Author: AllegisCap

1IT Enterprise | Why Protected Encryption Is Very Important

  |   Allegis News, The Latest

By Robert Ackerman Jr | Founder & Managing Director of Allegis Capital

bobheadshot

As anybody familiar with the computer industry knows, the FBI wants Apple to break security protections on an iPhone linked to the deadly San Bernardino terrorist attacks — and a U.S. district court has ordered Apple to do just that.

Apple is fighting the decision for good reason. If it obeyed the court, the security of the iPhone could be compromised, helping to set in motion a trend that would materially undermine the effectiveness of cybersecurity in every conceivable venue.

Many law enforcement officials do not agree with this view; they believe encryption already allows far too many criminals to go scot free. But why lean on Apple to crack a phone they may able to crack themselves?

Authorities might be able to accomplish this, for example, by using a very precise atomic saw that can cut through the outer structures of the A6 microprocessor inside the phone, according to a recent story in The Wall Street Journal. They could target the portion of the chip that holds the user ID (the UID key). Then they could move the iPhone’s scrambled data to another computer and unlock it by using technology to guess the passcode of San Bernardo killer Syed Rizwan Farook.

It is true that this tactic would be risky and very expensive. And if anything goes wrong during the process, the data could be lost forever. But why is this a greater risk than forcing Apple to comply with authorities and possibly provide the essence of a “golden key” to unveil encrypted communications to help catch criminals and terrorists?

The authorities always sidestep one extremely important detail — in the domain of cybersecurity and encryption, the bad guys are just as smart as the good guys. Exploiting vulnerabilities is their expertise.  If there is a back door, they will find it, exploit it and seize valuable personal data. And how can we trust government entities, which are regularly breached, to keep such a golden key safe from criminals?

Data is the target of the vast majority of breaches of every stripe. Encryption is the last resort of data defense, one used to protect data 99.999 percent of the time. If encryption is penetrated, the cornerstone of defense disappears and the stage is set for even more hacking mayhem.

Two fundamental issues are at play in the Apple-FBI brouhaha. One is the Fourth Amendment of the Constitution, which protects against unreasonable searches and seizures. Isn’t this the point of encryption? The second issue is whether a back door would, in fact, improve the effectiveness of the FBI and other law enforcement agencies. FBI Director James Comey has suggested that police would have been able to track down the shooter of an Illinois man last year but for encryption built into both of the victim’s two phones. What he failed to mention was that one of the phones – a Samsung Galaxy S6 – isn’t encrypted by default.

Let’s return to the specifics of the dispute. For most iPhones, most danger is poised by criminals. If thieves can break into these phones, victims can easily be exposed to identity theft and perhaps even extortion. This is one of the main reasons Apple designed stronger encryption, starting on the iOS 8 operating system. Any software that by-passes those protections could materially hurt iPhone users.

It’s true that the FBI’s proposed system for Apple has protections to ensure its passcode hack can’t be used by anyone else.  Apple signs any automatic firmware updates before a given iPhone will accept them, and the FBI’s proposed update would be coded to an individual phone. The software wouldn’t install unless the phone’s serial number matches the serial number in the code. The method proposed by the FBI is also specific to iPhone 5c, the one in Farook’s possession. While this doesn’t have the Secure Enclave chip that ties lock screen protections to hardware in newer iPhones, it’s highly likely that the FBI would request similar methods for cracking Enclave-equipped phones if it is successful  in its current feud with Apple.

The software proposed by the FBI can be useful to thieves even though it can’t be used to unlock other phones. If the code falls into the wrong hands, it can potentially be reverse-engineered into a generic version, removing the code that ties the attack to a specific phone.

This reverse-engineered version would still need Apple’s signature before it could be installed – something, of course, thieves are unlikely to have. The fundamental point, however, is that that signature system would be the only thing protecting a stolen iPhone and the information inside it. By itself, this is a huge problem. New vulnerabilities pop up in software all the time, and no single system is ever considered entirely impenetrable. An undisclosed vulnerability could be used in a way that Apple and the FBI can’t predict.

Law enforcement and intelligence communities do important work, and new technology has made their jobs tougher. But the answer is not lowering standards for protecting data. The right answer is to work on new approaches to identify the bad guys. Innovation – not compromised security is the solution.

Read more>>

Ackerman, Jr., Robert. “Why Protected Encryption Is Very Important.” 1ITEnterprise. 30 March 2016. Web. 

