Allegis and Accel partner for Callsign’s $35M Series A to Support Global Expansion

  |   Allegis News, Portfolio News, Series A, The Latest
  • Investment used to roll-out Callsign’s authentication platform to enterprises, financial institutions and consumer-facing digital services and to ramp-up hiring

 

  • Seasoned cybersecurity executive and Allegis Venture Partner David DeWalt joins the board as Vice Chairman along with Bob Ackerman Founder of Allegis Capital

 

San Francisco/London, July 27th, 2017: Callsign, the leading artificial intelligence-based authentication platform, has raised a $35 million Series A investment led by premier, early stage cyber security investor Allegis Capital and global venture capital firm Accel. Early-stage investor PTB Ventures and cybersecurity industry veteran David DeWalt’s NightDragon Security also participated in the round.

 

With the proliferation of data breaches, advanced threats resulting in stolen user credentials, there is increasing pressure on companies of all sizes around the world to implement better authentication practices. In 2015 alone, cybercrime cost businesses $500 billion, and this is estimated to rise four times to $2 trillion in 2019[1]. At the same time, companies want to minimize the friction that universal two-factor authentication introduces to the user experience.

 

In response, Callsign developed a deep learning-based authentication platform called Intelligence Driven Authentication™ (IDA). It enables enterprises to select the most secure and least invasive authentication journey for each user in real-time, based on his or her risk profile and tendencies – in other words, it adapts the type of authentication to the situation virtually eliminating advanced threats such as spear phishing. The result is an experience that optimises for both security and usability – a win-win for the enterprise and the end user.

 

Callsign’s IDA platform uniquely derives the complete intelligence picture around authentication and authorisation events, giving enterprises the ability to set adaptive policies that pinpoint suspicious usage. While Callsign can be can be deployed with out-of-the box mobile authenticators, it is a very open and flexible platform to which enterprises can easily plug-in existing authenticators or data sources. Callsign has also integrated with several Identity and Access Management providers, like ForgeRock, to provide a truly end-to-end solution.

 

Callsign was founded in 2012. Its clients are enterprises, financial institutions and consumer-facing digital services and include some of the world’s largest banks, such as Lloyds Bank and Deutsche Bank. It’s being deployed to hundreds of thousands of users globally.

 

Zia Hayat, Founder & CEO of Callsign, said: “Several years ago, I realized that the way we identify ourselves online was very broken. I knew we needed to make existing solutions like multi-factor authentication and fraud analytics better by bringing them together. Our IDA platform has had an incredible reception from financial institutions, governments and other large enterprises, and this investment will allow us to grow the business and meet some of the strong demand we’re seeing.”

 

DeWalt, a Venture Partner with Allegis Capital and formerly President and CEO of McAfee and CEO and Executive Chairman of FireEye, will join the board of directors as Vice Chairman. DeWalt brings more than 25 years of experience in the cybersecurity sector, and is widely recognized as one of the industry’s most successful executives. He currently holds a number of board positions at leading cybersecurity companies, including Vice Chairman of ForgeRock and Vice Chairman of ForeScout Technologies, among others.

 

DeWalt said: “Zia and his exceptional product and engineering team have built the foundations of a very solid business. They are pioneering a new approach to authentication with a powerful product that is quickly attracting some of the world’s leading businesses as customers. As the company rolls out its solution, it’s an exciting time to be joining the board.”

 

The new investment will help accelerate the growth of the company. Callsign will be expanding globally from its headquarters in London, with a particular focus on the US and Far East, and is planning to open offices in both the Bay Area and New York City in the next few months. Callsign will be building out its engineering and commercial teams as well, including sales, marketing and business development roles.

 

Bob Ackerman, Allegis founder and Managing Director will also be joining the Board.  Ackerman said, “authentication of identities has become a core pillar in enterprise cyber security. Callsign’s IDA represents a breakthrough in meeting levels of identify assurance that are essential to enterprise operations without compromising the effectiveness and efficiency of digital business platforms. Callsign is leading the industry in delivering identify assurance without compromise,” Ackerman added.

 

Harry Nelis of Accel and Dave Fields from PTB Ventures are also joining the Callsign board of directors.

 

About Callsign Inc.

Callsign is the leading artificial intelligence-based authentication platform for enterprises, financial institutions and consumer-facing digital services. Its unique Intelligence Driven Authentication™ (IDA) solution enables more informed and truly adaptive access control decisions, putting enterprises and their users back in control. This creates frictionless access for users, whilst reducing false rejection rates and increasing security as well as operational agility.

 

Callsign serves Tier 1 banking clients, government bodies and enterprises throughout Europe and the US. Their IDA technology puts enterprises and users back in complete control. For additional information please visit callsign.com

 

About Allegis Capital

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Callsign, current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in cyber Start-Up Studio, DataTribe, based in Columbia, Maryland. Allegis Capital is based in San Francisco Ca.

 

 

About Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Atlassian, BlaBlaCar, Cloudera, Crowdstrike, Deliveroo, DJI, Dropbox, Etsy, Facebook, Flipkart, Forescout, ForgeRock, Funding Circle, Kayak, QlikTech, Slack, Spotify, Supercell and WorldRemit are among the companies the firm has backed over the past 30 years. The firm seeks to understand entrepreneurs as individuals, appreciate their originality and play to their strengths. Because greatness doesn’t have a stereotype. For more, visit www.accel.com, www.facebook.com/accel or www.twitter.com/accel.

