AI, SOAR, Containers: Investors Predict What's Next For Cybersecurity

In an exclusive interview, PitchBook revealed venture capitalists invested $4.6 billion into 430 cybersecurity deals in 2017, a new record year for the industry. But the funding bonanza is tapering in 2018. Deal size and frequency dipped to $1.6 billion over 151 rounds as of mid-May, pointing to decelerating investment in the space and a concentration of funding for later stage startups. While we're coming off peak funding, leading security VCs see four promising growth areas up ahead.

AI-Enabled Security

The most notable buzz in security has been around AI applications that remove the burdens of repetition and inundation from practitioners. AI marketing dominated conversation and much of the coverage of the RSA security conference, which this year hosted more than 500 companies' booths. It holds the most potential for becoming the innovation catalyst that cloud and mobile had previously provided cyber and other industries. VCs see the nuances of possibility along with the limitations.

"AI can be very powerful when applied to the haystack of security data, but naive application of machine learning techniques will only generate noise," says Sarah Guo, partner at Greylock Partners. "Figuring out how to use machine learning to surface insight about malicious activity when 'normal user behavior' is constantly changing is a very hard problem."

Shifting behavior parameters dirties the data used to train machines, which creates a feedback loop of red flags for human review. Amit Karp, partner at Bessemer Venture Partners, notes: "AI-based cyber defense was a big promise, but the main issue with many of the AI-based companies is the high level of false positives." The weakness in using machine learning for flagging alerts is the reliance on large data sets for accuracy. If the underlying data sets lack critical mass, analysts may be back to combing through thousands of alerts.

The gaps in machine learning leaves room for complementary security tools. NEA partner Aaron Jacobson points out, "Deception is the only true way to get zero false positives for detecting breaches." The technology, which uses fake systems and credentials to tempt hackers into triggering alerts, impressed him enough to lead Illusive Networks' series B round. "When you get an alert, you know it's a high-fidelity threat." He compares a deception alert to a home alarm. "It never goes off, so you should be worried if it does."

TenEleven Ventures, which specializes in security startups, has invested in five companies that are bringing AI to different layers of the cybersecurity stack. Its founder, Alex Doll, notes: "There are many good use cases in the cybersecurity field where we have now built up large quality training sets of data where the AI algorithms are excellent and far exceed what humans could ever achieve."

CRV partner Max Gazor cautions, "The big thing to keep in mind is that products need to be effective, not science projects." This is especially important with more data going through more security endpoints, making aggregation tougher.

SOAR Grows Up

Last August, I wrote about the coming of age of tools to reduce incident fatigue for datacenter analysts, coined SOAR (Security Orchestration, Automation, and Response) by Anton Chuvakin and Augusto Barros at Gartner. While the space has grown quickly, VCs identify remaining gaps.

Gazor sees SOAR in a 1.0 phase that "creates a higher order problem. You need to bring your own infrastructure, people and processes" to build on the framework. He cites Respond, a CRV portfolio startup, as an example of autonomous security, which he views as the next phase for SOAR. At that stage, machines and AI trained and supervised by humans provide the solution to the current framework.

Guo believes, "Despite the many companies funded, there's more work to do in the SOAR area to get the product set right and drive value for security teams, who are increasingly focused on rapid detection and response."

Karp zooms in on the need for smarter technologies to manage alerts and risks. "Companies that help analysts prioritize alerts or help CISOs assess internal risks are most interesting."

Developer Security In The Limelight

In Q3 of 2017, 54 percent of Fortune 100 enterprises were using Kubernetes, which since its release in June of 2014 has become the de facto standard for container management. Its viral spread shows how cloud is transforming how developers build code and how organizations are embracing a cloud native mentality. In turn, this creates a need for security to move with these workloads.

In Doll's view, "The mega trends of hybrid-clouds, containers, cloud native computing and server less computing are all fundamentally changing how software is written and deployed in the world."

"The time is finally ripe for developer-friendly security solutions to take off," Guo says. "The security stack is being remade as enterprises reckon with hybrid cloud and rapid application development, and identity, data-centric and application security are replacing the traditional perimeter."

Karp agrees, "Security is now integrated into the code development and production process, which is undergoing a massive change."

Could Cyber Insurance Join The Party?

"Enterprise risk transfer through cyber insurance could revolutionize cybersecurity," says Gazor. Instead of buying IT security products to protect assets, companies could pass on their breach risk to an insurer. Given the volume of breaches and tougher regulatory penalties, some brands may choose to transfer the security burden rather than grapple with defense models in-house. As an early model, Cisco Systems, Inc. CSCO, Apple Inc. AAPL, Aon AON and Allianz formed a partnership to indemnify joint users of Apple and Cisco products.

Less Whitespace Ahead

PitchBook's data forecasts a quieter year for security funding. NEA's Jacobson offers a possible explanation: "Over the last five years, a ton of cybersecurity companies and new categories emerged. Cloud was new, mobile was new." The adoption of these platforms opened up large swatches of painpoints that cybersecurity entrepreneurs forged into new security categories. "Compared to past years, there's less whitespace," he adds.

Though there may be less open range, AI and hybrid infrastructures and container workloads are among an iterative wave of technologies—enabled by cloud and mobile—which will need security innovation.

Related Links:

These Benzinga Global Fintech Awards Finalists Are Revolutionizing AI And Machine Learning

Cybersecurity Stocks Trade Lower After White House Eliminates Vacant Cyber Coordinator Position

Posted In: artificial intelligencecontributorcontributorsCybersecurityVenture CapitalNewsTech