Uncategorized

Cyber Algorithms Acquired By Thycotic

2015-12-08-demo-day-44-dsc_5783-tim-brennan-cyber-aEarlier this month, we announced the acquisition of Cyber Algorithms by Thycotic. Given this is the first exit from the Mach37 portfolio, I wanted to take a few minutes to reflect on its significance to us and our investment strategy.Mach37’s investment in Cyber Algorithms is a perfect example of our unapologetic bias toward investing in technical founders who embody world-class cybersecurity talent. As I articulated in my July 30, 2014 blog, Why Mach37 Loves the Hacker Community,

“the dirty little secret in start-updom is that while it can take years of technical and analytical experience to inspire truly disruptive security innovation, technical founders can buy, borrow, partner with or be taught the second set of target skills within a few months.”

When we first met Tim Brennan, we knew immediately he had that world-class talent. Together, Tim and his co-founder Josiah Smith could deliver their advanced capabilities to address a large-scale problem.Tim and Josiah did an incredible job of conceiving, developing, and validating a security analytic product from concept through acquisition.  And, for them, getting it done didn’t mean they needed millions in investment capital and a large team of executives. Rather, they diligently embedded an advanced capability into a software product and engaged their target market to demonstrate product-market fit. By executing basic blocking and tackling, good things came to them – very quickly.Thycotic is one of the most promising and rapidly growing strategic acquirors of cybersecurity capabilities in our region and we are excited that Cyber Algorithms has become part of their team. Congratulations Tim and Josiah.

PierceMatrix: Mach37 Alumnae Interview with Roy Stephan

roy-stephen-presenting

Roy Stephan, PierceMatrix CEO and Founder

What opportunity did you recognize that led to the founding of PierceMatrix?

pierce-matrix-logo-whiteRoy Stephan: The opportunity for small and medium businesses to understand security on a global level. Large companies and governments can throw thousands of security professionals at a problem, and most security tools are designed for those organizations. With PierceMatrix we provide a unique workflow that offer SMBs a more comprehensive view of their security, including helping them identify malicious actors on their network and remove them.

What specific value does addressing that problem provide for your customers?

Stephan: By understanding how global threats are affecting them, PierceMatrix users can lower their security risk and lower their liability. Any business that is not reviewing its log files is carrying excess liability because the firewall logs (and other security devices) are documenting suspected attacks. PierceMatrix helps companies reduce that liability by automatically reading logs and helping with prioritization and remediation.

Why aren’t current solutions addressing this problem effectively?

Stephan: Most of the products in security are focused on solving niche problems for large businesses. There are very few that recognize the importance of educating and assisting small and medium businesses. Gartner selected us a Cool Vendor because of our unique approach to reducing data and helping small businesses focus their efforts. The industry standard is generating large volumes of new data for the user to sift through internally. This is just not an option for small and medium sized businesses that don’t have skilled resources available.

What makes your approach different and better from existing approaches?

Stephan: Our approach is to bring SMBs a cloud-based security model that bridges several capabilities including SIEM, TIP, Incident response and remediation. In particular, we provide an understanding of threats already present in your log files, as well as incident tracking and remediation through an automatable button.

What about your team’s background puts you in a unique position to succeed?

Stephan: The PierceMatrix team combines Artificial Intelligence and security expertise. These are two separate fields of study, but an essential combination to address today’s information security challenges. The CEO has 20 years of experience in building companies and divisions in the security world, and the CTO has 20 years of experience building artificial intelligence for the US military, FAA, and AT&T.

What are some of the milestones you have passed since graduating from Mach37?

Roy Stephan, PierceMatrix CEOStephan: When we graduated M37 we had an early beta product. Now we have a functioning system with customers in the ISP, MSP, Finance, and Defense Industrial Base markets. We were recently selected as a Gartner Cool Vendor, as well as being selected as one of the top 6 emerging technologies for FinTech by the Partnership for New York City.

What one aspect of the Mach37 programs did you personally find most beneficial?

Stephan: Helping me run a business. I have built products, divisions, even companies as a technologist, but M37 taught me how to build out the non-tech aspects such as finance, HR, sales, legal, etc.Learn more about PierceMatrix here.