 

About PTB

PTB Ventures is a thesis-driven venture capital firm investing in early-stage companies in the emerging digital identity ecosystem. Digital identity is the cornerstone of a transformation that will see trillions of networked devices connected to billions of humans. This transformation will create unprecedented economic expansion and a new level of security and access to billions of people. PTB is headquartered in New York City.

 

 

[1] https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

Read More

Why the Hub of U.S. Cybersecurity – the D.C. Beltway – Produces So Few Commercial Cyber Startups

  |   Allegis News, The Latest

 

 

 

 

By Robert R. Ackerman Jr. and Mike Janke

 

FULTON, Md. — The Washington D.C. Beltway is a beehive of cybersecurity activity. In Maryland alone, Fort Meade houses the U.S. Cyber Command, the National Security Agency and the Defense Information Systems Agency.

 

Fort Meade’s approximately 60,000 employees – more than double the number of workers at The Pentagon – and other bastions of local cyber activity, such as the CIA, reflects the federal government’s huge cybersecurity presence here. It also mirrors decades of collaboration between government labs and the University of Maryland and other local universities in the business of training cyber engineers.

It should be no surprise, then, that the population of cyber engineers and analysts throughout the Washington Beltway is 3 ½ times as big as the rest of the U.S. combined.

What is uncanny, however, is the inability of the region to produce a respectable supply of product-oriented cybersecurity startups. Don’t get us wrong. There are plenty of cyber startups in these parts, but they are myopically wedded to the local economy. Fundamentally, they look askance at the cybersecurity world in general. This means significant economic potential lies fallow.

According to a recent study by American University’s Kogod School of Business and Amplifier Advisors, there are a hefty 858 cybersecurity-related firms in metropolitan Washington. But a mere 5.7% of these companies, or 48, actually offer products in the marketplace. Instead, the vast majority are services companies focused on offering services and related expertise to government customers – in many cases, in fact, the same customers that helped them develop their cyber expertise.

This conundrum boils down to this. While the alumni of tech giants such as Google and Facebook leverage their know-how and move on to build high-growth global product-oriented companies, the alumni of world-class institutions, such as the NSA and CIA, move on merely to launch local, slow-growth services businesses.

This local services orientation has two unfortunate by-products: 1) It severely limits access to commercial sectors, and 2) it precludes the growth of a robust and sustainable community of cyber innovation – a highly focused, mini Silicon Valley, if you will. Such a community requires a product orientation.

The disconnect between the enormous expertise in The Beltway and the almost single-minded focus on the services sector is reflected in the amount of venture capital funding in the metropolitan Washington area.

According to an analysis of Q2 2017 venture capital investment activity by the PwC- CB Insights

Money Tree Report, metropolitan Washington garnered 40 venture deals valued at a total of $370 million. By contrast, Silicon Valley and San Francisco garnered 342 deals valued at more than $7.7 billion.

Moreover, the pace of funding in San Francisco and Silicon Valley is rising while it is falling in metropolitan Washington. The funding level in San Francisco was the highest since 4Q 2016 and in Silicon Valley the highest in two years. The VC funding level in metropolitan Washington, meanwhile, plummeted to a two-year low.

What is happening is stunningly clear. Venture capitalists – the financiers of technical innovation – are focused on product companies. These reside overwhelmingly in Silicon Valley and environs. If a cyber entrepreneur is running a services company, he is basically off VC radar.

The Beltway cyber community has its stars, such as the cybersecurity hubs of defense giants Boeing and General Dynamics and a few heralded startups. But it’s not nearly enough. Elite cyber alumni of the U.S. intelligence community default to building service companies because that is what they know — and what exists — in the Washington area.

Then, too, the local entrepreneurial path from public servant to services contractor is well-known and understood.  The D.C. area is optimized to facilitate this pathway in terms of government contracting mechanisms, business financing opportunities, legal support, and technical recruiting efforts.

Getting too comfortable, however, is just plain unwise. The Beltway needs to step up to the plate, broaden its ambitions and truly embrace the deep reservoir of cyber engineering expertise in the D.C. area – a magnet of untapped wealth.

Early to rise to the challenge, Mike and I and others have formed Fulton-based DataTribe, a holding company that partners with D.C.-area entrepreneurial engineers with deep cyber expertise. Yes, they lack the commercial DNA essential to commercialize market growth. This is where DataTribe enters the picture.  It is a startup “studio” currently housing three cyber startups and filling the commercial expertise hole by bringing to the party Silicon Valley expertise, human capital, customer relationships and investment capital. DataTribe and its entrepreneurs form partnerships with engineering entrepreneurs to co-found startup companies.

DataTribe selects and intensely coaches seed-stage startups and provides seed financing of up to $1.5 million. It will kick in additional funding for each company as a member of their Series A investment syndicate. Two DataTribe-based startups – Dragos and Enveil – are already poised to attract formal venture capital in coming months. Dragos is an industrial control systems security firm. Enveil is developing a next-generation version of homographic encryption, which allows enterprises to process data while it remains encrypted, substantially improving security.

DataTribe represents a good start in getting Washington area-based startups on the map, but it is just that – a start. Much more remains to be done. It is product companies, not services companies, that move the economic needle. And if more Beltway cyber entrepreneurs “productize” cybersecurity technology, Americans ultimately will benefit. Beltway cyber technologists simply need to be catalyzed into action.

Robert Ackerman Jr. is a co- founder of DataTribe and founder of Allegis Capital, an early-stage Silicon-based cybersecurity venture capital firm.

