Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

The “Crying Wolf” Rating and Other Security Investment Qualifiers

There is a lot of noise in the cybersecurity space with every company trying to differentiate itself by claiming to be the “next big thing”, but so few have risen to the top. And the security market has changed a lot in the past couple years. As a venture capitalist, I often get asked about how I see the market changing and how we cut through the noise to find and fund companies that are doing something truly unique and innovative and that really solves customer problems.

These are imphowling wolf-blog.pngortant questions. Right now, we are in a period where new cybersecurity startups are popping up each week. CISOs, and their teams, are getting overwhelmed. Not only are they swamped with the challenges of protecting their company resources and the staffing and skills to do that, but they are bombarded with marketing messages, analyst reports, proof-of-concept requests, a plethora of “new” security conferences to attend and constant outreach from both incumbent and new companies. And the most common thing I hear from CISOs: how do I figure out what solutions I need when everyone seems to be saying the same thing. I agree with them. It’s a challenge.

The real news is that cybersecurity is now top of mind for so many companies. It’s a board-level issue now, where it was previously one of the low-level topics in the CIO department.

Two really big changes have taken place in cybersecurity

First: We are seeing a level of urgency for onboarding great solutions.
This, in turn, is partly responsible for the creation of so many new startups.

Second: Cybersecurity solutions are challenged and under significant pressure.
Not only are the attackers more and more sophisticated, but the environment that needs protecting is far more distributed and harder to protect.

In the good old days, the bad guys were outside the perimeter of your datacenter and the good guys were inside the perimeter. Today, the perimeter is dead – mobile devices wounded it and the cloud has finished it off. So enterprises have an absolute and board-level mandate to protect precious corporate resources, but in a far more difficult-to-protect environment than just a few years ago. Insider threats are becoming much more prevalent, both from the perspective of employees being vulnerable to credential compromise or of malicious insiders who look to steal data or cause harm to an organization.

And security needs to adapt to meet the ever-connected world we live in. The good news here is that there are outstanding new technologies produced by startups that organizations can use in the pursuit of dramatically better cybersecurity. The availability of fantastic open source technologies and the massive resources available via the cloud means that modern solutions can get out of the traditional hardware appliance form-factor and bring massive resources to bear in capturing and analyzing the information that they need to predict and manage security risks.

The popularization of “big data” algorithms and infrastructure have been particularly useful here. There has also been a rise in the number of interfaces into various infrastructure and operating system offerings. New solutions are plugging deeper into the computing environments, providing better visibility as well as the ability to eradicate attackers and their handiwork.

Given the current state of the industry and enterprise climate, when evaluating a potential investment in a security company, I look for a few key traits.

Key Traits

  1. Have the founders and team been in the space?
    There are so many unique requirements for reaching the customer, proving out the efficacy for a solution, and integrating with existing tools and processes. I require teams that have “been there and done that” before launching their new company. They know what it takes to be successful.
  1. For existing areas, is the technology 10x better than what is there?
    The cost of deployment, customization, and training is high for an already-busy cybersecurity staff. The solution must be incredibly compelling to warrant this work. A new entrant must either find 10x more issues, do so 10x more efficiently, or help resolve the issues 10x faster.
  1. Related, what is its potential “crying wolf” rating.
    One huge challenge with many new tools is that they cause a large number of alerts, each of which need to be examined by security teams. As the new products create “false positives”, one of two things happen – either it takes a lot of precious time to find the real issues amidst them OR the security team starts ignoring them. Either case is bad and I try to carefully watch for the potential for this in my evaluations.

In a separate article I go a bit further and I talk more about how to handle increased needs for security without forgetting the need for speed. I think these are important concepts that need to be part of the ongoing conversation to keep developing security solutions that really matter.

Why we invested in Preempt

So, when I look at some of the security companies we have invested in, like Preempt, these were all very important factors.  What the Preempt team is doing with the Behavioral Firewall is making real change in the way organizations deal with and proactively preempt insider threats.

Preempt met the above criteria. They have a proven executive team who has showed great success at building companies and products that solve real customer problems.  They are applying very important concepts to their solution that tie directly into the challenges that organizations are struggling with today.

By providing speed in delivery, actionable results, improved productivity and quick time to value they’re hitting the right notes with customers from the start. Customers are improving the productivity of the security team because they have Preempt to respond to Insider Threats as they’re detected. That automated response can preempt the threat, as well as validate a real request or access attempt, rather than sending yet another alert for the security team to manually review. As a result there is a big reduction in false positives that security teams need to investigate and business continues without interruption. Customers see value in week one and continue to see value as they constantly find ways to reduce their attack surface and overall risk.

In Summary

So, in a very noisy cybersecurity environment, there are lots of really amazing companies doing great things to solve customer problems and help keep organizations more secure. The winners are going to be companies that stay focused on solving those important problems, have true integrity and surround themselves with incredible people. Over the next year, we’ll see fallout as some of these new startups get distracted and lose sight of the ongoing challenges and customer’s requirements.  



Topics: CISO, Insider Threats, Security Skills, ueba,

Posted by Steve Herrod on October 27, 2016 3:50 AM


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More


What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More


A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More


10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More