 

 

Read More

Financial News | Goldman-backed startup aims to finally get finance into the cloud

  |   Portfolio News, The Latest

By: Anna Irrera | Financial News | Posted: 29 March 2016

 

GoldmanSachs_USAflagIn the past few years, Goldman Sachs has been very active in making investments in young technology companies. Banks make many of these investments to learn about important areas of technology, including cloud computing.

 

In October Goldman Sachs joined a $45 million investment round in Silicon Valley-based cloud computing startup Bracket Computing. Investors also included Fidelity Management, Andreessen Horowitz, Allegis Partners, GE and Qualcomm.

 

Founded in 2011, Bracket seeks to allay security worries about cloud technology, one of the reasons why financial institutions have been slower to move to the cloud than other industries. Bracket has developed software, called the Computing Cell, that essentially wraps an additional security layer around both public and private clouds. This additional layer encrypts the data going through it and is controlled by the user.

This means that banks and other large firms can take advantage of the benefits of moving their applications to public cloud providers such as Amazon Web Services, while applying their own advanced security controls. Bracket’s technology is used by Goldman Sachs and other financial firms including the Blackstone Group.

Tom Gillis, the chief executive of Bracket, said: “You get the physical controls that Amazon and Google put in place, which are world-class because they are so big, while we put in place logical controls. That combination is very strong.”

Gillis believes Bracket’s technology will lead more businesses to use the cloud and eventually to a transformation of data centres. As more and more large companies move their applications onto public clouds operated by large technology firms, their own data centres will shrink and so will their demand for hardware, Gillis believes.

Gillis said: “This is the blueprint of how data centres will be built in the future. In the new world where the physical comes from Amazon and other large providers, implications on the wider IT industry will be profound. The landscape for anyone who sells boxes [hardware] is going to change.”

Read more>>

Irrera, Anna. “Goldman-backed startup aims to finally get finance into the cloud.” Financial News. 29 March 2016. Web. 30 March 2016.

Read More

RSA Conference | The Cybersecurity Act of 2015 is a Necessary Stake in the Ground

  |   Allegis News, The Latest
By: Robert R. Ackerman Jr. | Founder & Managing Director, Allegis Capital

 

The Cybersecurity Act of 2015 is approaching its three-month birthday, but you can be excused if you’re oblivious to that. After all, many people probably don’t know it even exists. Very quietly, the law—the first major piece of Congressional cybersecurity legislation, one designed to address the explosive growth of successful cyberattacks—was signed into law in mid-December 2015 by President Obama.security_pixels

The act didn’t attract much attention because it was embedded in a $1.1 trillion omnibus spending bill to fund the government. The dim spotlight aside, what is the verdict on this historic legislation—a compromise bill based on competing cybersecurity information sharing bills that passed the House and Senate earlier in 2015?

It has some strengths and some weaknesses. Overall, what can be said is that it has insufficient teeth but nonetheless is a good starting point in getting the government involved in the global cybersecurity war—and yes, it is a war. The good guys need all the help they can get against the bad guys. The cost of global cyber espionage has soared to about $500 billion annually, and when you add in the cost of stolen intellectual property, it tops $1 trillion annually. Unfortunately, the bad guys are winning.

Bear in mind that this act is a product of Washington, and so, of course, it is a patchwork of compromise. The victory is modest and lies mostly in the passage itself. The day that occurred—December 18—even President Obama conceded “I’m not wild about everything in it . . .”

As a venture capitalist, I would like to see this legislation become the first step toward a broader and more sophisticated cybersecurity sharing network. That’s because I want the startups I back to push the cybersecurity envelope—and to correctly anticipate the future course of attacks—as much as possible. An improved sharing network would help achieve that goal because a better job could be done protecting against many standard attacks, allowing young cybersecurity companies to focus more on chronically evolving state-of-the-art attacks.

The legislation calls on businesses, government agencies and other organizations to share information about cybersecurity threats with each other. The belief is that, overall, this will help them prepare themselves better to identify and defend against cyber attackers. The Department of Homeland Security is the ring leader and can share the information with other government agencies and companies. It isn’t clear how this information will be shared, however, and, with the notable exception of IBM, some technology companies have said they will not participate because they don’t think there is sufficient consumer identity protection. This is a reasonable concern given the government’s own challenges in protecting sensitive data. The provisions of the law are voluntary.

People can debate the latter point endlessly and reach no clear-cut conclusion. What is much more significant, in fact, is that this legislation is behind the times.

By itself, sharing information about new types of malware, suspicious network activity and other indicators of cyber attacks won’t thwart much cybercrime. Given that the vast majority of cyber attacks are focused on data, what is really needed is the implementation of encryption to secure that data. Also crucial eventually is diligence in patching of outdated software. These steps can go a long way in making systems less vulnerable and lay the foundation for innovation focused on hardening next-generation IT infrastructure against cyberattacks.

As things stand today, even the sponsors of the legislation admit that the new law would not have helped against the highly destructive, allegedly North Korean-orchestrated attack against Sony Pictures Entertainment in 2014. Why? That attack, like many today, was not based on previously known computer viruses or other malicious tools that companies and the government could warn each other about.

Similarly, this law would not have fended off the theft of millions of personnel records from the U.S. Office of Personnel Management. In that case, the government failed to install sufficient cybersecurity protection in the first place. Poor computer hygiene, in fact, is rampant.

Businesses are encouraged to share more information about cyberattacks because the law minimizes the threat of private lawsuits, such as suits over violations of electronic privacy protections. In addition, companies are generally required to strip personal information about customers out of the shared data so that the government cannot amass records on individual behavior. The government is also required to ensure that all personal information, such as customer records, has been scrubbed.

While the law in its current form is lacking, it isn’t altogether ineffective. Take, for example, lower-level cyber-attacks. The notion of companies and governments sharing data about the “signatures” of cybersecurity thieves is worthwhile. This is the digital trail that shows where the attackers came from and what their code looks like. Given that most cyber-attacks are lower-caliber attacks assembled from non-proprietary code or programs and from off-the-shelf components on the black market, how can this not be helpful?

We have to start somewhere to begin improving U.S. cyber defenses. Washington, despite its foibles, has managed to do that. I prefer to look at this ultimately as something good, not bad, and that a stake has been put in the ground in the nation’s capital to step up the U.S. counter-attack against cyber intruders.

Robert Ackerman Jr. is founder and managing director of Allegis Capital, a Palo Alto-based early stage venture capital firm specializing in cybersecurity. Some of Allegis Capital’s cybersecurity investments include Shape Security, vArmour, and Red Owl. 

Find more>>

Ackerman Jr., Robert. “The Cybersecurity Act of 2015 is a Necessary Stake in the Ground.” RSA Conference, 18 March 2016. Web. 

 

 

Read More

WSJ | Under Pressure, Cybersecurity Market Is Ripe for M&A in 2016

  |   The Latest

WSJ_circuitboardCybersecurity, in recent years among the strongest segments of the tech sector, now is feeling the effects of the downturn.

Over the last two years, investors have poured capital into private security companies. Twelve security companies have raised more than $100 million each from venture capitalists, according to Dow Jones VentureSource. It’s fitting that the industry’s largest annual conference, which started Monday in San Francisco, is held just two blocks from the former sand dunes where Gold Rush-era prospectors encamped in an area known as Happy Valley.

At the RSA Conference this year, the mood may not be quite as happy. Along with the broader tech market, the cybersecurity sector has cooled. One basket of cybersecurity stocks, an exchange traded fund called HACK that trades like a stock, is down more than 30% since June 2015 compared to an 11% decline in the NASDAQ  composite index during the same period. Private companies have put IPO plans on the back burner. Instead, many venture capitalists and investment bankers expect 2016 to be a year of mergers and acquisitions for some companies. For other companies it will be the death knell, say experts.

“Two months ago, I would have said we were 18 months away from going public but now, with the market the way it is, it’s more like 36 months,” said Matthew Prince, CEO of CloudFlare Inc., which raised $110 million in 2014. Still, Mr. Prince said that of all the money his company has raised, 80% is still in the bank and his company is profitable.

Last year, there were 133 security M&A deals, up from 105 in 2014, according to 451 Research’s February report on the tech outlook for 2016.  Its recent survey of investment bankers showed that security is expected to have the most M&A activity this year, surpassing mobile technology for the first time in six years. International Business Machines Corp., Monday, said it will acquire Resilient Systems, which sells an incident response platform. Other large tech companies such as Microsoft Corp. are adding security capabilities too.

Cloud security, identity management and security analytics are likely to be in demand as consolidation continues, according to 451 Research. Centrify, which helps companies manage security for employee logins internally and across a range of external cloud services, could be a target if it skips an IPO this year, according to the report.

“We’re confident that we’ll have options in respect to the future of the company – whether it be a possible IPO or being acquired by a strategic company,” said Centrify CEO Tom Kemp in an email.