Mike janke is also a co-founder of DataTribe and the founder and current chairman of silent circle as well as the co-founder of Blackphone and Blue Pacific Studios, along with Shopify co-founder Daniel Weinand.

 

 

 

Read More

Amid Comey Furor, Companies React to Trump’s Cybersecurity Order

  |   Allegis News, The Latest

 

 

 

Xconomy | By Bernadette Tansey | May 12, 2017

 

On a day dominated by news about President Trump’s firing of FBI director James Comey, and its impact on the ongoing investigation of Russian hacking of the 2016 presidential election, two significant developments for the cybersecurity industry also emerged Thursday.

First, President Trump signed an executive order laying out plans to shore up data security for federal agencies as well as for critical U.S. infrastructure, which can include private companies such as electric utilities. The order, which calls on executive branch agencies to assess and remedy their security vulnerabilities, could open up opportunities for cybersecurity companies.

Second, at a Senate Intelligence Committee hearing primarily focused on the Comey firing, senators and U.S. intelligence chiefs discussed whether American agencies should avoid doing business with Kaspersky Lab, a major U.S. seller of antivirus protection, because the company is based in Russia.

The public hearing surfaced a controversial question: Should customers looking for cybersecurity services first consider the national origin of security providers, and even the ex-U.S. ties of their founders and executive team members?

Xconomy sounded out Bay Area cybersecurity experts on these two fronts.

 

Executive order on cybersecurity

Veteran cybersecurity investor Bob Ackerman applauded President Trump’s executive order for calling on U.S. agencies and departments to take responsibility for their own security, and to cooperate to conform with common technology standards.

“It’s a good starting point as a baseline,” Ackerman says.

Steven Grossman, vice president of strategy at cybersecurity company Bay Dynamics, praised the executive order for building on an initiative launched by President Obama in 2014 and making some valuable additions. He pointed to a section calling for efforts to build up the nation’s workforce to address a shortage of experts trained in cybersecurity.

The executive order sets a 90-day deadline for the leaders of each executive branch agency to submit a risk management report detailing their security measures and any unmitigated risks. The document also calls for a study on the feasibility of operating all or some of the agencies under consolidated network architectures, with shared services such as e-mail, Web-based software, and cybersecurity.

“The executive branch has for too long accepted antiquated and difficult–to-defend IT,” the report states.

Grossman says cybersecurity companies stand to gain government contracts to help assess the current risks and then help fill in the security gaps.

“It’s a huge amount of opportunity,” Grossman says.

Oren Falkowitz, co-founder and CEO of cybersecurity company Area 1 Security, says simplifying the security infrastructure and creating common standards are good steps.

“Complexity in networks is one of the things attackers take advantage of,” Falkowitz says. He emphasizes the urgency of security improvements, not only for government agencies but also for companies and organizations.

“The trend in cybersecurity is not good,” Falkowitz says. “Intellectual property is being stolen, elections are being hacked, and financial damage is being done.”

Falkowitz says he expects the administration’s plan will be followed by further executive orders and perhaps Congressional action to add elements to the federal security framework.

Ackerman, founder and managing director at Allegis Capital, already has some ideas to suggest. He proposes that the government create an “IT department” that would serve all government agencies, so that each wouldn’t have to develop its own cybersecurity methods. He also advocates for a mechanism whereby cybersecurity experts in U.S. intelligence agencies could share some of their knowledge with U.S. industries. That government expertise could also be an element of a “cybersecurity infrastructure bank,” proposed by Ackerman. The bank would make loans of government funds to small water plants, utilities, and other key entities to help them quickly upgrade their defenses against attack.

The bank could focus on institutions that lack the expertise and capital available to better-funded and more sophisticated parts of the critical infrastructure, such as stock exchanges, Ackerman says.

“You’re only as strong as your weakest link,” he says.

The government also should make it easier for innovative security startups to compete for government work, which is currently a slow and “resource-intensive” process that few startups can afford, Ackerman says.

 

The question of “cyber-nationality”

The conclusion by U.S. intelligence agencies that Russia interfered with the 2016 presidential election— by means such as hacking into e-mail accounts of Democratic campaign officials and spreading fake news—has now forced the Russian cybersecurity company Kaspersky Lab into the public spotlight.

The company’s national origins became a focus Thursday for the Senate Intelligence Committee, which is investigating Russia’s role in the U.S. election and the possibility that the Trump campaign colluded with Russian operatives to gain an advantage over Trump’s Democratic opponent, Hillary Clinton.

Senators at the committee hearing voiced concerns that the Russian government might use Kaspersky’s software to infiltrate U.S. agency computers or damage broader American information networks. The intelligence chiefs said they were monitoring Kaspersky. When Sen. Marco Rubio (R-Florida) asked leaders of the agencies whether they would be comfortable using Kaspersky software, the heads of the FBI, CIA, NSA, and three other intelligence agencies all said no.

Ackerman says the underlying concerns are not limited to Kaspersky, or even to cybersecurity companies. “In this globalized economy, everyone is in favor of open trade,” he says. But the inspections and commerce system isn’t prepared to deal with the speed and diversity of goods moving among countries. Customers need to develop criteria to decide whom to trust, whether they’re buying food, microprocessors, or cybersecurity services, he says.

“You do have to look at the nation, or nations, of origin,” Ackerman says.

While Ackerman isn’t saying that Kaspersky has done anything wrong, he says it might be a pragmatic decision to choose another cybersecurity provider.

“There’s clear, irrefutable evidence that Russia is engaging in nefarious activities,” he says. There’s also good evidence that Russia collaborates with the “private cybersecurity firms” in Russia, he says.

