THANK YOU FOR SUBSCRIBING
The security market is a sequence of generations, each adapted to the enterprise configuration in the corresponding period. Each of these eras can be represented advantage ously through a physics equivalent, from solid, to liquid, then gas and finally today, a plasma-like state.
The first generation was a pure brick-and-mortar enterprise, carefully architected around a campus and a security posture with a perimeter protecting from the outside through firewalls and physical access control. The physics equivalent to that situation is a solid. In that generation, our firm USVP, invested in Check Point.
The second generation also had a physical headquarter, but a more open use of the internet, remote connectivity, and online customer interactions. It marked the start of software as a critical component of any business. Protecting that environment led to web application firewalls, data leakage protection, end-point security, application scanners, etc. The perimeter began to give way, but the security paradigms were still architected to replicate the previous model. The physics equivalent of the second generation is a liquid; harder to control but well defined and for USVP, this was exemplified by Imperva and Vontu.
In the third generation, enterprises used the cloud, accepted open source for application development, allowed broad access from the outside-in and the adoption of third party software. The perimeter was abandoned and the enterprise exposed to a large number of participants and distributed assets. Security moved to identity management, authentication, zero trust access, risk-based vulnerability management, run time control, and behavioral profiling, etc. The physics equivalent of the third generation is a gas, hard to contain, but still responding to well understood laws. USVP made successful bets in many markets with Kenna, Luminate, Prevoty, Trusteer and Threatmetrix.
Today, what is the current state of enterprise? It is a state where energy is exponentially produced by a never-ending business acceleration and optimization. Every enterprise unit innovates and harnesses technologies at a speed that far exceeds the previously IT-centric approach. In this state, what are the requirements for the security stack? Reflecting on the different dimensions of this explosion of the previous structures, one can see four main axes:
1) UNBOUNDED GEOGRAPHY: buildings and people locations are irrelevant. People work from anywhere, on the main campus, in remote offices, and now working from home and hybrid models.
2) UNBOUNDED EMPLOYEES: gig workers, consultants, outsourcing partners are intertwined. The delineation between employees with privileges and others not to be trusted is gone and replaced by a spectrum of trustworthiness.
3) UNBOUNDED INFRASTRUCTURE: infinitely reactive microservices, third party embedded services (e.g. Twilio, Stripe), infrastructure as code. The infrastructure is ephemeral and connections made with little to no oversight, blending with other services with their own, largely hidden, infrastructure.
4) UNBOUNDED SOFTWARE: home grown, open source, third party libraries, API, SaaS connectivity, low-code/ no-code. Teams assembling software with unclear exposure and ownership. APIs create a mesh of additional connections and tunneling between SaaS applications and low-code/no-code packages create a boundaryless construction of business processes.
Thus, the analogy for this generation is the equivalent of the fourth state, the plasma state. Plasma is different from the classical solid, liquid and gaseous states we encounter in our daily lives. A state with particles roaming everywhere, barely held together through electrostatic forces, shooting energy in any direction. It is a useful image to represent a situation where infrastructure, assets and users have an indescribable position, in infinitely fragmented pieces that are impossible to enumerate and that live in a highly unstable state.
"Every Business is a Digital Business, But the Units of Production are No Longer in a Building, They Are Distributed to Humans Around the World With Assets and Data Uncontrollably Disseminated"
Every business is a digital business, but the units of production are no longer in a building, they are distributed to humans around the world with assets and data uncontrollably disseminated. The pandemic further accelerated the situation by exploding any notion of location and central control. The enterprise as a whole executes a business strategy faster than ever but the underlying individual elements suffer from an Heisenberg-principle like property where neither IT nor security groups can ever quite get a picture of what is in the box.
At USVP, a firm steeped into security investing, it is our duty as members of the community to help identify and finance the solutions that are best suited for the current situation, seeking out technologies that are adapted to this plasma environment. Over the last few years, we have made investments that are aligned with this situation.
For instance, we identified early that the only way for the security and IT teams to deal with the proliferation of users and dissemination of resources around the world is a unified secure access service edge that enables a highly distributed organization to consider and protects all its users, locations and resources under a single paradigm. And after two years of pandemic, users returning to campuses will expect the same posture as they had in their home office. With over 1 million users and a rapid growth rate, our bet - Cato Networks– confirms the inevitable adoption of this approach.
We also recognized that the fragmentation makes it humanly impossible to comprehend a security posture spread across a multiplicity of tools and data sources. Machine learning in the hands of the attackers has also given them the ability to model the entire enterprise and its weaknesses. That resulted in an investment in a platform -Hunters- that can rapidly and at full scale ingest all data from any origin, normalize it and build graph-based models of the assets and security indicators and match the attacker intelligence with an automated threat detection and scalable security operation center platform.
The question of access continues to be critical and the ability to dynamically recognize the risk factors associated with authorization and authentication is a cornerstone of a plasma enterprise. This has materialized in an investment in the leading account security and fraud detection solution – Arkose Labs - which delivers these benefits to the most exposed enterprises.
Another investment vector is focused on the above-mentioned expansion of the attack surface resulting from the boundary-less software supply chain of modern enterprises. A capability – Cyberpion – that allows to effectively monitor the full extent of the multi-layered external attack surface resulting from third party software and assets that get absorbed into the enterprise plasma, unbeknownst to its stakeholders.
In this landscape, a common characteristic is the migration from wired to wireless access, with the majority of connections originating from access points in a multitude of environments and situations. We saw this as an emerging ubiquitous weakness and invested in the leading solution – AirEye– defining the network airspace control and protection segment.
Finally, we see biometric-based authentication as a fundamental pillar technology to follow users in any situation, provided that it can be done in a decentralized manner and fully respecting privacy and we are backing a breakthrough team – Badge - in this space.
Far from exhaustive, this list enumerates some of the requirements of the plasma enterprise. We are doing our best to match those with our investing experience to identify some of the most critical technologies that provide a safe containment to the plasma. We continue to fulfill our role and are on the lookout for solutions that enable enterprises to safely take full advantage of this unbound energy.