Cybersecurity | Risk. Impact. Innovations.

Vertex Perspectives
Cybersecurity | Risk. Impact. Innovations.

Cybersecurity
Growing Interest
Web searches for “cybersecurity” is observed to be growing over time and across region
Source: Google Trends - in which location the term “cybersecurity” was most popular.
Interest by region
2010 2018
VS
Darker shade of blue indicates higher web searches

Cybersecurity
Growing Interest
Cybersecurity is an increasingly important agenda item for Boards and the C-suite
Source: CB Insights, Cyber defenders 2019
Number of “cybersecurity” mentions in earning calls

INTRODUCTION
The frequency and impact of cyber attacks have
escalated cybersecurity to the top of Board agendas.
Institutions are no longer asking if they are vulnerable
to cyber attacks. Instead, focus has shifted to how the
attack might be executed, the attendant risks and
impact. Critically important - their organisational
readiness and resilience to such threats.
Cybersecurity’s ranking in WEF global risk report has
risen over the years:
• 2010: Not in Top 5
• 2014: 5th
• 2018: 3rd
In this cybersecurity series, we review
• What: Observations of current cybersecurity trends
• How: Cyber attacks and the evolution of cybersecurity
• Who: Vertex portfolio companies and their solutions
• Where: Emergent trends in cybersecurity
With the convergence of the digital and physical worlds, rising
adoption of AI, and the growth in cloud (and edge) solutions,
institutions will increasing require a unified approach to
manage cybersecurity risks – one that incorporates disruptive,
internal and external perspectives.
With Best Regards,
Vertex Partnership Group

OUTLINE
WHAT | Current Observations
HOW | Cybersecurity Evolution
WHO | Vertex Cybersecurity Startups
WHERE | Looking Ahead

Cybersecurity startup boom
Proliferation of cybersecurity startups specialising in different niches. Highest concentrations observed in the US followed by the UK and Israel
Source: Bessemer Venture Partners 2015 | CB Insights Cyber defenders 2019

Rising VC funding in cybersecurity
Increasing investments poured into the cybersecurity space from 2014 – 2018 with record high of first-time investors observed in 2018.
115 new corporations/ corporate VCs that had never previously invested in a cybersecurity company did so
Source: CB Insights, Cyber defenders 2019
Amount of funding (USD M)
Number of deals

Cybersecurity at a glance
Source: Breach level index | WEF, Global risks report 2018 | Citi, TMT content sunday, AI powered cybersecurity | CNBC, 4T in tech spending in 2019 here’s where the money is going
No industry is immune to data breaches Cost is high and rising
USD 125B
Aggregate 2019 cybersecurity spend forecasted by Gartner
-
USD 8T
Projected cost of cybercrime to businesses over next 5 years
-
USD 35B…
Projected market size for AI-powered cybersecurity solutions
growing at 31% CAGR mainly driven by increased global spending
944
Total number of incidents
(H1 2018)
Others includes: professional services, non-profit etc.

Increase in frequency & impact of cyber attacks over time
Source: ARN, Top 10 most notorious cyber attacks history | WEF, What would a cyberwar look like | Business Insider, Ukraine cyberattack | Get safe online, 5 notable examples of APT attacks | BBC, Massive cyberattack discovered | Technology Review,
America is blaming North Korea for the Wannacry ransomware attack | Reuters, Bangladesh Bank official’s computer hacked to carry out USD 81M heist

