Endpoint Security , Governance & Risk Management , Internet of Things Security
Armis Secures $200M to Drive M&A and Federal Market Growth
Series D Funding on $4.2B Valuation to Support OT, Medical Device Security GrowthA cyber exposure management upstart raised $200 million on a $4.2 billion valuation to expand its product portfolio, pursue acquisition opportunities and expedite market penetration.
See Also: Protect your Converging IT/OT Landscape with NTT DATA and Fortinet
San Francisco-based Armis said Series D funding will fulfill market demand around operational technology and medical device security and establish a robust foundation for an eventual IPO, according to co-founder and CEO Yevgeny Dibrov. Armis will use the money to innovate and scale its vulnerability management capabilities, go-to-market initiatives and government-focused offerings, Dibrov said.
"The market is huge where we're building this cyber exposure management platform, and we want to continue to run fast and push even more the go-to-market," Dibrov told Information Security Media Group.
Armis was founded in 2015, employs nearly 700 people, and in November 2021 closed a $300 million Series C funding round led by One Equity Partners at a $3.4 billion valuation. That means Armis boosted its valuation by nearly 25% over the past three years despite the economic downturn. The company has been led since inception by Dibrov, who previously oversaw global business development for Adallom. Asset management is the company foundational product, and over the years it's added capabilities around operational technology and internet of things security, medical device security, vulnerability management and threat intelligence (see: Armis CEO on Fueling Cyber Risk Management with Acquisitions).
OT, Medical Device Security Take Center Stage for Armis
The company's Series D round was led by General Catalyst and Alkeon Capital, who Dibrov praised for involvement in securing new deals and client relationships as well as their history in supporting companies through IPO. Armis has worked to optimize its growth efficiency and SaaS magic number so that the company can take advantage of favorable initial public offering conditions when they arise.
"They have great experience of scaling companies, and I love having more great people around the table that I can learn from and can also then support the board during business," Dibrov said. "They were already providing great, great results on pushing us in a variety of deals."
When it comes to M&A, Dibrov said Armis seeks companies with cultural alignment, technical expertise and strong product differentiation. He views acquisitions as a way to expand Armis’ capabilities in areas demanded by clients, especially where in-house development takes too long. Armis made two deals this year, buying prioritization and remediation firm Silk Security for $150 million and honeypot maker CTCI (see: Armis Buys Cyber Remediation Startup Silk Security for $150M).
"The product has to be very much differentiated, very much innovative, and also having great success versus competition," Dibrov said. "You can sometimes have an older company with more revenue. But we have the machine. We want to have an amazing product, something that will be like a killer crop in every situation where we go to market."
Dibrov said Armis has a strong foothold in OT and medical device security, with a significant number of clients across sectors like manufacturing, healthcare and critical infrastructure. These sectors face high demand due to the critical nature of their operations, and Dibrov said Armis' established reputation positions the company well to take on unique risks in highly regulated environments.
"Imagine protecting your factory, manufacturing environment, distribution center, retail store, your airport, your port, your grid," Dibrov said. "When it goes down, there's no business. I can't saturate the need there. And in all these environments, this is a board-level conversation and board-level need. And still, there is much more to do."
Getting a Bigger Footprint With the Federal Government
There's a significant customer need for both streamlined vulnerability management across diverse systems as well as addressing associated needs around prioritization and remediation, according to Dibrov. He said the company plans to do more around application security and build on the developer relationships Armis inherited through its acquisition of Silk.
"Prioritization is a big part right now of vulnerability management teams. The, 'Okay, I have so many vulnerabilities. What do I tackle first? And how do I repeat?'" Dibrov said. "This is a huge area. This is something that people needed yesterday. People needed it across the board. It wasn't enough to do it just on the on-prem IP, but they wanted it across the cloud, across code and like, in one central place."
Dibrov said some of the new funding will support Armis’ go-to-market strategy, especially in federal, state, and local government sectors, as well as new markets where Armis is seeing early traction. The company has made structural investments in R&D and product teams specifically to address government requirements, achieving certifications like FedRAMP and working on higher DoD compliance levels.
"We'd like to put more gas into that engine," Dibrov said. "We have several territories around the world where we've seen some really good results, and definitely are going to expand."
Armis' close relationship with customers drives the company's product innovation, he said, ensuring it meets real-time needs and delivers targeted solutions. Dibrov said he frequently communicates directly with customers to gather feedback, which he said drives product development and acquisition decisions to ensure Armis meets its customers’ evolving requirements.
"If you look at my phone, the last 100 texts could be customers, and I speak to at least five, six customers every day," Dibrov said. "It's really about getting more money into the company to continue and support them in their journey. We are here for the very long run, and we are here also to align to their needs, and either build what they need to build or potentially acquire what they need."