Security

The Age of Resilience – Security in 2017

Comment

Image Credits: BeeBright (opens in a new window) / Shutterstock (opens in a new window)

Mahendra Ramsinghani

Contributor

Mahendra Ramsinghani is the founder of Secure Octane Investments, investing in cloud infrastructure and security startups. When he is not investing, he is busy writing blogs and books. His third book “The Resilient Founder” will be released in 2022.

More posts from Mahendra Ramsinghani

Security is one of the few tech sectors that thrives primarily thanks to the cruel intentions of bad actors. White hats and black hats exist symbiotically. Without the criminal element to create demand, CISOs would just hang up their spurs and call it a day.

While the tension between adversaries is a necessary function of the security industry, and spurs innovation, 2016 was an especially brutal year for the good guys.

So let’s begin 2017 with a sense of gratitude, because at least 2016 is behind us and having seen the best that black hats have thrown at our collective networks last year, now is the time for the white hats to respond.

From meddling with elections to the IoT bot DDOS attacks, we experienced pain, but I believe we are entering a golden age of security automation and resilience.

security-trends

Security is still hot

This market is Yuge

Gartner estimates that the security market size will be $120bn by 2020. In my While last year’s predictions for the market were significantly higher ($170 billion vs. $120 billion) the size of the industry is vast. A few unicorns can still range across the market without poking horns into each other’s eyes.

screen-shot-2016-12-30-at-8-19-43-pm

And look at the services portion of the market pie – it’s $55 billion — big getting bigger. If you are a security startup and think it’s all about auto-magical products, think again. Forget that VC mantra of all product and no service — listen to your customer. Managed security service providers are growing at triple digit rates. Even though it’s somewhat annoying, a self-congratulatory pat on the back is necessary here – we called this “need for security services” last year.

The incumbents need help 

All the major security companies – Symantec, Cisco, HP, Juniper – cannot move fast enough. Partnerships and acquisitions are the way.

As of November 2016, Momentum Partners tracked over 120 mergers and acquisitions transactions worth over $17 billion. Symantec acquired Blue Coat for $4.7bn and Lifelock for another $2.3bn. At Bluecoat, Greg Clark and Mike Fey grew by acquisitions.

They are now leading Symantec, so expect more acquisitions. And partnerships. Cisco completed its twelfth security acquisition – Cloudlock – this year. Oracle acquired CASB Palerra and DNS provider Dyn. And HP, Juniper, and Microsoft are likely to get on the prowl soon.

security-vc-2016

VC Investments cross $4bn

In 2016, VC investments crossed $4 billion. At least three venture capital funds are dedicated largely to security – Trident Cyber Security, Allegis Capital and TenEleven Ventures.  When we cut the investment data (sourced from Pitchbook & Momentum Partners) by number of deals done, this market is flattening.

The number and size of later stage investments and rounds continue to grow as do their valuations. For entrepreneurs the message is clear — investors will fund your growth, not your powerpoint slideware. Seed stage valuations are lower, which is good for seed stage investors like me.

screen-shot-2016-12-30-at-8-20-41-pm

But the counterpoint is that I also see a lot of noise, me-toos and junk. Tracking some 1200 companies, these sub-sectors are obviously overheated. Put it differently, over $20bn has been invested in 1700+ security companies since 2010. By any estimates, less than 10% are profitable. And while we have a few Unicorns, we have yet to see meaningful exits.

Category

Capital invested since 2010 ($bn)

Number of companies

Security & Vulnerability Management

4.7

113

Web and App Security

4.6

129

Network Security

4.2

221

Identity & Access

2.4

189

Endpoint Protection

2.3

83

 

May God bless America… and my CISO

Religious overtones aside, it’s time we put the spotlight on the soldiers of the digital age. It will be sometime before we start giving out Congressional medals of honor to CISOs – the silent majority who protect our data every day. In the meantime, take a minute to empathise with their condition.

A typical CISO has to deal with at least twenty five different technology solutions to identify, protect, detect, respond  and remediate their assets. And the range of assets include applications, data, endpoints, networks and identity. Stuart McClure, CEO of Cylance pointed out that the CISOs are often the fall guys when things go wrong. Their role has been relegated to a Chief Apology Officer. The C suite / board needs to understand that a CISO is the soldier on the front lines. They need to be respected, honored and protected, sometimes from their own management hubris. And when they are done with protection, the sales guys never stop.

screen-shot-2016-12-30-at-8-22-26-pm

2017 – The Age of Resilience

As we look at 2017, it’s evident that the CISO has moved from “we will be hacked someday” to “we are already compromised” to “give me that disaster recovery solution NOW.” It doesn’t get any worse. The mindset has moved precipitously towards hot backups in the age of ransomware and DDOS.

