The Latest

Cybersecurity startups start to see slump in VC spending

  |   Allegis News, The Latest

 

 

 

Third Certainty | Roger Yu | March 20, 2017

 

Venture capital funding in cybersecurity is cooling. And it’s show-me time for startups battling for the dwindling pool of funds.

While the cybersecurity market is maturing, startups are still innovation drivers and venture capitalists are keen on finding the next big unicorns. Large enterprises’ tendency to juggle products from multiple vendors—despite their wishes for seamless, one-vendor-only solutions—leave the market perpetually fragmented. And the fact that cybersecurity threats are evergreen enables venture capitalists who specialize in the sector to operate with little regard for broader macroeconomic conditions.

Still, the ample opportunities afforded by the fragmented, constantly shifting market have bred too many me-too companies and fast followers, driving some venture capitalists to pause and reflect on the next phase. “It’s definitely overfunded, massively so,” Ravi Viswanathan of New Enterprise Associates told a panel at CB Insights’ Future of Fintech Conference last year.

Bob Ackerman, Allegis Capital founder and managing director

 

“You saw a material pause in the fourth quarter,” says Bob Ackerman, founder and managing director of Allegis Capital, which specializes in the sector. “You have too many undifferentiated companies. There’s a level of noise that develops as a result of that. … Cybersecurity is one of those areas where experience and domain knowledge matter a great deal.”

After growing steadily since 2012, venture capital funding in cybersecurity dipped in 2016, alarming entrepreneurs. The cybersecurity market captured roughly $3.1 billion of venture funding in 2016, down from $3.8 billion a year earlier, according to research firm CB Insights. The cybersecurity market will undergo a few years of retrenchment with a host of companies shutting down, VCs say.

More judicious spending

But the market is hardly mature. Money will still be spent, just more selectively. At this phase, fewer deals will be struck. But those deals will be reserved for larger companies, with proven products further along in development.

“The deal size and valuation is coming down a bit,” says Sean Cunningham, managing director of Trident Capital Cybersecurity, which raised $300 million this month for a fund to invest in cybersecurity startups. “I don’t think there’s any shortage of capital for the right type of companies. But the dollars being invested are smaller.”

Appthority is one of the companies that made Trident’s cut. Appthority, which develops mobile threat protection software for corporations, didn’t land its first paying customer until more than a year after it was founded in 2011.

Four years later, its customer renewal rate stands at 98 percent, with about 20 percent of its revenue coming from the government sector. Heartened by solid proof of growth, venture capitalists poured in another $7 million in Series B funding last July, led by Trident Capital Cybersecurity.

Sean Cunningham. Trident Capital Cybersecurity managing director

 

“You’re going to see a lot of startups out there, and good ones will rise to the top,” Cunningham says. “There’s ample supply of capital to fund them. They can get traction.”

Innovation niches

As seen in the early days of the internet, the cybersecurity market is recalibrating for a second wave of innovative technology that’s more comprehensive and cohesive. And that means more seamless products for large clients who are eager to cut down on the number of vendors.

“Companies that can stand on their own two feet, deliver value, and have deep knowledge will do fine,” Ackerman says, citing one of the companies he’s invested in, EnVeil, which uses “homomorphic encryption” to secure data in operation.

As more companies employ automation and “big data” to enhance efficiency and find new markets, data encryption products will continue to be in heavy demand.

The emergence of the industrial internet—the integration of complex machines to network sensors and software—also will breed startups eager to provide cybersecurity solutions to power and water grids, refineries and pipelines.

In May, Trident helped raise $6.6 million in Series A funding for Bayshore Networks, which develops cloud-based software that offers “visibility” into operational technology infrastructure, networks, machines and workers.

Meanwhile, the proliferation of enterprise mobile devices will continue to see vulnerabilities and pose a ripe market for startups like Appthority, Cunningham says.

Early investors haven’t gone away

That VC dollars are chasing more evolved companies doesn’t mean early-stage investing is passé, Ackerman says. “That’s where the new things get started.”

But cybersecurity, unlike more consumer-oriented technology sectors, is a competitive and difficult market, rife with startups struggling to recruit and market products.

That’s partly why Allegis funded DataTribe, a startup studio based in Fulton, Maryland. It was designed to tap into the wealth of cybersecurity-savvy technologists in the region with experience or ties to the federal government and intelligence agencies.

