News

The Cyber Security Market Is Hot! Here’s Why
By any credible account, the cyber security market is hot. According to Gartner analysts, in 2014 worldwide information security market growth will accelerate to 8.6% and exceed $73 billion. Cyber-related M&A activity and trading multiples are indicative of customer and investor markets that are demanding much more innovation, faster.It has not always been that way.In 2002, I briefly abandoned the then information security market. Frankly, it sucked. I can remember more times than I care to admit saying, "This is just too hard." Or, "There’s no money in information security." We all... Read more...
Industrial Cyber Espionage
According to published news reports this morning covering a press conference by Attorney General Eric Holder, “The United States has for the first time filed criminal charges against foreign government officials in connection to cyberspying allegations.” The grand jury indictment charges five men with “conspiring to commit computer fraud and accessing a computer without authorization for the purpose of commercial advantage” according to the New York Times. In the press conference, the Assistant Attorney General provided specifics related to the case examples of companies affected and the types of information... Read more...
CTO SmackChat: The Dreaded “Pivot”
Your startup is a success! Family and friends have seen you through to the point where an angel investor got excited, and your first alpha customer really likes where you are heading. The beta tests are under way and the feedback is coming in.One customer says he would be interested in buying if your product could provide two additional capabilities not in the beta version. Another indicates her problem is not exactly the one you are addressing but she sees how it could apply by changing the domain slightly and... Read more...
Security Spaces Worth Watching
People sometimes ask about the process by which we select companies for participation in our accelerator program. One of the challenges with investing in the information security market (or any early-stage technology space) is that of identifying companies with a product that is both different and useful.While "different" is an important criterion, it is necessary but not sufficient for a product to be successful in the market. For a product to be “useful,” it must address a real-world problem in an accessible way.Thinking about what might be useful naturally leads us... Read more...
To Mach or Not to Mach
“To Mach, or not to Mach”So you’re thinking of applying for the Mach37 program? You’re unsure. You’re skeptical. After all, you know this industry inside and out. You’re convinced your solution is the hottest thing going and there’s no competition. You are going to raise some capital from the money you’ve saved, get a few friends to kick in and you’ll sell this company for a gazillion dollars in a year or two to Facebook. Simple plan. Fool proof. That’s why everyone does it, right?Not so fast…What do your customers... Read more...
CTO SmackChat: Minimalism
By now, most entrepreneurs have adopted the lean startup principles advocated by Eric Ries in his book The Lean Startup. A key concept is the Minimum Viable Product, the mechanism used to convey your core product ideas to potential early users, and test key market assumptions in an iterative process to ensure that what you finally deliver both solves a problem and can generate enough paying customers to build a business. Of course the hard nut with this concept is figuring out “minimal” and “viable” in a world where your... Read more...
Reflections on Mach37 F13 (and some news)
We at Mach37 have decided to modify the terms of our initial investment in each company in our Spring 2014 cohort to double our financial commitment to $50,000.  This additional financial investment will not only help Mach37 entrepreneurs attract complementary team members, but also will provide them with additional resources necessary to expand target market validation and further accelerate technology development.  Earlier this month, Mach37 completed its first Cybersecurity Investor Demo Day.  Along with six CIT GAP Fund cybersecurity entrepreneurs, our four F13 (Fall 2013) cohort participants presented their companies... Read more...
Achilles Heel … Sales
Over the years I have been a part of several startup teams and am now involved with the birthing process of security start-ups. What has become evident is that great and innovative solutions to BIG problems, better mousetraps, and totally obsessed start-up CEOs far too often fall short of the goal line… Why?: because they do not see their job is to sell. Startup CEOs fail to understand that getting and keeping their first customer is far harder than finding outside investment… they may well find someone to invest the... Read more...
TheSalmonSpeaks: Net Neutrality
Occasional rants are good for the soul. If you disagree with the opinions expressed, please take it up with The Talking Salmon.January 15th the U.S. Court of Appeals for the District of Columbia struck down the FCC net neutrality regulations covering internet access. The press coverage digs into the arcane regulatory discussion around whether internet providers are “common carriers” or not, but of course this is really a heavyweight fight about money. In one corner are Verizon and their Internet Access Cartel (IAC) buddies, the cable companies. In the other... Read more...