1. Convergence of cyber & physical security
Convergence of cyber-physical security has been mainly facilitated by IP-enablement of “physical” devices
• IMS research estimates approximately 22B devices overall will be internet connected by 2020
• 49% of respondents of an EIU study – the meaning of security in the 21st century – say that they consider risks to security of physical assets an
“above average concern”
Notable cyberattacks on critical infrastructure include:
Source: Security Magazine, The unstoppable convergence between physical and cybersecurity | EIU, The meaning of security in the 21st century | Security Ledger, Hacker charged in breach of New
York dam | Data Center Dynamics, DDoS attack knocks out Finnish heating | Satellite Today | The Star, Metrolinx targeted by north Korean cyberattack
Rye Brook Dam | US | 2013
It was reported that a cellular modem connected to the New York dam could have provided an entry point for hackers. They had adequate
access to manipulate the sluice gate which was manually disconnected for maintenance. While there was no damage done this time,
significant information about the system was compromised.
Lappeenranta Heating Systems | Finland | 2017
A Distributed Denial of Service (DDoS) attack caused the systems to be overloaded with traffic sending it into an endless cycle of
rebooting the main control circuit in a bid to reconnect. This left residents to face sub-zero temperatures without central heating and cold
showers from late October to early November.
Metrolinx Transit Agency | Canada | 2018
Metrolinx reported that it was the target of a cyber attack originating in North Korea. It managed to block the attack before severe damage
was inflicted. With the increase in reports of attacks and malicious disruptions on rail globally, the threat from (state-sponsored) hackers
on critical infrastructure has never been greater.

2. From manual to automated attacks
In a world of IoT and 5G, intelligent machines will be increasingly required to “write” programs for automated cyber attacks. Techniques like advanced
machine learning, deep learning and neural networks enable computers to find, interpret patterns can also be used to exploit vulnerabilities and
customize attacks
• By 2020, it is expected that ~10% of cyberattacks will be initiated by AI-driven machines
• Former Palo Alto Network’s CEO, Mark McLaughlin, “it’s conceivable that the adversary won’t be using humans, it will just be machines utilizing AI”
Case Study | Ukraine Power Grid Strike
20% of the nation’s capital, Kiev, plunged into darkness. More than 230,000 residents as well as operators themselves were left stumbling in the dark for about an hour
Source: Tech Wire Asia | AFR special report, Palo Alto Network warns automated cyber attacks are on way | MIT Technology Review, A hack used to plunge Ukraine into darkness could still do way
more damage | Wired, Crash Override malware | Wired, Inside cunning unprecedented hack
2015 2016
Entry
Malware infected systems, gaining backdoor access to Ukrainian
utilities network via phishing campaign sent to workers Thereafter,
hackers manually switched off the power
Fully automated malware programmed to “speak” directly to grid
equipment, sending commands to turn the flow of power - on and off
Attack
Approximately 20 people targeted attacks on 3 regional energy
companies. Hackers only breached corporate networks initially. Over
many months, they mapped networks and accessed controllers
where accounts are managed. They used harvested user credentials
to log in to the SCADA network
“It’s far more scalable” with the Crash override” malware - executing
blackout attacks more quickly, with far less preparation and fewer
human agents - 20 attackers could now target 15 sites or more
Implications
Nothing about this attack looks like it’s singular.
“Crash Override” automatically maps out control systems and locating target equipment.
It also records network logs that can be sent back to inform operators know how controls systems function over time.

3. From on-premise to cloud-based systems
Cloud technology is increasingly embraced by organisations, yet traditional security tools remain limited for the cloud.
Companies recognize benefits from increased efficiency, scalability and cost savings by adopting cloud computing
• Based on IDG 2018 Cloud Computing Survey, 9 out of 10 companies will have some part of their applications of infrastructure in the cloud by 2019 with the rest by 2021
Yet, effective cybersecurity solutions in the cloud have been relatively slow to follow
• 84% of organisations say that traditional security solutions do not work or have limited functionality in cloud environments
Data breaches are a key security risk when operating in the cloud. Examples include:
Source: Palo Alto Networks, 2018 Cloud security report | CNN, Equifax breach security hole | Cipher Cloud, 143M identities stolen 1 lesson to learn | Quartz | Meta Compliance, 5 examples of security
breaches in 2018 | Threatpost, Airbus data takes flight and billions of credentials umped on dark web | ZDNet, security firm identifies hacker behind collection 1 leak as collection 2-5 become public
Flaw in tool, Apache Struts,
designed to build web applications (2017)
Hackers used the flaw to access the system and
data behind the application which was left
unencrypted.
Nearly half of US population - 143M consumer
records were breached. Hackers had access to
personal information including name, social
security numbers, birth dates, drivers licenses and
addresses.
Vulnerability in a code for “View as” feature (2018)
Announced that hackers exploited this vulnerability
to attack its computer network.
The attack exposed personal data of over 50M users.
Attackers were able to steal ‘access token’ which
could be used to take over users’ accounts and gain
access to other services and third party apps
connected to Facebook.
The Irish data protection commission opened a
formal investigation which could result in a fine of up
to USD 1.63B for the social media giant.
Collections #2-5 (2019)
A fresh compilation of ~2.2B stolen account records
acquired via previous compromises is being traded
on the Dark Web.
Discovered by researchers at the Hasso Plattner
Institution in Potsdam, Germany who estimate that
this tranche of data contains three times as many
unique records as collection #1.
As more companies are getting hacked, the value
of individual leaks become smaller. Data sellers are
merging leaked data to continue making profits.

