Default Blog Header

My Week At RSA: Bigger Budgets, Threat Intelligence And Machine Learning, Oh My!

Each year since 1993 the cybersecurity industry has gathered for the annual RSA Conference. Originally started as a forum for cryptographers, the conference has evolved into an annual microcosm of the cybersecurity industry full of sales, marketing, announcements, demos and, of course, parties.

This year, more than 548 vendors descended on the Moscone Center in San Francisco to promote their security solutions, and countless others took over private suites in nearby hotels to get in on the action.

Between constant networking, meetings with security vendors, and hearing from various cybersecurity luminaries, it was veritable chaos. And it was great.

Capping it all off was an intimate evening hosted by Sapphire Ventures that brought together some of the most interesting security startups with security executives from Fortune 500 companies. A welcome respite from the mayhem of RSA, it was a chance to drive meaningful conversation and bridge valuable business connections.

While it’s hard to boil down the entire experience of the week into a quick summary, here are a few observations I came away with:

Pullback? What pullback?

Despite what many may have thought and FireEye reported in November 2015, budgets aren’t going away. On the contrary, every CSO I talked to indicated he or she would increase spend this year. What is changing, however, is where the dollars are going. Nearly 18 months after Symantec declared AV was dead, we are finally seeing the Fortune 500 shift budgets away from legacy products toward truly next-generation solutions like Malwarebytes and SentinelOne (endpoints), Exabeam (behavioral analytics), Tanium (systems management) and Cyphort (advanced persistent threat, or APT, defense).

Threat intelligence is getting crowded.

Threat intelligence is everywhere now. Every type of intelligence imaginable — from shared customer intelligence and nation-state intelligence to dark web intelligence and other human-curated intelligence — is being touted as a differentiator, or even an opportunity to build an entire company on. The puzzling point here is that CSOs have all too much noise in their lives as it is. So to us, the interesting opportunity lies in companies that understand this reality and can provide actionable intelligence that reduces the noise, such as Anomali (aka ThreatStream).

Big data/machine learning has gone mainstream.

2015 was the year that machine learning became a regular part of the security industry’s lexicon. Now, every company has an analytics or machine learning component, and these features have made significant inroads in the world of user behavioral analysis, next-gen SIEM and APT solutions − a much welcome set of capabilities to help organizations act and prioritize their operations.

The confluence of changing perceptions about what security products should be, the rapid change in the private funding environment and the state of hacks and breaches today indicate that 2016 will be a culling of the herd.

Signature-based, “check-the-box” AV will finally hit an inflection point of displacement. Next-gen solutions that can meet the challenge of evasive and adaptive attacks will get their chances to shine. And the disappearance of previously-abundant levels of funding for security companies should help reduce the noise substantially.

The fun thing about security is that it’s a never ending game. The bad guys will always find a ways to foil new defenses, which breeds an endless cycle of innovation. I’m excited for what 2016 will bring and look forward to next year’s RSA to see if my predictions hold true.



The companies referred to above do not necessarily represent investments made or recommended by Sapphire Ventures. It should not be assumed that the specific companies identified and discussed herein were or will be profitable. Not all investments made by Sapphire Ventures will be profitable or will equal the performance of the companies identified above.

Information provided reflects Sapphire Ventures’ views as of a particular time. Such views are subject to change without notice. While Sapphire Ventures has used reasonable efforts to obtain information from reliable sources, we make no representations or warranties as to the accuracy, reliability or completeness of third party information presented herein. The information set forth herein is not intended to constitute investment advice and under no circumstances should any information provided herein be considered as an offer to sell or a solicitation of an offer to buy an interest in any investment fund.