CTO SmackChat: Technology is not Innovation
In his excellent book "The Idea Factory: Bell Labs and the Great Age of American Innovation", Jon Gertner quotes Jack Morton, who worked at the Labs on the development of the transistor in the 1940s, saying "[Innovation] is not just the discovery of new phenomena, nor the development of a new product or manufacturing technique, nor the creation of a new market", but all of these working together to deliver things that make a difference. Or, as one of our investors puts it succinctly: "a business without customers is just... Read more...
You Don't Scale
The more that information security incidents are in the news, the more often we hear that there aren't enough people to do all of the work necessary to batten down the hatches against everyone who'd like to compromise our systems and networks. The U.S. Government has been particularly vocal in discussing a shortage of security talent, but it's not uncommon to hear this refrain in business circles as well.If these folks are as difficult to find, hire, and retain as we're told, then we only have a few choices: Train... Read more...
Stay East Young Man
I recently read the New York Times article, “The Pentagon as Silicon Valley’s Incubator,” by Somini Sengupta, which highlights a welcomed trend in cyber security investing that most of us in the industry are watching unfold.  The article highlights the enhanced relationship between Silicon Valley venture capital firms and DoD and Intelligence Community cyber security stakeholders.  The article also underscores my assertion that the DC-Maryland-Virginia Cyber Beltway is the center of mass for global cyber security expertise (see Blog Post: dated   August 2013, “The Cyber Beltway’s Innovation Dislocation").We at MACH37 are... Read more...
Creating a Market-Focused and Product-Oriented Company is Not a Part-Time Job
While there are many factors impeding the successful insertion of disruptive cybersecurity concepts into the current market, I want to explore the underestimation of the focus required to build an enterprise that is market-driven and product-oriented.The business ecosystem inside the DMV’s Cyber Beltway is heavily prejudiced toward the development of bespoke solutions targeted toward single customers.  This ecosystem is dominated by large systems integrators and government contractors who employ low-risk business models based on time and materials billing and very limited internally-funded research and development investment. There is nothing wrong... Read more...
The Cyber Beltway’s Innovation Dislocation
Last week, I had the opportunity to participate in the AGC Partners “Disruption: Innovation at the Edge of Cybersecurity” event in Las Vegas.  My panel explored how cybersecurity entrepreneurs become inspired to innovate and what dislocations are preventing them from disrupting the cybersecurity marketspace.  As I thought about what ingredients are required to insert disruptive concepts into the current market, it occurred to me that within the Northern Virginia, Fort Meade and DC Metropolitan “Cyber Beltway,” the problem is something beyond a lack of creative inspiration.On the contrary, at MACH37... Read more...
The Precipice of Monopoly: What a U.S. Bill Could Mean for the Future of Big Tech
Key Takeaways: The American Choice and Innovation Act (S.2992/HR 3816) is a cyber-related bill currently in Congress, which is a bipartisan bill proposed by Democratic Representative for Rhode Island's 1st Congressional District, David Cicilline.. The bill strives to protect user rights and prevent monopolization by big tech. There are concerns about the large amount of power this bill could provide to the antitrust authorities as well as a possible lack of authority for technology companies to filter harmful sources from reaching users. The bill was introduced to the House of... Read more...
Bracing for the Cryptocalypse
Key Takeaways The NIST is conducting an effort to select a quantum-resistant cryptography algorithm that will become the new standard for internet security protocols All organizations can prepare for quantum computing cryptography attacks by increasing the size of symmetric keys and using two factor authentication to access keys Large organizations should become crypto agile by making their cryptographic parameters easily replaceable and partly automating that process Not sure what the Cryptocalypse is referring to? Go check out the last blog which explains what it affects and when it may come.... Read more...
Yandex Survives Record DDoS Attack From New Meris Botnet
Key Takeaways Yandex managed to repel the largest DDoS attack ever (22 million requests per second) The attack comes after a summer of several other large-scale attacks, all of which are now being attributed to a new botnet threat, dubbed Meris. Yandex fended off the attack by having DDoS defense at several layers of its networking architecture; there are multiple tactics you can use to defend against the increasing DDoS attack. Biggest DDoS Attack A cyber attack on Russian tech giant Yandex's servers in August and September was the largest... Read more...