Related Posts

Three-Year Update: Lessons Learned (So Far) From The Mach37 Experiment

When we launched Mach37 three years ago, we acknowledged at the time that we were essentially running an experiment. At our inception, we believed that an accelerator could effectively harness the rich cybersecurity talent pool in the DC-Maryland-Virginia region (DMV) to create an ecosystem capable of supporting large-scale commercially-focused cybersecurity product companies. There were plenty of skeptics, including many in the institutional venture community, who believe you can’t scale a cybersecurity product company in the DMV. At the time, I privately admitted that we had no idea if we would succeed, and anticipated it would take us at least five years to really know if we are any good at this.Three years later, I am confident that I have burned through any goodwill I had with my friends in the community and that I am deeply indebted to just about every person I know in the industry. But, it seems like our modest experiment is working out way better than most people ever expected, including us. Our small $50,000 investment in each of our 35 companies has been leveraged over eight times on average by private seed investors. What started out as one or two person companies have grown into ten and twenty person companies. Currently, our portfolio employs over 100 full-time equivalent employees, and we expect that number to increase dramatically over the next year as they receive institutional venture funding.To be certain, all of us here at Mach37 know that there is still a lot of work left to do to transform what has been a government-centric business ecosystem into a thriving commercially-focused cybersecurity business epicenter. However, now I believe that this transformation is inevitable.As we pass through the three-year milestone, I wanted to share a few important lessons we have learned from the experience:Lesson #1: Accelerators can effect major changes to business ecosystems. Part of Mach37’s mandate was to cultivate an ecosystem that could transform the cybersecurity intellectual capital native to the DMV into a conveyor belt of successful security product companies. The conventional wisdom in 2013 was that we didn’t have a critical mass of talented individuals in our region that understood how to build security product companies. However, it looks like our brute force approach is working.We started by building a mentor network of security professionals one mentor at a time. (Thank you George Schu for leading the way as Mach37’s first mentor.) What began as a small group of believers evolved into an unmatched 240+ person network of security business experts – all committed to our mission to launch the next generation of security product companies.From there, the momentum increased. Since 2013, over 80 security and software business experts volunteered to teach our entrepreneurs critical skills that will enable them to be successful. Over 70 seed investors have fueled our companies, allowing them to mature and finally begin capturing the attention of the institutional venture community.   And, the vital leadership and financial support offered by our sponsors at Amazon Web Services and General Dynamics has been humbling and validates the demand for security innovation from some of the most successful companies in our region.Perhaps the skeptics were right that the DMV doesn’t have as many talented security product business experts as other more established regions. But, what I have learned to value much more than the quantity of experts is that members of the security community in our region rarely say “No.”Lesson #2: The DMV has an unmatched volume of technical security innovation that is driven by government-centric missions. However, security innovation also comes from diverse populations around the world. As most people recognize, there are more talented security technology professionals in the DMV than any place else on Earth. In general, the security ecosystems supported by the DoD, Department of Homeland Security, and the Intelligence Community are driving significant demand for security innovation. Mach37 has been able to effectively leverage this regional asset. Founders from Huntress, Atomicorp, Disrupt6, Fast Orientation, Tensor Wrench, Eunomic, Cyber Algorithms, Anatrope, vThreat, and Hilltop all have been operating at the leading edge of security within this ecosystem for many years.However, we failed to anticipate the large volume of high-quality security entrepreneurs that would come to the DMV from many diverse ecosystems. To date, of our portfolio of 35 companies, over 40% came from outside the DMV. Notably, Mach37 has received applications from 24 different countries (and counting) and we expect to increase our volume of investments in entrepreneurs from outside of the United States in coming cohorts. Additionally, since inception, Mach37 has funded 17 of 35 companies (nearly 50%) with a founder that is either from an ethnically underrepresented group, from the LGBT community, a woman, or a service disabled veteran.Lesson #3: You CAN raise seed capital in the DMV. To be honest, three years ago, we were concerned about the limited volume of seed capital available to product companies in our region.   We just weren’t sure it would support the volume of innovative product companies we intended to launch.   However, about 70% of our graduates consistently raise capital beyond our initial investment.   To be sure, we have reached out to seed investors from other geographies and, thankfully, their appetite to fund security companies in the DMV exceeded our expectations.Further, the often-publicized concerns around the impending “winter” in security investment appear to me to be overwrought, at least in the DMV. Maybe it’s because we have never been spoiled with an abundance of early-stage capital and “winter” doesn’t feel any different to us. Perhaps it’s because the uninitiated investors who are fleeing the sector were never investing in our region to begin with. Or, maybe it’s because investors who understand security continue to invest in the DMV, in spite of the emergence of “winter” in other regions. Whatever the reason, the rate at which Mach37 companies continue to receive funding is increasing and it still feels pretty warm to us. 

Bring-Your-Own-Keys: Bringing Trust into SaaS

Below is a guest post by Karthik Bhat, founder and CEO of SecureDB, a MACH37 portfolio company.  SecureDB's Encryption as a Service product makes implementing encryption into applications fast, easy, and inexpensive for businesses of all sizes - from startups to Fortune 500.  Learn more about SecureDB at https://securedb.co/.

