UPDATED 18:30 EDT / APRIL 23 2018


Cybersecurity fatigue sets in while investors look for a shot of adrenaline

In the fast-moving world of cybersecurity, the operative word today is fatigue.

Information technology organizations have alert fatigue from having to deal with every possible minute-by-minute hint of a data breach or ransomware attack. Enterprise security executives are worn out from endless meetings and board-level discussions about corporate risk profiles. Cybersecurity professionals are so fatigued by attack threats, often led by powerful and well-financed nation states, that a recent study showed 60 percent are dissatisfied with their jobs.

For venture capital investors, cybersecurity fatigue is both a challenge and an opportunity. There are plenty of innovative companies promoting silver-bullet technology to protect computing infrastructure, yet the solutions to-date have racked up an impressive track record of failure. In fact, data from the past year shows that VCs are pouring more money into cybersecurity startups while successful exits are falling dramatically.

“There is definitely buyer fatigue,” said Sean Cunningham (pictured), managing director of ForgePoint Capital (formerly Trident Capital), whose firm keeps an eye on nearly 1,700 cybersecurity startups. “Fifteen hundred of these security startups are about technology for the sake of technology. It has to be about having a real solution for a real problem.”

Cunningham spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at last week’s RSA Conference in San Francisco. They discussed ForgePoint’s interest in application security, new tools in the cyberinsurance space, the impact of European data privacy rules, protection in the public cloud, and opportunities for translating enterprise technology for consumer use.

This week theCUBE features Sean Cunningham as its Guest of the Week.

A focus on application security

ForgePoint Capital focuses on Series A, B and growth equity investments in a range of $5 million to $30 million per company. One of the key areas of funding for ForgePoint has been application security, a technology receiving increasing focus because applications often contain a rich trove of personal and financial information for enterprising hackers.

One of the companies funded by ForgePoint is Prevoty, a startup that inserts security software directly into applications using an attack detection approach that understands how content payloads and operating system commands function in a computing environment.

Analysis of the notorious Equifax breach showed that hackers exploited a vulnerability in Apache Struts components. Prevoty has claimed its technology withstood the Struts2 attacks because its autonomous application protection prevented exploitation.

“They make it easy for the application security folks to meet with the development operations [team] and inject this software into applications,” Cunningham said. “When you can automate that process and reduce time to market, that’s what it’s all about.”

Another area of investment for ForgePoint has been the in the cyberinsurance arena. The cyberinsurance market remains a small fraction of the total risk industry, with approximately $3 billion for U.S. companies versus $200 billion in insurance premiums annually overall.

In March, CyberCube Analytics emerged from stealth mode and announced the general availability of a risk-modeling platform that is designed to help insurance firms better understand the overall security posture of a company. The expectation is that by providing more data to insurers, the risk will be clearer and, presumably, fairly priced.

The company used technology developed by Symantec Corp. and has been backed by ForgePoint. “We can show you the risk profile of a company and you can properly price your cyberinsurance now,” Cunningham said.

Managing cyberinsurance risk could become a growth market in the coming months as compliance with General Data Protection Regulation goes into effect in May. Companies with data on European citizens must comply with GDPR requirements for proper data protection and honor requests to delete the information. Penalties for noncompliance are 4 percent of gross revenues or $20 million Euros, whichever is greater.

Despite the looming GDPR storm, ForgePoint has been cautious about investment in compliance-related startups. “I can show you my scars from investing in compliance companies,” Cunningham said. “The winners in that space from a business standpoint are going to be the consulting companies initially. Until you see a lot of large penalties happen, there’s not going to be a lot of movement.”

Public cloud security tools may grow

ForgePoint sees the area of enterprise cloud security as a target of investment interest, but Cunningham also believes that security tools for the cloud will take time to gain a foothold in the market. The firm was an investor in Prelert, a startup that developed an unsupervised machine learning model from customer data to track fraud detection. Prelert was acquired by Elastic, an open-source analytics engine, in 2016.

“It had great traction, but it just kind of topped out,” Cunningham said. “It’s going to be an investible space, and there’s going to be a lot of money dumped in there.”

An increase in public cloud vulnerability could fuel investor interest. A recent McAfee report and subsequent presentation at the RSA conference in April showed that one in four organizations surveyed experienced data theft from a public cloud.

“The big companies, a lot of enterprises, are not putting their crown jewels into the public cloud yet,” said Cunningham, who pointed out that cloud providers themselves are starting to turn toward new security technology solutions. “They quietly are implementing security from innovative companies also. They’re not as public about it because they’re ‘already secure, so don’t worry about me.’”

Opportunity for consumer use

In 2016, Symantec purchased the identity theft protection company LifeLock Inc. for the princely sum of $2.3 billion. The acquisition caught the eye of investors because it represented a major milestone surrounding the intersection of cybersecurity technology and consumer interest in protecting personal data.

ForgePoint is also paying close attention to this trend as it invests in cybersecurity firms offering enterprise applications that could be bundled for consumer use as well.

“That was a lot of money,” Cunningham said. “If you think about five years ago, how many consumers would pull out their Visa card to buy security? We think that’s there’s a potential opportunity on the consumer side.”

Here’s the complete video interview, and there’s much more coverage of the RSA Conference from SiliconANGLE and theCUBE:

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy