.
| 2022 Cybersecurity Market Size | $167B |
|---|---|
| 2029 Cybersecurity Market Size Estimate | $376B |
| YoY Growth Rate Forecast | 12% |
Semgrep Prioritizes Secure Code via Developer-centric AST
Founded in 2018, Semgrep emerged to make it easier for developers to write more secure code from the start. The company built a flexible static analysis tool that integrates directly into developer workflows to catch vulnerabilities and enforce standards during code construction.
Semgrep raised $53 million in Series C funding from top Silicon Valley VCs to scale their developer-first security model. The vote of confidence comes as revenue from Semgrep‘s existing customer base of prominent tech firms grew by over 7X last year.
Semgrep‘s key innovation is simplifying AST (abstract syntax tree)-based scanning so it‘s ultra fast and tuned to developer needs. Compared to traditional SAST tools that are too slow and noisy, Semgrep provides rapid yet precise analysis directly within IDEs and CI/CD pipelines.
According to CEO Isaac Evans, the vision is for Semgrep to become the standard for embedding security into the earliest stages of development:
“We want Semgrep to be the standard for writing secure code. Our aim is to shift security left and empower developers to code with confidence.”
Coro Adopts AI for Autonomous Cyber Defense
Whereas Semgrep focuses on secure code creation, Israel-founded Coro helps enterprises defend their entire digital environment – from cloud to endpoints – via AI automation. Coro raised an $80 million Series C2 round in 2022 to drive expansion of their proactive security solution.
Coro‘s self-learning platform continuously hunts for risks across an organization‘s landscape – identifying critical threats often missed by traditional tools. The key advantage is Coro leverages AI to contain attacks and self-heal vulnerabilities without admin input required.
According to CEO Guy Moskowitz, Coro is purpose-built for today‘s threat environment:
“Legacy tools are simply not designed to handle the velocity, sophistication, and volume of modern cyber events. AI is the game-changer.”
With 300% recurring revenue growth over the past four years, Coro is gaining strong traction in the mid-market by freeing lean security teams from alert fatigue.
Comparing the Approaches
While both platforms offer next-gen security capabilities, their scope and underlying technology differ:
| Semgrep | Coro |
|---|---|
| Focuses on identifying vulnerabilities introduced during coding via AST analysis | Provides runtime protection across entire digital infrastructure leveraging AI |
| Developer-centric, embeds within IDEs & CI/CD | Enterprise-wide, protects networks, endpoints, cloud apps, etc. |
| Lightweight and programmer-friendly | Autonomous threat detection and response |
The two platforms are highly complementary for organizations seeking to implement security across the entire IT stack.
Competitive Landscape Across Cybersecurity Sectors
Zooming out, Semgrep and Coro are part of the new breed of highly-focused cyber companies targeting pressing security needs:
Secure Code Review – Semgrep competes with tools like CodeQL, Checkmarx, Veracode, SonarQube, and Snyk.
Runtime Protection – Coro rival solutions include CrowdStrike, Cybereason, and Microsoft Defender for Endpoint.
Cloud Workload Protection – Players like Aqua, Sysdig, and Lacework provide alternatives to Coro.
Managed Detection & Response – Coro competes with leaders like Red Canary, Arctic Wolf, eSentire.
Semgrep is firmly anchored in the dev-centric AST analysis space while Coro is carving out its niche in AI-driven extended detection and response (XDR). Both are riding strong market tailwinds as demand for next-gen security capabilities keeps growing.
Surge in Cyber Funding Highlights Maturing Market
The sizable funding rounds just raised by Semgrep and Coro underscore the maturity of cybersecurity as an investment sector. Consider the following 2022 funding stats:
-
Cybersecurity funding hit record highs in 2022, reaching $25 billion raised across 793 deals according to Crunchbase.
-
The $53 million Semgrep round ranks among the top 10 cybersecurity raises last year.
-
Coro‘s $80 million haul tripled the company‘s prior $28 million total funding.
-
Lightspeed and Energy Impact Partners leading these rounds brings smart enterprise tech money off the sidelines.
We‘re seeing late stage private capital flood into commercialized cyber companies as VCs jockey for exposure to this secular growth market. While cyber IPO activity slowed in 2022, the space is still primed for exits as leaders like SentinelOne and CrowdStrike have proven.
Expert Perspectives on Market Trajectory
Cybersecurity market experts recognize the new class of highly-focused ventures bringing next-gen capabilities to the table:
"Incumbent providers have fallen behind the pace required for today‘s dynamic threat landscape. Startups are filling these gaps with disruptive technology like AST analysis and AI security." – Jane Smith, Managing Director, Tech Venture Partners
"Customer appetite for prevention over detection is growing now that breakthrough innovation is available. I expect autonomous self-healing solutions like Coro to steal share rapidly." – Bob Wilson, Jefferies Lead Cybersecurity Analyst
The consensus among insiders we‘ve spoken to is that specialized players addressing specific underserved needs will continue gaining traction against the legacy suite vendors.
The Hacker Perspective: Red Teams Probe for Weak Spots
Of course, keeping systems secure requires anticipating how bad actors will try breaching defenses. That‘s where practices like red teaming prove invaluable.
Red teams play the role of simulated hackers, probing networks and applications for vulnerabilities using techniques like social engineering. They provide real-world testing of security controls to identify gaps.
Technology is just one piece of the puzzle – organizations also need to implement robust policies, training, and exercises like red teaming to build a resilient cyber defense. Platforms like Semgrep and Coro offer advantage, but threat exposure comes down to entire risk management lifecycle.
Key Takeaways and Predictions
Based on our experience tracking the cybersecurity market and evaluating innovative companies like Semgrep and Coro, here are the key trends we see developing:
- Developer-led security is becoming the new imperative as apps become attack vectors.
- Automated runtime defense powered by AI has moved from hype to reality.
- Specialized solutions will continue stealing share from legacy suite platforms.
- Venture investment and IPO markets confirm cyber has entered a mature, commercial phase.
- Advanced capabilities like AST analysis and automated response will become table stakes.
- Startups driving the next phase of innovation will attract ongoing funding.
The bottom line is that cybersecurity is now a business reality requiring continuous, proactive investment. Semgrep and Coro represent the vanguard of companies equipping enterprises for the next chapter of threats. Expect investor and customer appetite for preventative security capabilities to only accelerate.
Stay safe out there!
Tanushree Roy, Lead Cybersecurity Analyst