“Anything from Russia immediately becomes suspect,” Ackerman says.

In addition to looking at the national origins of companies, people are also scrutinizing the backgrounds of cybersecurity company founders and other executives for links to other nations, Ackerman says. The concerns extend not only to U.S. national security, but also to fears that cybersecurity companies might share sensitive intellectual property with competitors in other countries, he says.

Area 1’s Falkowitz says company risk management departments are always looking into factors such as the supply chains of their vendors and other possible threats to security. But he’s uncomfortable with the idea of ruling out a business partner based on geography alone.

“I think we would take great offense to such assertions by other governments that our cybersecurity or tech companies were agents of our government,” Falkowitz says.

“To create fear around the national origins of companies is a mistake,” Falkowitz says. “There are many amazing companies here in the U.S. that were founded by people of foreign origin—Google, for example.’’

Instead, buyers should examine the merits of a company’s work, such as the standards it uses to ensure quality, Falkowitz says. Certainly, though, if company wrongdoing is uncovered, that should be brought forward, he says.

“I also don’t see anything wrong with buying American,” Falkowitz says. “There are other reasons why that might be the right thing to do—such as that the companies’ work is very good.”

Find Article Here: www.xconomy.com

 

Read More

Allegis Capital Appoints David DeWalt, Former FireEye CEO, As Venture Partner

  |   Allegis News, The Latest

Globe Newswire | May 12, 2017

 

SAN FRANCISCO, May 12, 2017 (GLOBE NEWSWIRE) — David G. DeWalt, the former CEO of publicly held cybersecurity company FireEye, is joining Allegis Capital as a venture partner.  Previously, DeWalt served as the CEO of cybersecurity market leader McAfee and held executive positions at EMC.

DeWalt, 52, becomes the sixth cyber security executive serving as a venture partner at Allegis, a 21-year-old early stage venture firm that focuses solely on investing in cybersecurity startups.

DeWalt is a member or leader of a number of boards of directors including ForgeRock, a San Francisco-based multinational identity and access management software company. He is also vice chairman of ForeScout Technologies, a San Jose cybersecurity firm focused on network-connected devices, and a board member of Five9, a leading San Ramon-based provider of cloud contact center software.  Additionally, DeWalt is a director of Delta Air Lines.

“Allegis Capital is differentiated by the breadth, depth and experience of our operational cyber bench – our Venture Partners. These executives bring tremendous domain expertise and broad networks to our investment team and our portfolio companies,” said Robert R. Ackerman Jr., the founder and managing director of Allegis Capital. “Dave has operated at the top of the cyber security market for many years and is a superlative addition to an already-impressive group of venture partners.  Cyber is a market where you can’t have too much expertise,” Ackerman added.

“Allegis Capital was the very first cyber-focused venture firm and has invested in a number of top-flight cybersecurity startups.  The firm’s reputation for rolling up its collective sleeves to support its portfolio companies is a great fit for my experience and interests,” DeWalt said. “This is an excellent opportunity for me to help the firm grow further and to broaden my participation in the fastest-growing space within information technology.”

The five other cyber venture partners at Allegis Capital are:

  • Nawaf Bitar, chief information officer, Citadel Securities
  • Tom Gillis, founder and CEO, Bracket Computing
  • Joe Levy, chief technology officer, Sophos
  • John Stewart, SVP and chief security and trust officer, Cisco Systems
  • Jeff Williams, former VP, worldwide sales and business development, FireEye

About Allegis Capital

Allegis Capital, founded in 1996 and based in San Francisco, is an early-stage venture firm that invests solely in cybersecurity. Current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in Cyber Start-Up Studio, DataTribe, based in Columbia, Maryland.

Read More

Signifyd raises $56 million for e-commerce fraud protection

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

 

TechCrunch | Katie Roof | May 4th 2017

 

E-commerce fraud is a growing problem, but Signifyd thinks it has a solution to save businesses money.

Their company is growing fast and has closed a $56 million Series C investment led by Bain Capital Ventures. Menlo Ventures and American Express also participated in the round.

Signifyd counts big clients like Jet.com, Peet’s Coffee and Lacoste, where it uses its pattern recognition technology to warn them upfront about potential fraudulent charges. Signifyd is so confident in its assessments that it offers the companies a guarantee, so they don’t have to pay for errors.

The product “protects the merchants so they don’t have to bear the liability,” said co-founder and CEO Rajesh Ramanand. The team has been developing a “machine learning platform that makes these decision in real-time.”

E-commerce brands spend a lot of money paying back credit card companies after processing transactions that are criminal. That’s why 5,000 businesses are now paying for Signifyd’s technology — because its early warning system eliminates these frustrating reimbursement costs, known as “chargebacks.” 

Indy Guha, partner at Bain Capital Ventures said he invested in the company because his research shows that “fraud is growing faster than overall e-commerce growth.” He feels that “Signifyd is a really easy piece of insurance to turn on.”

Investors have been throwing a lot of money at Signifyd. In addition to the latest sizable round, Signifyd raised two rounds last year, totaling $39 million.

Ramanand says they are going to use the money to double their engineering headcount and continue to improve their machine learning platform. They also want to expand internationally, particularly in Europe and Australia.

The company has about 130 employees and is based in San Jose, California.

Read More

The State of Cybersecurity Insurance Today

  |   Allegis News, The Latest

 

 

 

Xconomy | By Robert R. Ackerman Jr. | May 1st, 2017

 

 

Robert R. AckermanCyber incidents are considered the No. 1 emerging risk for enterprises long-term. No surprise, then, that cybersecurity insurance policy premiums are approaching $2.75 billion a year. Some experts believe this figure will grow to roughly $20 billion by 2025.