It’s Alive! Could artificial intelligence really be near human intelligence levels? 
Key Takeaways:  Blake Lemoine released an interview he conducted with Google’s artificial intelligence system LaMDA on June 11th, claiming that the system was sentient. This release has taken the technological world by storm, sparking controversy. If LaMDA does in fact have the ability to feel and understand human emotion, it could forever change the artificial intelligence space. Blake Lemoine’s interview with LaMDA he conducted with a colleague can be found here. What’s New? On June 11th, software engineer Blake Lemoine went public about claims that Google’s artificial intelligence named LaMDA... Read more...
What is blockchain and why is it a powerful cybersecurity solution?
Key Takeaways A blockchain is a distributed, immutable and time-stamped data structure Blockchain is an ideal technology for many cybersecurity solutions because of its ability to keep verified public records and eliminate singular points of failure Blockchain is already being adopted for security in many industries including financial services, healthcare and government Blockchain explained simply A blockchain is a network of computers that store and share blocks of information. Once someone adds something to the blockchain network, nobody can edit or delete it. Instead, a user records changes by adding... Read more...
Offensive Security: Vulnerability Assessment vs Penetration Testing vs Red Teaming
Key Takeaways Offensive security is the practice of testing security measures from an adversary’s perspective. Offensive security testing can be broken down into: Vulnerability Assessments, Penetration Testing, and Red Teaming. Each of these assessments differ in breadth and depth and choosing one depends on the goals of your testing. What is offensive security? Why use it? First off, what is offensive security? One simple definition is: The practice of testing security measures from an adversary or competitor’s perspective. In today’s ever-evolving threat environment, offensive security is absolutely critical for helping... Read more...
Windows 11 Release: What's new for security?
Key Takeaways Windows 11 was released on October 5th and is available for download on computers with certain hardware requirements. The required hardware for Windows 11 enables several security functions including virtualization based security, side-channel security, and zero trust security. The combination of the features covered in this blog have been shown to reduce malware by 60% on tested devices, according to Microsoft. Windows 11, the latest operating system (OS) from Microsoft, launched on October 5th. Organizations and individuals have begun asking themselves when and if they should upgrade from... Read more...
Mach37 Spring Class 2016 Interview: Unblinkr
  Mancy Sanghavi, Unblinkr Founder    What opportunity did you recognize that led to the founding of Unblinkr? Mancy Sanghavi: 250 million cars will join the Internet of Things by 2020. Cars are running millions of lines of code and are just as susceptible to hacking as any computer network. Advanced driver assistance and connectivity features increase threat vectors on the connected vehicle. We identified an opportunity to make cars secure. What specific value does addressing that opportunity/problem provide for your customers? Sanghavi: Automotive Industry insiders acknowledge connected cars need to... Read more...
Automotive Security in 2021
Key Takeaways Modern cars present a large attack surface with over 50 different IoT devices that can allow hackers to steal data or take remote control of the vehicle. The automotive security industry is expected to grow at a CAGR of 18.56% for the next 7 years due to increasing regulation and a growing number of attacks. The market is segmented by hardware vs software and the stage of the vendor’s involvement in manufacturing with concentrated growth in cloud cybersecurity software products. LG buys Israeli automotive security firm LG Electronics,... Read more...
‘Hybrid Warfare’ in the Russia/Ukraine Conflict
Key Takeaways Russia is coupling cyberattacks with their physical invasion of Ukraine to sow panic and cause disruption. The attacks have included distributed denial of service and wiping malware. The West may be affected inadvertently from virus spillover or become an intentional target, though the latter seems less likely at the moment Cyberattacks against Ukrainian government websites and financial institutions added to the chaos of Russia’s military assault. This combination of cyberwarfare operations with real-world aggression is an example of ‘hybrid warfare’. Cyberattacks have been a key tool of Russian... Read more...
