Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How Enterprises Can Harvest The Knowledge Of Security-Focused Venture Capitalists
Newest First  |  Oldest First  |  Threaded View
DarkReadingTim
DarkReadingTim,
User Rank: Strategist
5/8/2014 | 9:39:48 PM
Re: Cyber Security Solutions - Innovation Trumps Size
Great points, Bob -- you answered some of the questions I raised in the comments in response to your remarks at the end of my Part 1 story! I do think that the relationship between security executives and venture investors like yourself is one that has huge potential for benefit on BOTH sides, and I hope that Dark Reading can facilitate more discussion between security-focused VCs and security professionals such as those in our community. I hope you'll continue to add your insight to our news and analysis pieces!
BobAckerman
BobAckerman,
User Rank: Apprentice
5/8/2014 | 8:24:19 PM
Cyber Security Solutions - Innovation Trumps Size

Nice follow-up piece Tim.  As a venture capital investor in cyber security innovation, we spend a lot of time with enterprise customers to: 1) understand where they see the threat vectors based on their technology infrastructure and business profile, and 2) to seek input into the opportunities we are evaluating.  The symbiosis here is to draw connections between those with the problems and those looking to provide the solutions.  Historically, enterprise customers have been reticent to purchase solutions from young companies for the reasons you articulated through your two pieces,  Cyber is definitely an exception to that generalization.  Frankly, the nature of cyber threats evolves and morphs faster than most legacy solution providers can track.  Experienced customers understand this and turn to the start-up community out of necessity – they simply don't have a choice in many cases. The cutting edge innovation is coming out of Silicon Valley (and other innovation clusters) and the imperative to "get it right" with cyber security outweighs the risk of engaging with a start-up company in many cases.  Look to the resignation of the Target CEO earlier this week when you think about the consequences of getting it wrong in cyber.  Expect to see more of this in the future.  Maybe this is a reason why you see groups like Blackstone actually setting aside a pool of capital to engage and work with cutting edge cyber innovators to provide advanced cyber security solutions for their portfolio companies.

DarkReadingTim
DarkReadingTim,
User Rank: Strategist
4/30/2014 | 4:28:01 PM
Re: Vested interest
Thanks Lorna, you make a great point. To get the full value of the VC community, you need to track multiple VCs and get their varying points of view. But it's still a lot easier to evaluate (in your scenario) four promising startups than to start from scratch and listen to pitches from dozens of unknowns. Another point I might make is that many startups, such as FireEye and CrowdStrike, are actually getting funding from multiple VCs, so it's not a one-sponsor, one-startup situation. If you see 3-4 VCs that know security backing a single startup, that's a good sign that there might be a there there.
DarkReadingTim
DarkReadingTim,
User Rank: Strategist
4/30/2014 | 4:23:05 PM
Re: VC explosion
Great points, Kelly. Interestingly, according to numbers from Thomson Reuters, the number of security companies receiving funding was actually down slightly between 2012 and 2013 -- there were a lot of startups funded in the 2011-12 years. However, I think what we're noticing is that startups are getting a lot more traction than they did during those years -- a startup today has a real chance of breaking into an enterprise and building a business relatively quickly, as we saw with FireEye, Palo Alto Networks and CrowdStrike. There's a real opportunity for a new company to make the grade.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/30/2014 | 4:14:25 PM
VC explosion
There is a lot of VC activity going on lately in security. Nearly once a week, there's been a new VC funding announcement from one startup or another. I'm wondering how this compares with a year ago, or even six months ago.
Lorna Garey
Lorna Garey,
User Rank: Ninja
4/30/2014 | 2:31:50 PM
Vested interest
Tim, Any given VC is going to have a strong incentive to recommend to enterprise CIOs/CISOs the startups it's invested in. So, you might visit four VCs asking about X problem and get four promising solutions. I guess that's actually better than the alternative, but how do you recommend sorting through the possibilities?  


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38765
PUBLISHED: 2022-12-09
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.
CVE-2022-41947
PUBLISHED: 2022-12-08
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated use...
CVE-2022-41948
PUBLISHED: 2022-12-08
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HT...
CVE-2022-23469
PUBLISHED: 2022-12-08
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header a...
CVE-2022-23494
PUBLISHED: 2022-12-08
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which p...