1.
Security Opportunities
A Silicon Valley VC
Perspective
May 2015
Geoffrey Baehr
General Partner

2.
The Facts of Life - 2015
 Security “Nightmare Scenario” exists today
– State sponsored actors, also bespoke (custom), per corp customized attack vectors.
– Professional dev kits, release trains, PhD level knowledge being applied (MD6)
– Jumbled, confusing mish mash of Alerts, CVE’s, Patch Days, Vendor advice. Mess !
– Android ~2-4000 config settings/calls affect security of OS/device (!) across many
facets of the OS.
– 170 GB/s DDoS record in April 2015
– Anti virus and signature based approaches simply don’t cover enough any more
 And it’s going to get a lot worse = IoT (Sensity)
 We already have have numerous 5-8M node networks (Electric Utils -BitStew)
 Device-Device autonomous communications proliferating
 “Unexpected interactions” such as SCADA affecting AC power affecting health care
 PLC’s made in the 80’s are out there.
 Shodan is my friend  You can’t hide
Certainly Not Confidential 2Almaz Capital Partners

3.
Problem: Most Enterprises don’t understand
Security = Corporate DNA = Culture
 Which Corp do you know which implements security as a ‘Culture’ ?
 Which Corp stresses Security as its ‘primordial DNA’ ?
 The practice of Security Culture is usually absent. Not Technical solution !
 Which startup allows companies to easily inherit the above attributes ? NONE
(opportunity). I do not mean consulting companies.
 Where is your “Response Book”, pre planned, pre-staged, ready to go plan, with
call up resources and policy ?
 Having a non engr Senior person, with a pre-planned, multi pronged response
book, following all the steps for “Breakin Type 27” is what a Corp needs.
 Responding after the fact, only by engrs, is wrong. Ask me why ?
 Can this be fixed ? Is it what is holding back progress ? Certainly.
Certainly Not Confidential 3Almaz Capital Partners

4.
State of the Industry - 2015
 Anti Virus a dead or dying offering, everyone in A/V scrambling to position
themselves as “State Actor repellent” (APT) ! With a new Market Terminology.
 The guy with the most monitoring nodes across the net wins: Think FireEye, F-
Secure et al. Catch it quickly, publish in near real time is the mantra.
 Real Time vs Forensic response the trend, beyond AppFWs, dynamic response
 Behavioral analytics of people, packets and services emerging. Huge interest
here. Heuristic monitoring. Correlation analysis across multiple axis. Rapidly
evolving. Firewalls becoming heuristics collectors.
 Massive scale Visualization and graphic modeling tools will be a big opportunity
Certainly Not Confidential 4Almaz Capital Partners

5.
2015 What’s Not Working
Giving an illusion of Security
 Full Disk Encryption – TPM
 Firewalls facing the wrong way, with no micro analytic feeds for heuristics.
 Most anti virus SW, in fact, AV makers are searching for new business models,
it’s so bad that sales are rapidly declining !
 Fiddling with PAM, Active Dir and permission based usage/access.
 PCI, HIPPA, ISO 27002, NERC, GLPA, GPG13, FIPS 140 compliance mean little
to bad actors but give the illusion of progress to mgmt. An acronym never kept
anyone safe.
Certainly Not Confidential 5Almaz Capital Partners

6.
Crowded Market but many opportunities exist
Certainly Not Confidential
6Almaz Capital Partners
The Secure
Enterprise
AAA
Perimeter
Control
Internal/
File Integrity
Authentication
Intrusion
Detection
Vulnerability
Assessment
Threat
Management
Administration
Authenti-
cation
Authorization
Application
Security
Kernel
Security
IDVA
Security
Antivirus
VPN
Firewall
Entegrity
Content
Inspection
DENIAL OF
SERVICE
$
$
$
$
$
$
$
$
$
$
$
$
$

7.
Craft your Pitch:
Using VC Evaluation Criteria (cheat sheet)
 #1 TEAM – is the team world class ? have they done this before ? Before
anything else, TEAM is everything. Nothing can fix a poor team.
 #2 Technology – is this world class thinking ? Are there Computer Science
fundamentals behind it ? It the IP patentable (but don’t get hung up on that)
 #3 Market – How big, how much can they get, how much will that cost ? How
much to get noticed ? Is this an Enterprise Software sale, a Service, Consulting
or viral ? Can you guess which model VC’s like these days ?
 #4 Finance – How many $$ to get to Goal 1, Goal 2 and have 6 mos reserve in
the bank. We can *always* find the money, get smart investors who will help.
 Series A – make sure it doesn’t catch fire and burn up, Series B – Sales and
Marketing expansion.
 Mistakes: don’t worry about profit, take risks !
 First mover usually wins, second mover watches first mover win.
 Do you do Due Diligence on your VC’s ? You should !
Certainly Not Confidential 7Almaz Capital Partners