Larger companies also may be interested in buying security analytics companies to fill holes in their security information and event management systems. Exabeam and Fortscale, among several potential targets cited, specialize in identifying authorized users based on their typical behavior as they use software and websites.

Exabeam did not respond to a request for comment.

“We didn’t build Fortscale to be acquired, but we certainly appreciate the increased attention, resources and brainpower that’s being brought to bear to a security space that we’ve always thought of as pivotal,” said Fortscale CEO Idan Tendler in an email.

The share price of some security companies has fallen sharply, which can make an IPO unattractive.  Rapid7, for example, went public in July 2015, and its price has fallen nearly 50% to $13.73 per share as of February 26.

Rapid7 declined to comment.

“With the sheer number of new venture capitalists who have gotten into cybersecurity in the last couple years, I would predict that there’s going to be a few of those that do really great, really cool things and there’s going to be a large number of them that just fail,” said Jason Witty, chief information security officer at U.S. Bancorp. That’s because many startups are focusing on problems that are too niche.

Cybersecurity is a highly fragmented market and many of the products are niche products that don’t talk to one another, said Brenon Daly, research director of financials at 451 Research. His company currently tracks about 1200 security firms. “A CIO or a CISO is tasked with stitching together a number of different products and it’s inefficient,” he said. Larger enterprises typically want to buy platforms that can do more than one thing and work with other products, he added. A startup whose products don’t work with others is limiting its potential customer base and its potential for an IPO.

In 2015, worldwide spending on information security reached $75.4 billion, an increase of 4.7% over 2014, according to research firm Gartner Inc. The increased spending was driven by government programs, increased legislation and high-profile data breaches.

The market is expected to grow at a compound annual growth rate of 9.8% between 2015 and 2020, according to a report from Markets and Markets.

Last year, venture-backed cybersecurity companies raised $3.3 billion, up from $2 billion in 2014. A few of those companies scored outsized deals. In 2015, Palantir Technologies which specializes in security analytics, raised $879.3 million. Tenable Network Security raised $250 million in November.

Palantir did not respond to a request for comment.

Tenable Network Security said it benefits from offering a comprehensive security platform rather than a single product. “CIOs don’t want to work with multiple vendors, they want their security teams to work with one platform,” Ron Gula, CEO of Tenable, said in an email.

A company that raises hundreds of millions of dollars is better positioned to ride out a weak market, said Mr. Daly at 451 Research. “You have a suitable cushion to weather this storm – it is a tough market,” he added.

Over the last two years, investors who did not understand cybersecurity have jumped into the market, said Bob Ackerman, founder and managing director of Allegis Capital.  Investors tend to fall back to markets they’re most comfortable with during markets like this and the ones who don’t understand cybersecurity will flee the market, he said.

Mr. Ackerman, who has been investing in cybersecurity for 15 years, said he’s still optimistic about the sector due to projected spending increases by companies that need to counter growing threats. “I don’t think we’ll see a significant drop off in activity, but I think what we will see are investors being more selective,” he said.

Read more:

King, Rachael. “Under Pressure, Cybersecurity Market Is Ripe for M&A in 2016.” Wall Street Journal. Feb 29, 2016. Web. March 1, 2016.

 

Read More

No IPOs may indicate slowing year for Silicon Valley

  |   Allegis News, The Latest

By: Marisa Kendall | San Jose Mercury News | Posted: 28 Feb 2016

San Jose software company Apigee began trading on the Nasdaq on April 24, 2015. The company raised $87 million in its initial public offering, the second IPO of last year from a Silicon Valley tech company. (Nasdaq Creative Services)

San Jose software company Apigee began trading on the Nasdaq on April 24, 2015. The company raised $87 million in its initial public offering, the second IPO of last year from a Silicon Valley tech company. (Nasdaq Creative Services)

The first quarter is halfway over and the markets have yet to see a single IPO out of Silicon Valley, news that seems to confirm gloomy predictions some analysts have made about the tech industry’s coming year.

Some companies, such as San Jose-based cloud storage company Nutanix, apparently are delaying their Wall Street debuts. Nutanix, which had filed for a $200 million IPO in December, has yet to go public and may be waiting for better market conditions, experts said.

But the IPO climate may not improve any time soon. The stock market has been a roller-coaster ride this year as the market responds to fears about everything from China’s economic slowdown, to the drop in oil prices, to the refuge crisis in Europe. Twitter and GoPro shares fell to an all-time low this month, and LinkedIn lost $10 billion in value.

“This is the weakest start of the year since 2009,” said Kathleen Smith, a principal at Renaissance Capital, which tracks public offerings.

A look at eight of last year’s biggest U.S. tech IPOs shows six of the companies were trading below their offer prices Friday afternoon — including Etsy, Box, Fitbit and Match Group, which owns Tinder. Last year industry experts wondered if 2016 would be the year tech bubble bursts, or the year the market sees more “unicorpses” than unicorns. The IPO scene this year seems to reflect that uncertainty.

The only public offerings so far have been from four biotech companies based in Illinois, Massachusetts and China, and Silver Run Acquisition Corporation, a Houston-based energy-focused acquisition company. Silver Run raised $450 million in its Tuesday IPO.

IPO 022916Last year, 24 companies had priced initial public offerings through the end of February, according to Renaissance Capital data. That includes Redwood City-based Box, which provides an online file-sharing service for businesses. The four 2016 biotech IPOs — AveXis, Proteostasis Therapeutics, BeiGene and Editas Medicine — are what Smith calls “quasi IPOs” because they relied heavily on insider buying.

Massachusetts-based Syndax Pharmaceuticals announced its plan to launch an IPO next week. Others, such as Southern California-based orthopedic health company Ellipse Technologies, are choosing acquisition. Ellipse filed for a $75 million IPO in October but reversed course last month and announced it was being acquired by NuVasive, a San Diego medical device company, for $380 million.

Another six companies postponed IPOs this year that had been pegged to raise $1.3 billion, according to Renaissance Capital data. That list includes Oakland-based construction company Shimmick Construction. The Silicon Valley IPO market hasn’t seen much action since Square went public in November. Square saw a first-day return of 45 percent, after discounting its shares by about a quarter.

Private companies aren’t the only ones getting nervous. Investors have pulled back on their spending, raising the bar for startups to get funded, said ClearPath Capital Partners managing partner Paul James Boyd.

“We have also heard that when companies are out looking for capital, a couple we’ve run in to have not been able to get the whole amount they wanted,” he said.

That means investors may be less likely to fund riskier companies going forward, said Robert Ackerman Jr., founder of Allegis Capital, and they may shy away from Silicon Valley’s most innovative new startups.

Norwest Venture Partners managing partner Jeff Crowe disagrees. There’s still plenty of seed and early-stage funding to be had, he said.

“What I do think it means, is that companies that have scaled to a large size without a prudent business model, they can have trouble,” he said.

The year’s biggest deal so far seems to be Florida-based virtual reality startup Magic Leap, which earlier this month announced a new $793.5 million round of funding led by Alibaba Group.

PricewaterhouseCoopers partner Thomas Ciccolella said “megadeals” of $100 million or more are a positive sign because they show investors still are willing to bet on innovation.

“It says there’s ripe opportunity for entrepreneurs, or for things to be changed in the current environment, especially in tech,” he said. “That helps us gauge the appetite for new and innovative technology.”

Ackerman described the market slowdown not as a tech bubble bursting, but as “a lot of air being let out of the balloon.” The market is correcting itself after years of overexcitement and runaway valuations, he said. But the slowdown may open up opportunities for some savvy investors.

“You can argue when nobody’s investing in anything is a phenomenal time to make an investment,” Ackerman said. “But that requires you to look past your fear.

Kendall, Marisa. “No IPOs may indicate slowing year for Silicon Valley.”  Mercury News. Feb 28, 2016. Web. Feb 29, 2016.

Read More

Signifyd Raises $20 Million in Series B Funding to Ensure E-Commerce Merchants Never Pay A Chargeback Again

  |   Portfolio News, The Latest

Currently, more than 3000 e-commerce companies rely on Signifyd’s intelligent machine-learning platform to eliminate fraud-related chargebacks from their businesses

signifydfunding

San Jose, Calif. – February 25, 2016 – Signifyd today announced it has closed $20 million in Series B funding led by Menlo Ventures, with additional participation from Allegis CapitalIA VenturesQED InvestorsBill McKiernan and Tim EadesPravin Vazirani, a general partner at Menlo Ventures, will also join its Board of Directors. This new round brings Signifyd’s total funding to $31 million to date. The company will use the funds to accelerate growth, scale its infrastructure, and continue to expand its team of world-class fraud experts.

