Top Banner

Click here to load reader

The Cyber Security Landscape: An OurCrowd Briefing for Investors

Sep 14, 2014

ReportDownload

Business

 

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 1

    The Cyber Security Landscape An OurCrowd Briefing

    Ron Moritz 27 May 2014

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Your hosts

    2

    Zack Miller

    Head of investor community @OurCrowd

    Ron Moritz

    Advisor, consultant and OurCrowd mentor

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    OurCrowds portfolio

    3

    Cyber Security companies in our portfolio

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    What is Cyber Security?

    Cyber security the evolution of a name - EDP controls IT audit IT security computer security

    network security OT security cyber security - Practices, tools and concepts dealing with CIA CIA: confidentiality, integrity, and availability of information But also CIA of systems, network communications, operations

    - Terminology and solutions often derived from defense industry

    Cyber security includes offensive capabilities - The use of IT to respond to threats by attacking adversaries Why spray RAID to kill what you see when you can spread ant

    honey that is carried back to the nest and destroys the colony? - Historically government domain, emerging enterprise capability

    The dog in the night that has not yet barked? - Often likened to insurance, today compared to braking systems

    that enable high-performance cars to go faster 4

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Security Cycles & Investor Appetite: Generations of Cyber Security

    Before the Web: early viruses, LANs, PCs, floppy disks - Limited access, isolated networks, slow propagation of threat

    1993: Mosaic and the rise of the commercial Internet (FUD 1.0) - First generation of program code travelling across the net

    2000: dot-com bubble burst (double-digit sec spend as % of IT) - Most IT spend slowed but Internet on-ramp required cyber security

    2002: inflection point (FUD 1.5) - Global technology companies proclaim commitment to security (MSFT, CSCO, CA)

    2005: consumer Internet distraction - Web 2.0, the rise of social media, industrial disintermediation, $50K startups

    2008: global economic crash - No appetite for enterprise infrastructure solutions (IT budget squeeze)

    2011: media focus on all things cyber (FUD 2.0) - Plus emerging pressure from mobile personal device (smartphone) market

    2013: Snowden and the fragility of the Internet (anti-FUD?) - Risk becomes real, NSA disclosure become personal, Target breach impacts CxOs

    5

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Two Real Cyber Security Drivers

    Governments and corporations are under attack - Cyber hack problem is no longer simply a nuisance litigation and criminal complaints based on weak systems of

    control and the lack of reasonable cyber security strategy - Snowden was sensational but NSA snooping was personal validated and went beyond what experts thought was possible

    - 05/2014 DoJ China nation-state industrial espionage disclosure aggressive government-sponsored electronic espionage

    against corporations (and other governments)

    Direct impact on executive officer careers - Convergence of risk following Target, Niemen Marcus, and other

    well publicized breaches (impact broad, shockwaves resonate) - IT budgets again being freed-up for the development of new

    products, services which require strengthening of digital defenses

    6

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Businesses Under Fire

    Organizations are exposed more than ever - Increasing number and variety of threats and risks - New attacks - targeted and purposeful

    Hackers are stealing around $250B/year in IP - NSA Director, Gen. Keith Alexander, calls these attacks "the

    greatest wealth transfer in history"

    Significant YoY increases in cyber attacks - DHS reported a 68% increase in cyber attacks in 2012 at federal

    agencies, government partners, and against critical infrastructure - Symantec reported attacks on companies rose 42% in 2012

    U.S. government is increasing spending in cyber security (despite cuts elsewhere)

    7

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Macro Cyber Security Topics

    Cloud Computing: Data Center Security Redefined - Distributed Control, Ownership of Data Assets

    Advanced Persistent Threats (Network & End-Point) - Detect and Contain Sophisticated and Targeted Attacks - Intelligence Dissemination and Threat Remediation

    Mobility and Device Security - Secure Mobile Applications, Consumerization (BYOD)

    Risk Management - Regulatory, Integrity, Compliance, Business Continuity, Social Media

    Identity & Access Management - Authentication, Authorization, Access Control

    Verticalization: Security with a Sector / Industry Focus - No longer one-size-fits all: industries (govt., healthcare, finserv,

    energy & utilities, oil & gas, manufacturing, education) are demanding solutions more attune with their unique challenges

    8

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Gartner Nexus of Forces

    Pervasive Access -mobile

    Global Delivery -cloud Big Context

    -information Extreme Behavior

    -social

    9

    A tsunami of change rocking the IT world (David Cowen, Bessemer)

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Cyber Security Trends (1 of 3)

    Enhanced use of encryption - more careful attention to the maintenance and proper

    configuration of existing encryption systems

    Increased scrutiny of internal data use - behavioral analytic technologies to monitor users within the

    company as well as end users accessing company apps - increasing alerts (situational awareness) around suspicious

    behavior that accompanies theft or attack with malware

    Resistance to cloud technology - huge rewards for companies and end users in terms of efficiency

    and access to both information and applications - offset by security liabilities that accompany cloud technology and

    create a drag on the speed of adoption (cybersec car brakes) 10

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Cyber Security Trends (2 of 3)

    Risk assessment and software analysis - front-line (but back-office) defenses such as screening software

    for vulnerabilities, keeping software up-to-date (patched) to avoid known weaknesses, improved exercising of software

    - better engineering due to secure coding standards and practices

    More destructive attacks - real damage to computer systems and stored data from targeted

    attacks launched by political and cause-focused hacktivist groups

    Rising levels of smartphone malware - more security efforts directed to mobile platforms and biz apps

    Phishing and hacking of individual users - access to account credentials while avoiding sophisticated

    enterprise security measures (people are the weakest link)

    11

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Cyber Security Trends (3 of 3)

    More sophisticated malware - better encryption of and more sophisticated malicious code allow

    attackers to evade virus detection and removal tools (AV dead?)

    Active defense (honeypots and other traps) - to convince hackers that they are in their target area, when

    theyve actually been diverted and trapped in a shell where they can be easily identified and in some cases, retaliated against

    Threat follow up (MSSP Associated Press model) - requires manpower organizations dont have so active monitoring

    and maintenance by MSSPs and external forensics experts

    Fast response (security and threat intelligence)* - fraud tools and intelligence platforms to investigate, track and

    analyze events post-facto with near real-time clarity (e-forensics) and to make actionable information available to IT staff

    12

    *Security and threat intelligence is like teen sex

  • Copyright 2014 MTC. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.

    Money Follows Problems: A Concentration of Risk

    New threat vectors once again an obstacle to Internet-fueled growth plans (mobile and cloud) - So cash is being thrown at possible solutions

    Security is in the con