Skip to content

It’s been a tough year, especially for tech and cybersecurity companies. There have been massive layoffs at Meta (Facebook), Twitter and Amazon, as well as a number of high-profile startups such as Lacework and Cybereason. Despite challenging economic and market conditions, companies like CyberArk continue to grow and thrive.

Strong performance

In early November, CyberArk shared its quarterly performance results for the third quarter, and they were impressive, especially considering the layoffs and layoffs at other tech companies.

Subscription revenue for the third quarter of 2022 was $74.2 million, an increase of 110% compared to the third quarter of 2021. CyberArk also had a strong quarter in terms of growing its customer base, adding about 230 new customers.

CyberArk’s annual recurring revenue (ARR) grew 49% year-over-year to more than half a billion ($512 million). Of that figure, $301 million came from subscription revenue, up 117 percent from 2021, and $211 million from service revenue, a modest increase from last year.

“The strong demand for our identity security platform focused on intelligent privilege control continues to drive our growth and demonstrates the longevity of demand for our solutions,” CyberArk President and CEO Udi Mokady said in a CyberArk press release. “Digital transformation, the adoption of Zero Trust strategies and an expanding threat landscape are pushing identity security to the top of CISOs’ priority lists.”

To highlight the powerful performance and momentum, CyberArk is recognized as the leader in the new release 2022 Gartner® Magic Quadrant™ for Access Management. CyberArk was also recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Privileged Access Management, making it the only company to be recognized as a Leader in both reports.

Identity security is very important

What drives CyberArk’s success is that identity is the very foundation of cybersecurity, and identity security is getting a lot of attention. Threat actors have a diverse array of tools and tactics at their disposal, but where the rubber meets the road identity is almost always involved in some way. An organization that can maintain identity hygiene and identity security can significantly reduce its open attack surface and improve its overall security posture.

Having an accurate inventory of the accounts that have privileged access and being able to prevent unauthorized access to that identity is essential to effective protection. Attacks such as the Colonial Pipeline attack in the summer of 2021 and the Uber attack in September of this year used compromised VPN accounts to gain initial access.

Uber recently hit the headlines again with its second breach in as many months. According to a report by Dark Reading, “Uber has suffered another high-profile data breach that has exposed sensitive employee and company data. This time, the attackers breached the company by compromising an Amazon Web Services (AWS) cloud server used by a third party that provides asset management and tracking services to Uber.

Overcoming MFA fatigue

I spoke with Mokady about CyberArk’s momentum. We talked about the increased relevance and importance of identity security, as well as some of the challenges such as MFA fatigue.

Many organizations, perhaps most, have adopted some form of two-factor or multi-factor authentication as a way to improve identity security. However, just as security analysts are sometimes overwhelmed by alerts, MFA fatigue is also becoming a problem. As many devices, apps and services require additional authentication, some users tend to just click without thinking, and threat actors are aware of this behavior and are starting to take advantage of it.

Mokadi explained. “We want to have processes where you don’t just create to-do lists, you prioritize based on the greatest amount of risk and the least time reduction. Customers love it because they get a lot of buzz from a lot of places.”

He also shared. “There’s going to be a constant movement of attackers trying to get through the front door, and we have to assume they can succeed. That’s why it’s important to have that alleged infringement mindset and defense in depth.”

The way forward

As we head into 2023, identity security will continue to play a central role in protecting against attacks.

Mokady noted rising geopolitical tensions around the world and warned that CyberArk sees an increased threat from those conditions. “There is no country that feels isolated from itself. There is no vertical that feels isolated from itself.”

He also emphasized that ransomware attacks will continue to be a primary threat.

The threat landscape will continue to expand and threat actors will continue to adapt and evolve, but Mokady believes CyberArk is ready for the challenge. “We believe we will be able to minimize the risk and impact for customers.”



Leave a Reply

Your email address will not be published. Required fields are marked *