Signifyd has created a new class of risk-assessment technology designed to leverage the data of the programmable web. Today the platform is used to protect thousands of e-commerce merchants from credit card chargebacks with a 100% financial guarantee. E-commerce fraud costs the industry $9 billion a year and $120 billion in lost revenue. Existing solutions only provide retailers with a cryptic score and rely on human expertise alone to ultimately decide whether or not to accept a transaction. For the first time, merchants of any scale now have the option to receive a 100% financial guarantee against fraud using Signifyd’s machine learning technology and behavioral analytics.

“We’re saving our customers millions of dollars in revenue and merchants of all sizes are taking note,” said Signifyd co-founder and CEO Rajesh Ramanand. “We raised our Series A just 7 months ago and our traction has been tremendous. What’s more, we believe the technology we’re applying to e-commerce is the technical foundation for the next-generation of insurance products.”

In 2015, Signifyd:

  • Increased to a run rate of $5.6 billion in transaction volume, with an 8X year-over-year revenue growth.
  • Grew to more than 3000 customers adding marquee clients such as LacostePeet’s CoffeeShane Co. and Jet.com.
  • Tripled the number of employees, including the addition of executives from AxcientCitrixand PayPal.

“Over the last year Signifyd has shown tremendous growth and great unit economics with very little capital raised,” said Pravin Vazirani, general partner at Menlo Ventures. “Signifyd has permanently altered the course of the fraud detection industry. There used to only be software providers who didn’t back their product with a guarantee. Signifyd’s ability to give a guarantee at the scale and precision of millions of events from thousands of customers is truly unique. I believe Signifyd is primed to not only solidify its place in e-commerce fraud detection but change the way we think about more traditional insurance markets.”

New board member Vazirani has been a Managing Director with Menlo Ventures for the past 15 years and focuses on the e-commerce, SaaS and cloud sectors. His current and past investments include Carbonite (NASDAQ: CARB), Edgecast Networks (acquired by Verizon), Like.com (acquired by Google), vArmour, Stance, and Poshmark. Menlo Ventures had previously invested in HNC Software, the market-leading decision management software used by the banking industry to prevent credit card fraud, that was acquired by Fair Isaac in 2002. Signifyd also recently announced the addition of Bill McKiernan, founder of CyberSource Corporation, to its Board earlier this year. McKiernan led CyberSource to its $2 billion acquisition by Visa in 2010.

About Signifyd

Signifyd was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. Signifyd solves the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. E-Commerce Assurance, Signifyd’s financial guarantee protecting online retailers in the case of chargebacks, is supported by a full-service cloud platform that automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. Signifyd is in use by multiple companies on the Fortune 1000 and Internet Retailer Top 500 list. Signifyd is headquartered in San Jose, CA.

For more information about Signifyd, please visit www.signifyd.com.

Signifyd Raises $20 Million in Series B Funding to Ensure E-Commerce Merchants Never Pay A Chargeback Again.” Signifyd. 25 Feb 2016. Web.

 

Read More

The Fiscal Times | Cyber security startups face funding drought

  |   Allegis News, The Latest

Cyber security startups face funding drought

By Heather Somerville & Jim Finkle, Reuters
February 23, 2016

 

matrixThe U.S. cyber security industry, once one of the hottest targets for venture capitalists, is now grappling with a funding slump that has forced some startups to sell themselves or cut spending.

Amid widespread concerns about cyber attacks and data breaches, hundreds of security startups have sprung up in recent years, promising “next-generation” technologies to fight cyber criminals, government spies and hacker activists.

But many of the new ventures have struggled to gain traction, finding it difficult to stand out from the crowd and provide customers with sophisticated enough security solutions to match the increasingly advanced cyber attacks they face.

“Investors are looking at balance sheets and saying, ‘You raised $100 million and you have nothing to show for it?'” said Promod Haque, senior managing partner at Norwest Venture Partners, which manages about $6 billion in capital.

Private investors pumped a record $3.3 billion into 229 cyber security deals last year, according to data from CB Insights. Venture capitalists, dealmakers and entrepreneurs said funding is drying up for all but the most mature cyber startups with substantial sales.

“Almost every other company I knew who was on the road raising money at the same time had to pull their rounds back and were not able to close,” said Michael DeCesare, chief executive of ForeScout Technologies Inc, a network security firm.

ForeScout reported more than $125 million in 2015 revenue and finalized a $76 million financing round last month. Other deals this year include $96 million in funding for risk analytics firm Skybox Security Inc, and Fidelity Investments’ $50 million investment in anti-virus software maker Malwarebytes.

