The Cyber Security Landscape: An OurCrowd Briefing for Investors

Copyright ©2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1
The Cyber Security Landscape
An OurCrowd Briefing
Ron Moritz
27 May 2014

Your hosts
2
Zack Miller
Head of investor
community
@OurCrowd
Ron Moritz
Advisor, consultant and
OurCrowd mentor

OurCrowd’s portfolio
3
Cyber Security companies in our
portfolio

What is Cyber Security?
§ Cyber security – the evolution of a name
- EDP controls à IT audit à IT security à computer security à
network security à OT security à cyber security
- Practices, tools and concepts dealing with CIA
§ CIA: confidentiality, integrity, and availability of information
§ But also CIA of systems, network communications, operations
- Terminology and solutions often derived from defense industry
§ Cyber security includes offensive capabilities
- The use of IT to respond to threats by attacking adversaries
§ Why spray RAID to kill what you see when you can spread ant
honey that is carried back to the nest and destroys the colony?
- Historically government domain, emerging enterprise capability
§ The dog in the night that has not yet barked?
- Often likened to insurance, today compared to braking systems
that enable high-performance cars to go faster
4

Security Cycles & Investor Appetite:
Generations of Cyber Security
§ Before the Web: early viruses, LANs, PCs, floppy disks
-  Limited access, isolated networks, slow propagation of threat
§ 1993: Mosaic and the rise of the commercial Internet (FUD 1.0)
-  First generation of program code travelling across the ‘net
§ 2000: dot-com bubble burst (double-digit sec spend as % of IT)
-  Most IT spend slowed but Internet on-ramp required cyber security
§ 2002: inflection point (FUD 1.5)
-  Global technology companies proclaim commitment to security (MSFT, CSCO, CA)
§ 2005: consumer Internet distraction
-  Web 2.0, the rise of social media, industrial disintermediation, $50K startups
§ 2008: global economic crash
-  No appetite for enterprise infrastructure solutions (IT budget squeeze)
§ 2011: media focus on all things cyber (FUD 2.0)
-  Plus emerging pressure from mobile personal device (smartphone) market
§ 2013: Snowden and the fragility of the Internet (anti-FUD?)
-  Risk becomes real, NSA disclosure become personal, Target breach impacts CxOs
5

Two Real Cyber Security Drivers
§ Governments and corporations are under attack
- Cyber hack problem is no longer simply a nuisance
§ litigation and criminal complaints based on weak systems of
control and the lack of reasonable cyber security strategy
- Snowden was sensational but NSA snooping was personal
§ validated and went beyond what experts thought was possible
- 05/2014 DoJ China nation-state industrial espionage disclosure
§ aggressive government-sponsored electronic espionage
against corporations (and other governments)
§ Direct impact on executive officer careers
- Convergence of risk following Target, Niemen Marcus, and other
well publicized breaches (impact broad, shockwaves resonate)
- IT budgets again being freed-up for the development of new
products, services which require strengthening of digital defenses
6

Businesses Under Fire
§ Organizations are exposed more than ever
- Increasing number and variety of threats and risks
- New attacks - targeted and purposeful
§ Hackers are stealing around $250B/year in IP
- NSA Director, Gen. Keith Alexander, calls these attacks "the
greatest wealth transfer in history"
§ Significant YoY increases in cyber attacks
- DHS reported a 68% increase in cyber attacks in 2012 at federal
agencies, government partners, and against critical infrastructure
- Symantec reported attacks on companies rose 42% in 2012
§ U.S. government is increasing spending in cyber
security (despite cuts elsewhere)
7

Macro Cyber Security Topics
§ Cloud Computing: Data Center Security Redefined
-  Distributed Control, Ownership of Data Assets
§ Advanced Persistent Threats (Network & End-Point)
-  Detect and Contain Sophisticated and Targeted Attacks
-  Intelligence Dissemination and Threat Remediation
§ Mobility and Device Security
-  Secure Mobile Applications, Consumerization (BYOD)
§ Risk Management
-  Regulatory, Integrity, Compliance, Business Continuity, Social Media
§ Identity & Access Management
-  Authentication, Authorization, Access Control
§ Verticalization: Security with a Sector / Industry Focus
-  No longer one-size-fits all: industries (govt., healthcare, finserv,
energy & utilities, oil & gas, manufacturing, education) are
demanding solutions more attune with their unique challenges
8

