11

The CISO Report Q3 2019 - cyber.ylventures.com

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: The CISO Report Q3 2019 - cyber.ylventures.com
Page 2: The CISO Report Q3 2019 - cyber.ylventures.com

ABOUT YL VENTURESYL Ventures funds and supports Israeli techentrepreneurs from seed to lead. Based in SiliconValley and Tel Aviv, the firm currently manages$260 million and exclusively invests incybersecurity. YL Ventures’ focused strategy allows it to conduct arapid and efficient evaluation process and supporteach of its portfolio companies, both strategicallyand tactically, across multiple functions post-investment. The firm is uniquely focused onsupporting the U.S. go-to-market of early stagecompanies and leverages a vast network of industryexperts, CISOs and U.S.-based technologycompanies as advisors, prospective customers, andacquirers of its portfolio businesses. The firm’s global network and footing in the U.S.has always counted among its most powerful assets:YL Ventures bridges the gap between Israeli

innovation and the U.S. market. The firm hasformalized and amplified this core competitiveadvantage through the launch of the YL VenturesAdvisory Board. The Venture Advisory Board is comprised of over60 security professionals from leadingmultinationals, including Akamai, Walmart, Netflix,Nike, Spotify, CrowdStrike, and Aetna. The firm’srelationship with its advisors, as well as its extendednetwork, is symbiotic in nature: the advisors bolsterthe YL Venture investment team’s due diligenceprocess and provide the firm’s portfolio companiescontinuous support across a multitude of functionsthroughout their lifecycles. In return, networkmembers benefit from exposure to pre-vettedIsraeli cybersecurity innovations and receive directexposure to a market second only to the U.S. incybersecurity innovation.

YL Ventures | The CISO Current Report Q3 2019 2

Active portfolio

Exited/acquired

Page 3: The CISO Report Q3 2019 - cyber.ylventures.com

TABLE OF CONTENTS

YL Ventures | The CISO Current Report Q3 2019 3

Introduction Three Leading Issues in Today’s Cybersecurity Operations

Human CapitalTool ManagementOverall Security Program Management

Future Pain Points

IoTData Governance and SecurityRegulatory Environments

Automating Manual Processes

Incident ResponseRepetitive Processes

Promising Ventures For Early Adoption Big Budget Allocations That Have Yet To Be Spent

Data Governance and Compliance IAM

Over-Hyped Trends In Cybersecurity

Artificial Intelligence and Machine Learning Blockchain

Cybersecurity Risks in Cloud Adoption Final Observations Outreach and Contact Information

4 5556 6666 777 7 778 888 8 9 10

Page 4: The CISO Report Q3 2019 - cyber.ylventures.com

INTRODUCTIONYL Ventures frequently confers with an extendednetwork of prominent cybersecurity professionals,including our Venture Advisory Board and industryexecutives, to assess our portfolio prospects, fine-tune market predictions, and facilitate portfoliocompany business development. As such, we haveestablished direct lines of communication with theglobal market’s preeminent CISOs andcybersecurity experts for ongoing insights into theirthoughts, priorities, and opinions about the state oftheir organizational cybersecurity. We recognize the value this information presents toentrepreneurs, especially those wishing to enter theU.S. cybersecurity market, and to the cybersecuritycommunity as a whole. For this reason, YL haslaunched ‘The CISO Current’, under which we willpublish reports containing gathered intelligence forgeneral use. This document constitutes the launchof the initiative, and contains data gathered fromdirect interviews surveying over 30 cybersecurityexecutives at leading enterprises.

Our distinguished participants responded to a seriesof questions (see Appendix) to provide our analystswith insights into the cybersecurity market’sconcerns and opportunities. They were very candidthroughout the information-gathering phase andwere keen to stress exactly which challenges futuresolutions ought to meet and which sectors aredisproportionately addressed by the market. We extracted the particularly illuminatingconclusion that CISOs are primarily focused onbolstering operational cohesiveness, efficiency, andeffectiveness in terms of human capital in complex,large-scale environments. As such, CISOs aresignificantly more inclined to invest in managementsolutions that can achieve this end than simplyinvesting in platforms that secure new technologicalfrontiers. We hope the observations compiled inthis report will prove to be a useful resource foraspiring cybersecurity entrepreneurs and the entirecybersecurity community.

YL Ventures | The CISO Current Report Q3 2019 4

Page 5: The CISO Report Q3 2019 - cyber.ylventures.com

THREE LEADING ISSUES INTODAY’S CYBERSECURITY OPERATIONSWe began this quarter’s interview process byasking our experts about the single biggestobstacle they face in their daily line of work. Weextracted three major concerns from theirresponses.