Overview
Source: The Security Magazine, The unstoppable convergence between physical and cybersecurity | Palo Alto Networks, What is automated cybersecurity |Palo Alto Networks, 2018 cloud security report
Cyber-physical convergence
Organisations are increasingly recognizing that
the network enablement of devices or “things”
require an integrated cyber-physical approach
to ensure system-wide security and safety.
Automated solutions
To successfully protect against automated
attacks, there may be a need to pit AI with AI.
With AI, cyber attacks could become more
powerful, but so will cyber defense.
Protection in the cloud
Cybersecurity professionals have ranked access
control followed by encryption to be the main
methods to protect data in the cloud.
As workloads increasingly shift to the cloud,
solutions offering such cybersecurity protection
are expected to grow in importance.

Argus
Source: Argus | VPN Mentor, Interview with Argus CEO Ofer Ben Noon
Anti-hacking solution for automotive and
aviation cybersecurity
https://argus-sec.com/
Industry Challenges: According to a Gartner report, there will be >250M
connected vehicles on the road by 2020. The more cars and aircrafts are
connected, the more vulnerable they are to cyber attacks
Product/Solution: Protect mission critical systems from being hacked while
enabling advanced connectivity
• Automotive – Built on the innovation of 40 granted and pending automotive
patents, its solution suite offers comprehensive, modular and multi-layered
protection from car hacking. It defends infotainment units, detects attacks in
in-vehicle network, reinforces select electronic control units such as brakes
and future proofs fleet with insights on new attacks and trend through data
analytics with overview on an intuitive dashboard
• Aviation – Helps commercial aviation companies prevent, understand and
respond to cyberattacks through defending cabin’s Wi-Fi/ IFE systems from
attacks, reinforce avionic components, detecting attacks on in-flight network
security and enable fleet managers to monitor and analyse cyber health of
their connected aircraft
Industries Served: Automotive and Aviation
Acquired by Continental in 2017

Axonius
Source: Axonius
Industry Challenges: Asset management is the most fundamental requirement
security teams need to enhance security operations amidst expanding threats
they face daily. A security team’s job is already difficult enough, yet they’re still
spending time trying to figure out what assets and devices actually exist on their
networks and if they adhere to their company’s security policies
Product/Solution: Axonius is the only cybersecurity asset management platform
providing actionable visibility and security policy enforcement for all assets and
users by aggregating existing business data from 100+ management and
security solutions
• Agentless, deploys in minutes
• Provides a comprehensive asset inventory for managed and unmanaged
assets, cloud or on-premise
• Discovers coverage gaps through simple queries
• Validates and enforces security policies letting customers automate actions
Industries Served: Not industry specific – serves any enterprise requiring full
asset inventory security policy validation and enforcement
Cybersecurity asset management platform
to see and secure all
https://www.axonius.com/

