Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
This week I was lucky enough to speak to Gaurav Banga. As the cofounder and former CEO of Bromium, Gaurav is a big name in cybersecurity. Bromium is an endpoint protection solution that uses “micro-virtualization” technology to stop threats. This means that with Bromium’s technology, whenever a user performs a task on a computer such as clicking a link or downloading an attachment, a virtual container is created separate from the enterprise network. If the user downloads malware, it is kept in this completely isolated container. Banga likens it to disposable gloves–you can get as dirty as you want with the gloves on but once you take them off, your hands are completely clean. Bromium has raised $75mm across 4 rounds from some of the top investors in the world, including Andreesen Horowitz, Intel Capital, Highland Capital, and Lightspeed Venture Partners.
How willing are large corporations to adopt technologies provided by newer companies like Bromium? Do some still believe that they can outsource all of their security issues to companies like McAfee?
Definitely quite willing, provided that the technology is in an area which is underserved or unserved. Specifically, when the questions comes to security and breaches, the problem is clearly not solved. I don’t believe anyone in the industry thinks that McAfee and Symantec are solving their problems.
Over a billion dollars of VC funding went into security startups last year and even amongst the most well-funded private security companies, there aren’t many that provide end-to-end security solutions. Do you think we’ll see consolidation in the space or will enterprises continue to be content buying security products from multiple different providers?
In security, we are currently going through a “revolution” with numerous ideas (some great, others good, some even quite bad) in play. It is easiest for startup companies to get started and establish a strong position on a part of the security problem as opposed to overreaching. Right now, the customer has to assemble the best-of-breed full security solution out of products and offerings from different next-gen and legacy vendors. In time, as the new security industry leaders emerge, or if someone shows up with lots of cash and vision, they should be able to create a consolidation that results in an enduring market leader that provides an end-to-end solution for the customers.
One of the biggest hurdles to adoption of enterprise security products is the friction that it will create for the end user. At Bromium you’ve created a product that hardly restricts the user at all. How were you able to build a consumer-centric security product where so many others have failed?
This is part of the uniqueness of Bromium. We decided that the technological solution had to assume that the user will only use a security product that does not get in the way, and that we cannot make any assumptions that the user will behave (or even prefer to behave) in a way giving preference to security vs usability. Between usability/consumption and security, the former will always win.
Your software will prevent damage from such human mistakes as clicking on phishing emails, but there’s lots of other potential areas of human error such as choosing easy passwords. To what degree should we build security products that embrace human error and to what degree do users just need to start adopting good security hygiene?
Human beings make mistakes at some frequency. Even if a employee was to make one mistake every two years, the largest corporations in the world would be making a mistake (in aggregate) just about every hour. Security technologies and practices have to be robust in the presence of human mistakes. There is no other way.
You’ve raised money from some of the top VC–Andreesen Horowitz, Intel Capital, Lightspeed Venture Partners, among others–what was it about your business that set you apart in attracting these top investors
Big problem. Unique solution. Great founding team.
- The Israeli firm scans and checks the security posture of code as developers are writing it so that developers can fix vulnerabilities at the source before a hacker has the opportunity to exploit them. Checkmarx previously raised $14mm from investors such as salesforce ventures.
- Likely suspects in the near term include Bit9 and Mimecast, and maybe CounterTack, Cybereason and Digital Guardian down the road.
- BofA claims network security revenue grew 8% YoY, driven by next-gen firewalls and unified threat management solutions. They also made upwards revisions on their price targets for Palo Alto Networks, Fortinet, FireEye and CyberArk.
- Founder Gabriel Weinberg claims “it’s really a myth that you need to follow people around to make money on search.” DuckDuckGo simply advertises based on the keyword you type into the search box.
- The firm provides access management solutions.
- Allegedly the Cardinals tried to hack the Astros to get information on their talent and scouting efforts.
- The three commonalities are as follows: the data that is hacked is able to be monetized such as credit cards or social security numbers, the hacks are conducted by networks or advanced cyber criminals across the globe, and the organizations that were hacked didn’t know about it for a long period of time.
- The password manager reported suspicious activity on its network earlier this week. It appears that as long as your master password for the site was strong (or if you use two-factor authentication), you should still be safe, since the passwords that it manages are under very strong encryption.