Human CapitalThe majority of respondents are primarilyconcerned with a broad range of operational issuesrelating to human capital. They are classified asfollows: Recruiting quality personnel: The current marketshortage of cybersecurity expertise is hamperingcybersecurity departmental efforts to find seasonedand talented personnel^. This challenge onlyintensifies for those looking for industry-specificspecialists. Further exacerbating the issue is the“strong seller’s market” for experts and new talentalike^^. Many CISOs currently bring in consultantsto mitigate their sourcing issues. Training personnel and closing skill set gaps: Thisissue exists in tandem with the factors that have ledto talent sourcing difficulties. Many cybersecurityspecializations are new; The literature documentingthose specialties and related best practices are stillin development. As a result, many candidates areforced to learn on the job. Further, thecybersecurity sector is rife with turnover due to thehigh attrition rates associated with mundane andrepetitive first-tier tasks. Consequently, CISOs areforced to invest in many extensive, resource-

intensive training and onboarding processes. Suchcostly investments are also required whenevercompanies move into new spaces or make newacquisitions in which security personnel areexpected to develop new capabilities and executenovel, unfamiliar tasks. Reining in non-security employees: Engaging,training, and increasing the awareness of non-security personnel in cybersecurity matters isdifficult. Many non-security employees often viewcybersecurity protocols as nuisances instead ofcritical functions and are unmotivated to implementthem. Companies with high turnover experiencethis challenge more intensely, as each new hirerequires a new security onboarding process.Meaningfully overseeing the few processes thatnon-security employees do manage to implementpresents an additional challenge. Unfortunately,CISOs cannot afford to acquiesce, as cyber-attacksoften begin by targeting the most vulnerablecomponent of an organization – its people.

Tool ManagementCybersecurity tool management is an increasingconcern, as cybersecurity stacks grow incomplexity and volume. Several of the experts in our network are concernedabout issues arising from hosting multiple pointsolutions, which has resulted in overlappingcapabilities and an exceedingly high volume ofthreat data and alerts. Many have experienced oranticipate inevitable alert fatigue and worry thatthey are unable to maximize outcomes from theirdata. Moreover, many indicate that they havedifficulty managing and prioritizing alerts, struggleto keep installed systems updated, and are lackingholistic visibility across all of their security assets.

^The 2018 (ISC)2 Cybersecurity Workforce Study placed the overall gap at 2.93 million. ((ISC)2. Cybersecurity Workforce Study 2018, 2018).Moreover, the ISACA 2019 State of Cybersecurity reports that nearly 60 percent of organizations “experience at least three months of unfilledcybersecurity positions when hiring new staff”. (ISACA. State of Cybersecurity 2019. Part 1: Current Trends in Workforce Development, 2019, p.7)^^The ISACA also noted that “[t]he environment of need in the cybersecurity field has led to a strong seller’s market for cybersecurity professionals,creating a retention problem for enterprises”. They moreover discovered that 82 percent of organizations have indicated that most cybersecurityprofessionals left their organizations for better financial incentives, such as salaries or bonuses, at other organizations”. (ISACA. State of Cybersecurity2019. Part 1: Current Trends in Workforce Development, 2019, p.11)

YL Ventures | The CISO Current Report Q3 2019 5

Page 6: The CISO Report Q3 2019 - cyber.ylventures.com

They voiced interest in acquiring a solution or toolthat can help them map and prioritize toolinginvestments.

Overall Security ProgramManagement Many CISOs experience difficulty in attempting toquantify risk to inform their cybersecurityinvestments. Several executives felt that theindustry has yet to develop standards ofmethodologies, toolsets, and practitioner guidelinesto carry out ROI analyses. This gap begs thequestion of whether cyber practices actually addvalue to an organization—and if they do, exactlywhat that value translates into financially. A relatedproblem arises from discrepancies in businessexpertise between many CISOs and their peers. Asthe industry matures and moves away from itscurrent compliance focus to a more risk-basedapproach, there will be an increased need fortoolsets and methodologies to managecybersecurity programs and investments.

FUTURE PAIN POINTSIn this portion of the interview process, we askedCISOs to share their projections of futurecybersecurity issues. Many tied their responses toexisting issues that have yet to be resolved or thatthey anticipate will worsen over time.

