By Dorin Baniel, Principal, Head of EMEA, NightDragon
Last week was a whirlwind of exciting events and meetings with some of Israel’s top founders, industry leaders and investors from around the world who arrived for the Cyber Week conference, one of the biggest gatherings of the Israeli technology community throughout the year.
The NightDragon team was on the ground in Tel Aviv for the event, meeting with some of the top partners, CISOs, emerging technology companies, investors, and more throughout the week. We wanted to share some of the trends and themes that we heard on the ground, many of which reinforced our market perspective and key investment themes:
- Trend 1: Security for AI / GenAI
How will we secure the generative AI tools? Will Generative AI (GenAI) make no-code solutions obsolete or will they hyper-accelerate them? How will GenAI impact the services industry? How will existing categories, like SSPM vendors, adapt to GenAI threats within their value offerings and is securing AI a natural evolution for companies in similar existing, lateral categories? NightDragon is carefully evaluating AI-based opportunities and watching this market closely. Read more about our focus on AI from Josiah’s recent blog or Mandiant’s report on securing the AI pipeline here.
- Trend 2: Cyber risk quantification
How can we use tools to better communicate cyber risk to the board and to stakeholders? How can cyber risk quantification help CISOs get the budgets they need? How can statistical modeling techniques be used to quantify risk in dollar value? How can these findings then translate into the dollar value of potential ransomware attacks and thus, help prevent and mitigate them? Cye is a great example of a solution offering unique cyber risk quantification capabilities.
- Trend 3: Emerging threats to critical infrastructure and ransomware prevention
In March of this year, the White House’s National Cybersecurity Strategy reclassified ransomware as a tier-one national security threat following a series of attacks hitting critical national infrastructure. Just last month Illinois hospital St. Maragret’s Health permanently shut down following a 2021 ransomware attack (CBS). Meanwhile, the UK National Cyber Security Center (NCSC) issued an alert about Russian adversaries threatening the UK’s critical infrastructure, while Iranian actors continue to be behind some of the largest ransomware attacks. This past February, for example, Iranian actors launched an influence campaign against the Israeli government (link, link). These are just a few examples of the continued threat posed by ransomware.
So, how do we protect our most important infrastructure? From just this past year, Congress established CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act), the UK introduced the Product Security and Telecommunications Infrastructure (PSTI) Act, the EU introduced the Network and Information Security Directive (NIS2) that focused on new regulations pertaining to critical infrastructure, Australia led a coalition of 36 agencies to fight ransomware against critical infrastructure in what’s called the International Counter Ransomware Task Force, and the Joint Ransomware Task Force (JRTF) continues to synchronize efforts to further the national, unified effort of mitigating ransomware attacks and threats. CISOs (rightly) continue to still pay close attention to this issue and are monitoring closely what they can do to advance capabilities in the area.
- Trend 4: Third party risk management
Today, third parties need greater access to an organization’s data assets, leading to the expansion and intricate nature of the third-party network. With organizations rapidly adopting new tools, how can we ensure that we’re secure not just in term of third parties, but fourth and beyond? Gartner writes that in the last several years, majority of compliance leaders (80% to be exact) identified third-party risks only after onboarding and classified 2.5X more third parties as high risk. CISOs are increasingly recognizing the need to gain visibility and real-time insights into their third-party supply chains in order to assess their security risks.
- Trend 5: CISOs rising in importance at the board level
The CISO’s role has never been more important, and it continues to evolve towards a critical Board-level role. This is an exciting development, elevating the work of the CISO to protect the organization from critical risk, as well as giving them a platform to advocate for increased budget. However, this shift also does require some adaptation on the part of CISOs. Instead of just focusing on their technical skills, they must now take on an increasing responsibility to ensure their goals not only align with the business objectives, but work to push them forward.
- Trend 6: Workflow and productivity challenges rise as responsibilities and control become even more distributed
With the trend of shift-left over the past several years, I had discussions with many CISOs around the challenge of decision making becoming more distributed. It seems there is still an issue with cross-department collaboration, specifically security and developers, such that developers have what they need to implement security early enough into the lifecycle, while the security team has what they need to remain in control of security. In general, these types of questions continued to be a common theme: how can productivity and workflows be leveraged to create win-wins cross-department?
- Trend 7: Optimization / replacement of SecOps tools given an ever-increasing volume of alerts
CISOs often spend six if not seven digits on SIEM technology, only to be bombarded with alerts. Challenges around the linearity between data and cost has made managing these huge amounts of data (that continues to grow as security stacks increase) unsustainable, while the implementation of the SIEM itself seems never ending. Microsoft, IBM and Splunk continue to lead the category (Gartner Magic Quadrant), but it’s an extremely competitive space with alternative players in other categories, such as XDR, and an expectation that the SIEM needs a more holistic, packaged offering. Many continue to be unhappy with existing tools in the SOC and the question is, what comes next? Will the market skew towards next-gen SIEMs versus SIEM replacements versus something else? What future consolidation will occur between SIEM / SOAR / EDR / UEBA etc.? How will CISOs ensure their SOC will keep up with the increased number and sophistication of attacks?