White House Cyber Summit
Key Takeaways President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats. The companies in attendance committed to investing billions of dollars to strengthen cybersecurity and train more cybersecurity professionals. More initiatives were also announced from the Biden administration, which has already issued an Executive Order and a National Security Memorandum about cybersecurity this year. On Wednesday August 25, President Joe Biden gathered with industry leaders to issue a call to action on cybersecurity and make concrete announcements to bolster the... Read more...
What Type of Entrepreneur Are You?
MACH37 typically invests in companies at their inception.  With a lack of meaningful company history, our decisions are always based heavily on our assessment of the entrepreneurs behind ideas that... Read more...
Understanding Deepfake Technology After Debunked Video of Zelenskyy
Key Takeaways A deepfake video of Zelenskyy surrendering was quickly debunked, but it marks the first weaponized use of deepfakes during an armed conflict. Potential malicious uses of deepfakes include fraud, inciting acts of violence or sowing political unrest.  Deepfakes are getting attention from lawmakers and technologists who are finding ways to stop the spread of misinformation The Zelenksyy Deepfake A deepfake video of Volodymyr Zelenskyy was circulated on social media in March, during the chaos of the Russian invasion of Ukraine. The video shows Zelenskyy surrendering and telling his... Read more...
Three-Year Update: Lessons Learned (So Far) From The Mach37 Experiment
When we launched Mach37 three years ago, we acknowledged at the time that we were essentially running an experiment. At our inception, we believed that an accelerator could effectively harness the rich cybersecurity talent pool in the DC-Maryland-Virginia region (DMV) to create an ecosystem capable of supporting large-scale commercially-focused cybersecurity product companies. There were plenty of skeptics, including many in the institutional venture community, who believe you can’t scale a cybersecurity product company in the DMV. At the time, I privately admitted that we had no idea if we would... Read more...
Hacker Profile: Anonymous
Key Takeaways Anonymous is a loosely organized Internet group of hackers and political activists that began as a collective in 2003 on an anonymous internet chat board. Anonymous is know for employing DDoS attacks, defacing websites, and stealing and publishing sensitive information of its targets Anonymous has a long rap sheet of attacks but has been less active in recent years What is Anonymous?  Anonymous is a decentralized international hacktivist collective known for its various cyber attacks against several governments, corporations, and the Church of Scientology. The group rallies around... Read more...
Understanding the Log4j Vulnerability
Key Takeaways A critical vulnerability was found in Log4j, a widespread logging software that is used all over the internet. The vulnerability, which is hard to detect, allows hackers to execute code remotely on a company’s server. Organizations are racing to identify vulnerable applications and fix them with the updated version of Log4j from Apache.  IMPORTANT: For the most up to date information about this vulnerability see CISA’s information page and Apache’s official page on the issue. A bug in a widespread enterprise software called Log4j was discovered on December... Read more...
Web3: The New Internet
Key Takeaways The Internet has gone through two historical stages, Web1 and Web2, and a third stage, Web3, is emerging Web3 consists of open trustless networks that are built with open source technologies and are fueled by token economies Web3 could potentially bust platform monopolies like Google and Facebook and give rise to a new global digital economy In this article, we will look at what is, potentially, the next major iteration of the Internet; one in which users take back control from the centralized corporations that currently dominate the... Read more...
MACH37 Cybersecurity Guide: Securing Your Android Device
Key Takeaways Android is the most popular mobile operating system in the world with a current 70% market share and more vulnerable to malware than iOS You can secure your smartphone by leveraging native tools like Android Smart lock, Lockdown mode, Google Play Protect and Find My Device There are other tools available for Androids like VPNs or Anti-virus software that can boost the security of your phone Smartphones are quickly becoming the most critical device to defend for our personal cybersecurity. Everything from our credit card information to our... Read more...
Kaseya Ransomware Attack: Hackers Demand $70 Million for Joint Ransom
Key Takeaways Russian cyber gang REvil compromised Kaseya, a software company, and spread through their customers via a supply-chain attack REvil sent varying ransom amounts to victims before posting a joint ransom on its dark website This attack comes just a few weeks after President Biden pressed Putin to start cracking down on Russian cyber crime  Potentially the largest ransomware attack on record Over the Fourth of July holiday weekend, Kaseya Ltd., a Miami-based company that provides software to help other businesses manage their networks, was hit by a sprawling... Read more...
