SAN FRANCISCO – March 3, 2014 – Zumper, the home and apartment rental search platform, today announced that it has closed a Series A round of funding from Kleiner Perkins Caufield & Byers (KPCB), with seed investors including NEA and Dawn Capital also participating in the round. Chi-Hua Chien, wh…
Thousands of people will descend on San Francisco on Monday for RSA’s security conference (despite allegations that RSA accepted $10 million from the NSA to enable a backdoor in its encryption software so the NSA could monitor data).
Among those attending will be Kleiner Perkins Caufield & Byers General Partner Ted Schlein, a former executive at Symantec Corp., who has been investing in security companies at Kleiner Perkins for nearly 20 years.
One of Mr. Schlein’s portfolio companies, Shape Security, is raising a new funding round for shape-shifting technology that aim to outwit hackers by turning some of their techniques (such as malware that changes to evade anti-virus software) against them.
He spoke with Venture Capital Dispatch about the arms race between the good guys and the bad guys as the sophistication of cybercrime continues to grow.
Q: There will be hundreds of security companies at the RSA conference. What are some of the interesting trends to keep an eye on?
A: I think Shape is a good example of using a brand new weapon on an old attack versus updating an existing weapon.
That’s why FireEye (which went public in September and has a market cap of more than $8.3 billion) is possible. They figured out a way to detonate Advanced Persistent Threats on the network on a virtual machine. No one had done that before–everybody was trying to keep attacks out of the network. It’s a fool’s errand.
People are starting to realize that network security does not work as well as we thought. That’s what leads to the fight for the endpoint–how people protect endpoints will be completely different than over the last two or three decades.
We have a very good understanding that signature-based protection doesn’t work, and we’ve moved to behavioral-based protection.
Q: So changes in how we secure devices that connect to the network is one area to watch. Any others?
A: I think there’s a huge issue around global 2000 companies needing to scale to meet the cyber threat. They can’t hire enough smart people or deploy enough technology to fight the bad guys…
Crowdsourced threat intelligence or vulnerability analysis is an idea that’s going to be used by a lot of other parties to help us solve our problems because we ourselves can’t afford to do that.
AlienVault, the open threat exchange which is crowdsourcing the threats, is brilliant. Rather than buy a threat feed, you get it from the universe. It’s the closest you’ll get to real-time threat detection.
We’re working on Synack, which has the ability to take the world’s greatest white hat hackers and apply them to your company’s security risk assessment with an automated platform. You could never afford to get that talent inside a company, but you could rent them–point your skills at me and let me see what you can find, and then contract to do that on an ongoing basis.
Synack sits between the white hats and the global 2000…The good guys are as smart as the bad guys, and it’s more lucrative to be a bad guy, so we want to make it reasonably lucrative to be a good guy.
Q: Anything else?
A: People are finally going to realize that you’ve got to protect what the bad guys are interested in, and that’s data. A data-centric approach to how to protect the cloud makes far more sense than saying no one can come through this wall. The cloud by definition is a highly distributed environment with all these different access points, and you want these access points to be highly distributed.
You’ll see full-scale encryption of data in the cloud, encryption to the end point, and it will be a highly authenticated endpoint that will know who you say you are (in multiple ways) and do things that will eliminate a lot of layers.
You’ll see the natures and insidiousness of threats change, and the ramifications of breaches getting worse. Twenty years ago a breach was mostly an operational problem and might cost money, and today a breach is a strategic issue that might be catastrophic.
That’s a big change, and it’s woken everybody up to spend more money and pay more attention, once again on both sides. So the rat race will not change, but I think it’s getting better, and for good reason.