Cyber’s Game of Thrones: Menlo at RSA

Menlo at RSA

See photos from the event here.

Key Takeaways from Menlo RSA 2017: Cyber Clones

Menlo Ventures hosted its annual RSA event and similar to prior years, we brought together a group of seasoned and entertaining security experts to voice their opinions on a panel hosted by our very own Venky Ganesan. Last year’s discussion centered around the “Wild Wild West of Cloud Security.” This year, we brooded over a topic a bit more ominous: “Winter is Here: “Cyber’s Game of Clones.”

Perhaps the world of security is not quite so bloody as that depicted in the Game of Thrones. But it feels increasingly so. As a deep investor in the space (perhaps, as host, we assumed the role of HBO), we are long on security: we have compelling bets in the game (, BitSight, vArmour, and AppDome) and we believe there are unsung heroes out there, deserving of war-chests. But we also feel the winds of winter coming. A significant amount of capital has gone into the space, and in many security verticals, there appear to be more start-ups and incumbents competing for real-estate than there is real-estate to divvy up. A shake out is likely to occur.

We brought together panelists whose companies we felt best represented the infamous houses in the Game of Thrones. We tasked them with arguing for why they deserved to not only survive, but also conquer (or retain) their equivalent of the Iron Throne in the increasingly treacherous world of security. We also wanted to know who the victims might be…

Our house representatives included:

Ashok Banerjee of Symantec: House Baratheon (Incumbent leader)

Chad Kinzelberg of Palo Alto Networks (Incumbent leader)

Tom Turner of BitSight: House Stark (Startup)

Marc Woolward of vArmour: House Targaryen (Startup)

Kirk Kaludis of Barclays: House Braavos (The Iron Bank)

As with the end of each Game of Thrones episode, we thought we’d put together a synopsis of the action (and the highlights) that came from each house.


Symantec (Incumbent):

  • Symantec is the incumbent and will continue to dominate because security is all about layers and Symantec has those layers. Ashok refers to his layers as “blades,” or the portfolio of Symantec products (from endpoint to server) that Symantec has built or acquired over time. He contends that “next gen” contenders have limited scope because they are “single blades” with limited visibility or context. Detecting malware is about correlating data across multiple blades and increasing conditional probability – that’s why Symantec wins.
  • He scoffed at the idea that Symantec is not innovative (a Lannister jab). He contends the company has been pioneering in ML for over 10 years and has anti-exploit technology, like Palo Alto Traps.

Palo Alto Networks (Incumbent):

  • Palo Alto is winning and will continue to dominate because it is the only true enterprise security platform, whereas others say they are platforms but are just loose federations of products or features that do not speak well to each other. Winning requires true threat intelligence and automation coupled together.
  • Palo Alto eliminated entire security categories (IPS) with its next generation firewall product and has successfully extended its core functionality into the endpoint and cloud, sharing IOCs across all nodes to maximize probabilities of malware detection.
  • Legacy network and endpoint solutions no longer work because malware and attackers have evolved. It’s no longer “run of the mill” malware, it’s advanced malware, custom built by nation states. The White Walkers have upped their game. Only Palo Alto can stop such advanced threats.

BitSight (Contender):

  • BitSight will win because the conversation has changed. It’s no longer about competing on features and functionality; it’s about articulating business value. How do you explain your security posture to your board of directors? Existing security vendors are not good at that, so a genuinely independent third party, the role BitSight is filling, is required.
  • BitSight will claim a piece of the throne by becoming the FICO of security, ensuring that the other vendors who want the throne for their capabilities are actually deserving.

vArmour (Contender):

  • vArmour will win because it is a solution that has been built from the ground up for modern environments and the complexities of public cloud, hybrid, and private cloud environments. Security, in these environments, is a distributed problem that requires a new approach. vArmour has built that approach, and is automated cloud security that does not create chock points or have the scaling issues that challenge incumbent firewall vendors.
  • Existing players have slowly been compromised from years of having to patch together solutions and new functionality, to address whatever has been the “risk du jour”. They are basically “non-architectures” at this point, and they create a significant amount operational complexity for customers. There is now a real tradeoff between managing the operational risk of using these products and the information risk of not using them.
  • Effectively, vArmour has started from a better place.

It’s unclear who deserves the Iron Throne, so we’ll leave it vacant. As the producer, our job is to keep up the suspense.

Palo Alto Networks has won the most battles in the last few years, but faces uncertainty in the cloud. Symantec seems to have new life and vigor, but there are dark murmurings about those blades. vArmour and Bitsight are building armies and momentum, but are still outside of the city gates. And it’s unclear if anyone survives, if the White Walkers have their way. Don’t forget the hundreds of other hopefuls who were left on the cutting room floor. They are still out there.

We are probably in the “late stages” of a security funding cycle. Funding will inevitably ebb and consolidation will occur. But security is a massive market with many, urgent problems that have yet to be solved. So, Menlo Ventures will continue to be open for business.