An Argument for the Utility of Cryptocurrencies From an Optimist
At the moment, cryptocurrencies are seen as a risky speculative investment. In their infancy, cryptocurrencies have helped early adopters to get rich quick and it leaves many people asking why these coins should have any value at all. This blog will explore the real-world utility of cryptocurrencies from the perspective of a crypto optimist. A crypto contrarian will read this article and have objections and follow-up questions for every paragraph, but don’t worry, our next blog will take a look at the same issue from the contrarian’s perspective. We’ll organize... Read more...
Digital Footprints in Afghanistan
Key Takeaways Afghans that helped Western forces over the last 20 years are racing to delete their online histories in fear that the Taliban will punish them for their involvement A number of resources are being provided to help Afghans swiftly erase their online presence, but deleting evidence of their help to the U.S. could hurt their chances when applying for asylum The U.S. has its own footprint to worry about too; left behind digital hardware could expose sensitive information and be sold to the U.S.’s enemies Afghans racing to... Read more...
IT Security Governance
IT security is not about protecting IT, it’s about protecting the business, organization, or mission. IT Security Governance links business risks to IT risks and threats. No IT control should be implemented without being able to tie back to a business risk it is helping to manage, mitigate, or reduce its impact. Every enterprise has the goal to stay in business, and there are numerous examples in the news every week proving that IT security breaches or incidents threaten that goal. Every organization has some level of Governance Risk and... Read more...
Breaking Down Israeli Startup Success
Key Takeaways Obligatory military service teaches Israelis to achieve goals, gives them a chance to work with advanced technology, and builds a professional network of citizens who know how to work together. Israeli culture encourages trying new things, accepts failure as part of the process and admires “chutzpah”. Government programs have been wildly successful in Israel for attracting venture capital investment and R&D investments from multinational companies. While Israel often makes headlines for political or military reasons, technologists and venture capitalists see the country as a hotbed of innovation and... Read more...
Mach37 Spring '16 Class Interview: PCPursuit
Robert Walker CEO and founder   What opportunity did you recognize that led to the founding of PCPursuit? Robert Walker: There are a couple of things going on in information security that are really important. Too many information security products only tell you there is a problem after your data has already been stolen. I have seen a few things in my career that are technologies that can prevent problems from happening in the first place, but they are not easy to use and are typically expensive. We recognized that... Read more...
Hacker Profiles: United States
Key Takeaways A recent report from a British think tank ranked the United States as the world’s greatest cybersecurity power and has it as the only nation with tier one capabilities Tailored Access Operations is a secretive elite group of hackers within the NSA that targets and exploits foreign entities The United States has been behind major cyber attacks against Iran, China, and Russia. The United States remains by far the world’s most cyber-capable nation with no major competitors for the title. The International Institute for Strategic Studies, a British... Read more...
Nation-state Hacker Profile: Iran
Key Takeaways Iran increased investment in cyber since 2010 and now engages in a large volume of social engineering attacks that are becoming increasingly sophisticated Iran mostly targets government agencies and defense contractors in the U.S., Israel, Saudi Arabia, and UAE The U.S. has attacked Iran’s oil and nuclear infrastructure, while Iran has disrupted U.S. banks and attempted to meddle in our elections  Iran’s cyberwarfare capabilities It is very difficult to compare the cyber capabilities of one country against those of another as most of the programs are so highly... Read more...
TheSalmonSpeaks: Net Neutrality
January 15th the U.S. Court of Appeals for the District of Columbia struck down the FCC net neutrality regulations covering internet access. The press coverage digs into the arcane regulatory discussion around whether internet providers are “common carriers” or not, but of course this is really a heavyweight fight about money. In one corner are Verizon and their Internet Access Cartel (IAC) buddies, the cable companies. In the other corner are Google and their internet…well, there’s Google. Lurking in the shadows of the third corner are the traditional content providers,... Read more...