Cylus
Source: Cylus
Industry Challenges: As railway systems grow more digital, connected, and
wireless-based, they become vulnerable to new cyber threats which cannot be
handled well by existing security measures
Product/Solution: CylusOneTM is the first-to-market cybersecurity solution that
meets the unique needs of the rail industry. Its software-based solution provides
unprecedented visibility into the signaling and control networks – trackside and
onboard – instantly detecting malicious activities. Alerts are supplemented with
actionable insights, facilitating fast and effective response. Its patent pending
technology is application to all modes of rail transportation, mainline and urban,
modern and legacy technologies
• Non-intrusive, software-based solution
• Detect threats distinctive to rail (rail-specific protocols and applications)
• Support new & legacy technologies
• Integrates with rail data sources
• Rail-specific user interface
• Monitors network as a whole
• Vendor-agnostic
• Seamless deployment
Industries Served: Rail and Metro companies
Railway cybersecurity
https://cylus.com/

D-fend
Source: D-fend
Counter drone solutions for urban environments
https://www.d-fendsolutions.com/
Industry Challenges: The popularity of drones has been growing rapidly. While
most drones are used for legitimate purposes, some are used irresponsibly or
with malicious intent. Traditional counter-drone technologies are typically not
suited for urban environments or airports due to the risk of collateral damage,
communication interference and intrinsic disturbance to daily functions
Product/Solution: EnforceAirTM is autonomous end-to-end system that takes
over communication links of rogue commercial drone and lands them safely in a
designated zone
Modular capabilities include detect & alert, locate & track, identification,
forensics, fend off, take control & land. Technology is differentiated
• Non-jamming: uses software-defined-radio (SDR) system which co-exists
with wireless and GPS signals
• Non-kinetic: no collateral damage
• No line of sight: suitable in dense urban environment
• Selective: discriminate between friend and foe
Industries Served: Airports, Prisons, Military, National Security Agencies, Safe
City, Media Providers & Sporting Events, Critical Infrastructure & Utilities,
Corporate Security

Indegy
Source: Indegy
https://www.indegy.com/
Visibility & control for industrial cybersecurity
Industry Challenges: Industrial Control Systems (ICS) are no longer isolated, static
systems. They are connected to the enterprise and are subject to the same security
risks that threaten downtime from malware, attacks, insider threats, human error,
and failed system maintenance
Product/Solution: The Indegy Industrial Cybersecurity Suite can be deployed as a
network or virtual appliance. The agent-less solution offers comprehensive security
tools and reports for IT security personnel and OT engineers. The Indegy Suite
delivers crystal clear situational awareness across all sites and their respective OT
assets - from Windows servers to PLC backplanes - in a single pane of glass including
• Full asset discovery and automated asset inventory
• Configuration control and risk assessment
• Audit trail of all engineering activities taking place in ICS environments
• Real‐time threat detection that triggers alerts about suspicious activities,
undesired asset configuration, unauthorized access or deviations from
compliance requirements
• Backup and recovery support
• Reports and integration with third‐party solutions
Industries Served: Power & Utilities, Automotive, Pharmaceutical, Oil & Gas,
Transportation & Logistics, Food & Beverage, Building Management Systems

Cymulate
Source: Cymulate
Automated breach and attack simulation
that makes security simple
Industry Challenges: It has become too complicated to check how exposed you
are to cyber threats as every day brings new threats to avoid, new technologies
to learn and new skills to acquire. Pen-testing and other alternatives may result
in outdated reports that are no longer relevant
Product/Solution: Cymulate helps understand your cyber posture in minutes.
When activated, it deploys thousands of attacks across all vectors, simulating
countless threat your company may encounter. It also provides clear
instructions on how to remediate each and every problem
The shared vision is to make it easy for anyone to protect their company with
the highest level of security. Stop speculating, start simulating
• Remote test of the entire infrastructure
• Mitigate attacks before they happen
• Comprehensive assessment
• Immediate results
• Optimise investment in cybersecurity
Industries Served: Not industry specific – trusted by hundreds of companies
worldwide, from small businesses to large enterprises including leadings banks
and financial services
https://www.cymulate.com/