For scores of insurance companies cashing in on the booming corporate cybersecurity insurance market, it’s a great opportunity. Deductibles are high, lots of things are excluded from coverage, and policies are rife with tight-fisted caps – the maximum amounts a victim of a cyber attack can receive.

This is great for insurers but bad for the multitudes of companies that purchase their insurance – estimated at one in three companies. And there are far more of the latter.

This begs the question of whether cybersecurity insurance – an easy sell amid the backdrop of seemingly endless reports of successful cyber breaches – is worth the money. The market thinks so. But the market isn’t always right, especially when the herd instinct kicks in.

Debate aside, it’s probably fair to say that the current cybersecurity insurance is generally better than no cybersecurity insurance, if for no other reason than most companies seem unable to ward off every potential breach lurking in a cascade of attacks. The problem isn’t entirely the fault of insurers themselves, which are hamstrung by a vexing combination of poor visibility into the cyber risk exposure of the ensured and tight-lipped victims of cyber breaches. When they are struck, they hesitate to spill the beans more than necessary because it isn’t good for business. This means underwriters must struggle with insufficient visibility and actuarial data in developing policies and pricing them properly.

More Transparency Needed

What is the answer? Companies must open up more and insurers must work harder to get the facts they need, not just from the company itself but from all vendors with access to its computer systems – huge contributors to security lapses. What is needed is the development of an evidence-based method to assess and monitor a company’s cyber risk profile. This is the foundation of security ratings, enabling insurers to compare companies empiric data against one another and industry averages.

The vendor piece of the problem may eventually be mitigated, in part, by startups like CyberGRX, a digital clearinghouse for cyber risk and an investment of Allegis Capital’s.

The Genius of Hartford Steam Boiler

The corporate piece of the problem could be solved by a repurposed version of old-school Hartford Steam Boiler (HSB), a division of German reinsurance giant Munich Re and the 151-year-old kingpin of an engineering approach to the equipment breakdown insurance market.

HSB’s 1,200 engineering and inspection services workforce serve millions of locations in North America, carefully checking not only that a company’s gear is properly insured at a fair price but also implementing procedures to minimize the filing of claims.

The Roots of Cyber Insurance

The origins of cyber coverage date back more than 20 years. Back then, it wasn’t uncommon for technology companies to buy errors and omissions (E&O) insurance, which covered claims arising from technological errors while offering services. This was eventually extended to include other things, such as a software product bringing down another company’s network, unauthorized access to a computer system, destruction of data, or a virus impacting customers.

Later, policies were expanded to cover breaches of confidential information, helping companies in the event that customer information was stolen via the Internet. This appealed to retailers and hospitals with considerable consumer data but not in need of E&O insurance. These companies needed a standalone insurance policy covering only data breaches, heralding the specific birth of the cybersecurity insurance policy.

Today’s missing cybersecurity actuarial tables are a huge problem and clearly inflate insurance premiums while narrowing coverage. The tables comprise statistical records, allowing underwriters to assess the probability that a policyholder might file a claim. These are then used to build computerized risk models.

Why Actuarial Tables Matter

Ultimately, actuarial tables enable insurers to meet a twofold goal: (1) Price cybersecurity policies to sell, and (2) make sure claims filed over time are much lower than premiums collected. Insurers today are accomplishing the second priority but not the first. Almost every sizable company should have cyber insurance, not a minority, much like every homeowner needs homeowner insurance.

What underwriters need to have – and do not today – is a good grasp of how companies are being attacked. In addition, how are the best-defended companies repelling attacks? The more underwriters know, the better they can structure policies and set policy premiums. Today, guesses about exposure are rampant.

As illustrated by the colossal attack via a refrigeration contractor on Target Corp. in 2014, one of the hardest places for companies to protect from cyberattacks are the holes often opened by companies closest to them. CyberGRX has designed a software platform and business processes to guide companies in assessing their security risks and those of their partners. Assessments are compiled from member company reports, but also from a host of outside signals, such as news reports and threat reports from security companies.

A Cyber Cure-All Is Not Imminent

A cybersecurity panacea is not in the cards. That would suggest that the insurance itself is almost an afterthought, and that is ridiculous. Cybersecurity insurance, unlike many other kinds of coverage, does not insure against a natural force. It insures instead against very crafty criminal behavior, which is always evolving, purposeful, and even more dangerous.

Then, too, there are some key uncovered items, such as reputational harm and the lost value of intellectual property. The hope is that policies will continue to evolve for the better. If they do, these shortfalls will be only minor irritants, as least in comparison to today.

Robert R. Ackerman, Jr. is the founder and managing director of Allegis Capital, a Palo Alto, CA-based early stage venture capital firm that specializes in cybersecurity.

Read More

Is this the new normal? Bay Area startup fundings hit 6-year low in Q1

  |   Allegis News

 

Silicon Valley Business Journal | Cromwell Schubarth | April 5, 2017

 

Venture industry leaders say their world continued to “normalize” in the first quarter of this year as the gap between the haves and have-nots of the startup world widened.

But the kind of normal reported Wednesday by PitchBook Data and the National Venture Capital Association might not seem like a great thing to a lot of founders.

Funding deals in the Bay Area in the first three months of this year dropped to their lowest level since the end of 2010, PitchBook and the NVCA said.