Ackerman also anticipates more mergers and acquisitions activity from large cybersecurity companies that may find it easier to acquire smaller niche players as they seek to add new product lines.

As venture capitalists squeeze their wallets, startups lucky enough to land Series A funding also will have to justify more vigorously their pursuit of Series B funding, Cunningham says. “And unicorns are in trouble,” he says, referring to startups valued at over $1 billion.

The Trump factor

Meanwhile, venture capitalists are hopeful that the federal government, with President Trump at the helm and promising a rollback in regulations, will cut steps in federal procurement and stay engaged in securing networks.

“We think the administration understands the value of national cybersecurity,” Cunningham says. “We’re not counting on incremental increases in spending. But we’re excited about the awareness level.”

Article found here: Thirdcertainty.com

Read More

Exclusive: Blackstone-Backed Network for Cyber Risk Launches Today

  |   Portfolio News, The Latest
 
Fortune | Jeff John Roberts | 7:40 AM Pacific

Financial firms have long used rating agencies like Moody’s or S&P to judge the risk of bonds. Now, companies that face risk from cyber attacks—which these days is almost everyone—have a tool to do the same.

On Wednesday, CyberGRX unveiled a platform that acts as a clearinghouse for cyber risk. Developed by a group of blue chip security pros from companies like Blackstone and Aetna, CyberGRX promises to make the process of flagging cyber dangers from their vendors dramatically more efficient.

The risk posed by vendors has been top of mind for many companies ever since the infamous hack on Target (TGT, +0.40%) in 2013, which saw attackers compromise the computer systems of Target’s HVAC supplier in order to steal credit card information from 40 million customers.

According to Jay Leek, the former chief security officer of Blackstone, the idea for a clearinghouse came about because companies spend enormous amounts of time filling out check-lists to assess the security risks posed by their vendors. Many of Blackstone’s portfolio companies, for instance, were all conducting the same compliance tests to see if vendors—which can include anyone from software giants like Salesforce (CRM, +0.86%) or Workday (WDAY, +0.65%) to catering companies—had programs in place to defend against cyber-attacks.

This process, says Leek, resulted in a lot of duplicated efforts and security officers spending their time on checklists rather than on mitigating cyber dangers.

In response, Leek and others realized the approach was to build what they call a “third party global cyber risk exchange” that will let companies assess vendors in the same way banks rely on ratings agencies to assess bonds. Leek likens it to performing cyber-risk by means of a Turbo Tax method, rather than doing it by hand.

“The inherent efficiency of the CyberGRX Exchange eliminates the waste in today’s approach—largely based on sharing spreadsheets—in a way no one in the market does. For the first time, companies will know which of their third parties pose the greatest risk to their organizations,” says Fred Kneip, CyberGRX CEO.

The process has been in the works since last year when CyberGRX raised $9 million from investors that include Allegis Capital, Blackstone, TenEleven Ventures, Rally Ventures, GV (formerly Google Ventures), and MassMutual Ventures.

To building process has relied on what CyberGRX calls its “design partners” like Aetna, and their existing dossiers of tens of thousands of vendor reports.

Now, the tool is ready for primetime as CyberGRX (GRX is for global risk exchange) invited other companies to take part. Here is how CyberGRX described it in a release announcing the news:

Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.

While the plan will provide a way for big companies to speed up their cyber risk assessments, it will also help hundreds of thousands of vendors who currently must wait for a cyber seal-of-approval before they can start providing their services.

As for the risk assessments the platform provides, those are compiled from the reports provided by the member companies but also from a host of outside signals. These include threat reports from security companies as well as news reports from Thomson Reuters and others.

The other advantage of the service, according to CyberGRX, is that it will continually update the security profiles of all the companies on the exchange. This means companies will no longer need to rely on an annual checklist system to confirm a vendor can still be trusted.

The idea for a cyber risk clearinghouse is not a new one. According to Leek, S&P tried unsuccessfully to come up such a service way back in 2006. Goldman Sachs(GS, +0.23%), meanwhile, tried to create a risk standard with Moody’s in 2015 but was likewise unable to pull it off.

If CyberGRX is a success, its backers say the service could save companies billions in legal and compliance costs, and allow security executives to devote far more time to threat mitigation rather than bureaucratic measures.

The new service may also jumpstart the market for cyber-insurance, which has been expanding in light of the ongoing number of high profile data breach incidents. But that is far from mature—in large part because of a lack of information on how to price cyber risk.

