What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action.

Rick Gordon, Managing Partner, Mach37 Cyber Accelerator

April 28, 2015

3 Min Read

In his March 20th Cyber Intelligencer, Anup Ghosh nailed it with his description of the failure of the security industry’s traditional ‘Prevent, Detect and Respond’ strategy. As Anup proposes, given the state of our collective failure, a move toward a strategy that is focused on Containment, Identification (of compromised assets and adversaries), and regaining Control of compromised networks is a more sound approach.

In his piece, Anup correctly indicts the purveyors of detection tools, who:

[have] only succeeded in producing prodigious alerts and data dumps that understaffed and over-worked security teams now have to wrestle with.

Few organizations have enough resources to sort through the volume of alerts their solutions provide and the terabytes of log data required to derive actionable insight at the speed and scale that is required.

As the industry and our customers move forward toward identification and control, information security capabilities will necessarily evolve away from emergency response and dispatch playbooks and toward more sophisticated analytical approaches. Unfortunately, given that the population of information security personnel with strong intelligence and analytical skills is about as abundant as Valyrian steel, if we don’t alter the way these tools are delivered, we are destined to fail again.

Of course, well-funded purveyors of analytical tools who have effective sales and marketing teams will be able to sell their expensive on-premise tools to large government information security organizations and the Fortune 100. But, given the volume of their data and the speed with which customers need to take action, they won’t be happy with their results.

Ironically, the good news for these vendors is that the rest of the market can’t afford to deploy their capabilities. How many non-Fortune 100 companies do you know who have advanced threat intelligence cells and big data log analysis infrastructures? So at least they won’t be angry and disappointed.

At the end of the day, I believe that even large company CISOs really don’t want to buy analytical tools. Rather, they simply want prioritized recommendations and enough confidence in the analytical rigor behind those recommendations to confidently take meaningful action.

To us and other venture capitalists who are funding cybersecurity startups, the winners are going to be companies with solutions that invert the analytical process – providing prioritized actions based on rigorous analysis and shared intelligence, and walking customers backwards through the analysis only if they care. Using machines versus people to triage massive volumes of intelligence based on relevance and risk to an organization is inevitable. Solutions that leverage more affordable As-a-Service delivery models that enjoy economies of scale for both computational resources (i.e., elasticity) and analytical human capital make the most sense.

At Mach37, we agree with Anup. We continue to prospect for and invest in solutions that will deliver affordable advanced intelligence and analytical capabilities to satisfy the growing need for identification and control. We believe these solutions will allow us to avoid the mistakes of the detection vendors, finally getting it right this time.

About the Author(s)

Rick Gordon

Managing Partner, Mach37 Cyber Accelerator

Rick Gordon is an expert on security technology, business strategy, and early-stage venture development. He currently serves as Managing Partner of Mach37 TM, a cyber security market-centric accelerator developed by the Virginia Center for Innovative Technology. MACH37 launches companies that will deliver the next generation of cyber security solutions. Prior to this role, Rick was Vice President of Product Management at KEYW Corp., COO of Lookingglass Cyber Solutions, Managing Director at The Civitas Group, and CEO of Tovaris, a specialized encryption software company. In these roles, he has worked with senior private sector and government officials to solve key security challenges, evaluated emerging growth security companies for investment, and has been a frequent contributor and speaker on such issues as cloud security, cyber intelligence, and security innovation. He also served as a submarine officer in the US Navy. He received his MBA from The Darden School at the University of Virginia and his BS with Merit in engineering from the US Naval Academy.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights