Over the last two years, the IT security industry has welcomed scores of new firms to the market. Investment firms poured some $1.74 billion into cyber security in 2013. While all of the numbers for 2014 aren’t all in, the early figures suggest that nearly as much was invested last year. It’s estimated that there are more than 500 private firms currently offering security products today -- most of them startups punching their tickets for a lottery to provide an answer to the spiraling data breach/loss problem.
But even if the cyber security market hits the astronomical figure of $76.9 billion in spending projected by Gartner in 2015, there is little chance that all of those startups will enjoy a slice of the pie. The fact is that 2015 will likely separate at least some of the winners and losers in the info security race -- and possibly slough off some of the pretenders to reveal the true game-changers in security technology.
On Tuesday, for example, the stealth startup Ionic Security will announce that it has secured some $40.1 million in C series funding from Meritech Capital Partners, an investment firm that specializes in funding companies that are on the precipice of market-altering product entries. Ionic, which has now secured more than $78 million in anticipation of an April launch, is promising a game-changing approach to security: the encryption of data from the moment of inception to the moment of retirement, no matter where the data goes or resides.
Meritech, which has funded such successful security firms as Fortinet, Imperva, Sourcefire, and Veracode, believes that Ionic may have an even better chance to break the cyberproduct mold. "Ionic has an opportunity unlike any we’ve ever looked at before," says Mike Gordon, managing director at the investment firm. "The industry has recognized that data breaches have become inevitable. This technology has a chance to make them irrelevant."
Still in stealth mode, Ionic executives are reluctant to unveil the "secret sauce" behind the company’s new approach yet. But Meritech says it has seen the technology working among early adopters, and Gordon believes it will shake conventional wisdom about security defenses and practices. "People have looked on [Ionic’s] website and said that what they are promising can’t be done," Gordon says. "But we’ve seen it working."
Of course, Ionic isn’t the only startup promising to change the face of security -- and getting funding to do so. Shape Security, for example, also received $40 million in funding in 2014. Ping Identity collected $35 million. Rapid7 garnered more than $30 million last year, and the list goes on. Across the investment spectrum, venture capital firms are placing their bets on companies that they believe might change the face of the cyber security problem.
On the other end of the spectrum, however, some of yesterday’s “hot security startups” are now among today’s market casualties. On Friday, former investment darling ISC8, which had received some $70 million in invested capital, announced that it will file Chapter 11 bankruptcy in the state of California. ISC8, which offers a sensor-based, near-real-time technology that promised to identity malware threats ahead of conventional perimeter security tools to limit the damage they might cause, is selling all of its assets in an auction with a starting bid of approximately $8.2 million.
Even with some $70 million behind it, ISC8 did not create the game-changing difference it promised at its launch. Yet, less than two years ago, startup FireEye went public and raised more than $300 million and a valuation of more than $2.3 billion. Cisco paid $2.7 billion to acquire Sourcefire in 2013. Clearly, there is a brass ring to be grabbed for startups that have the technology -- and the business acumen -- to prove that their products truly are game-changers.
In 2015, companies with names such as Ionic, Shape Security, NORSE Corp., and Power Fingerprinting will be among the many startups that have a chance to break new ground in the race to develop the next game-changing security technology. Dark Reading offers a peek at 20 of those companies in its 20 Startups To Watch In 2015 feature, which was published a week ago. Perhaps Ionic – and/or a few of the other many startups on the horizon -- will take the industry even farther than FireEye did a year or so ago. With so many enterprises suffering security breaches, there is a real thirst for technology that completely rethinks the security problem.
But for the other 490 or so private companies and startups that are entering the cyber security derby, it could be another long year. There are dozens of potential game-changers out there -- but there’s only one game. Only the strongest startups will have the technology, skills, and resources needed to battle it to the end.