Gartner Nexus of Forces
§ Pervasive Access
- mobile
§ Global Delivery
- cloud
§ Big Context
- information
§ Extreme Behavior
- social
9
A tsunami of change rocking the IT world (David Cowen, Bessemer)

Cyber Security Trends (1 of 3)
§ Enhanced use of encryption
- more careful attention to the maintenance and proper
configuration of existing encryption systems
§ Increased scrutiny of internal data use
- behavioral analytic technologies to monitor users within the
company as well as end users accessing company apps
- increasing alerts (situational awareness) around suspicious
behavior that accompanies theft or attack with malware
§ Resistance to cloud technology
- huge rewards for companies and end users in terms of efficiency
and access to both information and applications
- offset by security liabilities that accompany cloud technology and
create a drag on the speed of adoption (cybersec ≈ car brakes)
10

§ Risk assessment and software analysis
- front-line (but back-office) defenses such as screening software
for vulnerabilities, keeping software up-to-date (patched) to
avoid known weaknesses, improved exercising of software
- better engineering due to secure coding standards and practices
§ More destructive attacks
- real damage to computer systems and stored data from targeted
attacks launched by political and cause-focused hacktivist groups
§ Rising levels of smartphone malware
- more security efforts directed to mobile platforms and biz apps
§ Phishing and hacking of individual users
- access to account credentials while avoiding sophisticated
enterprise security measures (people are the weakest link)
11

§ More sophisticated malware
- better encryption of and more sophisticated malicious code allow
attackers to evade virus detection and removal tools (AV dead?)
§ Active defense (honeypots and other traps)
- to convince hackers that they are in their target area, when
they’ve actually been diverted and trapped in a shell where they
can be easily identified and in some cases, retaliated against
§ Threat follow up (MSSP ≈ Associated Press model)
- requires manpower organizations don’t have so active monitoring
and maintenance by MSSPs and external forensics experts
§ Fast response (security and threat intelligence)*
- fraud tools and intelligence platforms to investigate, track and
analyze events post-facto with near real-time clarity (e-forensics)
and to make actionable information available to IT staff
12
*Security and threat intelligence is like teen sex …

Money Follows Problems:
A Concentration of Risk
§ New threat vectors once again an obstacle to
Internet-fueled growth plans (mobile and cloud)
- So cash is being thrown at possible solutions
§ Security is in the conversation at the board level
- 80% of G2K reporting cyber security preparations to the board
§ Gartner estimates 39% increase in security spend:
- From $67B (in 2013) to $93B (in 2017)
§ Makes cyber security ripe for the harvest
- The 8.7% annual growth rate is compelling metric for investors
§ Cyberattack news onslaught is making a difference
- VCs move quickly to fund startups that could solve problems
discussed in cyberattack headlines
13

A Cyber Security Boom?
§ The cyber security market is in a renaissance
-  Estimated global investment in private cyber security companies:
§  2011 cybersecurity funding was up 94% over 2010
§  2012 funding was estimated to have been $1.0B
§  In 2013, ~$1.5B was invested in ~240 cyber security startups
§ No end in sight
-  Likely in anticipation of a deal-making boom:
§  The average valuation for each VC round raised in 2013 rose by
41% over 2012 to $31.5 million
§  In comparison, the increase between 2011 and 2012 was 26%
§ Caveat emptor
-  Are we in or approaching a cyber security bubble?
§  Because cyber security private company valuations more than
doubled in past two years, there is an uneasy feeling.
§  Demands exceptional diligence and the art of the long view
14

New Exit Opportunities
§ Mergers and Acquisitions (M&A)
-  23 cyber security M&A deals in 2013, 9 in Q1 2014, 8 in Q2 2014
§  Cisco ß NDS, ProofPoint ß Amortize Technologies, Blue Coat ß
Solera Networks, Cisco ß Sourcefire ($2.7B or ~10x annual
revenue), IBM ß Trusteer ($800M or ~10x annual revenue),
Fireeye ß Mandiant ($1B)
-  Average cyber security enterprise value / revenue multiple of 9.9x
§  Impressive but will always be dwarfed by consumer internet and
social media deals since cyber security growth and risk are lower
§ Initial Public Offering (IPO)
-  Palo Alto Networks, Imperva, Qualys, Baracuda, FireEye (hot $300M
IPO in September 2013 with $5B market cap today), Varonis, Cyber-
Ark (in process)
§ Private Equity Carve-Outs and Roll-Ups
-  $200M Insight (PE) bet on Airwatch (2013) followed by $1.5B
VMWare acquisition (2014)
15

A Fragmented Market
§ No dominant leader
-  There is no single enterprise with a large enough share of the market
to be able to influence the industry’s direction
§  Symantec and McAfee, the two biggest players in the industry, are
followers and not leaders; they have been unable to influence
-  An acquisitive growth strategy that will position one company to
dominate the industry, like Cisco in the 1990s, remains a possibility
§ The increasing variety of threats …
-  Requires rapid innovation and short development cycles
§  a challenge for bigcos and an opportunity for nimble startups who
can carve out a market niche via unique products and services
§ Coddling via cyber-security focused initiatives
-  Mach37 Cybersecurity Accelerator (Virginia)
-  JVP National Cybersecurity Incubator (BGU, Beer Sheva)
-  Cisco Israel Cybersecurity Incubator (John Chambers, May 2013)
-  Lockheed Martin and GE cyber security R&D centers in Israel
16

On Cyber Security M&As
§ Multiples are at all-time high
-  Big players must buy revenue growth through acquisitions
-  M&A activity will remain high (energize brands, buy mkt. share)
§ Money pouring in but a VC pull-back is possible
-  Not likely in the near term but probable as value plays dry up
-  Great “A” tech but limited execution capability in “B” teams
§ IPO option open but consolidation will continue
-  Hackers thwart legacy solutions forcing innovation acquisitions
-  With limited growth-stage funding available, M&A activity jumps
§ M&A drivers
-  Integrated software suite leaders in need of innovation
-  Evolving platforms such as software-defined data centers
-  Online (cloud) service providers creating new security challenges
-  Non-traditional acquirers (outside or adjacent spaces or eco-system)
17

Expertise Counts:
Finding the Winners
§ Domain expertise is key (for investors and buyers)
-  Does the team have deep backgrounds in the sector?
-  Do they understand how customers bought software in the past?
-  Do they know how they are buying now (the buying cycle)?
-  Do they understand how and what channels work?
-  Do they grasp the intricacies of and how pricing models work?
-  Do they know how to listen to customers and prioritize features?
§ Does the team really know its vertical market?
-  How many people really understand healthcare and cloud technology
and how to roll that out?
-  Do they understand their position in and are they attuned to nuances
of and know how to leverage their eco-system?
-  What do they know about their target customer and buyer and how
to access them?
-  Do they really understand and value their competitors and do they
have a legitimate “break-out” plan?
18

Pre-Submitted Questions
§ What was the process to funding regarding traction of an
idea and or product?
-  Entrepreneur team commitment and full engagement: is this an “A” team?
-  Pitch review (new venture business plan outline): is this an “A” opportunity?
-  Initial meetings (phone, face-to-face) and vetting of team: can they execute?
-  Term sheet enables deep-dive (technical due diligence): is the solution real?
-  Customer (or prospect) and independent expert validation: is the market real?
-  Finally, is this something that can be explained clearly and is it exciting?
§ How were the first customers captured?
-  Street-fighting: Typically entrepreneurs leverage personal networks to secure
initial meetings and lock-in a sponsor or champion
§ What level of funding are they raising and what is the use of
funds?
-  If they’ve validated the solution and market and secured early adopters then
funds are typically for sales and marketing in the United States and $3M is the
recommended minimum gunpowder (above and beyond cost of maintaining
existing operations)
-  If they’ve not yet validated then $250K to $500K will typically allow them to
develop early prototypes, secure development partners, and validate some
basic assumptions (first milestone)
19

