The Cyber Security Landscape: An OurCrowd Briefing for Investors

3,369 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,369
On SlideShare
0
From Embeds
0
Number of Embeds
465
Actions
Shares
0
Downloads
206
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

The Cyber Security Landscape: An OurCrowd Briefing for Investors

  1. 1. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 1 The Cyber Security Landscape An OurCrowd Briefing Ron Moritz 27 May 2014
  2. 2. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Your hosts 2 Zack Miller Head of investor community @OurCrowd Ron Moritz Advisor, consultant and OurCrowd mentor
  3. 3. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. OurCrowd’s portfolio 3 Cyber Security companies in our portfolio
  4. 4. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. What is Cyber Security? § Cyber security – the evolution of a name - EDP controls à IT audit à IT security à computer security à network security à OT security à cyber security - Practices, tools and concepts dealing with CIA § CIA: confidentiality, integrity, and availability of information § But also CIA of systems, network communications, operations - Terminology and solutions often derived from defense industry § Cyber security includes offensive capabilities - The use of IT to respond to threats by attacking adversaries § Why spray RAID to kill what you see when you can spread ant honey that is carried back to the nest and destroys the colony? - Historically government domain, emerging enterprise capability § The dog in the night that has not yet barked? - Often likened to insurance, today compared to braking systems that enable high-performance cars to go faster 4
  5. 5. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Security Cycles & Investor Appetite: Generations of Cyber Security § Before the Web: early viruses, LANs, PCs, floppy disks -  Limited access, isolated networks, slow propagation of threat § 1993: Mosaic and the rise of the commercial Internet (FUD 1.0) -  First generation of program code travelling across the ‘net § 2000: dot-com bubble burst (double-digit sec spend as % of IT) -  Most IT spend slowed but Internet on-ramp required cyber security § 2002: inflection point (FUD 1.5) -  Global technology companies proclaim commitment to security (MSFT, CSCO, CA) § 2005: consumer Internet distraction -  Web 2.0, the rise of social media, industrial disintermediation, $50K startups § 2008: global economic crash -  No appetite for enterprise infrastructure solutions (IT budget squeeze) § 2011: media focus on all things cyber (FUD 2.0) -  Plus emerging pressure from mobile personal device (smartphone) market § 2013: Snowden and the fragility of the Internet (anti-FUD?) -  Risk becomes real, NSA disclosure become personal, Target breach impacts CxOs 5
  6. 6. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Two Real Cyber Security Drivers § Governments and corporations are under attack - Cyber hack problem is no longer simply a nuisance § litigation and criminal complaints based on weak systems of control and the lack of reasonable cyber security strategy - Snowden was sensational but NSA snooping was personal § validated and went beyond what experts thought was possible - 05/2014 DoJ China nation-state industrial espionage disclosure § aggressive government-sponsored electronic espionage against corporations (and other governments) § Direct impact on executive officer careers - Convergence of risk following Target, Niemen Marcus, and other well publicized breaches (impact broad, shockwaves resonate) - IT budgets again being freed-up for the development of new products, services which require strengthening of digital defenses 6
  7. 7. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Businesses Under Fire § Organizations are exposed more than ever - Increasing number and variety of threats and risks - New attacks - targeted and purposeful § Hackers are stealing around $250B/year in IP - NSA Director, Gen. Keith Alexander, calls these attacks "the greatest wealth transfer in history" § Significant YoY increases in cyber attacks - DHS reported a 68% increase in cyber attacks in 2012 at federal agencies, government partners, and against critical infrastructure - Symantec reported attacks on companies rose 42% in 2012 § U.S. government is increasing spending in cyber security (despite cuts elsewhere) 7
  8. 8. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Macro Cyber Security Topics § Cloud Computing: Data Center Security Redefined -  Distributed Control, Ownership of Data Assets § Advanced Persistent Threats (Network & End-Point) -  Detect and Contain Sophisticated and Targeted Attacks -  Intelligence Dissemination and Threat Remediation § Mobility and Device Security -  Secure Mobile Applications, Consumerization (BYOD) § Risk Management -  Regulatory, Integrity, Compliance, Business Continuity, Social Media § Identity & Access Management -  Authentication, Authorization, Access Control § Verticalization: Security with a Sector / Industry Focus -  No longer one-size-fits all: industries (govt., healthcare, finserv, energy & utilities, oil & gas, manufacturing, education) are demanding solutions more attune with their unique challenges 8
  9. 9. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Gartner Nexus of Forces § Pervasive Access - mobile § Global Delivery - cloud § Big Context - information § Extreme Behavior - social 9 A tsunami of change rocking the IT world (David Cowen, Bessemer)
  10. 10. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Cyber Security Trends (1 of 3) § Enhanced use of encryption - more careful attention to the maintenance and proper configuration of existing encryption systems § Increased scrutiny of internal data use - behavioral analytic technologies to monitor users within the company as well as end users accessing company apps - increasing alerts (situational awareness) around suspicious behavior that accompanies theft or attack with malware § Resistance to cloud technology - huge rewards for companies and end users in terms of efficiency and access to both information and applications - offset by security liabilities that accompany cloud technology and create a drag on the speed of adoption (cybersec ≈ car brakes) 10