This is leading to new opportunities such as splinternet, where new companies will create tightly controlled overlay networks. Networks and security are no longer separate conversations and this trend will create a whole new set of opportunities over the next five years. Notwithstanding the regulatory / data residency laws, the push for a closed network is driven by the fact that security will never keep us 100% safe. So its time to extend the span of control into the traffic.

Other growth trends include the push for automation in the era of talent shortage. The hype of AI has already set in but a lot of remains to be proven.

The 2016 DARPA Cyber Grand Challenge was an epic milestone but its commercial implications are yet to be achieved. With 86% workloads anticipated to move to the cloud by 2020, data center security is rapidly gaining traction. Visibility and orchestration are major themes that are playing out well.

Before Amazon Web Services kills everyone and reigns the world, several startups are optimistic enough to address this market opportunity. As we look at IoT, physical security becomes of paramount importance. Companies like DeDrone (backed by Menlo Ventures) are redefining data center security.

Industrial automation and oil/gas verticals are amidst major overhaul. Tom Le, Executive Director of Cyber, GE Digital Wurldtech remarked that “OT is at least 15 years behind IT, and that gap is only growing wider.” ExxonMobil is working with Lockheed Martin to develop process automation infrastructure. By some estimates is a $40 billion expenditure. Companies like Security Matters (backed by Bosch Ventures) Tempered Networks (backed by Ignition, Rally Capital) Indegy (backed by Aspect Ventures) and Nozomi Networks (backed by GGV) have raised capital in 2016 to solve for “critical infrastructure” security.

Lines and dots interconnecting, conceptual illustration.
Image courtesy of Getty Images.

What must change

As we look at 2017, I hope for three changes:

Security vendor accountability ought to get better. We can no longer operate, as some accuse us to be, as snake oil salesmen. Fear driven tactics never work in the long haul. Shame on us when ransomware ‘vendors’ offer SLAs and we cannot. Shame on us if we cannot “red team” our own security products.

Secondly, design matters. Our products are not for nerds but for noobies. They have just arrived, on their second day in that SOC. They should be able to use your products, integrate it easily without a CISSP / PhD.

Finally, security sales should induce less nausea and more joy. Bob Lord, CISO of Yahoo who has been beset with “got a minute?” sales calls pleads, “Never pitch a transaction. Please.”  So let’s aim to solve problems and win customers for life. That’s better than being slick and winning a deal. Lets empower the frontlines. Because it impacts all of us.

More TechCrunch

Tags

Pinecone, the vector database startup founded by Edo Liberty, the former head of Amazon’s AI Labs, has long been at the forefront of helping businesses augment large language models (LLMs)…

Pinecone launches its serverless vector database out of preview

Young geothermal energy wells can be like budding prodigies, each brimming with potential to outshine their peers. But like people, most decline with age. In California, for example, the amount…

Special mud helps XGS Energy get more power out of geothermal wells

The market play is clear from the outset: The $449 headphones are firmly targeted at an audience that would otherwise be purchasing the Bose QC Ultra or Apple AirPods Max.

Sonos finally made some headphones

Adobe says the feature is up to the task, regardless of how complex of a background the object is set against.

Adobe brings Firefly AI-powered Generative Remove to Lightroom

All cars suffer when the mercury drops, but electric vehicles suffer more than most as heaters draw more power and batteries charge more slowly as the liquid electrolyte inside thickens.…

Porsche invests in battery startup South 8 to boost cold-weather EV performance

Scale AI has raised a $1 billion Series F round from a slew of big-name institutional and corporate investors including Amazon and Meta.

Data-labeling startup Scale AI raises $1B as valuation doubles to $13.8B

The new coalition, Tech Against Scams, will work together to find ways to fight back against the tools used by scammers and to better educate the public against financial scams.

Meta, Match, Coinbase and others team up to fight online fraud and crypto scams

It’s a wrap: European Union lawmakers have given the final approval to set up the bloc’s flagship, risk-based regulations for artificial intelligence.

EU Council gives final nod to set up risk-based regulations for AI

London-based fintech Vitesse has closed a $93 million Series C round of funding led by investment giant KKR.