8.
Pitches/Huge Opportunities we see
 Golden Rule “Do something which the customer needs and can’t do themselves”
Solve their pain. Go for the largest market. Scale from there !
 Use recent VM work (Docker, Jelastic) to use rapid spinup VM’s for isolation
 Continuous randomized testing. Single Sweeping is dead. Chaos Monkey, Janitor
Monkey, Security Monkey, Doctor Monkey – ‘Simian Army’ for continuous
pounding and testing, thanks to Adrian and Netflix crew.
 Multi Tenant Cloud crypto, data comingling, data hotel = Key Mgmt opportunity
 Intent Analysis, Behavioral Profiling.
 Behavioral Analytics, app/svc/connection/flow. Where’s OpenStack Behavioral
Analysis ?
 Unstructured data analytics, eventual consistency (cassandra) use for Sec
 Internet <-> Data Center perimeter changing to top of rack, what does this imply?
 In memory networking and computation (think VM’s, GridGain, Mongo) no pkts on
the wire. Now what ? “In Memory firewall” ? A generic issue. NOT solved.
 Did you know that just DLP alone was a $665M market in the USA alone 2014
(Gartner) ? Go for the big $$.
Certainly Not Confidential 8Almaz Capital Partners

9.
Huge Opportunities (cont)
 Translating CVE’s, CERT’s etc to actionable intelligence for enterprises AND
applying it somehow.
 Device-Device IoT traffic analysis. Super Proxy, Super Tunnels (M’s) ? CPU
crypto load vs power, solve that equation.
 IoT sensor fencing, distance vector too.
 Plenty of OS and BIOS work to go around. Probability you can get your sec
product on to the motherboard is unfortunately, Zero. A real problem.
 Many IPv6 related problems, esp in Mobile Operators networks (major users)
Certainly Not Confidential 9Almaz Capital Partners

10.
Who is doing interesting Sec work NOW
(startup wise)
 Automated code analysis with pointing to bad code, so less senior guys can
handle the fix. As a Service for DevOps.
– Tinfoil Security. A step beyond nessus, thinks “nessus plus the fix”. Cute !
 Encryption of all data at rest, with selective reading/revocation:
– WatchDox (used a lot in Hollywood for screenplay protection)
 Secure private cloud within any cloud, multi tenancy, unstruct data protection:
Varonis
 Secure enterprise collaboration, used by drug discovery pharma,finance
– IntraLinks
 Network+VM+app+traffic analysis and microsegmentation: Illumio
 Non signature, zero day, heuristic tool: Cylance
 Behavioral Analysis: Veracode.
 Behavorial Analytics: Fortscale
Certainly Not Confidential 10Almaz Capital Partners

11.
Now for some Fun !
Certainly Not Confidential 11Almaz Capital Partners

12.
As promised:
Who has the Worst Security in the World ?
Hint… think VC’s put their money in to … ?
Certainly Not Confidential 12Almaz Capital Partners

13.
STARTUPS in Silicon Valley !
 Situation is laughable (maybe crying?) I have personally seen all of these….
 Ask yourselves, do YOU say these words:
– “Of course it’s ok that all the source code is on every laptop all the time ! How silly to
ask !”
– I am an ENGINEER (Cymbals Crashing sound!), I don’t maintain ….. Servers/AWS!
– We have no money for a sys Admin, I am busy coding, go away !
– Password on our AP’s is same as company name or “12345” or blank
– Log, what logs ? I don’t need no stinkin’ logs, besides I am too busy to read them
– Engineering will rebel if they don’t have root access to everything and every router!
– Locks ? Doors wide open 24x7, machines being physically stolen
– Distributed teams with collaboration tools, code repos – Why of course everyone needs
full access to the entire code base. GROAN !
 Even more astounding is that Dumb VC’s watch their $20M investment like a
hawk, but not that their precious product output is being stolen under their noses
 US Senate Judiciary Committee – Estimate 1-3% US GDP trade secret theft
every year via net (5/1/2015 New York Times). Try 3% of $14T = $420B.
 2014 – 18% of 1598 breaches examined were used for Trade Secret theft.
Certainly Not Confidential 13Almaz Capital Partners

14.
The Result – An Example
 I was aware of an event where the bad guys came in, hit the server and thought
they got the code base.
 They missed and hit the wrong server, so they came back 2 nights later and did
succeed.
 $20M investment… poof ! Did those guys get funded the 2nd
time around ?
 So – think it through, if you include your good Sec hygiene practices to investors,
it might make the difference about funding (at least to us !)
Certainly Not Confidential 14Almaz Capital Partners
!

15.
Thanks For Listening
Certainly Not Confidential 15Almaz Capital Partners