Swimlane raised $70 million in a growth funding round aimed at expanding its security automation products. Pictured: A visitor photographs a symbol of a cloud at the CeBIT 2012 technology trade fair on March 5, 2012, in Hanover, Germany. (Photo by Sean Gallup/Getty Images)

Swimlane on Wednesday announced a $70 million growth funding round that aims to expand the company’s global partner network and expand market opportunities for its security automation products in all the major geographic regions.

SC Media’s sister publication MSSP Alert reported that the funding represents a shift in Swimlane’s approach from a SOAR provider to that of a low-code security automation platform company. This new round comes about 17 months after Swimlane raised $40 million in January 2021.

The company’s current valuation was not disclosed.

Automation has become a must-have technology for security operations, evident from the Biden’s administration’s executive orders, an ongoing talent shortage, and an ever-increasing amount of threat telemetry.

Swimlane recently launched Swimlane Turbine as a low-code automation solution that aims to capture hard-to-reach telemetry and expands actionability beyond closed extended detection and response (XDR) ecosystems. The product seeks to unify security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifies business value.

Jon Oltsik, senior principal analyst and an ESG Fellow, explained that early SOAR technology helped automate common and basic tasks, but didn’t go as far or as wide as necessary. Oltsik said Swimlane Turbine has been designed for scale, with the ability to combine multiple data sources into end-to-end processes. 

“Swimlane also brings ease-of-use to process automation with its low-code functionality,” Oltsik said. “In this way, individual security professionals can take advantage of their own unique process automation needs. Finally, Turbine aims to bridge security and IT operations. This is essential as IT operations teams really own the care and feeding of network and cloud-based assets.”

Frank Dickson, who covers security and trust products at IDC, said the fact that Swimlane has announced funding is quite notable in this environment. Dickson said the reality of the present capital markets is that equity funding has become scarce and hard to come by.

“We have seen high growth security start-ups laying people off, not because they cannot grow, but because they need to get as close to cash flow neutral growth as fast as possible,” Dickson said. “A tight capital market is changing strategy. Accomplishing a $70 million growth funding round in the current environment is impressive.”

Christopher Kissel, a research vice president for security and trust products at IDC, added that the importance of low-code, no-code cannot be understated. “Security and IT practitioners do not have the time to be Python experts,” Kissel said.

Kissel said what's really notable today is Swimlane's attempt to “more or less" go it alone as a non-affiliated SOAR provider. While Kissel said there’s still a standalone SOAR market, somewhere around 85% of that market share now consists of big security companies which bought SOAR providers that both used the SOAR technologies to enrich its platforms and offer discrete SOAR services.

Examples: Before rebranding, Kissel said the notables are Palo Alto Networks (purchased/integrated Demisto to form Cortex XSOAR, Splunk (Phantom), Rapid7 (Komand), and IBM (Resilient). Kissel said it’s also worth noting that MicroFocus purchased ATAR two years ago with the express purpose of augmenting its security automation capabilities fundamentally for ArcSight.