That is a little more than six years ago, when many of today’s “unicorns” like Uber, Airbnb and Palantir Technologies had yet to raise a round at a private valuation of $1 billion or more. In fact, 15 of the 50 Bay Area venture-backed companies valued at the unicorn level today were founded in 2010 or later.

There were 386 deals done in the Silicon Valley and San Francisco regions between January and March, a drop of 28 percent from a year ago. That’s down by about 31 percent from the number of fundings done in the recent peak quarter of Q1 in 2015.

The $6.7 billion invested, however, remains in the $5 billion to $10 billion range it has hovered around since early in 2014. That’s not counting the outlier second quarter of last year when local companies raised more than $12.3 billion, fueled largely by a mega-funding of Uber.

“It’s harder for things to get funded and the bar is higher than it was a little while ago,” Bob Ackerman of Allegis Capital said in an interview. “In parallel to that there is a flight to quality. Larger checks are going into those companies where there is a proven use case and demonstrated traction.”

Bobby Franklin, CEO of the venture association, said VCs have plenty to invest. After raising a 10-year high of $41 billion in new capital last year, there was another $7.9 billion raised in the first quarter.

“The deceleration of investment activity that we experienced at the end of 2016 continued in the first quarter, signifying that we are in fact returning to a more rational level of investment activity more in line with the annual growth rate of the industry over the last ten years,” Franklin said in the report.

“After seeing large pools of capital raised in recent quarters, venture investors will continue to have dry powder to deploy to the entrepreneurial ecosystem, albeit with a more disciplined approach,” he said. “Combined with a positive outlook for a strengthening IPO environment for venture-backed companies, there is much to be optimistic about in 2017.”

There were 47 exits by IPO or M&A in the Bay Area in the first quarter, led by the $3.7 billion IPO eve acquisition of San Francisco-based AppDynamics by Cisco Systems. That’s down two from the fourth quarter of last year and is the lowest number recorded since the banking crisis years of 2008 and 2009.

The PitchBook report, however, sees promising signs of more exits in the future.

“The lack of available late-stage funding coupled with the initial success of the Snap and MuleSoft IPOs could result in more venture-backed companies following suit,” it said.

MuleSoft was the first Bay Area tech IPO in about six months when it went public last month. Its stock has remained up around 40 percent since. Another San Francisco company, Okta, is expected to make its Wall Street debut on Friday as the region’s second IPO for 2017.

Allegis Capital’s Ackerman agrees that more companies are likely to follow them this year.

“You look at the public markets today and you have to think they are pretty fully valued,” he said. “What tends to happen when you have a more mature public market is investors start looking for growth and that tends to favor the IPO market.”

Find Article Here: www.bizjournals.com

Read More

Cybersecurity startups start to see slump in VC spending

  |   Allegis News, The Latest

 

 

 

Third Certainty | Roger Yu | March 20, 2017

 

Venture capital funding in cybersecurity is cooling. And it’s show-me time for startups battling for the dwindling pool of funds.

While the cybersecurity market is maturing, startups are still innovation drivers and venture capitalists are keen on finding the next big unicorns. Large enterprises’ tendency to juggle products from multiple vendors—despite their wishes for seamless, one-vendor-only solutions—leave the market perpetually fragmented. And the fact that cybersecurity threats are evergreen enables venture capitalists who specialize in the sector to operate with little regard for broader macroeconomic conditions.

Still, the ample opportunities afforded by the fragmented, constantly shifting market have bred too many me-too companies and fast followers, driving some venture capitalists to pause and reflect on the next phase. “It’s definitely overfunded, massively so,” Ravi Viswanathan of New Enterprise Associates told a panel at CB Insights’ Future of Fintech Conference last year.

Bob Ackerman, Allegis Capital founder and managing director

 

“You saw a material pause in the fourth quarter,” says Bob Ackerman, founder and managing director of Allegis Capital, which specializes in the sector. “You have too many undifferentiated companies. There’s a level of noise that develops as a result of that. … Cybersecurity is one of those areas where experience and domain knowledge matter a great deal.”

After growing steadily since 2012, venture capital funding in cybersecurity dipped in 2016, alarming entrepreneurs. The cybersecurity market captured roughly $3.1 billion of venture funding in 2016, down from $3.8 billion a year earlier, according to research firm CB Insights. The cybersecurity market will undergo a few years of retrenchment with a host of companies shutting down, VCs say.

More judicious spending

But the market is hardly mature. Money will still be spent, just more selectively. At this phase, fewer deals will be struck. But those deals will be reserved for larger companies, with proven products further along in development.

“The deal size and valuation is coming down a bit,” says Sean Cunningham, managing director of Trident Capital Cybersecurity, which raised $300 million this month for a fund to invest in cybersecurity startups. “I don’t think there’s any shortage of capital for the right type of companies. But the dollars being invested are smaller.”

Appthority is one of the companies that made Trident’s cut. Appthority, which develops mobile threat protection software for corporations, didn’t land its first paying customer until more than a year after it was founded in 2011.

Four years later, its customer renewal rate stands at 98 percent, with about 20 percent of its revenue coming from the government sector. Heartened by solid proof of growth, venture capitalists poured in another $7 million in Series B funding last July, led by Trident Capital Cybersecurity.

Sean Cunningham. Trident Capital Cybersecurity managing director

 

“You’re going to see a lot of startups out there, and good ones will rise to the top,” Cunningham says. “There’s ample supply of capital to fund them. They can get traction.”

