Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
This week I talked to Lou Manousos of RiskIQ. RiskIQ is unique in that they protect companies from threats that exist outside their corporate networks. This type of protection is becoming increasingly necessary as the amount of potential attack vectors outside of corporate networks continues to grow exponentially–think social media and mobile. In the interview below, Lou and I discuss how he convinces corporations to buy his product, RiskIQ’s recent acquisition of PassiveTotal, and how he chose to raise money from Battery and Summit.
I’ve read that 8 of the 10 largest financial institutions are your customers. As a relatively young company, how do you sell a security product to these massive institutions that have dire security needs? What are the key reasons that they chose to adopt your solution?
Since that figure came out, the number of financial services firms using our product has increased; the Global 2000 is actually our biggest growth segment.
We’re able to win business from big companies because we’re solving a unique problem, which means that we’re not competing with well established security providers. RiskIQ helps protect against threats outside of the perimeter, and since that is a relatively new vector of attack, we’ve been able to work with some big companies who otherwise wouldn’t have that type of protection.
We constantly hear about the shortage in security talent and what’s really happening is the bigger firms are capturing and retaining the best CISOs who go and seek solutions that can fill the gaps in their programs. RiskIQ fills one of those crucial gaps.
Congratulations on the PassiveTotal acquisition. Can you explain the thesis behind that?
At RiskIQ, we focus on threats that come from somewhere on the internet and thus we’ve always had a great appreciation for internet scale data. PassiveTotal had built a great community with tons of information on threat infrastructure and we had been using information like that to power RiskIQ. We figured that studying the attack (what PassiveTotal allows you to do) and protecting the attack surface (RiskIQ’s functionality) go hand in hand.
Thus far the acquisition has worked out really well. Almost 100% of our customers have stated interest in adding the PassiveTotal functionality. With the RiskIQ product, our customers can look at the attack surface and now with PassiveTotal, our customers can look at the threat infrastructure that the adversaries use. This technology is crucial because many customers were looking for the ability to do threat intelligence in-house and PassiveTotal allows for that.
Why are companies now looking to perform threat intelligence in-house?
There are some great threat intelligence providers out there, but what companies are realizing is that digesting that information and applying it to their own companies is difficult. You need analysts to interpret that data to make it actionable, and as a result we’re seeing smaller and smaller companies performing that function in-house. The number of customers using the PassiveTotal service has doubled since we announced the acquisition several months ago.
Did that growth come from cross selling to your existing customers?
Some of it did, but we’re seeing organizations all over the world that want to understand the threats that could impact their businesses and want PassiveTotal as a result. PassiveTotal provides a very quick way for organizations to confirm or disconfirm an attack for themselves.
Prior to starting RiskIQ, you worked at Securant, which operated in the identity and access management space. RiskIQ operates in a very different subsector. Where did you find the inspiration to start RiskIQ and how has the company evolved since you started it?
We sold Securant to RSA a long time ago and identity and access management is still an amazing market. Nobody could’ve predicted how big IAM would be today. After Securant, I talked to around 20 CISOs about the gaps in their security programs. I was trying to find the problems that they weren’t yet addressing, but that were also large enough for them to invest in.
I found that CISOs lack visibility where they don’t have endpoints or firewalls and I decided to build a company that would give security workers Google-like visibility into activity outside of the perimeters of their enterprises. Right out of the gate, trials with our beta customers demonstrated that our product provided a measurable impact.
You’ve raised two big venture rounds from Summit and Battery; how did you decide on Summit and Battery and what do you think gave them the confidence about your business to fund these two large rounds?
I think that the biggest reason that they had confidence in us was because before the A round, we had a solid customer base and we had demonstrated that there was a need for our product. Also our founding team had been successful before RiskIQ.
We chose Summit and Battery because we liked the partners at those firms. You have to be wary of the people at venture firms and ask whether they approach life and business problems the same way that you do. We saw eye to eye with the partners at Battery and Summit. Our vision was to bring security outside of the status quo, which is network and endpoint security, host it on the cloud, and use a SaaS business model; not everyone could get behind that. It came down to finding a partner who believed in this vision.
It was a little bit tougher in the B round because we were bigger at that point and it was a more competitive process. It eventually came down to the personality of the partners we would be working with.
How can analysts and associates at venture firms get your attention effectively?
Fundraising right now is not the number one barrier that companies have and I get so many inbounds it’s kind of mind boggling. If you really want the best chance of getting in front of me, it’s important that a partner is involved. You don’t want to waste the time of the entrepreneur and if I’m talking to a potential investor, I’d want to meet the guy that would eventually be on the board as quickly as possible.
Before our series A, I wasn’t even taking meetings and Summit was very persistent and polite. Even up through the investment, I never once went to their office. This set the tone of “let’s make it easy on the business.” A lot of venture firms in the valley see it the exact opposite way.
- iSight is one of the leaders in the emerging threat intelligence space. iSight CEO John Watters previously claimed that he hoped to take iSight public in the fourth quarter of 2016 and that he wouldn’t do it at a valuation of less than $1 billion.
- The company has apparently reached unicorn status with the latest round. ForeScout helps enterprises detect all the devices that are accessing their network. The company reported $125 million in 2015 revenue.
- Founder Marcin Kleczynski claims that he caught Fidelity’s eye with Malwarebytes’ $100 million run-rate. The company originally started selling primarily to consumers but now “splits its business” between consumer and enterprise. See my interview with Marcin here.
- Anup Gosh claims that EDR products are short on detection and heavy on response. Gosh claims that these products have essentially become an “incident responder’s investigative tool to reconstruct what happened after a breach notification.”
- Ben Horowitz interviews Tanium’s Orion Hindawi about Tanium’s competition and the status quo in endpoint security. Hindawi claims that security entrepreneurs want to work on problems like cloud or mobile, and have mostly ignored the endpoint. Hindawi also claims that of the 10 biggest breaches in the past year, 8 of the companies that faced those breaches are now customers, and the other two are in procurement.
- There are buyers who are specifically focused on security and will go after point solutions, broader IT infrastructure buyers who want vendors to cover all their infrastructure needs, buyers who want security for discrete initiatives, and then higher-up, business-level buyers.
- A senior data scientist at LinkedIn explains how the company computes the chances that a login is coming from a legitimate user, given certain information such as the IP address and OS of the attempted login.
- Apple is adding features such as mobile device management–an API that allows organizations to remotely manage devices running iOS. Another feature is application sandboxing which allows users to determine which resources each app can access.
- The Pew Research Center capped their two and a half year effort, that began in the wake of Snowden, to determine the American public’s views on privacy.