- Ledger West, Associate Partner, MACH37

Over the last few years, a wide variety of internal functions of business - HR, Payroll, CRM, e-signature, Benefits Management, Health Insurance, Project Management etc. have moved to respective SaaS companies. With more and more enterprises handing over their sensitive data to SaaS providers, there is a tremendous need to protect this data in the cloud using encryption. Any responsible cloud provider should be encrypting this sensitive customer data along with all proper key management practices.

However, the biggest challenge of cloud-encryption is: who owns the keys? Quite a number of companies will be okay with their SaaS provider owning and managing the encryption keys. Many will not.

Bring-Your-Owk-Keys-For-Cloud-SaaS-Platform-SecureDB-Data-Encryption

The need of the hour is for the cloud platforms and SaaS companies to allow their customers to bring their own encryption keys - Bring Your Own Keys (BYOK). This way, customers can rely on SaaS companies without any apprehensions about data-leaks. BYOK will ensure that a SaaS company's access to customers business data is always controlled. Thus, cloud providers and SaaS companies can continue focusing on the core value that they provide to the enterprises, without sweating much about security of sensitive customer data.

Why BYOK is Important?The beauty of the BYOK is that enterprises have full control over the life cycle of the keys (generation, usage, backup, rotation etc.). The enterprise can also assign specific permissions on the encryption keys that limits what the cloud provider could do with the keys (for example, give only 'encrypt' and 'decrypt' permissions and not 'key-rotate', 'key-delete' permissions). The enterprise can also view the key usage logs to ensure the keys are used in accordance with the agreement.

When the enterprise wants to cease using the SaaS provider, they could download their data and simply revoke the access to the key. The SaaS provider no longer will be able to view or process the data. No more worries about whether the SaaS provider has done the right and responsible thing and deleted your data.

Bring Trust into SaaSAt SecureDB, we anticipate this to be the next logical step to acceleration of SaaS adoption.

Bring-Your-Own-Keys (BYOK) for data-encryption converts cloud and SaaS (inherently un-trusted) environments into trusted environments.

BYOK-Bring-Your-Owk-Keys-For-Cloud-SaaS-Platform-SecureDB-Data-EncryptionConsider this: when your company is using a SaaS service, your company data is most likely sitting right next to some other company's data - in the same table or in the same database. This means that if an attacker finds a way to compromise the SaaS provider's database, your company data is compromised just as everyone else's.

Enter BYOK. If the SaaS provider supports BYOK, your data is encrypted using the keys you own. Now, you are protected against a whole slew of attack vectors. You can revoke the keys at will. This is in the best interest of SaaS companies too. They can vastly reduce their exposure to risk.

Write this into contractBefore a company hands over the data to SaaS companies, it is in the company's best interest to ensure the SaaS company is encrypting the data. Call out specific fields that must be encrypted and provide the SaaS company with BYOK key.

We agree, this is still few years out. But we need to start somewhere. Please share your thoughts in the comment box below.

Why Mach37 Loves the Hacker Community

When I speak with investors about the information security market and the advantages of partnering with a vertically focused accelerator, they typically ask me to characterize our ideal opportunity for investment. My canned response is almost always that we look for teams whose founders embody two targeted sets of skills: 1) deep technical and analytical security domain expertise; and 2) strong entrepreneurial and communication skills.Washington Post PhotoHowever, as an accelerator that invests at the very beginning of a start-up’s lifecycle, we often find entrepreneurs before they have had the opportunity to build out their teams. Generally, that one founder frequently only embodies the first of the two target characteristics.Honestly, that’s just fine with us.The truth is that we are overwhelmingly biased toward investing in those entrepreneurs who have the technical and analytical depth and operational experience required to understand the most challenging security problems we face today.   We believe that depth and experience can be found more abundantly in the security researcher, or hacker, community, than anywhere else on the planet.If you believe security industry analyst Keren Elazari as we do, hackers are the immune system for the information age. The hacker community is driven by the desire to understand how things work and, importantly, how to break them and make them better. The innovators in this community spend years developing a depth of understanding that is required to birth the next generation of disruptive information security products.My observation is that our focus may be slightly contrarian, as early-stage investors often overlook the hacker community as an attractive source for investment opportunities. (I’ll concede that there are several exceptions to this observation, but since Bruce Schneier and Dan Kaminsky had already achieved rock star status, I view them as outliers.) If I were to contrast hackers with the legions of entrepreneurs filling the ranks of accelerators worldwide, I do think they are different.As one would expect, hackers are focused on those activities that leverage the first set of target skills mentioned above. Hackers solve difficult technical challenges that underlie vexing security problems. They are driven by a desire to see their hard work make a significant impact, versus being satisfied by a quick financial flip of their intellectual property. They invest their time inventing things, versus polishing a presentation to convince you why you need to buy the thing they invented.We think most angels and institutional VC’s are perilously biased toward the second set of target skills and often lack the patience and technical depth required to ferret out the most compelling security innovations.   Said differently, for most early-stage investors, a flashy PowerPoint presentation from a recently minted MBA with strong communication skills carries more weight than a technologist with a decade of technical experience in the security domain.However, the dirty little secret in start-updom is that while it can take years of technical and analytical experience to inspire truly disruptive security innovation, technical founders can buy, borrow, partner with or be taught the second set of target skills within a few months.   Our strategy at Mach37 is to identify the best technical founders and reinforce their deep technical expertise with the curriculum, co-founders, mentors, advisors, and capital they need to be successful.Next week, Black Hat and DEF CON will mark the largest annual gathering of the U.S. hacker community and will showcase the work of several of the community’s brightest. Within this gathering, Mach37 will likely identify several founders for future cohorts. Perhaps ironically, most early-stage investors will not be there.Honestly, that’s just fine with us.