LightCyber
Source: Palo Alto Networks, Bringing award winning automated behavioural analytics to the palo alto networks next-generation security platform | HelpNet Security, Cyber attack lifecycle steps
1First stage in cyber attack where potential target that satisfy the mission of the attackers is identified
2After connection is established to the internal network, they seek to compromise additional systems and user accounts
Industry Challenges: Targeted attackers find ways to compromise systems and
infiltrate networks. To stay under the radar, they often avoid using malware or
known exploits. Instead, they conduct reconnaissance1 and lateral movement2 to
understand the network, find location of sensitive assets and expand their realm
of control
Product/Solution: Integrated into the Palo Alto Networks® next generation
security platform, LightCyber extends ability of the platform to mitigate
unknown threats and prevent a compromise across the attack lifecycle
Technology is differentiated as the LightCyber approach focuses on network and
endpoint traffic to drive its primary analysis
• Unsupervised machine learning to prevent unknown threats
• Broad inputs (network, user, endpoint) to maximise detection accuracy
• Mitigation across entire lifecycle of attack
• Integrated remediation capabilities by blocking users, compromised devices
or disabling accounts through the click of a button
Industries Served: Successfully deployed by top-tier companies in Finance,
Healthcare, Legal, Telecommunication, Media and Technology sectors
Acquired by Palo Alto Networks in 2017
https://www.paloaltonetworks.com/
Automated behavioural analytics
to detect and prevent attacks in the network

PerimeterX
Source: PerimeterX
Industry Challenges: Rising volume of bot traffic on the web, coming from web,
mobile and API endpoints is resulting in a number of threats including account
abuse, marketing fraud, web scraping, credit card fraud and checkout abuse
Product/Solution: PerimeterX Bot Defender, bot protection-as-a-service,
safeguards web, mobile and APIs from automated bot attacks through a
scalable, out-of-band solution easily integrated into your existing infrastructure.
It expands behaviour based detection by learning in real-time what behaviour
looks like and incorporates this into predictive security intelligence, protecting
websites from the latest generation of automatic attacks that do not trigger
security mechanisms
Technology differentiated
• Behaviour-based analytics: Leverages artificial intelligence and machine
learning to detect anomalies in user behaviour including login dialogs, typing
cadence and web surfing patterns
• Fully compatible: API integrates seamlessly with existing infrastructure
including cloud services and any content delivery network
Industries Served: Rapidly growing list of customers especially in E-commerce,
Travel & hospitality, Media and Enterprise SaaS
Next-generation bot defense
https://www.perimeterx.com/

CyberArk
Source: CyberArk | 1Forrester | 2Mandiant
Industry Challenges: The most disruptive attacks center on controlling an
organisation’s most valued assets with privileged access. Privileged
accounts, credentials and secrets deliver an unobstructed pathway to critical
on-premises and cloud-based infrastructure and applications. 80% of
security breaches involve privileged credentials1. 3 days after initial access,
attackers can obtain domain-level admin credentials2
Product/Solution: CyberArk’s Privileged Account Security Solution provides
a multi-layered security solution that includes privileged password
management, session recording, least privilege enforcement and privileged
data analytics to help organisations defend against advanced persistent
threats and insider threats
• Credential protection and management
• Session isolation and monitoring
• Threat detection and response
• Rapid, simple deployment and management
• Superior user experience
Industries Served: Financial services, Manufacturing, Telecommunications,
Energy, IT services
Privileged access security
https://www.cyberark.com/
IPO on the NASDAQ in 2014
Privileged Accounts – “Keys to the IT Kingdom”
Key features: detect, monitor, alert and respond to privileged access across cloud resources

Meta Networks
Source: Meta Networks
Industry Challenges: The way we work has changed – we used to sit in
offices, using on-premise apps on private networks. Now, we are working
from everywhere and our applications are migrating to the cloud. The remote
access VPN is now one of the most critical components of network security,
but it is not designed to meet the operational or security challenges that we
face today
Product/Solution: A compelling alternative to traditional VPNs, Meta
Networks’ Software-Defined Perimeter platform provides
• Zero-trust access to applications in the data center and the cloud
• Always-on security for any user, location or device
• Identity-based central policy management, granular security
• Rapid, simple deployment and management
• Superior user experience
Industries Served: Not industry specific – work with channel partners and
technology partners including AWS, Talari Networks, and Cyren
Meta Network-as-a-Service (NaaS) –
Software defined perimeterhttps://www.metanetworks.com/
Acquired by Proofpoint in 2019

