For nearly two decades, Summit Partners has been working with talented entrepreneurs in the information security industry. The management teams behind companies such as McAfee, Postini, SafeBoot and Sybari Software created category-defining companies—and billions in shareholder value—by protecting customers from emerging security threats. Throughout this period, one thing has remained constant: with every important new trend in computing comes a wave of innovation by bad actors—and with it the chance to build an excellent security business. Here are four key trends in security today that are creating opportunities for a new generation of leading companies.
The professionalization of the adversary
Years ago, most IT security problems were caused by the equivalent of vandals and small-time thieves. Those populations remain plenty active, but in recent years we have seen the emergence of a new class of adversary: large, sophisticated software teams funded by organized crime and governments are seeking to exploit systems to steal money and intellectual property on a huge scale. Though figures are hotly debated, it is clear that “cybercrime” is a multibillion-dollar business, and that large volumes of highly sensitive government information and private-sector intellectual property are stolen every year.
In such an environment, the network security paradigm that has been the standard for many years—various devices acting as sentries on the network perimeter and looking for specific known targets or “signatures”—is proving to be inadequate for organizations that are high-value targets. Adversaries have become adept at knowing where these sentries are not looking and at assembling malicious code on target networks, often over long periods. Deeper awareness and insight are needed.
One effective alternative approach is that taken by our portfolio company NetWitness—recently ranked by Inc. magazine as the nation’s sixth fastest-growing private technology company. NetWitness has created a highly innovative platform that effectively plugs the gaps in perimeter defenses, providing full network session capture, analysis and reconstruction for network monitoring and investigations. Leading commercial and government accounts are using this strategy to defend themselves in ways they never could before. (Or, as The 451 Group recently put it in a research report on NetWitness: “I once was blind, but now I see.”)
With the proliferation of smart mobile devices—and more and more financially valuable information being accessed by or stored on those devices—comes a greater effort by adversaries to penetrate mobile computing. In the mobile environment, all layers of the security problem that we deal with in the networked server and PC world have to be addressed differently.
Summit’s investment in SafeBoot (later acquired by McAfee) was a successful early venture in mobile security, namely the data encryption problem. Another Summit portfolio company, Cloudmark—the global leader in carrier-grade messaging infrastructure and security solutions for fixed, mobile and social networks—is seeing rapid adoption by wireless carriers to thwart the growing spam problem on MMS and SMS networks. In fact, Cloudmark was chosen by the global mobile carriers association, the GSM Association, to pilot a service that aggregates SMS spam reporting data from participating leading global carriers to address SMS spam attacks around the globe.
We are in the early days of mobile security, with much work left to do. This was underscored dramatically by Intel’s recently announced $7.7 billion acquisition of McAfee—a move driven largely by Intel’s interest in driving mobile security deeper into the hardware and software stack, down to the integrated circuit level. Summit Partners had the good fortune to back John McAfee when he bootstrapped a profitable, rapidly growing small business, which he wanted to build into a company of great long-term value. We foresaw great things for the business—but we could not have foreseen McAfee ultimately being combined with the world’s leading semiconductor company. Again, we are still in the early days of security innovation.
Cloud computing and virtualized environments
The term “cloud” covers a wide range of computing and business models, while virtualization is a key enabler of cloud computing. These two intertwined threads are clearly the future of computing. In all situations, however, technologists and executives are rightly concerned with how these innovations are opening up new vectors of attack, and how they can ensure the security of their deployed environments.
Postini, a former Summit Partners portfolio company and now part of Google, was an early leader in security delivered entirely in the cloud. With the help of security partners, Summit’s portfolio company LiveOffice is providing on-demand messaging security and archiving in the cloud to thousands of companies ranging from small businesses to 40,000-seat enterprises. Summit teams are actively talking with many other high-growth private companies that are working to solve the emerging problems of security in an environment where critical data and key computing activities take place beyond the corporate firewall.
Community-based and “freemium” models
Successful security models increasingly are being built on large existing user communities—often with the help of free product offerings—to help make security tools smarter. Cloudmark was an early pioneer in this approach: its network now includes hundreds of millions of users who report on spam, which ultimately leads to cleaner messaging for everyone in the network.
We recently announced Summit’s investment in AVAST Software, one of the most successful “freemium” vendors in the world. AVAST has built a community of more than 100 million users whose combined experience of spam and virus attacks helps make the company’s products arguably the highest-performing antivirus suite in the world today. Having helped two previous generations of antispam and antivirus vendors build major value—including McAfee, Postini and Sybari Software (now Microsoft), we are excited to be supporting a great team in creating the next wave of consumer device security.
Summit has been fortunate to support numerous leaders in information security over the years, and to be a part of their success. But while we’ve been at it for two decades, we still believe we’re in “day one” of the opportunity to build great security businesses. We remain enthusiastic about continuing to partner with innovative, growing companies that are working to make computing more secure.