Article found here: www.fortune.com

Read More

G6 Hospitality Leverages RedOwl to Prevent Insider Threats

  |   Portfolio News, The Latest
RedOwl Analytics, Inc.

 

 

Top Lodging Company Boosts Protection of Sensitive Data of Company and Guests

 

Marketwired | March 07, 2017 11:00 ET

 

SAN FRANCISCO, CA–(Marketwired – March 07, 2017) – RedOwl, the leading provider of insider risk solutions, today announced that G6 Hospitality, known for its iconic economy lodging brands, Motel 6 and Studio 6 in the U.S. and Canada, has deployed the RedOwl Insider Risk Management platform to mitigate the risk of negligent, compromised and malicious employees leaking sensitive company intellectual property or customer data.

G6 Hospitality owns, operates and franchises over 1,300 lodging locations and employs more than 10,000 team members across the U.S. and Canada. Like many organizations, at G6, email is how business is done — both internally and with its franchisees who still at times maintain their own email systems. The company selected RedOwl specifically because it is the leading solution for electronic communication content and behavioral analytics as well as having the capability to integrate other critical streams of activity and employee-specific characteristics.

“One of the biggest strains on resources within our security team is ensuring all of our employees across North America are aware of how email should and shouldn’t be used and are educated on the risks of phishing and other types of external attacks and internal risky behavior that could result in critical data loss for our organization,” said Harvey Ewing, chief information security officer (CISO) of G6 Hospitality. “With RedOwl, our team no longer has that burden, as the platform can analyze and alert potential threats before they become incidents.”

RedOwl combines content and behavioral analytics to identify both acts of exfiltration and the potential precursor activities that indicate unwanted behavior in the enterprise, such as data theft and even employee flight risk. Critical to the team at G6 is RedOwl’s ability to reduce the noise and false positives typically seen in monitoring as well as to be able to quickly go from alert to in-depth investigation.

“Insider threats can no longer be ignored by organizations looking to protect their intellectual property and customer data,” said Guy Filippelli, founder and CEO of RedOwl. “RedOwl is proud to be G6’s partner as they work to further protect themselves and their customers from insider threats.”

In the year ahead, G6 Hospitality will continue to strengthen its defenses by leveraging more insider risk management capabilities offered on the RedOwl platform.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

ABOUT G6 HOSPITALITY
G6 Hospitality LLC owns, operates and franchises more than 1,350 economy lodging locations under the iconic Motel 6 and the extended stay Studio 6 brands in the U.S and Canada, and Hotel 6 and Estudio 6 brands in Latin America. Headquartered in Dallas (Carrollton), Texas, G6 Hospitality was rated one of the top ten hospitality companies according to the Hotel Management 2015 Top Hotel Companies rankings list, which evaluated over 260 hotel companies. For more information please visit G6Hospitality LLC.

Article found here: www.marketwired.com

Read More

RedOwl Enters Agreement with immixGroup to Reduce Insider Threat Risks for Government

  |   Portfolio News, The Latest

 

 

 

 

New Relationship to Strengthen Agencies’ Risk Management Posture

 

Marketwired | February 21, 2017

 

 

SAN FRANCISCO, CA–(Marketwired – February 21, 2017) – RedOwl, the leading provider of insider risk solutions, today announced an agreement with immixGroup, an Arrow company that helps technology companies do business with the government. Through immixGroup contracts with governments at the federal, state and local levels, agencies will be able to purchase RedOwl’s behavior risk analytics to avoid insider threats to mitigate classified information leaks, intellectual property loss, data theft and employee flight risk. In addition, government organizations can use RedOwl to comply with the Presidential Order for agencies to implement an insider threat program, in addition to meeting compliance standards set by National Industrial Security Program Operating Manual (NISPOM) for government contractors.

“Major cyber espionage and data leaks affecting the U.S. government over the past few years are proof that, more so than ever before, the public sector has the huge responsibility to protect against insider threats within their own organizations, but also the societal imperative to respect the privacy of employees,” said Guy Filippelli, CEO of RedOwl. “With its deep-rooted commitment to providing governments with reliable access to the enterprise software and hardware solutions they need to achieve mission success, our agreement with immixGroup aims to do just that. Only RedOwl can help governments and enterprises monitor and detect precursor behavior in a comprehensive, unbiased, systematic and automated way while ensuring employee privacy.”

