The insatiable pace of new technology has not only caught the attention of existing security suppliers – eager to boost their IP and stockpile talent -- it is also shaping the security firms of tomorrow.
CBI reports that established market sectors like enterprise data and network security still see big deals from VCs, such as the $130 million going to network monitoring firm LogicMonitor in June, but also highlights growing interest in predictive threat intelligence, smartphone security, the Internet of Things (IoT) and Big Data.
Some firms are already seeing significant deals in this area. Cylance, the predictive threat intelligence company which uses AI to predict, identify and stop malware, secured a $100 million series D investment in June, while UK-based Darktrace, which relies on machine learning, continues to source new investment from backers including Autonomy.
Last year there were mega rounds for threat intelligence outfit CrowdStrike ($100 million series C), Illumio ($100 million Series C) and endpoint specialists Tanium ($117.5 million Series G). Cloud security provider Skyhigh Networks, identity management specialists Centrify and cloud experts Ionic Security also received significant funding.
Analysts say there has also been investment in IoT, endpoint security, cloud, authentication and deception technology.
“IoT security and cloud security are both significant opportunity areas,” adds Van Someren. ”Behavioural security, including gamification of good practice such as email hygiene, is also important.”
Van Someren’s last point is interesting because it alludes to the age-old problem of the human becoming the weakest link. Enterprises have tried (and largely failed) to address this in-house, but now start-ups see this as an opportunity to grab market share.
Neill Gernon, founder of innovation agency Atrovate and organizer of London’s Cyber Startup Summit, tells CSO that recent conversations at his summit between enterprise, academia, investors and start-ups have been on fixing the human factor. And, pointing to the success of Paladin-backed social engineering company PhishMe, he said that start-ups are starting to take note.
“Companies have identified that people are the weakest link, but that also reflects on the innovation ecosystem and start-ups. We’ve seen start-ups starting to prioritize the area of people as the main vulnerability.”
Too much choice, legislation and VC inexperience hinder investment
There may be plenty of security companies and start-ups for investors to look at, but some VCs and analysts believe that this can make investing harder. Finding that ‘diamond in the rough’ is not without difficulty, and there’s the debate too (perhaps for another time) if security products are interoperable enough.
“Cybersecurity is a highly fragmented market and so many companies make niche products. The problem is that they don’t talk to one another,” said Cunningham. “A corporate CISO is forced to stitch together a number of different products. That’s inefficient. Increasingly, large enterprises want to buy platforms that can do more than one thing and also work with other products.
Sign up for CIO Asia eNewsletters.