Taking Stock: Ranking the Next Billion-Dollar CyberSecurity Markets

With IT security spending estimated to crest the $75 billion annual mark before the end of 2015, there’s no shortage of emerging security sectors that will soon cross $1 billion in annual revenues. At the same time, with so many startups pursuing cybersecurity solutions, venture capitalists need a way to rank the market’s most promising new opportunities.
Here is the “Top 5” list of promising billion-dollar security market opportunities I see today.
1) Breach analytics: The Verizon Data Breach Investigations Report 2015 touted a 55 percent increase in breach incidents over 2014, with an average detection time of roughly 200 days. Clearly, the era of mere prevention is long gone. That’s why breach analytics solutions, used to investigate potential compromises and guide incident responses, ranks at the top of our list.
None of the major analyst firms have yet to effectively estimate the size of the breach analytics space, although all of them, including giants Gartner, IDC and Forrester, acknowledge its enormous potential. I believe there will be significant winners in both log and network solutions architectures, notably those that reduce false positives and prioritize workflow for better incident response and remediation. Among the early leaders are companies such as Exabeam, LightCyber, Securonix and Vectra Networks.
2) Mobile security: There are an estimated 2 billion smartphones worldwide, but most lack basic security protections. The resiliency of Apple’s iOS is overestimated. Researchers at Kaspersky recently counted more than one million malware packages aimed at mobile devices in general, while Gartner has reported that more than 75 percent of all mobile apps fail basic security testing.
Smartphone sales are robust, but there are problems to address. The difficulties stem from basic differences between iOS and Android, as well as Apple’s reluctance to unlock its walled garden, compared to the enormous complexity of Android’s wide-open architecture. No major cybersecurity player has emerged yet in this space, especially one that caters to every platform.
The mobile security market is expected to grow by 18 percent in 2015, according to IDC. Allied Market Research projected the mobile security market will be worth $34.8 billion by 2020. The market segment is expanding, but it has its own set of challenges, such as developing security solutions that work across all major platforms. Companies that offer a highly differentiated solution focused on protecting mobile apps via wrappers that don’t require SDK’s or APIs could win. This allows apps to be protected independent of the operating system, without any compromise of the user experience.
3) Cloud security: Rapid adoption of cloud infrastructure has created risks associated with distributed access and multi-tenancy. Resulting east-west threat vectors combine with north-south considerations, necessitating added security solutions. Analysts at IDC recently pegged 2015 worldwide cloud spending at $32 billion, a 28 percent annual increase. At the same time, Gartner estimates that organizations allocate only 3.8 percent of their cloud budgets for security, highlighting a massive investment opportunity.
The nature of the next-generation data center greatly increases the overall risk, with applications that have traditionally existed in siloes now residing on a single, shared cloud infrastructure. In the cloud, the compromise of a single application means that every adjacent application is at risk. However, despite the growing cloud security opportunity, numerous challenges remain in addressing the market. Perhaps the greatest is the ongoing transition from public to private cloud infrastructure, deterred by the wait for VMWare and OpenStack platforms to evolve. The pace at which this issue is resolved will directly impact cloud security solutions demand, with Menlo-backed vArmour recognized as a current leader.
4) Endpoint protection: Improvement of endpoint security remains a daunting proposition, with players addressing both defense and remediation needed on servers, laptops and mobile devices. This may be a well-entrenched space, but we feel that continued advancement will create a new category of winners. Analysts at Gartner recently predicted that “endpoint detection and response”, only one element of the larger segment, will reach $400 million by 2016.
This makes a lot of sense, as the endpoint is where the vast majority of malicious behavior unfolds via phishing, poisoned downloads or any number of user-driven techniques. Yet, in such a heterogeneous environment, with so many varied devices and operating systems, creating a centralized platform for security management remains a difficult task. Beyond getting agents onto endpoints, there’s also the challenge of keeping such widely distributed defenses up-to-date. Among the many endpoint security startups attracting attention are Crowdstrike, Cybereason, Dtex and Tanium.
5) Automated incident response and remediation: Once breach analytics have been applied, the next steps relate to response. Traditional incident management via law enforcement and forensics, using largely manual processes, is no longer sufficient.  Automation is the answer. In particular, the ability to auto-remediate specific vulnerabilities that lead to a particular breach is an area of intense interest among practitioners and developers alike.
Solutions that isolate affected individuals, applications and devices for remediation are critical, with a wide range of applicable technologies being advanced. However, this is by far the most nascent of all these emerging markets, with few existing projections to rely on in scoping its potential. Unsurprisingly, there’s a dearth of recognized providers to name, but this also highlights the potential for lucrative investment.
While these are the five leading security market opportunities, picking and ranking actual winners is another matter. With so many providers seeking venture funding, many of which are relatively unknown or in stealth mode, handicapping the winners is largely a futile task.


This post originally appeared in the RSA Conference blog.