RedOwl unlocks the power of existing enterprise data to identify and mitigate unwanted behavior. Only RedOwl ingests and combines structured, unstructured and business data to analyze interactions between employees, contractors, devices, files and applications. Using a combination of statistical pattern matching, machine learning and content analytics to profile user behavior, RedOwl gives risk management professionals the in-depth narratives required to effectively pinpoint and distinguish negligent, compromised and malicious employees.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

Article found here: marketwired.com

Read More

Behavioral Intelligence Innovator E8 Security Wins Best Cybersecurity Startup In 2017 Cybersecurity Excellence Awards

  |   Portfolio News, The Latest

Behavioral Intelligence Innovator E8 Security Wins Best Cybersecurity Startup In 2017 Cybersecurity Excellence Awards

 

 

 

 

Led by Innovative Machine Learning Approach to Transforming Traditional Security Operations, E8 Security Recognized By LinkedIn Information Security Community

Redwood City, Calif. — February 9, 2017 — E8 Security, an innovator of behavioral intelligence for cybersecurity, today announced that it won ‘Best Cybersecurity Startup’ with 50 or fewer employees in the 2017 Cybersecurity Excellence Awards. E8 Security emerged victorious over 27 other finalists. E8 Security was also named as a finalist for ‘Most Innovative Cybersecurity Company’ with 50 or fewer employees, as well as in the ‘Best Security Analytics’ and ‘Best Threat Hunting’ product categories.

The annual Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in information security. The awards are produced in partnership with the Information Security Community on LinkedIn, tapping into the vast experience of over 350,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, professionals and organizations.

“Congratulations to E8 Security for winning the Best Cybersecurity Startup category in the 2017 Cybersecurity Excellence Awards,” said Holger Schulze, founder of the Information Security Community on LinkedIn which organizes the awards program. “With over 450 entries, the 2017 awards are highly competitive, and all winners and finalists reflect the very best in leadership, excellence and innovation in today’s cybersecurity industry.”

In addition to this latest accolade, earlier this week E8 Security unveiled its E8 Security Fusion Platform, which transforms traditional security operations by automating the learning of user and device behaviors to discover malicious activity unknown to security analysts, resulting in improved alert quality and accelerated investigations to make security operations more proactive. Security operations teams are able to reach conclusions quickly by offloading the data mining, analysis, and correlation process, typically done manually, to the Fusion Platform, which provides them with answers to questions they didn’t even know to ask.

“At E8 Security, our team and the environment they create fosters ingenuity and is constantly driven by understanding our customers’ challenges,” said Matt Jones, CEO, E8 Security. “Being recognized with an award of this nature by security industry practitioners is further validation that we have quickly achieved a culture of collaborative innovation that has allowed us to ascend to a leadership position in Behavioral Analytics, which is transforming the way security operations teams detect, hunt for, and respond to hidden threats inside their organizations.”

About E8 Security

E8 Security is transforming security operations by automating the learning of user and device behaviors to discover malicious activity unknown to security analysts, resulting in improved alert quality and accelerated investigations to make security operations more proactive. E8 Security raises the bar, as the first be The Hive. Find out more at www.e8security.com.

PRESS CONTACT

Doug De Orchis

Voice Communications for E8 Security P: (617) 897-8259

E: ddeorchis@vocecomm.com

Read More

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

  |   Portfolio News, The Latest
 

RedOwl Analytics, Inc.

 

January 18, 2017 01:00 ET

 

RedOwl to Deliver Next-Generation Insider Risk Management Platform to BT Customers

 

LONDON, UNITED KINGDOM and BALTIMORE, MD–(Marketwired – January 18, 2017) – RedOwl, the leading provider of insider risk management solutions, today announced a global agreement with BT, one of the world’s leading providers of communications services and solutions. The agreement enables BT to offer its customers the RedOwl analytics platform to uncover insider threats as well as meet compliance requirements for regulatory surveillance.

BT has been at the forefront of providing innovative IT products and services specifically tailored to the financial services market for more than 35 years. Its global customer base includes the world’s largest banks, brokers, insurance companies, mutual societies, investment managers and exchanges.

BT customers will be able to deploy RedOwl in two critical capacities:

  • Information security: Today, BT offers a choice of services that helps customers undertake a range of pre-emptive information security measures, with device management, identity, access management and infrastructure security within the BT Security portfolio. With RedOwl, BT customers will leverage market-leading behavioral analytics to build and optimize insider threat programs and address key issues such as IP and data loss, employee flight risk and compromised employees.
  • Regulatory compliance: With RedOwl, BT customers will have a holistic view of their regulated employees and will be able to incorporate sophisticated analytics to accurately identify insider trading, market manipulation, wall crossing, improper disclosure and flight risk to help detect and prevent potential regulatory violations. 

