There's a lot going on in the data protection and cyber security markets - it can be hard to keep up with all the news. That's where The Competitive Corner's Newsletter comes in, to help curate and distill the most pertinent movers and shakers each month to make your job easier.
There was a lot that went on this month, and to include ALL of it would have made for a very long newsletter so I had to curate the list more than usual. March 2024 had a number of key announcements including the biggest news being #Rubrik filing for IPO. Additional newsmakers include #Cohesity, #Veritas, #Wasabi, and #Veeam. Below you'll find a breakdown of why these news items matter to you, links to the original articles, and related blogs for further research and insights.
March 2024 Competitive Headlines:
(click any headline to jump directly to the analysis)
Veritas updates their Backup Exec solution with some much needed security features
Veeam officially relaunches acquired Cirrus Backup as the new "Veeam Data Cloud"
Cohesity and NVIDIA partner up on the AI front, launches Gaia AI assistant
Rubrik relaunches their acquired Laminar IP as new DSPM-as-a-service offering
Wasabi launches a new "white label" OEM program for partners
Rubrik Files Registration Statement for Proposed Initial Public Offering (IPO)
[Link to Original Article]
Why it Matters?
Yes, technically this is April news, but it's pretty close...
Rubrik had been telling the market they would be filing for IPO in April 2024, and it looks like they actually followed through on that. The company plans to be listed on the NYSE under the "RBRK" ticker symbol, but no initial pricing for the stock has been floated as yet. The filing does give the world the opportunity to more closely scrutinize Rubrik's finances, and thus far it looks pretty interesting. Despite their boasts of 47% growth in revenue (closing $784M ARR in FY24) over the last 8 quarters, their losses have also been growing at over 22% ($354.2M in FY24). Expenses are also insanely high with Sales/Marketing operating expenses of $483M in FY24. So, for every $1 Rubrik makes over $0.75 goes to expenses...that doesn't seem very healthy in the long term.
One other very interesting (if unintentional disclosure) had to do with Microsoft. Rubrik has been shouting about Microsoft's "equity investment" in Rubrik since it was announced back in 2021. Even several IPO bylines read as "Microsoft Backed Rubrik set for IPO", but when you review the actual holdings you don't find Microsoft anywhere. Meaning that the actual Microsoft investment in Rubrik was less than 5%. Doing the math you see Rubrik with $554.3M raised, then Microsoft's less than 5% investment would be under $27M USD....which is really not that much considering Microsoft's size and finances. Maybe Rubrik will chill for a bit on the "Hey Microsoft gave us some money" bit...but I doubt it.
Another fun fact coming out of the Rubrik IPO filing this week was we finally know how much they paid for Laminar as part of their August 2023 acquisition of the Data Security Posture Monitoring (DSPM) company. At the time, they did not disclose the amounts, but the SEC S-1 filing shows that Rubrik paid $105M USD for Laminar ($91M in cash + the rest in stock). Not bad for a company that had raised $67M since their 2020 founding, but still a heck of a lot less than the estimated $200-250M that many had assumed Rubrik had paid.
Regardless, this is a significant moment for the data protection market as Rubrik will be the first IPO in a very long time for the space. It is expected that there will be a correction in terms of market valuations based on how well Rubrik's IPO performs - especially given their current $3.3B valuation compared with others like Commvault who are already publicly traded and have much better finances (expecting $820M+ ARR for FY24 with $0 debt).
You can read Rubrik's full S-1 filing with the SEC here: Rubrik Inc Form S-1
In addition, there's a host of interesting takes already out there on the IPO that are also worth the read like this piece: https://www.mostlymetrics.com/p/rubrik-ipo-s1-breakdown
Veritas Backup Exec Strengthens Ransomware Resilience for SMBs
[Link to Original Article ]
Why it Matters?
