New cybersecurity boom arrives in Silicon Valley
Nefarious cybercrime syndicates and villainous state-sponsored hackers are making the digital world an increasingly dangerous place.
That's bad news for companies suffering growing losses from relentless cyberattacks. But it's good news for Silicon Valley, where cybersecurity has suddenly become the hot new-old thing.
The security industry has been around for decades and produced giants such as McAfee and Symantec in the 1990s. But in the past decade, it was mostly overlooked by venture capitalists and entrepreneurs, who didn't see much opportunity for big returns.
That's all changed now that the volume and sophistication of attacks are increasing, forcing victims to open their wallets.
The result is a digital arms race against wily hackers that has Silicon Valley battling to provide the weapons to the good guys. Venture capital firms are pumping funding into security startups, which are getting gobbled up by big companies that see cybersecurity as a source of new revenue.
In a region where tech trends go in cycles, cybersecurity is a particularly mouthwatering investment prospect because no matter how much security equipment or software gets sold, the problem never gets completely solved.
"All the time, there are barbarians at the gate looking aggressively for every vulnerability they can exploit," said Bob Ackerman, a venture partner at Allegis Capital in Palo Alto, Calif. "And that's going to go on for years."
That explains why a company like AlienVault of San Mateo, Calif., is practically fighting off investors.
Founded in 2007, the company makes a threat-detection system that harnesses the power of crowd-sourced reports to help clients stay on top of the latest hacking exploits. After toiling in the shadows for years, AlienVault became the beneficiary of Silicon Valley's rediscovery of cybersecurity, raising $55 million in venture capital in three rounds since January 2012.
The company, which now has 300 employees, last year recruited seven top security executives from Hewlett-Packard Co. Many of those executives had worked at Fortify Software, a San Mateo, Calif., security company that HP bought in 2010 for $258 million.
Those defectors included current AlienVault Chief Executive Barmak Meftah, who said many companies ignored warnings for years about the possibility of breaches because they seemed mostly hypothetical. With headlines every day about companies under siege, skeptical information-technology managers have gotten religion about the need for greater security measures, he said.
"The primary demand is finally there," Meftah said. "If we had built a company of this size five years ago, the awareness of the problem was not there."
AlienVault is just one example of the flood of funding washing over this sector.
In the past year, according to CB Insights, cybersecurity startups have attracted $1.4 billion in venture capital across 239 deals. The number of deals is up 19 percent in 2013, thanks to what CB Insights describes as a surge of interest in the sector.
That, in turn, has venture capital firms adding partners with an expertise in security, a highly technical and fast-moving field. In August, Allegis Capital added four partners who will focus almost exclusively on the security market. Ackerman, one of the firm's founders, said he believes the additional expertise will help Allegis keep its advantage over newcomers who are just discovering the space.
"One of the things that is endemic in the investment community is that there's a herd mentality," Ackerman said. "But these problems are very complex. This is not like building an iPhone app."
Expect the stampede to continue. CB Insights tracked 78 cybersecurity companies that over the last year had either been acquired or launched an initial public offering of stock. The IPO in September of San Jose, Calif.-based FireEye, which doubled on the first day of trading, has only fed the frenzy.
"There's a lot of runway ahead for this industry," said Anan Sanwal, an analyst at CB Insights.
The cybersecurity boom is not without irony. Silicon Valley has done more than another other place to create the technologies that have made the world a more connected place. But that's also what has made it a more dangerous place, creating a new opportunity for the tech industry to fix the problems it helped spawn.
The rise of mobile and cloud computing has resulted in increasingly complex networks and systems, which in turn have offered new vulnerabilities. As this connectivity has increased, consumers and businesses are placing more valuable information online.
And that, in turn, has made hacking a more lucrative opportunity that has attracted a higher caliber of adversaries, who are backed by other countries or organized crime.
"There's more vulnerability than there's ever been," said Glenn Solomon of GGV Capital, an investor in AlienVault. "And the possibilities to attack these places profitably and successfully are high."
Another reason that security startups have exploded is that cybersecurity has also caught the attention of many of Silicon Valley's biggest names. Even as many of these players see some of their traditional businesses slow or decline, the cybersecurity boom has arrived just in time to provide promising new revenue.
HP has created a business-security software unit that includes many of the companies it acquired in recent years, including Fortify. During HP's most recent earnings report for its fourth quarter, Chief Executive Meg Whitman noted that while overall software revenue declined 9 percent from the same period a year earlier, security saw "double digit" growth.
Art Gilliland, senior vice president and general manager for enterprise security products at HP, said its customers don't want to have to work with dozens of companies to solve their security problems. He thinks that's an advantage for a big company like HP, which already offers a wide range of products and can potentially acquire more as needed to become a one-stop security shop.
"From a customer's perspective, there's a lot of capabilities they want to bring together," Gilliland said. "We can help them do that."
Cisco Systems Inc. has also become more aggressive, acquiring Sourcefire for $2.7 billion and Whiptail for $415 million. According to Chris Young, senior vice president of the security group at Cisco, buying startups is a crucial part of the strategy for moving fast against enemies, who always seem to remain one step ahead.
"The way to describe it is that's almost like the industrialization of threats," Young said. "So the shelf life of security products is decreasing because the threat landscape is moving so rapidly."
Like all booms, people are now on the watch for signs that things are getting out of hand. Valuations for security startups are on the rise, and if they get too pricey, big companies will have to slow acquisitions. And with more funding pouring in, it's inevitable that startups that should never exist will get funding as everyone tries to chase the latest buzz.
"What I always say is that first we have the innovators," said Venky Ganesan of Menlo Ventures, who has been investing and working in security for more than a decade. "Then you have the imitators. Then you have the idiots. We're a long way from seeing the idiots. But we have all the indicators that we're headed in that direction now that everyone is interested in this space."
©2013 Los Angeles Times
Distributed by MCT Information Services