“Our customers are seeking to extend their information security and regulatory surveillance capabilities,” said Luke Beeson, BT’s vice president security, UK and global banking and financial markets. “RedOwl provides the insight and context that information security and compliance officers need to better identify unwanted behavior. We’re delighted that our customers can now benefit from this advanced analytics solution.”

RedOwl protects enterprises’ internal attack surfaces with better people oversight. Only RedOwl identifies the precursor activities leading to unwanted behaviour, including insider trading, sabotage, data theft, or flight risk by combining content analysis with behavioral analytics, based on their communications content and context, physical activity, digital activity, and transactions.

The RedOwl platform builds an in-depth narrative that identifies and distinguishes among malicious, compromised and negligent employees. By using RedOwl, risk management professionals reduce time to detection, time of investigation, and can evolve from a purely reactive risk management posture to a proactive one by looking for precursors of unwanted behavior. Ultimately, with RedOwl, security and compliance teams leverage technology to positively impact the corporate culture.

“RedOwl is delighted to join forces with BT, one of the world’s leading providers of technology to the financial services industry, to help organizations use analytics to accelerate security and compliance initiatives,” said Guy Filippelli, RedOwl CEO. “Our analytics platform helps financial service customers transform their compliance practices into a proactive and comprehensive discipline. In Information security, RedOwl is the system of record for insider threat programs to help identify and mitigate unwanted employee behavior.”

Together, BT and RedOwl will provide tremendous value to their customers’ compliance and information security ecosystem. The joint solution will be available immediately. BT customers have the freedom to consume the service on premise, in a private cloud or reap the benefits of BT’s Cloud of Clouds portfolio strategy.

  ‘Cloud of clouds’ is BT’s cloud services integration capability, giving customers a practical route into cloud computing that meets their needs for choice and flexibility, total security and someone who knows how to make it work together. More information here: www.bt.com/point-of-view.

About BT

BT’s purpose is to use the power of communications to make a better world. It is one of the world’s leading providers of communications services and solutions, serving customers in 180 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed-mobile products and services. BT consists of six customer-facing lines of business: Consumer, EE, Business and Public Sector, Global Services, Wholesale and Ventures, and Openreach.

For the year ended 31 March 2016, BT Group’s reported revenue was £19,042m with reported profit before taxation of £3,029m.

British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York.

About RedOwl

The RedOwl insider risk management platform mitigates the threat of insiders for information security and regulatory surveillance teams. Our behavioral analytics platform integrates structured and unstructured data sources — unlike traditional tools — to provide holistic visibility of human risk across the enterprise. With offices in Baltimore, NYC, SF, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital.

Article found here: www.marketwired.com

Read More

Security and Privacy is Sometimes Suspect, but Growth of the Cloud Marches On

  |   Allegis News, The Latest

 

 

By Robert R. Ackerman Jr. | January 12, 2017

 

 

We increasingly hear that the most-discussed computing paradigm, cloud computing – especially the public cloud — is resuming its sharp rate of growth after a lull and poised to accelerate further. This is refreshing news in a world ever-more obsessed with security, underscoring that cloud purveyors are making progress in getting security right.

 

The attractions of cloud computing are obvious to those immersed in the enterprise computing arena. CIOs note that the cloud allows them to shift costs from capital budgets to operating budgets. Often, they can purchase only the resources they actually need. Cloud computing eases the process of adding or subtracting computing power on demand. And it better accommodates a mobile workforce and cutting-edge technology, such as user interface design.

But cloud computing must take additional steps to maximize privacy and security.

The belief is widespread that storing personal data, in particular, in the cloud might undermine its privacy. After all, companies that embrace the cloud lose direct control of their technology, abolishing a traditional security priority. This begs a question. Given the increasing perception of misuse of people’s digital information, is the price of cloud adoption – and the concomitant loss of proprietary security and privacy control — ultimately too high?

Happily, the answer is no. In some ways, the security offered by leading cloud vendors is superior to security at the typical corporate level. Still, cloud purveyors know they must do better still. One key step toward this end is the aggressive development of so-called homomorphic encryption, which some computer security experts have described as “the holy grail” of computer security. Customers must be vigilant, however, and invest the time to properly mitigate all security and privacy risks before and throughout cloud adoption. This is imperative not only to maximize security but to make CIOs and CISOs comfortable as they transition applications and data to the cloud.