  11. 11. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Cyber Security Trends (2 of 3) § Risk assessment and software analysis - front-line (but back-office) defenses such as screening software for vulnerabilities, keeping software up-to-date (patched) to avoid known weaknesses, improved exercising of software - better engineering due to secure coding standards and practices § More destructive attacks - real damage to computer systems and stored data from targeted attacks launched by political and cause-focused hacktivist groups § Rising levels of smartphone malware - more security efforts directed to mobile platforms and biz apps § Phishing and hacking of individual users - access to account credentials while avoiding sophisticated enterprise security measures (people are the weakest link) 11
  12. 12. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Cyber Security Trends (3 of 3) § More sophisticated malware - better encryption of and more sophisticated malicious code allow attackers to evade virus detection and removal tools (AV dead?) § Active defense (honeypots and other traps) - to convince hackers that they are in their target area, when they’ve actually been diverted and trapped in a shell where they can be easily identified and in some cases, retaliated against § Threat follow up (MSSP ≈ Associated Press model) - requires manpower organizations don’t have so active monitoring and maintenance by MSSPs and external forensics experts § Fast response (security and threat intelligence)* - fraud tools and intelligence platforms to investigate, track and analyze events post-facto with near real-time clarity (e-forensics) and to make actionable information available to IT staff 12 *Security and threat intelligence is like teen sex …
  13. 13. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Money Follows Problems: A Concentration of Risk § New threat vectors once again an obstacle to Internet-fueled growth plans (mobile and cloud) - So cash is being thrown at possible solutions § Security is in the conversation at the board level - 80% of G2K reporting cyber security preparations to the board § Gartner estimates 39% increase in security spend: - From $67B (in 2013) to $93B (in 2017) § Makes cyber security ripe for the harvest - The 8.7% annual growth rate is compelling metric for investors § Cyberattack news onslaught is making a difference - VCs move quickly to fund startups that could solve problems discussed in cyberattack headlines 13
  14. 14. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Money Follows Problems: A Cyber Security Boom? § The cyber security market is in a renaissance -  Estimated global investment in private cyber security companies: §  2011 cybersecurity funding was up 94% over 2010 §  2012 funding was estimated to have been $1.0B §  In 2013, ~$1.5B was invested in ~240 cyber security startups § No end in sight -  Likely in anticipation of a deal-making boom: §  The average valuation for each VC round raised in 2013 rose by 41% over 2012 to $31.5 million §  In comparison, the increase between 2011 and 2012 was 26% § Caveat emptor -  Are we in or approaching a cyber security bubble? §  Because cyber security private company valuations more than doubled in past two years, there is an uneasy feeling. §  Demands exceptional diligence and the art of the long view 14
  15. 15. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Money Follows Problems: New Exit Opportunities § Mergers and Acquisitions (M&A) -  23 cyber security M&A deals in 2013, 9 in Q1 2014, 8 in Q2 2014 §  Cisco ß NDS, ProofPoint ß Amortize Technologies, Blue Coat ß Solera Networks, Cisco ß Sourcefire ($2.7B or ~10x annual revenue), IBM ß Trusteer ($800M or ~10x annual revenue), Fireeye ß Mandiant ($1B) -  Average cyber security enterprise value / revenue multiple of 9.9x §  Impressive but will always be dwarfed by consumer internet and social media deals since cyber security growth and risk are lower § Initial Public Offering (IPO) -  Palo Alto Networks, Imperva, Qualys, Baracuda, FireEye (hot $300M IPO in September 2013 with $5B market cap today), Varonis, Cyber- Ark (in process) § Private Equity Carve-Outs and Roll-Ups -  $200M Insight (PE) bet on Airwatch (2013) followed by $1.5B VMWare acquisition (2014) 15
  16. 16. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Money Follows Problems: A Fragmented Market § No dominant leader -  There is no single enterprise with a large enough share of the market to be able to influence the industry’s direction §  Symantec and McAfee, the two biggest players in the industry, are followers and not leaders; they have been unable to influence -  An acquisitive growth strategy that will position one company to dominate the industry, like Cisco in the 1990s, remains a possibility § The increasing variety of threats … -  Requires rapid innovation and short development cycles §  a challenge for bigcos and an opportunity for nimble startups who can carve out a market niche via unique products and services § Coddling via cyber-security focused initiatives -  Mach37 Cybersecurity Accelerator (Virginia) -  JVP National Cybersecurity Incubator (BGU, Beer Sheva) -  Cisco Israel Cybersecurity Incubator (John Chambers, May 2013) -  Lockheed Martin and GE cyber security R&D centers in Israel 16
  17. 17. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. On Cyber Security M&As § Multiples are at all-time high -  Big players must buy revenue growth through acquisitions -  M&A activity will remain high (energize brands, buy mkt. share) § Money pouring in but a VC pull-back is possible -  Not likely in the near term but probable as value plays dry up -  Great “A” tech but limited execution capability in “B” teams § IPO option open but consolidation will continue -  Hackers thwart legacy solutions forcing innovation acquisitions -  With limited growth-stage funding available, M&A activity jumps § M&A drivers -  Integrated software suite leaders in need of innovation -  Evolving platforms such as software-defined data centers -  Online (cloud) service providers creating new security challenges -  Non-traditional acquirers (outside or adjacent spaces or eco-system) 17