Just a reminder that Veritas Backup Exec is not dead, and still releasing updates for their SMB backup product. In this latest release, Veritas (or soon-to-be "Codename: Data Co") Backup Exec has FINALLY introduced some modicum of ransomware detection into the product by way of basic malware detection (powered by Microsoft Defender) for VMware and Hyper-V backups. Another "better late than never" feature added is Role-based Security (RBAC) which is a tablestakes feature for access/authorization and administration.
Veritas Backup Exec is geared for SMBs and will continue on its life as part of the new spinoff company (still unnamed). It will not be a part of the Cohesity acquisition
Veeam Launches "Veeam Data Cloud" to Deliver the Industry's Leading Data Protection and Recovery Services on a Single Cloud Platform
[Link to Original Article]
Why it Matters?
This was an expected move from Veeam and is their rebranding of the Cirrus backup solutions acquired last quarter (October 2023). Cirrus (now Veeam Data Cloud) is an Azure-based solution, built on 2 Veeam products (Veeam Backup for M365 + Veeam Backup for Azure) and currently supports backup of M365, Azure VM, Azure SQL, and Azure Files data. They also recently launched the Veeam Vault immutable cloud air-gap storage solution on the same platform, which also resides in their Cirrus Azure tenant.
Veeam now has a 1st party BaaS solution for customers looking for SaaS simplicity. This still leaves unresolved areas of conflict with Veeam partners as they are technically competing against their own MSP / Veeam Cloud partner community via this offering. Lastly, the Veeam Data Cloud is wholly separate from any of the other Veeam products (no common control plane), so must be managed separately from any other Veeam install/deployment a customer may have.
Cohesity Unlocks Generative AI Capabilities for Customers through New Collaboration and Investment from NVIDIA
[Link to Original Article]
Why it Matters?
On March 18th, Cohesity announced it not only now counted NVIDIA as an investor, but that it would integrate the newly announced NVIDIA NIM microservices into the Cohesity Gaia AI platform. This integration would be done via the NVIDIA AI Enterprise product through which the NIM services are provided. NVIDIA also made mention of Cohesity as a new integrator on stage at their GTC 2024 AI Conference (which Cohesity was quick to use as part of their PR). It should also be noted that both NVIDIA and Snowflake Ventures helped to fund the Veritas transaction - so the joint investment/integration announcement is some clever Cohesity marketing.
Now, there was a significant amount of AI jargon in the Cohesity press release (probably as they are still missing a CMO) so I’ll do my best to explain more about what was actually announced, but let’s start with some definitions:
NVIDIA NIM: A newly announced collection of AI microservices that can run on 24+ different AI models from NVIDIA and its partner ecosystem. These are intended to accelerate software/application development that leverages AI for use cases such as building intelligent cyber security tools, providing deep analytics and inferences from large data lakes, etc.
NVIDIA AI Enterprise: The actual product that you need to integrate with in order to access these microservices
Cohesity Gaia: A recently announced new AI tool from Cohesity that is built on their Turing AI engine. Gaia uses “RAG” (retrieval-augmented generation), which is an AI technique for enhancing the accuracy of gen-AI models via NLP (natural language processing). In short, it allows users to “have a conversation” with Cohesity Gaia to learn more about the data being managed (backup and/or SmartFiles data) vs. having to develop complex queries.
This newly announced integration will enable Cohesity customers to have the NVIDIA AI microservices “talk” to Cohesity Gaia and thus gain access to the Cohesity data for whatever gen-AI related activities they want to run. This obviously has some wider implications in terms of data security, data sovereignty, data governance, and many other topics related to the handling of potentially sensitive data by AI -- especially now that multiple AI models/tools are handing information off to each other. Who is responsible for setting and enforcing the guardrails between what Cohesity and NVIDIA share with each other's tools? There are certainly questions that will need answers before customers charge headfirst into this...
So, as you can see it can be pretty easy to get confused by all the acronyms and “lingo”, and Cohesity isn’t shy about leaning in on the technical terms to make themselves appear to be thought leaders and on the leading edge of the AI movement.