Even though the cloud has been part of the IT arena for about 15 years, there are still lots of questions about how it works and how secure it really is. So corporate IT executives must make a point of garnering the information they need about physical security, the handling of security incidents, logs of security attacks, compliance, and backup and recovery, among other things.

How secure is the cloud? Potentially sensitive data is at risk from insider attacks, but competent cloud vendors are in a position to close that hole. And despite the explosion of high-profile cyber attacks costing major companies billions of dollars and loss of customer loyalty, a number of them didn’t directly penetrate the cloud or the data center. Rather, they compromised end points, such as end user laptops, payment terminals and myriad Internet of Things (IoT) devices. An improperly used device or inadequate protection is all it takes to open the door to a hacker.

Meanwhile, in the productivity-obsessed business world, companies continue to spend aggressively to move into cloud computing. According to Gartner, the growth rate of corporate spending on the cloud began rebounding last year – up 16 percent to more  than $200 billion globally —  after slowing in 2015 and has moved beyond application testing to cloud-based applications and platforms.

Another report by McKinsey & Co. projects that the biggest gains in cloud computing going forward will come from historically change-resistant large enterprises. Based on a survey of 800 CIOs and IT executives worldwide, 77 percent of companies in 2015 used traditional IT infrastructure as the chief environment for at least one workload. In 2018, that will drop to 43 percent, the survey says. Concurrently, companies using the public cloud will grow from 25 percent in 2015 to 37 percent in 2018.

Separately, the major cloud purveyors – Amazon Web Services, Google and Microsoft — have all been opening multiple data centers in Europe, not only to expand their market but also to satisfy security and privacy-oriented European companies that want to store information closer to home.

In another key cloud computing front – innovation – Amazon has just rolled out a new service to help protect customers against denial-of-service attacks. Far more significantly, major technology companies such as IBM and Microsoft and startups such as Fulton, Md., based Enveil are also working hard on the development of homomorphic encryption to push cloud computing privacy and security to a higher level. When enterprises need to process encrypted data today, it must first be decrypted, a major security vulnerability. Homomorphic encryption would allow data to remain encrypted while being processed, plugging this security hole.

None of this should suggest that cloud computing customers can be complacent. In weighing the transition to cloud computing, they must have a clear understanding of potential security risks and set realistic expectations with their cloud provider. Failure to ensure appropriate security and privacy protection when using cloud services can lead to higher costs and the potential loss of business, eliminating any benefits.

Potential risks that must be addressed by customers in the cloud transition process include:

  • Making sure that none of the components of security fall through the cracks. Responsibility over aspects of security may be split between the cloud provider and the customer. Failure to allocate responsibility clearly could create security holes.
  • Making sure that your cloud service provider conducts thorough background checks on employees with physical access to data center servers. Also affirm that data centers are frequently monitored for suspicious activity.
  • Making sure your cloud provider appropriately protects the privacy of data subject to the legal requirements of regulation, such as The Health Insurance Portability and Accountability Act (HIPAA).
  • Making sure the identity of users is established with certainty. Remember that cloud resources are accessed from anywhere on the Internet. Strong authentication and authorization are critical.
  • Making sure that the cloud provider has appropriate certifications in place. Customer efforts to achieve certification may be futile if the cloud provider cannot provide evidence of its own compliance with requirements. There can also be problems if the cloud provider doesn’t permit audits by the cloud customer.
  • Making sure security breaches are handled professionally. The detection, reporting and management of security breaches may be delegated to the cloud provider, but these incidents impact the customer. Negotiate notification rules so that you are promptly and fully informed of problems.
  • Lastly, bear in mind you are tied tightly to any particular cloud provider, for better or worse. Applications and data across providers is not easily portable. Because it is difficult to switch to another provider, do everything possible to choose the right one in the first place.

It is obvious that the cloud, coupled with mobile computing, means that the IT landscape reaches far beyond an organization’s premises. This creates new security holes, and the explosive growth of IoT devices further compounds the challenge each and every day. The good news is that these challenges are hardly insurmountable. Strict attention to key details is a cornerstone of cloud computing security.