The Log4J Vulnerability That Didn’t Have to Exist
OBTEGO CYBER  The Invisible Attack Surface™ Bottom Line: Log4J shows us that even more secure approaches are needed to prevent Zero Day attacks. For the first time, Obtego Cyber makes your servers completely invisible. Going  beyond shrinking an attack surface, which still leaves it vulnerable, our “Invis” technology makes  the attack surface completely invisible with zero open ports and no login pages. Attackers can’t  find what they can’t see.  Internet-facing login pages are public-facing portals where users can log in to access their  accounts on servers. From an attacker’s perspective,... Read more...
A Tale of Four Cities (with apologies to Dickens)
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair…” Charles Dickens, A Tale of Two CitiesSince the beginning of 2016, it seems like the worst of times. We have seen a correction in the stock market as the Chinese... Read more...
MACH37 Cybersecurity Guide: iPhone Security
Key Takeaways Mobile devices contain a large amount of personal data and are increasingly becoming the target of cyber attacks. Apple has done a good job securing iPhones, but there are settings you can change to enhance security and even more ways to improve privacy. By changing the way you authenticate, changing app privileges, and limiting ad tracking, you can limit who sees what data. When people think of cybersecurity they don’t normally think of the iPhone sitting in their pocket. They think of servers, hard drives, PCs, you know,... Read more...
Token Economy - The Future of Digital Enterprises?
Key Takeaways The token economy is a system that incentivizes individuals to contribute to a common goal without the influence of a centralized authority Token enterprises begin with an initial coin offering and grow from perceived value of their service which incentivizes people to work for the service (to get tokens), thus further improving the value and creating a positive feedback loop The token economy is growing rapidly and has the potential to make disruptive changes in many markets  What is the Token Economy? The term “token economy”, originating in... Read more...
The Race to Secure 5G
Key Takeaways 5G provides faster and more reliable network connections by combining several improvements to the underlying technology of wireless networking. 5G complicates the security of a network through open source software, virtualization, soft IoT endpoints, and an increased bandwidth to monitor. Organizations can better defend their 5G networks with AI-enabled threat monitoring systems, “security by design” software development, and investing in endpoint security. As our world becomes increasingly virtual, fast and reliable network connections have never been more critical. Businesses and consumers expect a fully connected experience in all... Read more...
Ransomware Attacks are Coming Soon to a Business Near You!
This is hardly the type of advertising you’d expect to see around businesses in your community as summer heats up and Americans begin the slow process of venturing out into a post-COVID consumer environment.  Although the highly publicized ransomware cyber attack against Colonial Pipeline in May 2021 hit most of our feeds, including mine, I still did not feel like this type of cyber attack would affect the types of smaller scale consumer activities that I depend on. Imagine my surprise, then, when I came face to face with such... Read more...
Cyber Insurance
When most people think of cybersecurity, they think of IT departments protecting corporate networks, or individuals at home on their personal computers. But cybersecurity is differentiating rapidly as more people realize its actual goal is to improve the reliability of some other business process or product, and not an end in itself. Since these business processes vary widely from one industry to another it makes sense to talk about the unique issues and approaches faced by individual market verticals. One such vertical: Cyber Insurance.The October 1 edition of the excellent... Read more...
Securing IoT Data With Blockchain Technology
Key Takeaways IoT is an industry seeing exponential growth, but a traditional centralized architecture cannot provide the scalability for a network with millions of micro-transactions between devices Blockchain speeds up transactions, builds trust and facilitates data sharing in IoT systems Aryia, a smart speaker company, is building a smart device that uses blockchain while creating an entire decentralized ecosystem around its product What is IoT? From personal smart watches and home speakers to the vision of entire smart cities, the buzz around IoT has been dominating a lot of tech... Read more...
To Pivot or Not To Pivot: How Startups Should Evolve from Feedback
Key Takeaways:  Instagram and Netflix represent just two examples of how pivoting can change the world. In order to be successful, startups should embrace fundamental change in the process of improving their product or service. Investing in smaller pivots can position a company of any size for success as market conditions evolve. As a cybersecurity accelerator, we help founders know when and how to pivot, increasing their startup’s chance of success. Introduction: In its journey to changing the world, every startup must question the status quo. The company may wonder... Read more...