By David Zilberman, managing director, Comcast Ventures
User and entity behavior analytics (UEBA) is a hot sector of cybersecurity, and it is only getting hotter. In the Market Guide for User and Entity Behavior Analytics, by Avivah Litan, published September 22, 2015, industry analyst firm Gartner says it “expects the UEBA market revenue will climb to almost $200 million by the end of 2017, up from less than $50 million today.”
If you are unfamiliar with UEBA, it entails approaching cybersecurity from the inside-out – focusing on how insiders (which includes employees and third-party vendor users) within enterprises and the devices they use are behaving. What information do they access daily? How do they gain access to business’s networks? Who do they and their peers typically correspond with daily? Which websites do they visit? UEBA software collects this information from the vast amount of security tools enterprises already have invested in, correlates the data and presents the in-house IT and security team with a complete story about each user and their typical behavior. If something seems outside of what’s normal for them, their peers and the overall team they work with, UEBA flags it, notifies the necessary parties, helps the business take action and creates a report to present to the board. And, it’s all automated, cutting down the manpower and resources needed for cybersecurity.
If you have not invested in UEBA, now is the time. Many UEBA companies currently have active products on the market that enterprises have used for at least 12-18 months, enough time to evaluate whether or not those products are effective. Once the window closes, you may need to wait for the next refresh cycle, which could take three to four years.
Finding the right company to invest in is difficult, and there are many investors already waiting around the hoop creating, even more, competition. So how do you pick through the noise and find the winners? Here are a few tips:
Resiliency during tough times. As we all know, the economic climate has been quite the rollercoaster during the past ten plus years. Yet, even during the worst times, some companies have successfully weathered the storm. Look for a UEBA company that has stood on its own two feet for a significant amount of time before courting investors. Those are the ones that know how to manage expenses responsibly through a boom or bust. They don’t need venture dollars to sustain and grow a business. For example, Tanium, a company that focuses on endpoint protection, is now a “unicorn” with a valuation of more than a billion dollars. However, before receiving outside funding, Tanium spent five years building its technology and growing the company, ensuring customers wanted its product before seeking any financial backing. The economy will always be unpredictable which is why it’s best to invest in a company that knows how to ride the waves.
Customer validation: As an investor, cutting through “marketing material” presented by CEOs is often challenging because inevitably the company is always doing great and highly differentiated. That’s why focusing on validation from actual customers is helpful. For example, in 2014, we provided Series A funding to Bay Dynamics, a cybersecurity company that offers its own UEBA platform to help enterprises minimize risky insider behavior that may lead to a breach or stop a breach in action. We chose Bay Dynamics partially because the co-founders were able to prove their customers’ success. They showed us actual breach attempts and risky behaviors their UEBA software identified and remediated. Their customers demonstrated the value of the platform. It’s best to focus on how much a company’s customers believe in the solution, not how much the company raises in venture dollars.
Focus on the endgame. For some information security companies, the valuations are so high that there are not enough buyers who can afford them. In most of the recent acquisitions we have seen – for example, Cisco acquiring Lancope, Trend Micro acquiring HP TippingPoint, Microsoft acquiring Secure Islands and Adallom – the buyer paid tens of millions or a couple hundred million. With the exception of a few, vendors are not making billion-dollar acquisitions in the security space. On the other side, out of the cybersecurity companies that went public, while some are trading at healthy multiples, less than half are unicorns. There is not enough liquidity in the public market to absorb billion dollar private companies. When looking at UEBA companies, focus on the exit opportunity. If the company is sitting on a billion dollar valuation, many vendors could not afford to acquire it, and if the company goes public, it most likely would not trade at that valuation. That’s why it’s best to invest in a company that has a lower, more realistic valuation.
Finally, quantifying the benefits of a UEBA product, or any information security product, is a challenge. Typically you don’t realize its success or failure until a breach or vulnerability occurs, and even then, it’s tough to determine out of the arsenal of security tools which ones caught it. Many information security companies sell on fear, but that alone won’t sustain itself. Focus on a UEBA company that can provide real customer testimonials or case studies that show the ROI and benefits of using that company. There’s no better proof of a product’s success than hard data.