The Cyber Security Market Is Hot! Here’s Why

By any credible account, the cyber security market is hot. According to Gartner analysts, in 2014 worldwide information security market growth will accelerate to 8.6% and exceed $73 billion. Cyber-related M&A activity and trading multiples are indicative of customer and investor markets that are demanding much more innovation, faster.It has not always been that way.In 2002, I briefly abandoned the then information security market. Frankly, it sucked. I can remember more times than I care to admit saying, "This is just too hard." Or, "There’s no money in information security." We all knew the problems for the solutions we were building existed, but back then, the market simply didn’t care.In 2002, the minimum standard of care for enterprises was limited to anti-virus, firewalls, intrusion detection, and, later, if you were in a regulated industry, SIEM or some sort of log aggregation solution. Enterprise executives lived in ignorant bliss, believing that their biggest risks were related to being out of compliance with their respective regulatory authorities.In 2002, Gartner estimated the worldwide security software market to be an anemic $3.5 billion -- a market that was dominated by five vendors that owned approximately 60% marketshare -- Symantec, Network Associates, IBM, TrendMicro, and Check Point.Fast-forward to 2014. New product categories abound, with Gartner covering too many cyber security-related magic quadrants to list (with more on the way).  Investors are enthusiastically entering the market, with VCs investing $1.4 billion in 230 cybersecurity companies in 2013 alone.So, what has fundamentally changed since 2002? What are the factors that are driving cyber security market growth? Here are four fundamentals that we at Mach37 continue to think about.First: The obvious. The threat continues to accelerate in capability and scale. Cybercrime is big business and has finally reached the tipping point where consumers and regulators are demanding that businesses deploy effective solutions.Second: The Internet-of-Things is exacerbating the problem. Now, we have laptops, iPhones, wearable computers, gaming systems, other mobile devices… the list is boundless. Many of these devices are either themselves untrustworthy or are interacting with untrustworthy mobile networks. Few have the computing horsepower to perform traditional security functions of familiar desktops and laptops -- making them even easier targets. As difficult as the security problem was before, it just got a lot worse.Third: Cyber security is now a Main Street issue. Every one of us is affected --  and now we finally realize it. Retail-related breaches, such as the recent Target breach, have hit tens of millions of consumers. Cyber security stories are now common in all mass media outlets.Fourth: The competitive market is finally rewarding innovation.  For many years, the information security market was dominated by large security platform companies that milked their antivirus cows and had very little incentive to innovate. Because of incumbent supply chain dominance, new entrants were often forced to battle over a very small number of early adopters or to sell to or through these powerful few to reach the broader market.Over the past few years, new entrants have emerged and are challenging the fat incumbents… and the financial markets are rewarding them. As I write this, FireEye enjoys a market cap of $5.7 billion, with an astounding 35x (yes, I said 35) enterprise value to revenue multiple.  Similarly impressive, although more modest, Palo Alto Networks trades at roughly 9x revenue with a $5 billion market cap.Conversely, historical incumbent Symantec is trading at paltry 2x revenue and recently fired its CEO and executive management team.I am sure there are many other factors, but whatever has changed in cyber security, the need for continued innovation has remained constant. Similarly, the fundamentals described above are not likely to change for at least a generation. And, speaking for those of us who lived through 2002, I am really glad to be in this market.