Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How Enterprises Can Harvest The Knowledge Of Security-Focused Venture Capitalists
Newest First  |  Oldest First  |  Threaded View
DarkReadingTim
DarkReadingTim,
User Rank: Strategist
5/8/2014 | 9:39:48 PM
Re: Cyber Security Solutions - Innovation Trumps Size
Great points, Bob -- you answered some of the questions I raised in the comments in response to your remarks at the end of my Part 1 story! I do think that the relationship between security executives and venture investors like yourself is one that has huge potential for benefit on BOTH sides, and I hope that Dark Reading can facilitate more discussion between security-focused VCs and security professionals such as those in our community. I hope you'll continue to add your insight to our news and analysis pieces!
BobAckerman
BobAckerman,
User Rank: Apprentice
5/8/2014 | 8:24:19 PM
Cyber Security Solutions - Innovation Trumps Size

Nice follow-up piece Tim.  As a venture capital investor in cyber security innovation, we spend a lot of time with enterprise customers to: 1) understand where they see the threat vectors based on their technology infrastructure and business profile, and 2) to seek input into the opportunities we are evaluating.  The symbiosis here is to draw connections between those with the problems and those looking to provide the solutions.  Historically, enterprise customers have been reticent to purchase solutions from young companies for the reasons you articulated through your two pieces,  Cyber is definitely an exception to that generalization.  Frankly, the nature of cyber threats evolves and morphs faster than most legacy solution providers can track.  Experienced customers understand this and turn to the start-up community out of necessity – they simply don't have a choice in many cases. The cutting edge innovation is coming out of Silicon Valley (and other innovation clusters) and the imperative to "get it right" with cyber security outweighs the risk of engaging with a start-up company in many cases.  Look to the resignation of the Target CEO earlier this week when you think about the consequences of getting it wrong in cyber.  Expect to see more of this in the future.  Maybe this is a reason why you see groups like Blackstone actually setting aside a pool of capital to engage and work with cutting edge cyber innovators to provide advanced cyber security solutions for their portfolio companies.

DarkReadingTim
DarkReadingTim,
User Rank: Strategist
4/30/2014 | 4:28:01 PM
Re: Vested interest
Thanks Lorna, you make a great point. To get the full value of the VC community, you need to track multiple VCs and get their varying points of view. But it's still a lot easier to evaluate (in your scenario) four promising startups than to start from scratch and listen to pitches from dozens of unknowns. Another point I might make is that many startups, such as FireEye and CrowdStrike, are actually getting funding from multiple VCs, so it's not a one-sponsor, one-startup situation. If you see 3-4 VCs that know security backing a single startup, that's a good sign that there might be a there there.
DarkReadingTim
DarkReadingTim,
User Rank: Strategist
4/30/2014 | 4:23:05 PM
Re: VC explosion
Great points, Kelly. Interestingly, according to numbers from Thomson Reuters, the number of security companies receiving funding was actually down slightly between 2012 and 2013 -- there were a lot of startups funded in the 2011-12 years. However, I think what we're noticing is that startups are getting a lot more traction than they did during those years -- a startup today has a real chance of breaking into an enterprise and building a business relatively quickly, as we saw with FireEye, Palo Alto Networks and CrowdStrike. There's a real opportunity for a new company to make the grade.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/30/2014 | 4:14:25 PM
VC explosion
There is a lot of VC activity going on lately in security. Nearly once a week, there's been a new VC funding announcement from one startup or another. I'm wondering how this compares with a year ago, or even six months ago.
Lorna Garey
Lorna Garey,
User Rank: Ninja
4/30/2014 | 2:31:50 PM
Vested interest
Tim, Any given VC is going to have a strong incentive to recommend to enterprise CIOs/CISOs the startups it's invested in. So, you might visit four VCs asking about X problem and get four promising solutions. I guess that's actually better than the alternative, but how do you recommend sorting through the possibilities?  


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4315
PUBLISHED: 2023-01-28
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has be...
CVE-2023-0562
PUBLISHED: 2023-01-28
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched re...
CVE-2023-0563
PUBLISHED: 2023-01-28
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the...
CVE-2023-0560
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...
CVE-2023-0561
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The expl...