My guess is that Cohesity is aiming to do with AI messaging and focus what Rubrik did with security a few years ago. With that in mind, let's look at Cohesity's other mouthful of an announcement (take a breath before reading)…
Cohesity Introduces the Industry's First Generative AI-Powered Conversational Search Assistant to Help Businesses Transform Secondary Data into Knowledge.
Cohesity has joined the GenAI co-pilot gang with the announcement of their Gaia solution (launched March 15th). The Cohesity PR article itself along with the 3 sentence long headline is HEAVILY laden with AI related jargon (again, maybe they need a CMO?) and it's difficult to really assess if this is a "first" or just a "first-to-be-described in this very specific way" -- my money is on the latter. Gaia is built on the Cohesity Turing engine and appears to offer the same sort of conversational/NLP style of interacting with Cohesity as what Druva, Veeam, Rubrik, Commvault, and others are offering from their AI copilots, though it appears Cohesity is spinning theirs more towards the eDiscovery and audit side of things based on the PR. They aim to make the backup data a sort of Data Lake for the customers to interact with through their Gaia assistant.
In short, this isn't really a unique offering, but it does put Cohesity in the mix as yet another vendor with their own AI tools to help customers get more value from the data being protected by their platform.
Rubrik Delivers Industry's First-of-its-Kind DSPM Everywhere - Securing Data Wherever it Lives
[Link to Original Article]
Why it Matters?
Yet another "industry first"? So many breakthroughs this month indeed! :)
Rubrik acquired Laminar in August 2023 and has now launched those IP capabilities as part of the Rubrik solution suite. In this case, Rubrik has announced the general availability of their new Enterprise Proactive Edition (EPE) which leverages the Laminar technology stack to deliver data security posture management (DSPM) as a service via the Rubrik Security Cloud. While labeling this as an "industry first" the core features are not necessarily unique. Many backup solutions already provide this sort of DSPM for their own environment, infrastructure, and in some cases the clients under their protection. Rubrik EPE appears to be providing just that. Some of the sensitive data features appear to overlap with existing Rubrik SDG features, so it’s unclear if this will replace the old SONAR solution or sit adjacent to that offering.
Rubrik EPE’s DSPM capabilities are critical to combating modern cyberattacks that may use trusted credentials to encrypt, destroy, or steal data. Core capabilities include:
Providing comprehensive visibility across a hybrid environment, from cloud and SaaS to data centers
Monitoring data assets to identify sensitive data, protection levels, and user access policies
Delivering insight into activities taken on those data sets
Discovering misconfigurations for IT and security teams to correct, and thereby reduce inadvertent data exposure
While the technology itself isn’t necessarily “new” or “unique”, it does give Rubrik yet another card to play in their cybersecurity story. They’ve been very good at executing on that playbook.
Wasabi Launches White Label OEM Program for Partners to Brand Their Own Cloud Storage
[Link to Original Article]
Why it Matters?
This is actually a fairly significant piece of news as Wasabi is taking their low-cost storage and now opening it up for other Cloud Storage Providers to OEM and "White Label" Wasabi storage under their brand. CSPs will have the ability to price, package, and brand the Wasabi hot-storage as their own offering. With no ingress or egress fees either, this could become a very popular option for MSPs building and providing managed backup solutions who will need low-cost storage to compete.
Law Firm Sues MSP Over "Black Basta" Ransomware Attack
[Link to Original Article]
Why it Matters?
A great example of the risks and realities MSPs face when running a build-your-own solution or one that sits in the customer attack surface. With the latest Sophos report disclosing that 94% of all attacks specifically target backups (99% for government and media organizations) security for backups is more critical than ever. In this case, a client is suing their MSP for data loss due to a ransomware attack. While Acronis is named in the lawsuit, they are not themselves a plaintiff -- the ransomware gang was able to delete all of the backup data alongside the production copies.
It will be interesting to follow along with the case and see if this sets any new precedents.
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.