Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
This week I was lucky enough to talk to Ken Elefant of Intel Capital. Ken joined Intel Capital in 2011 and is now managing director of the security team. According to CB Insights, Intel Capital is the most active investor in cybersecurity – so Intel Capital is a big deal in the security world. They’ve made investments in huge names in the space such as Bromium (see my interview with Cofounder Gaurav Banga), AlienVault, Hytrust, Vectra and many more, so I was really excited to get the chance to talk to Ken over the phone about his background and his investment thesis. Check out the awesome interview below!
Intel is the top cybersecurity in the game right now and you’ve certainly played a big part in that. How did you get interested in the space?
I started working at Battery after business school and then I went to Lightspeed Venture Partners. Over time I made several cybersecurity investments that did well and I started to focus more and more on the space. One example was Virsa, which we led an investment and the company was eventually acquired by SAP for $400M.
Do you have any core theses guiding your cybersecurity investments at Intel? Are there any sub-sectors that you’re especially focused on?
One interesting theme is security for the internet of things. There are three subsectors of IoT–industrial, home and wearables. I’m most interested in security for industrial IoT devices. Another theme that we like is cloud security. Nowadays, every company is using the cloud and security is a big issue. Think of Target–their HVAC system was interacting with their partner portal through the cloud and that led to the point of sale system breach.
Examples of this would be your investments in Hytrust and Perspecsys?
Yes, though they each take a different approach. Hytrust provides security for virtualized environments. Perspecsys provides tokenization and encryption and which is important for enterprises who want to protect data in the cloud.
There are so many cyber companies out there right now and most of them are demanding pretty high valuations. How do you sift through the noise and determine the truly game changing cyber security companies?
Security companies are definitely fully valued and you have to be careful. One way to avoid the high valuations is to search off the beaten path, either in terms of location or technology. One example that we invested in is Prolexic–they were based in Hollywood, Florida–in no way a tech hub–and they were protecting against DDoS attacks–a problem which not many people were excited about.
You do mostly Series A investments right?
We do mostly Series A or B, but sometimes we’ll do growth rounds like the one we did for Venafi and Docusign.
My sense is that early stage cybersecurity companies contain massive technology risk. How do you assess that risk at the early stages?
We tend to be less concerned about the technology risk for these companies and more concerned about the risk of not having product-market fit. To minimize this, we talk to as many customers as possible to understand the gaps in their current solution set.
There are so many cybersecurity startups out there all providing unique functionality; is there a rollup opportunity in the space?
There will be a lot of M&A in the coming years but it won’t be a big combination of all the small guys. Larger players will acquire the smaller players to fill in their own product gaps.
You guys are investors in AlienVault and they have a threat sharing platform. How is that doing and does that say about the feasibility of a government-sponsored threat exchange?
Alien Vault’s open threat exchange is doing really well. One of the keys to its success is that it started out as crowd-sourced project. A lot of other companies claim to have a threat sharing platform but they are invitation only, so not a truly open exchange.
One of the biggest complaints that I hear about anomaly detection products or DLP products is that they produce so many false positives. They produce way more alerts for the security team than anyone can keep track of. Would you agree that this is a problem and if so, are we anywhere near solving it?
I definitely agree that this is a problem. We’ve invested in several companies that solve this problem through different approaches –Fortscale, Prelert and Vectra–and we have a fourth investment in the space that will be announced soon. Fortscale uses Hadoop to analyze user base analytics which can be used to detect insider threats. Prelert is an anomaly detection solution that companies can use via a Splunk plug-in, and Vectra provides a real time intuitive solution that adapts to an enterprise’s network.
- OpenDNS is Cisco’s biggest acquisition in the security space since their 2013 purchase of SourceFire for $2.7 billion. OpenDNS is a cloud-based network security solution that layers predictive analytics on top of network visibility to allow you to easily identify bad actors in your network.
- Bessemer led the round which also included ff Venture Capital and TechStars. Distil aims to recognize and block bot traffic. If the software recognizes unusual activity occurring on a valid account, it may prompt the user (or bot) with a Captcha or similar test.
- Bessemer’s David Cowan on the rationale behind his investment and board seat. Computers (bots) are getting better at fooling other computers into thinking that they’re humans. The machine learning algorithms can decipher whether a site visitor is a machine or a human with startling accuracy.
- Terms of the deal weren’t announced. Thycotic provides Identity and Access Management solutions. Thycotic’s solutions include password management and active directory management, which allows non-technical departments to manage permissions for their employees.
- Big move for Symantec who already controls half of the DLP market. The new product will allow enterprises to scan data stored in Box or Office 365 and categorize it based on its sensitivity. The product will also block users from uploaded sensitive data to cloud services.
- Singh sees several opportunities for cyberpreneurs. One of which is building machines that can respond to the high volume, low impact threats, so that humans can focus on the low volume, highest potential impact threats. Another is building machines that can better track identity across the enterprise and a third is providing the technology so that organizations can do their own forensic analysis of breaches, without having to rely on a company like Mandiant.
- The firm identifies which keys and certificates – the identification mechanisms used to identify webservers, applications, mobile devices, etc. – are safe and which need to be replaced.
- Previous Allegis investments have included Area1, Synack, and Shape Security.
- 8% of respondents reported confidence in traditional endpoint protection solutions to detect unknown threats.