IoTThe most recurring concern about future cyberchallenges pertains to the Internet of Things (IoT).Connected devices are proliferating with no signs ofstopping^^^. These devices have becomeintegrated into nearly every facet of life, fromrefrigerators to cars to medical devices. As there aredifferent cybersecurity offerings for different IoTdevices, managing the security of all of these

devices in concert is a challenge. This is exacerbatedby the fact that many enterprises still hesitate tomake IoT security investments. Our respondentsvoiced a need to better tackle IoT cybersecurity fortheir respective enterprises as a whole, instead ofrelying on silos of solutions.

Data Governance and SecurityThere is a growing desire for tools that can create aholistic view of organization data and its flow, aswell as seamlessly apply security and privacypolicies across it. This need specifically relates torecurrent concerns like data tokenization, dataanonymization, and both direct and indirect datasharing between companies. Further, Identity andAccess Management (IAM) has been projected toremain a concern. Many experts see ampleopportunity in the challenges surrounding onlinecredentials for sectors like finance and retail.Companies have yet to provision and de-provisionaccess at an optimal speed, if they do at all. Thosethat do grant such access still struggle to carry it outin a cloud-friendly manner.

Regulatory EnvironmentsMany of our experts specifically shared concernsabout regulatory environments within the contextof privacy, as regulatory pressure , such as for GDP Rcompliance, continues to increase in this sphere.Companies, especially in highly regulated domains,will have to continue to expand their teams to keepup with this pressure. Many organizations arebeginning to turn to third-party security vendors toimplement these functions. Those same companiesare also looking for the right technologies and toolsto handle these new demands, and have had toincrease their cooperation with the legal arms oftheir organizations. Larger firms have shifted focusto pre-empting future legislation to anticipate anysignificant restructuring ahead of time.

YL Ventures | The CISO Current Report Q3 2019 6

^^^According to Gartner, over 20 billion devices will be connected to the Internet worldwide. (Gartner, Leading the IoT. Introduction, 2017.)

Page 7: The CISO Report Q3 2019 - cyber.ylventures.com

AUTOMATING MANUALPROCESSESWe asked our participating experts to share whichcurrently manual processes they would like toautomate.

Incident ResponseIncident response was highlighted as the topoperational activity that our network is looking toautomate. Most experts agree that the majority ofdetection and response mechanisms can beautomated. In fact, a number of interviewparticipants are already implementing variousstages of automation in this field, includingticketing, alerts, and even next-level remediation. The drive to automate incident response relates tohow personnel-intensive operations are within anorganization. Automation is needed for logcollections in transactions, data analysis, Tier 1 and2 filtering, and repairing common incidents. Ourrespondents predict that machine learning (ML) andartificial intelligence (AI) will be key enablers inhelping them navigate this field. Respondents alsoarticulated a need for “next generation” SOAR toautomate the workflow among different tools.Interviewees anticipate challenges in setting bestpractices for handling this automation as well asensuring that conflicting technologies do notpresent barriers to deployment. Vulnerabilitymanagement, such as remediation and patchmanagement, has specifically been earmarked as animportant point of automation.

Repetitive ProcessesRepetitive processes as a whole were also cited as“low hanging fruit” for automation. Analysts arecurrently encumbered by the responsibility ofcarrying out many repetitive tasks manually. Manyof our experts voiced an interest in finding a nicheof heavy operational repetition that does notrequire any human skill set as an opportunity forautomation, such as phishing email triage.

PROMISING VENTURESFOR EARLY ADOPTION However, automatic detection and responsesolutions, specifically autonomous threat hunting,earned a number of notable mentions. Thesesolutions include monitoring and detection toolsthat automatically aggregate logs, use ML, andconsolidate all security data in a single location. Theend goal of these solutions would be to reduce theworkload before it even reaches humans. Solutionsthat automate the threat hunting process werevoiced as particularly desirable, although they face asignificant adoption barrier due to the deficit inhuman talent and skill to support threat huntingoperations. Respondents also revealed their needs in thedomain of vulnerability management. They aresearching for solutions that can automatically andcontinuously report, prioritize, remediate andcorrelate results of vulnerability managementsolutions with other platforms.

BIG BUDGETALLOCATIONS THATHAVE YET TO BE SPENTOur research moreover explored areas in whichCISOs are already prepared to invest:

Data governance and compliance Several of our experts conveyed that existing datagovernance solutions are either robust and scalable,but not cost effective, or conversely cost effective,but unstable and difficult to scale. An affordable,robust, and scalable solution in this space is needed.Respondents are looking for GRC (Governance, Riskmanagement, and Compliance) management toolsas a whole to overcome the fact that many GRCtools are either antiquated or require multiplestaffers to make them work at all. Our respondentsalso voiced interest in solutions that can address

YL Ventures | The CISO Current Report Q3 2019 7

Page 8: The CISO Report Q3 2019 - cyber.ylventures.com

compliance gaps for multiple regulations acrossdifferent regions.

