The RSA show this past week in San Francisco was quite a gathering. Having attended RSA every year for the past 10, I’d say this was the biggest and busiest show yet. This is not surprising, given all the activity lately in the cyber-security and cyber-crime areas. Based on the many meetings I had during the show with cyber security company founders and executives, here are four of the most compelling themes:
1. The Endpoint Fights Back
Endpoint security for the past few years has been decidedly uninteresting. Sure A/V companies had their day many years ago, but more recently, all the action has been in the network security area. Now the pendulum seems to be swinging back. Since so many attacks emanate from a compromised or ill-intentioned employee, protecting the endpoint has become a focus of some of the smartest minds in the space. That’s a good thing, because the endpoint keeps getting more complicated with the proliferation of mobile devices. Companies such as Crowdstrike, which monitors endpoints real time for attacks, and DTex, which monitors endpoints for signs of insider threats, are examples of exciting companies in this area.
2. The Industrial Internet, IoT, and Cyber Threats
In VC land, we’re very excited about the proliferation of Internet-connected devices. The systems in our homes, our cars, and on our person are all increasingly monitored, with data available to us in real time. The same is true for industrial infrastructure. Bridges, roads, power plants, and airports are all increasingly connected, with large control systems becoming automated. This adds threat surface for cyber criminals, with very scary implications. Security companies are now being founded to try to better protect “operational” networks and industrial systems. One such example, ThetaRay, is working with GE to secure industrial networks.
3. Securing the Cloud
The adoption of public cloud infrastructure and SaaS solutions in large and mid-sized companies continues at a rapid pace. IT has less and less visibility on where critical applications are running and sensitive data is being stored. This has created more threat surface for cyber criminals. As a result, cyber-security companies building solutions to monitor activity in the public cloud and help lock down critical infrastructure and data are gaining traction. Companies such as Palerra and Netskope provide visibility and control for companies in this arena.
4. Humans Make a Comeback
Cyber security companies have become reliant on increasing amounts of automation. New tools for managing and analyzing big data have enabled the birth of increasingly sophisticated security products. Despite this, cyber criminals are thriving. I’m seeing companies emerge that are introducing a human element back into their solutions while still taking advantage of big data and automation. The toughest attacks involve human elements — phishing, social engineering, etc. Fighting fire with fire make senses. Synack taps into a global network of security researchers to provide crowd security intelligence, and AlienVault recently launched a community-based threat intelligence solution. [Disclosure: My firm, GGV Capital, is an investor in both Synack and AlienVault.]
One thing is for sure: This game will not be won or lost anytime soon. The criminals keep getting better, and as cloud, mobile, and IoT spread, more opportunities emerge for hackers. Cyber security vendors preaching “be-all, end-all” solutions seem doomed to fail, while those with a continuous innovation approach seem well positioned to thrive.
Glenn Solomon is Managing Partner at GGV Capital. He is an investor in Zendesk, Nimble Storage, Pandora, Square, Successfactors, Isilon, Domo, AlienVault, Synack, OpenDoor, HashiCorp and Conviva. Read more on his blog (www.goinglongblog.com) and @glennsolomon.