Very Good Security
Source: Very Good Security
Industry Challenges: Achieving data security (e.g. collection, processing,
storage) and compliance requirements could constrain a company’s time to
get to market safely and quickly
Product/Solution: Very Good Security (VGS) eliminates the need for
companies to hold sensitive data by decoupling and insulating systems and
applications from sensitive data. The turnkey SaaS platform offers companies
the fastest and simplest way to achieve PCI and other compliances. VGS can
be integrated in minutes and involves no code changes.
• VGS provides a secure data vault that sits in the cloud for enterprises to
offload their sensitive information
• VGS intercepts data and creates aliases which the enterprise receives
• The enterprise sends aliases to 3rd party
• VGS reveals the data to the 3rd party
Industries Served: Key ones include card issuers, bill payments, personal
finance, identity verification and vacation rentals
Interact with sensitive & regulated data
without the liability of possessing it
https://www.verygoodsecurity.com/
Example: Identity Verification
With VGS
Without VGS

Software to hardware
Source: Intel, Shifting from software to hardware for network security | PW World, Intel divests McAfee | Computer Weekly, Intel set up new group to focus on hardware security | Brookings Institute,
Ensuring hardware cybersecurity | Forbes, Meltdown Spectre vulnerabilities leave millions open to cyber attack | CSO online, spectre and meltdown explained | CS Hub, Cybersecurity demands deeper look
at hardware issues
Traditional model of software protecting software cannot keep up with
advancing security threats. In 2018, variants of vulnerabilities that affects nearly
every computer chip manufactured in the past 20 years was discovered:
It involves a malicious program gaining unauthorized access to data by
exploiting techniques to speed up computer chips.
For a less technical explanation…
Spectre: like a mind trick where you make someone else give you
money; this happens so quickly that they do not realize
Meltdown: like a pickpocket who grabs the money very quickly
In response, every major player in the industry – e.g. Intel, Microsoft, Google,
Apple – have released patches and critical updates. However, software can be
Hence, the way to mitigate these threats have gone beyond relying on patches
and software updates
replaced
updated
downloaded from the internet
altered
As a result, we observe increasing prioritization of hardware security and
hardware becoming the new frontline of the cybersecurity battle:
Evident by large chip makers foray into hardware security
Case Study:
[1] Product Assurance & Security Group: set up to focus on hardware security in
the wake of discoveries that its chips have design flaws
[2] Acquisition (2010) and divestment (2017) of McAfee: Initial intention to
embed McAfee’s technology at the chip level to add layers of security to
hardware and components
[3] Acquisition of Altera: offer hardware security plus the upgradability
advantages of software through Field Programmable Gate Array (FPGA) system
on a chip products which Altera makes
Replacing the entire industry with secure hardware solutions is not necessarily
the right answer considering cost and loss of agility in development. Hardware is
likely to work with software to provide better assurance

