Last week, the New England Venture Capital Association hosted a panel in Cambridge focused on cybersecurity. The panel featured a number of venture capitalists and operators from the Boston area who are plugged into this market.
What was interesting was this panel session was not about money. Instead, the focus was on two things: innovation and defense.
Innovation, according to the panel, is coming in many forms based entirely on new approaches to defending businesses, consumers, and the country’s infrastructure. Technology factors into the conversation because there are actually a number of innovative companies right here in Boston who are developing new technology to support this wave of innovation.
The second big trend discussed was defense. How can we as a collaborative industry focus on leveraging better technology, and revolutionary new approaches to better defend ourselves from attackers, nation states and other adversaries who have weaponized themselves for success?
The most pressing issue came up first: Russia. How is the cybersecurity community reacting to Russia?
Rapid7 CEO Corey Thomas had an interesting take on this, as he pointed out that companies are now re-acclimating to two things: cyberattacks for political gain; and then sabotage-based attacks. Looking through a U.S.-Russia lens, he cautioned that any company needs to consider their political footprint as an organization and that political agendas can fuel an escalation in malicious activity against you.
Another perspective on countering Russian hacker activity as an industry is the notion of bodies and skill. To take the offensive and effectively stay ahead of attackers, who also apply innovation to what they do, it takes massive investment in technology and lots of scale. The need for continued innovation requires capital, and that level of investment is being applied to vendors who are looking to bring a more holistic solution to cover more infrastructure.
It was also pointed out by Brendan Hannigan of Polaris Ventures that it doesn’t really matter if it’s a state or not a state who is targeting you as a company. Customers of cybersecurity providers simply need better technology and more innovation. These innovations will change the economics of attacks now and in the future.
For example, when companies are responding to incidents, increased intelligence and sharing have become critical to prevent large-scale damage and to contain incidents, not just technology. Ultimately, it’s going to be economics that will drive how well you can attack or defend, and execution is a close second.
Moving on from Russia, some best practices were shared as the discussion moved to the slate of the most recent, high-profile attacks that have grabbed headlines. It was suggested that specific industries are more vulnerable than others, and this has never been as accurate.
There are industries and companies who are using outdated versions of software, and by doing so, they open themselves up to substantial risk. Again, back to economics theme, when teams aren’t practicing good software patching hygiene, attackers sniff this out easily and are able to penetrate more easily.
A question was asked on exactly what type of attacker behavior is driving innovation.
One perspective through the lens of the VC is that with NSA tools being compromised recently, there is a massive scramble for new technology within the government and the commercial sector – the notion being that some of the best penetration and exfiltration tools developed by the U.S. are actually now out on the black market.
The resounding solution layered on top of innovation was that applying more intelligence is the biggest thing we can do. And there is a substantial amount of capital flowing into how to obtain, leverage and share threat intelligence.
It was also highlighted that organizations are looking at making fundamental changes for how they can protect infrastructure and are applying far more innovation to how they leverage cloud technology, to secure micro-systems and applications in a fundamentally different way.
New technology that is also interesting to investors focused on making products and solutions more human-centric, easy to use, consumable, and less prone to human error through automation, artificial intelligence, and machine learning.
C-level executives being targeted is also a huge problem.
The question was posed to the panel on how customers are affected by the current state of threat severity increasing, and a rush to develop new, agile technology to counter it. At the enterprise level, it was suggested that any enterprise customer (buyer and user of cyber technology) might have somewhere close to 40 different cyber technologies in-house.
And with more technology, it’s often confusing for these customers. Vendors have to ask themselves: are we adding to the problem by just bringing a new technology that doesn’t have a huge impact for teams? To that point, aggregation technologies have now become extremely important to help drive the optimal value from each in an integrated way.
With respect to deal flow in the Boston market, the panel was asked if there are specific locations where are opportunities coming from.
The panel agreed that the Boston area is rich with innovation. Other areas like the Valley and Israel are the other two definitive areas based on talent pool and geographic location.
But it was also pointed out by Rick Grinnell of Glasswing Ventures that security used to be way more niche, and that buyers are applying far more scrutiny to acquiring cybersecurity technology than ever, pushing a faster failure rate around emerging technology, where it either works, or not, and if not, startups die early.
Even with $3.6B invested last year across 150 cyber companies, and larger funding rounds around $100M, it’s still harder today than ever to get your first capital investment and to make your first $5M of revenue due to changing threat landscape, and the need to innovate so quickly.
Finally, as to where will the next big innovation come within cybersecurity, the notion of artificial intelligence, and applying math to threat detection and analytics are where the money is at. Get better and get better at integrating as well as the integration of machine learning for better, faster results.
Additionally, the shift to the cloud, although challenging in many ways, allows for an entirely new way to secure infrastructure, given the rise of AWS, Google and Microsoft’s penetration into the data centers of large and mid-size companies. Cybersecurity investment will be pushed in this direction.
Overall, it’s an exciting time in both the economy, and in how innovation is trumping legacy technology to counter the bad guys, and a lot of it is happening right in our backyard in Boston.
Images via the New England Venture Capital Association's Twitter account - @NewEnglandVC.