 

 

Robert Ackerman Jr.    by Robert Ackerman Jr. | Founder and Managing Director, Allegis Capital

 

Article found here: www.rsaconference.com

Read More

Signifyd Signs On Chendong Zou, Previously at IBM and Rocket Fuel, as VP of Engineering to Amplify Machine Learning and Eliminate Fraud for E-Commerce Merchants

  |   Portfolio News, The Latest

 

SAN JOSE, Calif.–Signifyd, the fastest-growing provider of guaranteed fraud protection for e-commerce businesses, announced today the hiring of Chendong Zou, as its new Vice President of Engineering. This strategic addition comes just months after a $19 million round of Signifyd funding led by Amex Ventures, Menlo Ventures and TriplePoint Capital last September. For almost twenty years, Zou has used Artificial Intelligence, machine learning and big data science to empower businesses through automation and predictability. In his new role, Zou’s aim will be to further advance Signifyd’s machine learning technology which eliminates fraud losses for ecommerce merchants and is backed by a 100% financial guarantee. Zou earned his PhD in Computer Science from Northeastern University.

“His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Prior to joining Signifyd, Zou served as the VP of Engineering at Rocket Fuel, a programmatic marketing company that uses AI and big data to precisely predict behaviors for each customer as their priorities and motivations change from moment to moment. Zou helped scale the team at Rocket Fuel through the company’s impressive IPO in 2013. In the early 2000s, Zou served as a Senior Technical Engineer for CrossWorlds Software, Inc that enabled businesses to integrate enterprise processes for their specific industry. After CrossWorlds was acquired by IBM for $129 million, Zou continued working on the architecture for WebSphere BPM for many years.

“I’m ecstatic to make the transition from adtech to the fraud prevention space and believe my experiences at Rocket Fuel and IBM will provide a fresh perspective on how disparate data from dynamic sources can be scaled in real-time to meet the needs of a rapidly growing customer base,” said Zou. “I look forward to scaling Signifyd’s engineering team and its infrastructure, as well as keeping Signifyd’s real-time machine learning ahead of fraudsters and any existing solution in the market.”

Signifyd’s confidence in its Engineering team and its real-time machine learning is demonstrated by its 100% financial guarantee against fraud for its customers. Far from the outdated score-reporting methods used by traditional fraud prevention companies, Signifyd provides an instant “Approve” or “Decline” decision for every order it evaluates. Signifyd serves over 5,000 ecommerce merchants, including Fortune 1000 retailers like Jet.com, Lacoste, and Peet’s Coffee & Tea.

“We are incredibly fortunate to have Chendong lead Signifyd’s mission to eliminate fraud losses for ecommerce merchants,” said Raj Ramanand CEO and co-founder of Signifyd. “His years of experience managing real-time machine learning and strategic integrations with market leaders will help scale our platform to meet the growing demands of our customers and partners.”

Signifyd is integrated with larger fraud prevention solutions, such as Accertify, to provide enterprise customers with flexible protection options from within their existing platform. Signifyd is also integrated with leading ecommerce platform Magento and ThreatMetrix® The Digital Identity Company™.

About Signifyd

Signifyd was founded on the belief that e-commerce businesses should be able to grow without fear of fraud. Signifyd solves the challenges that growing e-commerce businesses persistently face: billions of dollars lost in chargebacks, customer dissatisfaction from mistaken declines, and operational costs due to tedious, manual transaction investigation. Signifyd Guaranteed Payments protect online retailers against fraud and chargebacks with a 100% financial guarantee against fraud for every approved order. Signifyd’s full-service machine-learning engine automates fraud prevention allowing businesses to increase sales and open new markets while reducing risk. Signifyd is in use by multiple companies on the Fortune 1000 and Internet Retailer Top 500 list. Signifyd was recognized as one of the 50 most innovative Fintech companies of 2016 by Forbes and is headquartered in San Jose, CA. For more information, please visit www.signifyd.com.

Contacts

VSC for Signifyd
Kayla Abbassi
Senior Account Executive
kayla@vscpr.com

Article found here: www.businesswire.com

Read More

Security VCs Predict Rise In Managed Security Services In 2017

  |   Allegis News, The Latest

 

CRN | By Sarah Kuranda | January 3, 2017, 9:27 am EST

 

Security industry venture capitalists said the role of managed security service providers (MSSPs) will become more important as enterprise customers deal with a new host of security concerns.

“I see a continued significant expansion in the market for managed security services,” said Bob Ackerman, founder and managing director at Allegis Capital, a cybersecurity-dedicated venture capital firm that focuses on early-stage investments.

Driving that growth is an accelerating threat landscape, Ackerman said, which only a “small percentage” of businesses have the technical resources to handle, pushing them to turn to MSSPs.

Alberto Yepez, co-founder and managing director of Trident Cybersecurity, a fund of prominent VC firm Trident Capital that focuses on cybersecurity investments, said he sees the same trend. He said customers are recognizing that they need help and are becoming more and more willing to outsource their security, automation, and remote management to third-party companies, like MSSPs.

“This is a tremendous opportunity for the [managed security services] community,” Yepez said. “We’re seeing more and more companies that go after people that can help them deliver the solution-as-a-service. They will want the technology providers, but they want to make sure their resellers have the capability to offer their product-as-a-service and as a managed security service.”

Market confusion is also at play, Menlo Ventures Managing Director Venky Ganesan, said, as customers are inundated every day by new security solutions solving each aspect of the security problem. Customers are looking for “people with deep domain expertise” to help them navigate that landscape, he said.

The numbers show that trend is already starting to play out, with research firm MarketsandMarkets predicting the market for managed security services to grow to $35.5 billion by 2020, up from around $17.8 billion in 2015. For scale, MarketsandMarkets also predicts that the security industry overall, including all parts, will be $202.4 billion by 2021, up from $112.5 billion in 2016.

VCs expect to see a lot of growth and investment around the automation, orchestration and integration of managed security services. Those capabilities become more important as the number of vendors vying for a piece of a company’s security budget grows, and customers must implement new solutions in a way that can be managed, Allegis Capital’s Ackerman said.

“You will see more and more customers looking for more integrated solutions so they don’t have to parse all the bits and pieces and decide which they want and take responsibility for integrating them. They want fewer vendor offerings and more integrated solutions,” Ackerman said.

As managed security services grow in prominence, that market itself will begin to change, Trident Cybersecurity’s Yepez said. He said he expects to see a lot of acquisition in the MSSP space, both with other companies buying their way into managed security services and consolidation to create scale.

“It’s a great market. One thing I’ve learned is that security innovation doesn’t happen in the lab – security innovation comes from the new problems that customers are trying to solve … All these new technology platforms create new attack surfaces that need to be secured and then you need to integrate and automate them,” Yepez said. “I think managed security services will be a good market that will continue to evolve in the years to come.”

Article found here: www.crn.com

 

 

Read More

Trump Administration Needs To Set U.S. Cybersecurity Mandates

  |   Allegis News, The Latest

 

 

XCONOMY | By Robert R. Ackerman Jr. | January 4th, 2017

 

Robert R. Ackerman

Cybersecurity is the penultimate existential risk to the United States—economically, militarily, socially, and as we have seen recently, politically. The nature of cyber is asymmetric, and given the size of the U.S. economy, our reliance on intellectual property, and the leadership role the U.S. plays in the Community of Nations, we have a lot more to lose than we have to gain in the digital wars of cyberspace. We are target #1 for all comers.

While political rhetoric has been heating up around cybersecurity, for too long, there has been a lot more talk than concrete and substantive action from a public policy perspective.

The incoming administration needs to envision and enact a concerted initiative to ensure America is “cyber secure.” A well-rounded initiative would integrate:

1) Public policy requiring a flexible framework ensuring corporate responsibility, accountability and liability for their cybersecurity;

2) A national initiative, combining expertise and financial resources, to harden critical infrastructure with national economic and security implications—a national Cyber Works program;

3) Concerted support of cyber education at the high school and higher education levels to ensure a trained pool of talent to support our cybersecurity needs and efforts; and

4) A demonstrated ability to identify and respond to any and all cyber attacks targeting U.S. national interests. In essence, we need to create the cyber equivalent of a “Manhattan Project” to secure our welfare, safety, culture, and values in the uncontrolled and unmanaged domain of cyber space.

The key is that the Trump administration should set these requirements for accountability, and then let industry decide how to satisfy them. Government regulations tend to be broadly applied and inflexible—a problem in cyber, where flexibility is essential and there is no such thing as “one-size-fits-all.” So it’s best to give industry the freedom to figure out how to meet these government mandates.

Robert R. Ackerman, Jr. is the founder and managing director of Allegis Capital, a Palo Alto, CA-based early stage venture capital firm that specializes in cybersecurity.

Article found here: xconomy.com

Read More