The global security market was little more than a cottage industry in 2002, when it was an insular $3.5 billion market dominated by just five vendors. Fast-forward to today and there is — I estimate — $87 billion being spent in 2014, while that number should increase to $120 billion by 2017, according to AGC Partners (.pdf).
What’s more, venture investment in cybersecurity startups is red hot. In the second quarter of this year, security startups took in $767 million in financing, according to CB Insights. That’s more than any other quarter in recent history. In 2013, VCs bankrolled 230 security startups, and even more are getting funded this year.
But not all security startups are created equal. As investments and budgets increase, two distinct approaches to cybersecurity are emerging. The first is aimed at protecting the legacy of the past; the second is dedicated to developing technology that’s inherently secure for the future.
Strategies that protect the legacy focus on the gaps, holes, and vulnerabilities in today’s IT infrastructure, the majority of which is based on a 45-year-old architecture.
As a venture investor, I’m interested in both areas. That said, there is a lot more growth in solutions and technologies that are focused on safeguarding the future. I’m intrigued by new technology platforms that are secure by design, by technologies that are truly impregnable, not technologies that close existing gaps.
Secure communications are absolutely essential
Of all the forward-looking security investment fields in play today, secure communications is to me the most exciting. In the world of security investing, where there is vulnerability, there is opportunity. And in the area of communications, there is certainly vulnerability. The need is universal, global and pervasive.
Today, the vast majority of our communications is digital and increasingly reliant on wireless technology, much of which operates out in the open and is thinly secured at best. In fact, our poorly protected mobile devices are easy prey for hacking, eavesdropping and intellectual property theft. Add the Internet of things to the equation and you have tens of billions of devices operating largely in the open — all at risk for compromise, mis-use, and abuse.
People must be able to engage across wireless networks with the knowledge that their information and transactions are private and protected.
Two companies bringing that confidence to the wireless world are Silent Circle and KoolSpan. Two-year-old Silent Circle is geared toward the growing number of enterprise, government, and consumer users who know that their smartphone is sharing too much of their private communication and information, which it certainly is. Silent Circle has created a break-through smartphone — the Blackphone — that contains a suite of apps designed to put secure communications, privacy and control directly in the hands of users. The company also offers software only solutions that bring secure communications and privacy to Android and iOS devices via app store downloads. Globally respected privacy and encryption pioneers Phil Zimmerman and Jon Callas lead Silent Circle’s technology team.
KoolSpan, meanwhile, provides hardware-based mobile encryption and security applications that protect data and voice communications for network-connected Android and iOS devices. Basically, the company uses a microSD card with a crypto-coprocessor, which it calls the TrustChip, to encrypt phone calls and text messages.
Insider threats are drawing investors’ attention
Another investment area that merits attention is insider threats. Most people think of attacks as incursions launched by outsiders. But in reality, there is an “insider” component to the vast majority of attacks that wreak havoc in many enterprises.
By way of example, RedOwl Analytics is three-year-old startup that’s harnessing the power of big data to minimize those risks. The company tracks the behavior of corporate workers on email, social media and smartphones, then applies analytics to evaluate their activities and, ultimately, blow the whistle on bad guys.
Genetic approaches and other promising fields
Still another intriguing security field is a “genetic” approach to malware detection. More than 98 percent of the malware in existence today is derived from previous malware strains. There is real value in technologies that can detect threats derived from malware variants of the recent past, providing a key to detecting new malware strains when they are first deployed.
Other areas that I’m watching closely include software-defined firewalls, security as a service, data in motion, network instrumentation, information assurance, automated response systems, and embedded SCADA (supervisory control and data acquisition) systems.
As an investor, I’m less interested in fixing the shortcomings of the past than in securing the future. As I often tell the entrepreneurs I’m working with, you can’t go back and change the past, so look to the future, but don’t make the same mistake twice.
Bob Ackerman Jr. is the founder and a managing director of Allegis Capital, an early stage Silicon Valley venture capital firm that invests heavily in cyber security.