  18. 18. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Expertise Counts: Finding the Winners § Domain expertise is key (for investors and buyers) -  Does the team have deep backgrounds in the sector? -  Do they understand how customers bought software in the past? -  Do they know how they are buying now (the buying cycle)? -  Do they understand how and what channels work? -  Do they grasp the intricacies of and how pricing models work? -  Do they know how to listen to customers and prioritize features? § Does the team really know its vertical market? -  How many people really understand healthcare and cloud technology and how to roll that out? -  Do they understand their position in and are they attuned to nuances of and know how to leverage their eco-system? -  What do they know about their target customer and buyer and how to access them? -  Do they really understand and value their competitors and do they have a legitimate “break-out” plan? 18
  19. 19. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Pre-Submitted Questions § What was the process to funding regarding traction of an idea and or product? -  Entrepreneur team commitment and full engagement: is this an “A” team? -  Pitch review (new venture business plan outline): is this an “A” opportunity? -  Initial meetings (phone, face-to-face) and vetting of team: can they execute? -  Term sheet enables deep-dive (technical due diligence): is the solution real? -  Customer (or prospect) and independent expert validation: is the market real? -  Finally, is this something that can be explained clearly and is it exciting? § How were the first customers captured? -  Street-fighting: Typically entrepreneurs leverage personal networks to secure initial meetings and lock-in a sponsor or champion § What level of funding are they raising and what is the use of funds? -  If they’ve validated the solution and market and secured early adopters then funds are typically for sales and marketing in the United States and $3M is the recommended minimum gunpowder (above and beyond cost of maintaining existing operations) -  If they’ve not yet validated then $250K to $500K will typically allow them to develop early prototypes, secure development partners, and validate some basic assumptions (first milestone) 19
  20. 20. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Ron’s Radar § Encryption – it is time yet? -  Secure communication – the need is not universal but timing is relevant: Silent Circle (Zimmerman’s PGP reboot)*, Wikr (message self-destruction), Threema (encrypted What’s App) -  Protecting the data inside the cloud and in transit – security, policy carried w/data (Vaultive, Porticor, Covertix) § Cloud-based security services – enabling the cloud -  Easier to deploy, cheaper to manage, code is always up-to-date -  Correlation of data from multiple incidents (SumoLogic, CTCH) -  Web site security and acceleration (Fireblade) § Threat intelligence – needle in the haystack -  Cylance, ThreatMetrix and Seculert are examples § Fraud-prevention – sensor-supported policies -  Transaction decisions based on more than user ID and password like geo-location input (XYVerify) and continuous authentication of users throughout transaction session (BioCatch) -  Device fingerprinting/reputation and big-data analysis (Iovation) 20 *Just raised $30M to develop a “blackphone”
  21. 21. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Big Data will Revolutionize the Future of Cyber Security § Big data offers intelligence-driven models -  Analytics will play key role in detecting crime, security infractions § Big data analytics à Bigger threat map = TMI -  Enables enterprises to combine and correlate external and internal information to better assess threats to them and their industry § Data analysis evolution enables advances in predictive capabilities and real-time decision automation -  Moving closer to precognition (science imitates art: “Minority Report”) -  Gartner claims that by 2016, more than 25% of global firms will adopt big data analytics for at least one security and fraud detection use case (such as detection of advanced threats, insider threats and account takeover) up from current 8% § Big data will change most of the product categories in the field of computer security (but we’re in the early days) -  Impact on all existing solutions (conventional firewalls, anti-malware, data loss prevention, network monitoring, authentication and authorization of users, identity management, fraud detection, systems of governance, risk and compliance, etc.) -  Disruption creates all sorts of opportunities for emerging tech companies -  Result is ongoing industry fragmentation, no dominant market share leader 21
  22. 22. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. “Character is much easier kept than recovered” § Security still a knee-jerk reaction to an attack - Spend not correlated to revenue (or direct expense reduction) - BYOD as an example § IT infra security still a one-time, ad hoc effort - But more security is now embedded within daily operations § Security as a broad collection of technologies - Still not an inherent, proactive and continual aspect of governance § Cybersecurity never gets solved - Like an antibiotic-resistant bacteria: attackers adapt to defenses and render them obsolete (David Cowen, Bessemer) 22 Thomas Paine, US patriot & political philosopher (1737 - 1809)
  23. 23. The Cyber Security Landscape An OurCrowd Briefing Ron Moritz Managing Director, MTC Venture Consulting +972 72 272 4450 +1 650 618 9560 Ron@Moritz.US @RonMoritz http://www.il.linkedin.com/in/ronmoritz/
  24. 24. Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Questions about OurCrowd 24 Any Questions? For feedback or more information: Zack@ourcrowd.com https://www.ourcrowd.com/

×