With the significant increase in high-profile data breaches and security threats in the last couple of years, most recently the high-profile attacks on Anthem and Sony, cybersecurity is now a persistent business risk for all kinds of enterprises and it can no longer be ignored.
The recent series of sophisticated attacks is an indication that traditional defense mechanisms, typically siloed in nature, are inadequate. Hackers using advanced persistent threats (APT) to breach into a company’s secure environment require enterprises to take multipronged approach to defend their high-value targets.
The majority of the cybersecurity solutions that are currently in the market either provide single-point defense mechanisms for known types of cyber attacks or require armies of skilled security analysts who can build complex models to detect, recognize and remediate a sophisticated attack. The Anthem cyber attack in which the hackers stole personal information of more 80 million current and former policyholders illustrates that even enterprises, which follow stringent cybersecurity standards, as mandated by government, are vulnerable to advanced cyber attacks. The increased focus and attention presents challenges to the businesses which need sophisticated defense mechanisms, and opportunities to the startups that are developing advanced cybersecurity solutions.
Implications for Businesses
Just as the enterprises upgrade their infrastructure to the latest technologies, the cyber hackers continue to evolve and develop new attacking mechanisms and strategies to penetrate even the most secure infrastructure. Defending against these kinds of attacks can be a challenge to even the most sophisticated security teams since these kinds of attacks constantly change and the hackers keep constantly improving their attack strategies. Accordingly, as the threats and the attackers become more advanced, they will have implications on the businesses.
Traditional anti-virus software industry will see transformation: The security teams of large and medium-sized enterprises will demand more than the traditional anti-virus solutions from the vendors since these are no longer efficient in case of advanced persistent threats. Accordingly, we can expect the anti-virus and malware solution vendors to provide more innovative solutions to cater the needs of enterprise customers which demand better defense for sophisticated attacks. The market for anti-virus software for personal use, however, most probably will not be impacted.
Threat intelligence will remain an evolving area: The concept of threat intelligence is still vague for many enterprises and there isn’t a clear definition as to what constitutes a threat intelligence platform or a threat intelligence solution. As a result, we can expect many vendors, including those without any sophisticated threat intelligence platform to repackage their products as threat intelligence solutions. Businesses would need to pay closer attention to their internal security needs and compare the solutions available in the market. FireEye, one of the leading cybersecurity solution providers, splits the threat intelligence market into three categories:
Tactical intelligence – the IOCs (Indicators of Compromise) for minute-by-minute response
Operational intelligence – the knowledge required to understand the latest threat (daily brief of threat strategies and patterns)
Strategic intelligence – the understanding of broader implications of threat actor changes which guides where the defense dollars should be spent
Enterprises when choosing threat intelligence solutions will need to understand the use cases and choose the solutions that best fit their needs. A thorough security and risk analysis can help identify the security gaps in the infrastructure and provide the right solutions that fits the needs of the organization.
Context becomes more relevant: There is no lack of data that is constantly being generated through the thousands of devices and the alert/monitoring solutions deployed in an organization’s infrastructure. In fact, the Target attack wasn’t the result of lack of alerts from the FireEye system which promptly identified the malware and sent security alerts to the security operations center. However, without proper context and expertise to connect the dots, it becomes impossible to spot and stop a sophisticated attack. Having the right context and tradecraft will therefore become extremely important in spotting an advanced persistent threat, and solutions which can provide such context will become successful in the market place.
According to Pitchbook, approximately $7.7 billion has been invested in the cybersecurity related startups over the past five years including investments by high-profile VCs such as KPCB, Andreessen Horowitz, Sequoia capital, Intel capital and Bessemer ventures. Collectively, over $2.5 billion has gone into the cybersecurity space in 2014 alone marking it the most active year for cybersecurity deals in the recent years.
Some of the most recent investments in this space include a $40 million Series C round in Ionic Security funded by Kleiner Perkins and Google Ventures, a $30 million Series C round in iSight Partners funded by Bessemer Ventures, a $22 million Series B round in ThreatStream funded by Google Ventures and a $30 million Series D round in AlienVault funded by Andreessen Horowitz and T-Ventures.
Besides, given the surge in cyber attacks on enterprises, corporates are not only investing in their internal cybersecurity efforts, but have also started investing in cybersecurity startups. Intel capital leads the pack of corporate ventures investing in cybersecurity, followed by Google ventures, Qualcomm and Juniper.
The exit activity in the cybersecurity, similar to the funding activity, has been very active over the past two years. The majority of the exits have been primarily through M&A, as network and cloud solution providers have been most active in order to expand and secure their product offerings. Only 4% of the exits have been through IPO. FireEye, Barracuda Networks and MobileIron are most prominent IPOs in 2013 and 2014. Following are some of the notable cybersecurity acquisitions in the past 15 months:
• Cisco’s acquisition of SourceFire for $2.7 billion (Oct 2013)
• FireEye’s acquisition of Mandiant for $1.05 billion (Jan 2014)
• VMware’s acquisition of AirWatch for $1.54 bilion (Feb 2014)
• Akamai’s acquisition of Prolexic solutions for $370 million (Feb 2014)
• PaloAlto’s acquisition of Cyvera for $200 million (Apr 2014)
• Veritas Capital’s acquisition of BeyondTrust for $310 million (Sep 2014)
• BAE Systems’ acquisition of SilverSky for $235 million (Dec 2014)
Ted Schlein, a general partner at Kleiner Perkins, indicates that a massive shift is currently taking place within the cybersecurity universe. According to him, there are two types of companies: those that know they’ve been breached, and those that haven’t figured it out yet. David Cowan, a partner at Bessemer Venture Partner who focuses on security investments, calls it is a pattern which points to a systemic collapse of security infrastructure underlying corporate networks, and suggests that a seismic shift is needed for enterprises’ approach to security.
As we look forward to 2015, many companies, both large and small, will realize the importance of cybersecurity and the potential damage it can cause to their businesses. We can expect to see companies allocating more budget dollars specifically toward cybersecurity which presents great opportunity for the startup ecosystem in this space. We can also expect to see an increased M&A activity as players in this such as Intel, Cisco, Palo Alto and Symantec will try to solidify and expand their market leadership.
David Cowan, Bessemer Ventures: “The Failure of Cyber Security and the Startups Who Will Save Us” Jan 2015
PWC: “Managing cyber risks in an interconnected world” Sep 2014
Deloitte: “Transforming cybersecurity- New approaches for an evolving threat landscape” Nov 2014
FireEye: “Gazing into Cybersecurity Future” 2014
Data sources: CB Insights, Pitchbook