Cybersecurity Hindsight And A Look Ahead At 2015

Editor’s note: Yoav Leitersdorf and Ofer Schreiber are partners at YL Ventures, which invests early in cybersecurity, cloud computing, big data and Software-as-a-Service software companies.

This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony.

Nobody was safe in 2014. In addition to large retailers, media companies and financial institutions, technology companies like eBay and Snapchat were hacked, too, and so were government organizations and healthcare institutions. Also this year, massive Internet infrastructure vulnerabilities were discovered, including Shellshock, Heartbleed and POODLE.

Of course, these publicized events are only a fraction of the overall exposure to losses emanating from cyber incidents, which in 2014 we estimate to be well into the hundreds of billions of dollars. Hence, many firms have dramatically increased their cybersecurity budgets for 2015, and we project that these budget allocations will continue to rise.

Here are five of the most prominent cybersecurity market trends that we believe will define the sector next year:

The Rise of Automated Incident Response

Today, enterprises must not only detect and prevent potential threats; they must also be prepared to react quickly when breaches occur. Enterprises like Target are successfully being sued by banks for failing to act on security alerts. Incident Response solutions counter the aftermath of a breach, allowing businesses to limit damages and reduce recovery time.

Intrusion Detection/Prevention Systems (“IDS/IPS”) strengthen the organization’s security posture, however highly targeted attacks do penetrate eventually. Determined hackers find their way into the network, despite the various IDS/IPS systems that generate an increasing number of alerts for the security operations team to handle. It is now only a matter of time – how long before a breach is reacted upon and remediated?

One of the clear lessons from Target’s attack is that the traditional Incident Response process, which is mostly based on manual processes, is broken. Reducing the time from detection to remediation could dramatically minimize an attack’s damage.

That’s where Automated Incident Response solutions come in – they don’t leave alerts unhandled, and can react instantly (much faster than humans) when bad scenarios unfold. Enterprises, with their limited human resources, face escalating liabilities for failing to adequately respond to detected threats. Expect chief information security officers (“CISOs”) to turn to Automated Incident Response solutions in 2015.

Cloud Security Becomes a Shared Responsibility

Enterprise IT departments are generally behind in keeping the cloud secure, heavily relying on security features provided by cloud vendors. Most of the SaaS vendors in particular don’t have security as first priority, and so they fail to provide sufficient data governance, control and compliance. In 2014, many CIOs and CISOs have realized that maintaining enterprise-grade security in cloud application usage is a shared responsibility, and we expect that in 2015 they will act on that.

A new crop of startups provides deeper visibility into cloud usage, unique threat analysis and proactive enforcement of cloud application security policies. These startups enable employees to enjoy all of the cloud’s advantages securely. There are so many great cloud applications out there, and CIOs desire to be business enablers rather than blockers. That’s what makes this sector so exciting. Expect CIOs and CISOs to allocate meaningful budgets to it in 2015.

Advanced Persistent Threats Surge

In 2015, cybersecurity departments should be particularly careful about advanced persistent threats (APTs). These attacks are stealthy as they target a specific entity and secretly penetrate the network over weeks or months, waiting for the right moment to make their move and exfiltrate valuable data from the enterprise. Credit card numbers will still be valuable to hackers throughout 2015 because the deadline for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards is not until October 2015, and we foresee this deadline being extended.

To carry out APTs, custom malicious code gets installed on one or multiple hosts to perform specific tasks while remaining undetected for the longest possible time. Sometimes these attacks are financially driven; in other cases, government or corporate-sponsored hackers are after intellectual property. In the long run, APTs can sever national security and economic stability of nations.

According to the Ponemon Institute, the average cost of a data breach in 2014 was $3.5 million, while Target optimistically projected more than $148 million in damages. Accurate detection is the necessary first step toward threat remediation. There are various methods to detect an ongoing cyber attack, and we feel that the ones that are focused on the late stages of the cyber kill chain, post-infection, will be the most interesting in the near future.

“Cloud-first” detection solutions that leverage multiple sources of threat intelligence (for example: botnet interception + log analysis + sandboxing) and are easy for enterprises to deploy will be the most successful in 2015.

Cybersecurity Vendors Become Frenemies

The constant formation of new cyber-threat categories results in the nonstop introduction of startups that are working on new solutions. Managing multiple point solutions is nontrivial for CISOs. For example, there are various vendors that detect malware in the enterprise network, in the data center, on employees’ PCs and mobile devices. Some of these are signature-based, others use machine-learning algorithms, and some use big-data analytics. Buyers find themselves perplexed with the plethora of offerings.

Rather than manage all of these processes separately, CISOs prefer to deploy comprehensive solutions that integrate well with one other, and create a synergetic security posture. This past year we noticed increasing security vendor collaboration. For example, Fortinet, McAfee, Palo Alto Networks, and Symantec founded the Cyber Threat Alliance. Check Point created an alliance with several threat intelligence vendors to merge their feeds. Increased collaboration among cybersecurity vendors is key to helping CISOs fight cybercrime more effectively, and this trend will accelerate in 2015.

Mergers & Acquisitions on the Rise

Now more than ever, most cybersecurity innovation is carried out by small teams working within startups. The large vendors are always on the lookout to acquire new products to complement their existing portfolios, fully realizing that customers seek comprehensive (rather than point) solutions.

Two of the most notable acquisitions in 2014 were FireEye’s purchase of Mandiant and Palo Alto Networks acquiring Cyvera. Generally this past year, large security vendors acquired companies with capabilities outside of their core business, with intention to expand their offerings and gain competitive advantage. Thus, now FireEye offers professional services powered by Mandiant, complementing its core detection products, and Palo Alto Networks released TRAPS, an endpoint protection product powered by Cyvera, complementing its Next-Generation Firewall.

We project an active M&A scene in cybersecurity in 2015. Expect to see large vendors acquiring more high-tech startups to strengthen their core competencies and rapidly expand their offering.

The Venture Capitalist’s Perspective

In 2014, most mid-to-large enterprises experienced a sharp increase in cyber-attacks, both in breadth and sophistication. Awareness for potential damages is high at boards of directors and management teams of the Fortune 1000. Gartner estimates that the global cybersecurity market will grow from $67 billion in 2013 to $93 billion in 2017.

According to CB Insights, in 2013 venture capital firms invested an all-time record of $1.4 billion in 239 cybersecurity companies. During just the first six months of 2014, cybersecurity investments already totaled $894 million. We expect this upward trend to continue in 2015, as demand for innovation in this category stays high.

We are ever more enthusiastic about the cybersecurity sector. Enterprises require advanced solutions to combat ever-more-sophisticated adversaries. Incumbent security vendors need new bleeding-edge technology. The venture capital industry is eager to back the entrepreneurs that can deliver outstanding solutions in 2015 and beyond.