- Trend 8: Continuation of cloud security as a leading sector, specifically cloud infrastructure and multi-cloud protection as well as identity and access management for hybrid environments –
Most of today’s largest enterprises are still on their way towards migrating data centers to the cloud and building their multi-cloud strategy. As with any new technology, this comes with new risks for CISOs to manage. A report by Palo Alto Networks outlines some common security risks: 76%+ of organizations don’t enforce MFA for cloud users, 63% of codebases in production have unpatched vulnerabilities, only a fraction of open-source packages are directly created/imported by developers which resulted in over 77% of open-source packages and vulnerabilities being introduced by non-root packages, and more. All of these factors have contributed to a significant rise of supply chain attacks (full report here) across all layers of the cloud – infrastructure, applications, access management, and more – and we continue to keep a close eye on the emerging leaders in the space.
- Trend 9: VC Deals are picking up, but the process is longer and the bar is higher
We’ve seen some optimistic signs of a rebound in the last year following the burst of 2021’s tech bubble. While funding levels remain lower than previous years, we’ve returned to pre-COVID levels in terms of investment in mid-later rounds, $50M+ and $100M+ investment deals, new unicorns, and more (IVC 2023). What’s more, while many other budget areas have been cut, a survey of our NightDragon Advisors found that 66% were increasing their security budgets in 2023 as they face increasing cyber risks that threaten their business on a day to day basis.
Success is due to persistence. It’s the ability to adapt, and adapting is about three things: taking a step back to breathe, running a structured and streamlined learning process, and applying. From time to time, it’s OK to feel as though you are losing grip, as this can mean coming out much higher on the other side of uncertainty.
Lieutenant General Aviv Kochavi, the IDF’s 22nd Chief of the General Staff, at the Team8 CISO Summit
Companies with good ideas, teams and technology that execute well in this current economic environment will be proven winners for many years to come. Valuations continue to rationalize, and funding continues, albeit at a slower and more deliberate pace. In short: It is still a great time to invest in cyber and national security technologies given an increased urgency for innovative technology and better deal terms for investors.
- Trend 10: There remain many successful paths to exit for startups
Manufacturing successful exits at any time is tricky, but particularly when IPO markets remain slow, and this is why we hosted a panel featuring Morgan Kyauk, NightDragon Managing Director, Udi Mokady, CEO & Co-Founder of CyberArk, Dino Boukouris, Founding and Managing Director of Momentum Cyber, and Pedro Bermeo, Partner at Davis Polk & Wardwell, moderated by Seth Spergel, Managing Partner of Merlin Ventures. When Seth asked the panel what can set a company up for a successful IPO, panelists laid out three important steps:
- Build a model that shows the company’s predictability in KPIs and the track record of meeting targets/expectations.
- Make sure the value offering / message resonates with investors – Leadership should meet with research analysts to ensure they understand the story and business such that strong connections are formed: “You date your banker, but you marry your research analyst.”
- Focus on having compliance and auditing capabilities in place and at a high standard.
On the other side, if a company wants to stay private and be acquired, the main focus should be on building strategic business development partnerships, investing in this for years prior to the anticipated M&A date. A successful exit requires years of planning, including targeting strategic investors in your growth fundraising round as part of building a strong partnerships foundation that can lead to a successful acquisition down the road.
- Trend 11: Strategic partners are more important than ever
For startup companies at this ready-to-scale stage, it’s more important as well as more difficult than ever to get in front of value-add resellers and distributors, technology integrators, government partners, and more given the overabundance of solutions. Yet, this is an important piece of the puzzle for companies looking to double or triple-digit growth ARR. At NightDragon, we recognize this challenge for growth-stage companies and the importance of building these strategic partnerships in order to cross the chasm to the next phase of growth. This is why we have put so much emphasis building out our proprietary NightScale platform, including MSAs (master-level service agreements) for our portfolio companies to get preferred terms with leading partners around the globe.
As we progress through 2023, NightDragon continues to stay bullish on the Israeli innovation ecosystem. We encourage founders to continue focusing on operational excellence, consistently evaluate execution strategies and ride out this wave of uncertainty, as there will be clear winners when the wave breaks. With all the incredible innovation and technology being built, we couldn’t be more excited to offer our investment & advisory platform to top-notch innovators in Israel and EMEA and look forward to hearing from you: dorin@nightdragon.com
