Machine Learning Advances Cybersecurity: Battery Ventures’ View
An office worker who usually spends time in programs like PowerPoint suddenly logs into the company expense records system. Data-sifting computers are on the alert for unusual behavior like this across the globe, and Dharmesh Thakker thinks they’ll help thwart criminal hackers who pose a growing threat to companies.
Thakker, a general partner at Battery Ventures’ Silicon Valley office, says computers that not only collect data but also draw conclusions from it—using artificial intelligence and machine learning techniques—will significantly bolster company defenses and possibly reduce security breaches in 2016. A core mission of such learning machines is detecting activity that varies from normal patterns, because that’s an early warning sign of a cyberattack, Thakker (pictured above) says.
Battery Ventures has identified cybersecurity as one of its three main areas of investment, in part because it sees “a massive demand for new solutions’’ among businesses. CEOs risk losing their jobs in the wake of a major breach, and cyberattacks are becoming increasingly sophisticated, Thakker says.
“Many hackers have PhD’s in computer science,” he says.
One of Battery Ventures’ portfolio companies, San Mateo, CA-based Agari, uses the power of rapid data analysis to ward off phishing attacks, in which hackers use deceptive e-mails to trick recipients into giving up sensitive information. Thakker says such companies use computer surveillance to ferret out oddball messages—like an e-mail addressed to a high-level executive at J.P. Morgan Chase that originated from a call center in the Philippines.
Agari says its computers scan seven billion messages a day in a search for “lookalike domains” sending e-mails that appear to be coming from the legitimate businesses that are Agari’s clients. Using these spoofed accounts, hackers send malicious e-mails to customers in a ploy to get personal details that can be used in identity theft scams. Agari helps clients thwart the false domain before it causes them to lose their customers’ trust.
Cybersecurity companies are now battling an entire underground economy where professional hackers can operate anonymously, invade corporate vaults of information, hold the data for ransom, and operate secondary markets where crooks can buy stolen goods such as credit card numbers, Thakker says.
Thakker points to New York-based Flashpoint as another data-mining security company that interests his firm, though it’s not part of Battery Ventures’ portfolio. Flashpoint uses both human investigators and automated processes to chart the shady landscape of the Deep Web—a part of the Internet that is invisible to traditional search engines—and to map a region within it called the Dark Web, where entry is barred to visitors without specialized software.
Thakker says such security companies can hijack the Web addresses they detect from malicious attacks and use them as false identities so they can penetrate the Dark Web like insiders. There, they gather threat intelligence about criminal networks.
“You can be part of the gang, and operate undercover,” Thakker says.
Thakker came to Battery Ventures last year from Intel Capital, where he was head of enterprise investments. In addition to cybersecurity, he’s focusing on investments in Battery Ventures’ two other top priority areas—big data and cloud infrastructure.
Battery Ventures’ current investments in cybersecurity include San Francisco-based GuardiCore and Los Altos, CA-based LightCyber. Battery, which has offices in Boston, San Francisco, and Israel, invests across all stages from seed funding to private equity deals. The firm is now investing its tenth fund, which has a combined capitalization of $900 million.
Thakker says he expects business expenditures on cybersecurity protection to rise, even in periods when the economy is in the doldrums. In good times, executives will devote money to security because their budgets are fatter, he says. During a downturn, they’ll keep spending on it because it’s a bad time to lose their jobs, Thakker predicts.
In September, Gartner forecast that worldwide spending on information security would rise nearly 5 percent to more than $75 billion. Investment by venture capital firms in cybersecurity startups has been on a steep upward curve, but it still represents less than 7 percent of total VC outlays, Mahendra Ramsinghani, founder of the cybersecurity seed fund Secure Octane, observed recently.
Theoretically, most corporations would rather entrust their data to a single cybersecurity company capable of handling all lines of defense. That could drive the industry toward consolidation, to the disadvantage of startups seeking to pick up business clients. But inventive hackers are constantly finding new avenues of attack, creating openings for fresh startups focused on solving those new problems, Thakker says. Businesses will add those specialists to their list of security providers to get all their bases covered, he says.
“Most customers are looking for the best of breed in each specialty,” Thakker says.
There’s a move among some bigger security companies, however, to unify information security services to satisfy the customer desire for one-stop shopping, as Xconomy’s Greg Huang reported recently. And in a September report, Gartner said most of the security software market consists of “mature technology areas where the penetration rate is already high.” The growth forecast for cybersecurity is dimming because many aspects of data protection are becoming commodity services, Gartner said. But new opportunities are still opening as business operations shift to Web-based software and mobile devices, the firm said.
Thakker says the best tactic for a cybersecurity startup is to do a few things really well. As an investor, he has observed characteristic patterns in the life cycle of young companies in the sector.
“The half-life of a security company is a little lower than most IT companies’,” Thakker says.
Some startups are acquired early if they have very desirable intellectual property assets, he says. One example was San Jose, CA-based Elastica, founded in 2012, which was snapped up by Bluecoat Systems in November for $280 million. The exits for other startups typically take eight to 10 years, Thakker says. Once they reach revenue levels of $30 million to $50 million, it’s hard for them to grow much beyond that, he says. The exit path for most is an acquisition. These often fall in the $300 million to $500 million range, Thakker says.
“We try to get in on the ground floor,” when a company has a valuation of about $20 million, Thakker says.
Only a handful of cybersecurity companies can aspire to a $1 billion IPO—and it would be a long ride, Thakker says. Notable IPO successes in the sector are Milpitas, CA-based FireEye, whose IPO raised $304 million in late 2013; and Santa Clara, CA-based Palo Alto Networks, which raised $260 million in its 2012 IPO.
Battery Ventures hasn’t set a specific target amount to spend on cybersecurity investments, or a target percentage of its outlays, Thakker says. But the company aims to back new companies every quarter to address the vulnerabilities constantly arising because of technological change, including connected cars and mobile devices that put business data at risk everywhere they go, he says.
“A connected car is an attack surface,” Thakker says. “The more technology changes, the more exposure there is to cybersecurity risks. The consequences are pretty significant.”
“The United States owes its position in the world to its advances in technology, and the adoption of that technology by everyone from banks to plumbers,” Thakker says. “But this also means we’re more vulnerable to hackers.”