IAMRespondents expressed their desire for accesscontrol and IAM solutions for unknown andunsanctioned SaaS applications. Many CISOs areconcerned with unsanctioned tools and the need tounderstand what they are and where they aredeployed. CISOs also require greater access controlwithin customer account management systems andthe ability to carry out robust and dynamic securityactions within those environments, such as grantingaccess permissions on a timely basis.

OVER-HYPED TRENDS INCYBERSECURITYWe detected a common thread of criticism fromour experts about industry trends that areoverpromoted. We distilled them into thefollowing two categories:

Artificial Intelligence and MachineLearningArtificial Intelligence (AI) and Machine Learning (ML)were the most overwhelmingly common responses.Our experts insist that the hype surrounding bothof these emerging technologies does not matchtheir real-life usage and application. Theyspecifically point to promotional trends surroundingAI-based threat detection as tired andoverestimated. Today, nearly every vendor claims tooffer AI-oriented solutions in broad, sweeping termsthat leave many of our experts feeling that their AIuse is more focused on form than substance.

BlockchainBlockchain is another buzzword our experts suggestis overused and under-realized, both for cybersecurity solutions targeting blockchain and

blockchain-based solutions for cybersecurity. Manyrespondents expressed that, because the underlyingtechnology is still under development, blockchain isnot ready for mainstream cybersecuritydeployment. Interviewees went on to share that aproblem has yet to arise for which blockchain is theappropriate solution.

CYBERSECURITY RISKS INCLOUD ADOPTIONWe asked our executives about the most pertinentcybersecurity risks that most concern them in theirmigration to cloud environments. We were unable to extract a definitive trend fromrespondents’ answers to this question. However, acomparatively recurrent concern was the ability tosecure hybrid environments through “one plane ofglass” – a single solution for cloud security issuesacross on-premises, private, and various publiccloud infrastructures. Our expert network alsovoiced concerns over multi-cloud security, giventhat most enterprises consume cloud infrastructurefrom different vendors. Moreover, as cloud migration continues todominate the industry, many companies aremigrating legacy apps to the cloud. Thesemigrations are particularly risky endeavors, giventhat security in legacy applications is often omittedwhen transitioning those apps to the cloud. As such,when “lifting and shifting” legacy applications intothe cloud, security around new environments isoften overlooked. Many of the inherent risks ofthese moves lie in companies cutting corners andrefusing to restructure application architecture. Finally, asset visibility, already proven to be an issuein on-premises environments, is re-emerging as achallenge in cloud environments, which areephemeral and distributed.

YL Ventures | The CISO Current Report Q3 2019 8

Page 9: The CISO Report Q3 2019 - cyber.ylventures.com

FINAL OBSERVATIONSIt is paramount for startups to understand the needs and concerns of CISOs in order to successfully breakinto the market. Our compiled insights this quarter most notably reveal how CISOs are prioritizing theiroperational concerns over the acquisition of “blue ocean” technology. CISOs have become wary ofbuzzwords and are instead focusing on how to optimize basic security functions in complex, large-scaleenvironments. They are searching for management solutions that can assist with siloed products andquantifiably extracting the most value out of their existing security stack.

YL Ventures | The CISO Current Report Q3 2019 9

Page 10: The CISO Report Q3 2019 - cyber.ylventures.com

APPENDIXInterview prompts:

What are the three biggest problems you face in your daily cybersecurity operations?Can you share 2-3 fields that you anticipate are going to be major pain points in the future?Are there any manual processes run today that could ideally be automated? What technologies/solutions/value propositions are you likely to adopt early or engage with as a designpartner?

YL Ventures | The CISO Current Report Q3 2019 9

Page 11: The CISO Report Q3 2019 - cyber.ylventures.com

OUTREACH AND CONTACT INFORMATIONThis report was compiled with Israeli cybersecurity entrepreneurs in mind. If you are an Israeli-based start-uplooking for guidance for seed-stage funding, we invite you to contact YL Ventures Partner & Head of Israel Office,Ofer Schreiber, at [email protected]. We would like to sincerely thank all of the CISOs that participated in this report. If you are an industry insider andwould like to be interviewed for the next edition of the CISO current, please contact YL Ventures Partner, JohnBrennan, at [email protected]. We also invite any questions relating to this report to be directed to YL Ventures Analyst, Naama Ben Dov [email protected].

YL Ventures | The CISO Current Report Q3 2019 10