Ron’s Radar
§ Encryption – it is time yet?
-  Secure communication – the need is not universal but timing is
relevant: Silent Circle (Zimmerman’s PGP reboot)*, Wikr (message
self-destruction), Threema (encrypted What’s App)
-  Protecting the data inside the cloud and in transit – security, policy
carried w/data (Vaultive, Porticor, Covertix)
§ Cloud-based security services – enabling the cloud
-  Easier to deploy, cheaper to manage, code is always up-to-date
-  Correlation of data from multiple incidents (SumoLogic, CTCH)
-  Web site security and acceleration (Fireblade)
§ Threat intelligence – needle in the haystack
-  Cylance, ThreatMetrix and Seculert are examples
§ Fraud-prevention – sensor-supported policies
-  Transaction decisions based on more than user ID and password like
geo-location input (XYVerify) and continuous authentication of users
throughout transaction session (BioCatch)
-  Device fingerprinting/reputation and big-data analysis (Iovation)
20
*Just raised $30M to develop a “blackphone”

Big Data will Revolutionize the
Future of Cyber Security
§ Big data offers intelligence-driven models
-  Analytics will play key role in detecting crime, security infractions
§ Big data analytics à Bigger threat map = TMI
-  Enables enterprises to combine and correlate external and internal information
to better assess threats to them and their industry
§ Data analysis evolution enables advances in predictive
capabilities and real-time decision automation
-  Moving closer to precognition (science imitates art: “Minority Report”)
-  Gartner claims that by 2016, more than 25% of global firms will adopt big
data analytics for at least one security and fraud detection use case (such as
detection of advanced threats, insider threats and account takeover) up from
current 8%
§ Big data will change most of the product categories in the
field of computer security (but we’re in the early days)
-  Impact on all existing solutions (conventional firewalls, anti-malware, data
loss prevention, network monitoring, authentication and authorization of
users, identity management, fraud detection, systems of governance, risk and
compliance, etc.)
-  Disruption creates all sorts of opportunities for emerging tech companies
-  Result is ongoing industry fragmentation, no dominant market share leader
21

“Character is much easier kept
than recovered”
§ Security still a knee-jerk reaction to an attack
- Spend not correlated to revenue (or direct expense reduction)
- BYOD as an example
§ IT infra security still a one-time, ad hoc effort
- But more security is now embedded within daily operations
§ Security as a broad collection of technologies
- Still not an inherent, proactive and continual aspect of
governance
§ Cybersecurity never gets solved
- Like an antibiotic-resistant bacteria: attackers adapt to defenses
and render them obsolete (David Cowen, Bessemer)
22
Thomas Paine, US patriot & political philosopher (1737 - 1809)

The Cyber Security Landscape
An OurCrowd Briefing
Ron Moritz
Managing Director, MTC Venture Consulting
+972 72 272 4450
+1 650 618 9560
Ron@Moritz.US
@RonMoritz
http://www.il.linkedin.com/in/ronmoritz/

Questions about OurCrowd
24
Any Questions?
For feedback or more
information:
Zack@ourcrowd.com
https://www.ourcrowd.com/

The Cyber Security Landscape: An OurCrowd Briefing for Investors

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a The Cyber Security Landscape: An OurCrowd Briefing for Investors

Semelhante a The Cyber Security Landscape: An OurCrowd Briefing for Investors (20)

Mais de OurCrowd

Mais de OurCrowd (19)

Último

Último (20)

The Cyber Security Landscape: An OurCrowd Briefing for Investors