Vitesse, a payments and treasury management platform for insurers, raises $93M to fuel US expansion

Zen Educate, an online marketplace that connects schools with teachers, has raised $37 million in a Series B round of funding. The raise comes amid a growing teacher shortage crisis…

Zen Educate raises $37M and acquires Aquinas Education as it tries to address the teacher shortage

“When I heard the released demo, I was shocked, angered and in disbelief that Mr. Altman would pursue a voice that sounded so eerily similar to mine.”

Scarlett Johansson says that OpenAI approached her to use her voice

A new self-driving truck — manufactured by Volvo and loaded with autonomous vehicle tech developed by Aurora Innovation — could be on public highways as early as this summer.  The…

Aurora and Volvo unveil self-driving truck designed for a driverless future

The European venture capital firm raised its fourth fund as fund as climate tech “comes of age.”

ETF Partners raises €285M for climate startups that will be effective quickly — not 20 years down the road

Copilot, Microsoft’s brand of generative AI, will soon be far more deeply integrated into the Windows 11 experience.

Microsoft wants to make Windows an AI operating system, launches Copilot+ PCs

Hello and welcome back to TechCrunch Space. For those who haven’t heard, the first crewed launch of Boeing’s Starliner capsule has been pushed back yet again to no earlier than…

TechCrunch Space: Star(side)liner

When I attended Automate in Chicago a few weeks back, multiple people thanked me for TechCrunch’s semi-regular robotics job report. It’s always edifying to get that feedback in person. While…

These 81 robotics companies are hiring

The top vehicle safety regulator in the U.S. has launched a formal probe into an April crash involving the all-electric VinFast VF8 SUV that claimed the lives of a family…

VinFast crash that killed family of four now under federal investigation

When putting a video portal in a public park in the middle of New York City, some inappropriate behavior will likely occur. The Portal, the vision of Lithuanian artist and…

NYC-Dublin real-time video portal reopens with some fixes to prevent inappropriate behavior

Longtime New York-based seed investor, Contour Venture Partners, is making progress on its latest flagship fund after lowering its target. The firm closed on $42 million, raised from 64 backers,…

Contour Venture Partners, an early investor in Datadog and Movable Ink, lowers the target for its fifth fund

Meta’s Oversight Board has now extended its scope to include the company’s newest platform, Instagram Threads, and has begun hearing cases from Threads.

Meta’s Oversight Board takes its first Threads case

The company says it’s refocusing and prioritizing fewer initiatives that will have the biggest impact on customers and add value to the business.

SeekOut, a recruiting startup last valued at $1.2 billion, lays off 30% of its workforce

The U.K.’s self-proclaimed “world-leading” regulations for self-driving cars are now official, after the Automated Vehicles (AV) Act received royal assent — the final rubber stamp any legislation must go through…

UK’s autonomous vehicle legislation becomes law, paving the way for first driverless cars by 2026

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved…

ChatGPT: Everything you need to know about the AI-powered chatbot

SoLo Funds CEO Travis Holoway: “Regulators seem driven by press releases when they should be motivated by true consumer protection and empowering equitable solutions.”

Fintech lender SoLo Funds is being sued again by the government over its lending practices

Hard tech startups generate a lot of buzz, but there’s a growing cohort of companies building digital tools squarely focused on making hard tech development faster, more efficient and —…

Rollup wants to be the hardware engineer’s workhorse

TechCrunch Disrupt 2024 is not just about groundbreaking innovations, insightful panels, and visionary speakers — it’s also about listening to YOU, the audience, and what you feel is top of…

Disrupt Audience Choice vote closes Friday

Google says the new SDK would help Google expand on its core mission of connecting the right audience to the right content at the right time.

Google is launching a new Android feature to drive users back into their installed apps

Jolla has taken the official wraps off the first version of its personal server-based AI assistant in the making. The reborn startup is building a privacy-focused AI device — aka…

Jolla debuts privacy-focused AI hardware

The ChatGPT mobile app’s net revenue first jumped 22% on the day of the GPT-4o launch and continued to grow in the following days.

ChatGPT’s mobile app revenue saw its biggest spike yet following GPT-4o launch

Dating app maker Bumble has acquired Geneva, an online platform built around forming real-world groups and clubs. The company said that the deal is designed to help it expand its…

Bumble buys community building app Geneva to expand further into friendships