It now takes six to eight months to close deals, up from about three to four months a couple years ago, said Sean Cunningham, managing director at Trident Capital Cybersecurity.

The founder of a cyber startup that raised money two years ago said he sought additional financing for several months but then gave up. The firm, which did not want to be identified, cut spending and plans to seek financing again in about six months.

Other startups are looking for buyers. A dealmaker at a large security company, who declined to be identified, said the number of incoming inquiries from businesses looking to sell themselves is up 40 percent this year, compared to the same time in 2015.

Last month, iSight Partners – which has uncovered major cyber campaigns from Iran, Russia and other nations – sold itself to FireEye Inc for $200 million in cash plus another $75 million in cash and stock if it meets certain sales targets. Last August, iSight Chief Executive John Watters told Reuters he planned to take the company public in 2016 at a valuation of at least $1 billion.

After the FireEye deal was announced, Watters said his plan changed because market conditions shifted, making it more difficult to raise capital to remain independent. FireEye CEO Dave DeWalt said the tough funding environment would spawn more deals. FireEye also bought tiny security software maker Invotas for $30 million last month.

The value of cyber M&A activity more than doubled last year to $26.8 billion from $10.3 billion in 2014, according to data from consulting firm EY. The number of deals increased 46 percent to 287.

‘INDISCRIMINATE CAPITAL’

Cyber stocks had rallied in 2013 and 2014 on expectations the industry would benefit from a seemingly endless streak of headline-grabbing cyber attacks. Private investors, seeing the opportunity, piled onto startups. “You had a lot of indiscriminate capital that came into the space,” said Bob Ackerman, founder of Allegis Capital and a longtime security expert. The boom in cyber investing showed signs of faltering last year as earnings of publicly traded cyber companies missed expectations.

Too many startups copied technology already on the market, or products that hackers had figured out how to circumvent. Some highly touted products sold by private companies were found to be “obsolete from the moment they were launched,” said David Cowan, a partner at Bessemer Venture Partners.

Cyber stocks have since underperformed the broader market. FireEye, which this month warned that growth in cyber spending could slow this year, has fallen 35 percent over the past three months, compared to a 12 percent decline in the Nasdaq Composite Index. Qualys Inc tumbled 38 percent over the same period, while Palo Alto Networks Inc dropped 26 percent and the Pure Funds ISE CyberSecurity ETF fell 21 percent.

Robert Thomas, CEO of cloud security firm CloudPassage, which raised $36 million last July, said he expects the funding crunch for startups to last. “I feel fortunate that we got in under the wire and were able to raise (money) for the next two years to carry us through,” he said.

(Reporting by Heather Somerville in San Francisco and Jim Finkle in Boston; Editing by Jonathan Weber and Tiffany Wu)

Cyber security startups face funding drought” The Fiscal Times. Web. 23 Feb 2016.

Read More

WSJ | Increased Spending in Cybersecurity Drives Surge in Funding

  |   Allegis News, The Latest

 

As funding from venture capitalists tapered off in the fourth quarter of 2015, investment in the cybersecurity sector continued to boom.

Venture capitalists invested $675.43 million in the fourth quarter of 2015, up from $522.41 million in the same quarter a year before, according to data from Dow Jones VentureSource. Total annual venture capital funding in cybersecurity increased 76 %, to $3.34 billion, in 2015.

In the wake of high-profile hacks and increased activity from state actors, companies are increasing their spending on security. Gartner predicts the world-wide cybersecurity market will increase to $170 billion by 2020, up from $75.4 billion in 2015. Investors see that boom as an opportunity, despite public security stocks struggling since the start of the year.

Experienced venture capitalist investors in security predict investment in the sector won’t rise as rapidly in 2016 as market conditions cool. They view security as a viable sector largely insulated from the recent market turmoil, but say the sky-high funding rounds that became common in 2015 will be more rare. Investors predict a similar number of cybersecurity investments will occur in 2016, but the total dollars in the sector may not be as high because fewer large institutions will drive up funding rounds.

For many, a sign that valuations in the cybersecurity sector may have gone too far was FireEye Inc.’s acquisition of iSight Partners Inc . for as much as $275 million, based on certain milestones. The company’s sale, which security executives said was far below a sought-after higher valuation multiple, showed that even strong companies may not live up to the lofty valuations set in 2015.