Innovation niches

As seen in the early days of the internet, the cybersecurity market is recalibrating for a second wave of innovative technology that’s more comprehensive and cohesive. And that means more seamless products for large clients who are eager to cut down on the number of vendors.

“Companies that can stand on their own two feet, deliver value, and have deep knowledge will do fine,” Ackerman says, citing one of the companies he’s invested in, EnVeil, which uses “homomorphic encryption” to secure data in operation.

As more companies employ automation and “big data” to enhance efficiency and find new markets, data encryption products will continue to be in heavy demand.

The emergence of the industrial internet—the integration of complex machines to network sensors and software—also will breed startups eager to provide cybersecurity solutions to power and water grids, refineries and pipelines.

In May, Trident helped raise $6.6 million in Series A funding for Bayshore Networks, which develops cloud-based software that offers “visibility” into operational technology infrastructure, networks, machines and workers.

Meanwhile, the proliferation of enterprise mobile devices will continue to see vulnerabilities and pose a ripe market for startups like Appthority, Cunningham says.

Early investors haven’t gone away

That VC dollars are chasing more evolved companies doesn’t mean early-stage investing is passé, Ackerman says. “That’s where the new things get started.”

But cybersecurity, unlike more consumer-oriented technology sectors, is a competitive and difficult market, rife with startups struggling to recruit and market products.

That’s partly why Allegis funded DataTribe, a startup studio based in Fulton, Maryland. It was designed to tap into the wealth of cybersecurity-savvy technologists in the region with experience or ties to the federal government and intelligence agencies.

Ackerman also anticipates more mergers and acquisitions activity from large cybersecurity companies that may find it easier to acquire smaller niche players as they seek to add new product lines.

As venture capitalists squeeze their wallets, startups lucky enough to land Series A funding also will have to justify more vigorously their pursuit of Series B funding, Cunningham says. “And unicorns are in trouble,” he says, referring to startups valued at over $1 billion.

The Trump factor

Meanwhile, venture capitalists are hopeful that the federal government, with President Trump at the helm and promising a rollback in regulations, will cut steps in federal procurement and stay engaged in securing networks.

“We think the administration understands the value of national cybersecurity,” Cunningham says. “We’re not counting on incremental increases in spending. But we’re excited about the awareness level.”

Article found here: Thirdcertainty.com

Read More

Security and Privacy is Sometimes Suspect, but Growth of the Cloud Marches On

  |   Allegis News, The Latest

 

 

By Robert R. Ackerman Jr. | January 12, 2017

 

 

We increasingly hear that the most-discussed computing paradigm, cloud computing – especially the public cloud — is resuming its sharp rate of growth after a lull and poised to accelerate further. This is refreshing news in a world ever-more obsessed with security, underscoring that cloud purveyors are making progress in getting security right.

 

The attractions of cloud computing are obvious to those immersed in the enterprise computing arena. CIOs note that the cloud allows them to shift costs from capital budgets to operating budgets. Often, they can purchase only the resources they actually need. Cloud computing eases the process of adding or subtracting computing power on demand. And it better accommodates a mobile workforce and cutting-edge technology, such as user interface design.

But cloud computing must take additional steps to maximize privacy and security.

The belief is widespread that storing personal data, in particular, in the cloud might undermine its privacy. After all, companies that embrace the cloud lose direct control of their technology, abolishing a traditional security priority. This begs a question. Given the increasing perception of misuse of people’s digital information, is the price of cloud adoption – and the concomitant loss of proprietary security and privacy control — ultimately too high?

Happily, the answer is no. In some ways, the security offered by leading cloud vendors is superior to security at the typical corporate level. Still, cloud purveyors know they must do better still. One key step toward this end is the aggressive development of so-called homomorphic encryption, which some computer security experts have described as “the holy grail” of computer security. Customers must be vigilant, however, and invest the time to properly mitigate all security and privacy risks before and throughout cloud adoption. This is imperative not only to maximize security but to make CIOs and CISOs comfortable as they transition applications and data to the cloud.

Even though the cloud has been part of the IT arena for about 15 years, there are still lots of questions about how it works and how secure it really is. So corporate IT executives must make a point of garnering the information they need about physical security, the handling of security incidents, logs of security attacks, compliance, and backup and recovery, among other things.

How secure is the cloud? Potentially sensitive data is at risk from insider attacks, but competent cloud vendors are in a position to close that hole. And despite the explosion of high-profile cyber attacks costing major companies billions of dollars and loss of customer loyalty, a number of them didn’t directly penetrate the cloud or the data center. Rather, they compromised end points, such as end user laptops, payment terminals and myriad Internet of Things (IoT) devices. An improperly used device or inadequate protection is all it takes to open the door to a hacker.

Meanwhile, in the productivity-obsessed business world, companies continue to spend aggressively to move into cloud computing. According to Gartner, the growth rate of corporate spending on the cloud began rebounding last year – up 16 percent to more  than $200 billion globally —  after slowing in 2015 and has moved beyond application testing to cloud-based applications and platforms.

Another report by McKinsey & Co. projects that the biggest gains in cloud computing going forward will come from historically change-resistant large enterprises. Based on a survey of 800 CIOs and IT executives worldwide, 77 percent of companies in 2015 used traditional IT infrastructure as the chief environment for at least one workload. In 2018, that will drop to 43 percent, the survey says. Concurrently, companies using the public cloud will grow from 25 percent in 2015 to 37 percent in 2018.

Separately, the major cloud purveyors – Amazon Web Services, Google and Microsoft — have all been opening multiple data centers in Europe, not only to expand their market but also to satisfy security and privacy-oriented European companies that want to store information closer to home.

In another key cloud computing front – innovation – Amazon has just rolled out a new service to help protect customers against denial-of-service attacks. Far more significantly, major technology companies such as IBM and Microsoft and startups such as Fulton, Md., based Enveil are also working hard on the development of homomorphic encryption to push cloud computing privacy and security to a higher level. When enterprises need to process encrypted data today, it must first be decrypted, a major security vulnerability. Homomorphic encryption would allow data to remain encrypted while being processed, plugging this security hole.

None of this should suggest that cloud computing customers can be complacent. In weighing the transition to cloud computing, they must have a clear understanding of potential security risks and set realistic expectations with their cloud provider. Failure to ensure appropriate security and privacy protection when using cloud services can lead to higher costs and the potential loss of business, eliminating any benefits.

Potential risks that must be addressed by customers in the cloud transition process include:

  • Making sure that none of the components of security fall through the cracks. Responsibility over aspects of security may be split between the cloud provider and the customer. Failure to allocate responsibility clearly could create security holes.
  • Making sure that your cloud service provider conducts thorough background checks on employees with physical access to data center servers. Also affirm that data centers are frequently monitored for suspicious activity.
  • Making sure your cloud provider appropriately protects the privacy of data subject to the legal requirements of regulation, such as The Health Insurance Portability and Accountability Act (HIPAA).
  • Making sure the identity of users is established with certainty. Remember that cloud resources are accessed from anywhere on the Internet. Strong authentication and authorization are critical.
  • Making sure that the cloud provider has appropriate certifications in place. Customer efforts to achieve certification may be futile if the cloud provider cannot provide evidence of its own compliance with requirements. There can also be problems if the cloud provider doesn’t permit audits by the cloud customer.
  • Making sure security breaches are handled professionally. The detection, reporting and management of security breaches may be delegated to the cloud provider, but these incidents impact the customer. Negotiate notification rules so that you are promptly and fully informed of problems.
  • Lastly, bear in mind you are tied tightly to any particular cloud provider, for better or worse. Applications and data across providers is not easily portable. Because it is difficult to switch to another provider, do everything possible to choose the right one in the first place.

It is obvious that the cloud, coupled with mobile computing, means that the IT landscape reaches far beyond an organization’s premises. This creates new security holes, and the explosive growth of IoT devices further compounds the challenge each and every day. The good news is that these challenges are hardly insurmountable. Strict attention to key details is a cornerstone of cloud computing security.

 

 

Robert Ackerman Jr.    by Robert Ackerman Jr. | Founder and Managing Director, Allegis Capital

 

Article found here: www.rsaconference.com

Read More

Security VCs Predict Rise In Managed Security Services In 2017

  |   Allegis News, The Latest

 

CRN | By Sarah Kuranda | January 3, 2017, 9:27 am EST

 

Security industry venture capitalists said the role of managed security service providers (MSSPs) will become more important as enterprise customers deal with a new host of security concerns.

“I see a continued significant expansion in the market for managed security services,” said Bob Ackerman, founder and managing director at Allegis Capital, a cybersecurity-dedicated venture capital firm that focuses on early-stage investments.

Driving that growth is an accelerating threat landscape, Ackerman said, which only a “small percentage” of businesses have the technical resources to handle, pushing them to turn to MSSPs.

Alberto Yepez, co-founder and managing director of Trident Cybersecurity, a fund of prominent VC firm Trident Capital that focuses on cybersecurity investments, said he sees the same trend. He said customers are recognizing that they need help and are becoming more and more willing to outsource their security, automation, and remote management to third-party companies, like MSSPs.

“This is a tremendous opportunity for the [managed security services] community,” Yepez said. “We’re seeing more and more companies that go after people that can help them deliver the solution-as-a-service. They will want the technology providers, but they want to make sure their resellers have the capability to offer their product-as-a-service and as a managed security service.”

Market confusion is also at play, Menlo Ventures Managing Director Venky Ganesan, said, as customers are inundated every day by new security solutions solving each aspect of the security problem. Customers are looking for “people with deep domain expertise” to help them navigate that landscape, he said.

The numbers show that trend is already starting to play out, with research firm MarketsandMarkets predicting the market for managed security services to grow to $35.5 billion by 2020, up from around $17.8 billion in 2015. For scale, MarketsandMarkets also predicts that the security industry overall, including all parts, will be $202.4 billion by 2021, up from $112.5 billion in 2016.

VCs expect to see a lot of growth and investment around the automation, orchestration and integration of managed security services. Those capabilities become more important as the number of vendors vying for a piece of a company’s security budget grows, and customers must implement new solutions in a way that can be managed, Allegis Capital’s Ackerman said.

“You will see more and more customers looking for more integrated solutions so they don’t have to parse all the bits and pieces and decide which they want and take responsibility for integrating them. They want fewer vendor offerings and more integrated solutions,” Ackerman said.

As managed security services grow in prominence, that market itself will begin to change, Trident Cybersecurity’s Yepez said. He said he expects to see a lot of acquisition in the MSSP space, both with other companies buying their way into managed security services and consolidation to create scale.

“It’s a great market. One thing I’ve learned is that security innovation doesn’t happen in the lab – security innovation comes from the new problems that customers are trying to solve … All these new technology platforms create new attack surfaces that need to be secured and then you need to integrate and automate them,” Yepez said. “I think managed security services will be a good market that will continue to evolve in the years to come.”

Article found here: www.crn.com

 

 

Read More