Centralisation to decentralisation
Source: Deloitte, Blockchain & cybersecurity point of view | Microsoft, Advancing blockchain cybersecurity | Blockchain Council, The future of cybersecurity blockchain technology
1Family of technologies that employs a shared database architecture to maintain multiple copies of an auditable, up-to-date decentralized ledger of transactions or data
Blockchain is a specific type of Distributed Ledger Technology (DLT)1 used to create and maintain a shared system of record and platform for tracking transactions or
other data through ordered “blocks” that are “chained” together via cryptographic hash function.
Key features of blockchain technology which can be leveraged to enhance cybersecurity
Features of Blockchain Impact on Cybersecurity
Distributed Architecture
Participants (“nodes”) maintain a copy of the ledger on
their systems and as more data is added, nodes receive
identical copies of the updated ledger
Operational resilience
There is no single point of failure; if a node is taken down, organisations can make
that node redundant and operate as usual via other nodes in the network. It also
allows for affected nodes to recover quickly by obtaining copies of the ledger held
by other nodes.
Data Encryption
Encryption is used at several points in the network (i)
participants access rights managed by public/ private
encryption keys (ii) data within a block and (iii) blocks of
data protected and linked via cryptographic hashes
Advanced confidentiality
Multilayered protections increase difficulty of attack. Encryption used in
conjunction with Public Key Infrastructure (PKI) provides greater security control as
keys published on a blockchain leaves no scope for false key generation or identity
theft compared to PKI that rely on third party to issue, revoke or store key pairs.
Consensus mechanism
Various models of rules which establish procedures for
validating integrity of new blocks of data before they are
added to the ledger (e.g. proof-of-work, proof-of-stake).
Data integrity
Transparency achieved with every participant having to validate new additions to
ledger makes it more challenging for hackers to place malware covertly. Every data/
transaction added is digitally signed and timestamped which improves traceability
and verification of authentication. As such, users are also assured by immutability
of data/ transactions stored on the ledger.

Quantum is not an incremental improvement but an entirely new way of performing calculations. Much progress was made over the last 10 years with large
organisations such as IBM and Microsoft investing heavily in this area –
• 2016 – IBM gave public access to a basic quantum computer in the cloud which has >100,000 people run >6.7M experiments
• 2018 – The first noisy intermediate-scale quantum (NISQ) computers came into use
There are 3 parts to ensure data security
1. Encryption algorithm – to convert message into a string of meaningless characters
2. Cryptographic key – to recover original message, recipients need to know the specific sequence of random numbers that the algorithm used to encrypt the message
3. Key distribution – to send message securely to recipient
In this process, quantum computing is both a threat and opportunity simultaneously –
According to Gartner, within 5 years, more than 20% of all companies will be investing in quantum computing products to ensure their safety from cyber attacks
Quantum computing
Source: Tech Native, How will quantum computing affect cybersecurity | FT, Why you need to quantum proof your cybersecurity now | IEEE, The future of cybersecurity is the quantum random number
generator | Forbes, What CISO needs to know about quantum cybersecurity
1A calculation that is easy to solve in one direction but extremely difficult to solve in the reverse direction.
Quantum random number generator
Uses quantum mechanics to derive a true source of randomness that can be
used by any device E.g. ID Quantique developed a generator which tracks
distribution of photons as they hit a detector
Threats it poses…
Unparalleled processing power sparks fear as it challenges today’s
cybersecurity infrastructure
Obsolete: Current cryptography
Many physical random number generators are slow E.g. record the
coordinates of mouse clicks or movement on the computer
Opportunities it presents…
The same power enables capabilities that can be used to enhance data security from
current and future cyber attacks
Insecure: Key sharing infrastructure
RSA algorithm has been the standard protocol which relies on a one-way
math function1. It generates 2 keys – a public key (known to everyone) to
encrypt data and a private key (known to user) to decrypt data. A
quantum computer could greatly reduce compute time to solve the
function and find the factors.
Quantum key distribution
Rely on unpredictable nature of quantum mechanics to distribute unique keys
between 2 users without third party listening in. E.g. to encode cryptographic
key into orientation of photon and send that photon to the recipient.

Concluding Thoughts
“Cybersecurity is increasingly challenging for CISOs -
noisy environments covering an array of
infrastructure and systems coupled with limited
cybersecurity professionals. We expect a new
generation of systems that would help CISOs
prioritize and coordinate tasks, ensuring all systems
are properly configured with activity automation as
the endgame.”
- Aviad ARIEL, General Partner, Vertex Israel
“In a connected world that circles around data, the need for better
and integrated cybersecurity solutions will continue to be in high
demand at the personal, enterprise and state level”
- Emanuel TIMOR, General Partner, Vertex Israel
“Cyber attacks are far easier to execute than physical ones, and
can be executed at extremely high volumes. There is no silver
bullet to keep you safe; businesses need protection at all levels”
- Jonathan HEILIGER, General Partner, Vertex US
“The lines between access, networking and security
are blurring and the complex infrastructure of the
modern enterprise is making it very hard for CISOs to
keep a secure environment without hurting business
continuity. Cybersecurity startups that will ride this
trend and bring simplicity, visibility and clarity to the
organisation will come up on top”
- Yanai ORON, General Partner, Vertex Israel
“The advent of 5G and many intelligent “things” – devices,
vehicles, critical infrastructure may present greater vulnerabilities
if inadequately secured. In a world of ever greater connectivity,
leading cyber-physical solutions will be a sine qua non for
advancing security.”
- Yoram ORON, Founder & General Partner Vertex Israel

Meta Networks acquired by Proofpoint
for USD 120M
in 2019
Argus acquired by Continental
for USD 430M
in 2017
Lightcyber acquired by Palo Alto
for USD 120M
in 2017
CyberArk listed on Nasdaq
IPO Valuation of USD 414M1 in 2014
Market Cap of USD 4.7B2
Source: 1Crunchbase | 2Google Finance – Market cap as at 10 May 2019
Notable Exits

Summary
In this instalment, Cybersecurity | Risk. Impact. Innovations.
Key observations in cybersecurity evolution include:
• Convergence of cyber and physical security
• Shift from manual to automated attacks
• Migration from on-premise to cloud-based systems
Overview of innovations by Vertex portfolio companies focused on addressing cybersecurity challenges in these areas.
Highlighted a few possible shifts which could shape the future of cybersecurity:
• Software to hardware
• Centralised to decentralised
• Quantum computing
The following instalments of this cybersecurity series will showcase solutions by selected portfolio companies in more detail
• Cybersecurity | Axonius: Asset Management Platform
• Cybersecurity | Cylus: Railway Cybersecurity
• Cybersecurity | Cymulate: Breach & Attack Simulation
• Cybersecurity | D-fend: Counter-Drone Solutions for Urban Environments
• Cybersecurity | Indegy: Industrial Cybersecurity
• Cybersecurity | Meta Networks: NaaS Software Defined Perimeter
• Cybersecurity | PerimeterX: Next Generation Bot Defense
• Cybersecurity | Very Good Security: SaaS Platform for Data Security
Happy Reading! Do let us know if you would like to subscribe to future issues of Vertex Perspectives.

Thanks for reading!
About Vertex Ventures
Vertex Ventures is a global network of operator-investors who manage portfolios in the US, China, Israel, India and Southeast Asia.
Vertex teams combine first-hand experience in transformational technologies, on-the-ground knowledge in the world’s major innovation centers
and global context, connections and customers.
Contributors
Aviad ARIEL General Partner, Vertex Israel
Emanuel TIMOR General Partner, Vertex Israel
Jonathan HEILIGER General Partner, Vertex US
Yanai ORON General Partner, Vertex Israel
Yoram ORON Founder & General Partner, Vertex Israel
Tracy JIN Director, Partnership Group, Vertex Holdings
Sheryl TAN Associate, Partnership Group, Vertex Holdings
Disclaimer
This presentation has been compiled for informational purposes only. It does not constitute a recommendation to any party. The presentation relies on data and insights from a wide range of sources including public and private companies, market research firms, government agencies and
industry professionals. We cite specific sources where information is public. The presentation is also informed by non-public information and insights. Information provided by third parties may not have been independently verified. Vertex Holdings believes such information to be reliable
and adequately comprehensive but does not represent that such information is in all respects accurate or complete. Vertex Holdings shall not be held liable for any information provided. Any information or opinions provided in this report are as of the date of the report and Vertex Holdings
is under no obligation to update the information or communicate that any updates have been made.
Vertex Portfolio Companies Axonius, Cylus, Cymulate, D-fend, Indegy, Meta Networks, PerimeterX, VGS

Cybersecurity | Risk. Impact. Innovations.

More Related Content

What's hot

Similar to Cybersecurity | Risk. Impact. Innovations.

More from Vertex Holdings

Recently uploaded

Cybersecurity | Risk. Impact. Innovations.