Bob Ackerman, the managing director of Allegis Capital, said when everything is on the rise, investors tend to pile on. He expects firms that don’t have a history of investing in security to pull back from the sector.

“In a market like this people talk about a flight to quality, but generally there’s also a flight to comfort,” said Mr. Ackerman. “Investors go back to the thing that they know best.”

But funds are increasingly specializing in the sector. Mr. Ackerman’s fund focuses on cybersecurity startups, as does TenEleven Ventures and Trident Capital Cybersecurity. Menlo Ventures plans to dedicate 25% of its latest fund to security companies.

Trident Capital’s newest partner, Sean Cunningham , said he isn’t worried about the increasing number of funds specializing in cybersecurity. Mr. Cunningham said that because there was so little investment in the sector for many years, venture capitalists are now playing catch up from when cybersecurity investment dropped between 2004 and 2010.

“The sector has actually been underfunded in some regards,” Mr. Cunningham said. “You could argue that we’re going to make up for some of that.”

Mr. Cunningham said Trident passed on a number of deals in 2015 when term sheets came back with valuations the company felt were inflated. He said there will likely be a similar number of cybersecurity deals in 2016, but the total capital deployed in those deals may be lower.

In 2016, investors expect an increase in mergers and acquisitions within the sector. Mr. Cunningham expects traditional public security companies will likely be actively acquiring startups.

Investors predict that given current public market conditions, most companies that are ready to go public will wait it out. Public security companies’ stocks took a beating in early 2016, with FireEye and Imperva Inc . down more than 40% since the start of the year.

Venky Ganesan, a partner at Menlo Ventures , said because so much capital flocked to cybersecurity in recent years, many “clones” were funded. He said time will tell which companies truly own their valuations.

“When the tide goes out, you can see who’s wearing shorts and who is really naked,” Mr. Ganesan said.

Read more>>

“The Daily Startup: Increased Spending in Cybersecurity Drives Funding Surge” Wall Street Journal, 17 Feb, 2016. Web.

Read More

Silcon Valley Business Journal | “VC confidence rebounds as late-stage venture competition eases”

  |   Uncategorized
Silicon Valley Business Journal, By: Cromwell Schubarth | Posted: 4 Feb 2016

Logo_SVBJVenture investors may be taking hope in the dwindling interest in their portfolio that they are seeing among hedge funds, private equity and mutual fund investors.

VC confidence ended a three-quarter slide at the end of last year, according to a quarterly survey done by Mark V. Cannice, a professor at the University of San Francisco.

“VCs tend to see hope when there is a bit of panic and have caution when the punch bowl is full,” Cannice told me, explaining that his survey of investors looks ahead at what they think is coming in the next six to 18 months.

Recent reports on startup investing in the fourth quarter and start of this year indicate that fewer deals are being done while valuations and amounts invested are dropping slightly.

A 5-point index from the survey, where 5 indicates high confidence, came in at 3.59 in the fourth quarter. That’s up from a three-year low of 3.39 in the third quarter but below recent highs above 4 in 2013 and 2014.

Venky Ganesan of Menlo Ventures and chairman-elect of the National Venture Capital Association said the late stage market has been due for a correction, urging, “Caution ahead!”

“The heady cocktail of easy money due to the Fed, high burn rates, and questionable gross margins is going to give a massive hangover to a bunch of companies,” Ganesan said in the report. “We will see a pullback in late stage financings and even some layoffs, but the long-term value proposition of technology driven change remains intact.”

“The public markets cannot possibly absorb the current batch of unicorns at their current valuations, not to mention the thundering herd of unicorn wannabes,” he said. “There will be more disappointment than celebration over the next 18 months. Still, there is plenty of room for creating real value and building great companies. We just need to adjust expectations.”

Dixon Doll, DCM founder emeritus, said, “In this frothy environment with way too many unicorns and public markets receding, I’m long-term optimistic … short term pessimistic because of contracting liquidity alternatives.”

Bob Ackerman of Allegis Capital wrote, “All that glitters is not gold and the hens of excess are coming homing to roost. The massive influx of outside capital into the venture ecosystem, which has inflated a broad spectrum of valuations, has once again validated the ‘Greater Fool Theory.” The venture community is actively pulling in its investment horns which will reinforce the inevitability of the correction. The good news – with the reset come excellent opportunities for those that know the difference between FeS2 and Au.”

“VC confidence rebounds as late-stage venture competition eases.” Silicon Valley Business Journal, 4 Feb 2016. Web. 5 Feb 2016. 

Read More