DEFCON 2005

1
DEFCON 2005
The InformationSecurity IndustryBillions
Blown onBloopers, Blights, Blunders
David Cowan Bessemer Venture Partners July 30, 2
005
2
Questions for an Information Security VC

• What kinds of security startups are you funding?
  What about other VCs?
  
• Why would anyone want to fund the 1000th
  information security startup?
  
• Enterprises buy suitesnot point solutionsyet
  VCs keep funding startup security companies.
  What are you smoking?
  
• Whats going to happen to all those startups
  anyway?

3
Why Dwell on the Mistakes?

• Ask Dan Farmer and Michael Lynn
• Vulnerability assessment applies to more than
  just information security!
  
• Bessemers Anti-Portfolio http//www.bvp.com/port/
  anti.asp
  
• Intel
• FedEx
• Lotus
• eBay
• Checkpoint
• Google

4
This presentation is for

• Investors
• who dont want to lose money
• Entrepreneurs
• who want to avoid bad strategy
• Researchers and Engineers
• who want to avoid a career mistake
• CISOs and their staff
• who dont want to buy the wrong product
• Bank account holders
• who want to keep their money

5
(No Transcript)
6
BESSEMER VENTURE PARTNERS

• Location California, NY, Boston,
  Bangalore, Shanghai
  
• Founded 1911
• Investor Phipps Family
• Non-Tech Portfolio
• Manufacturing WR Grace, International Paper,
  Ingersoll Rand, Fort James
  
• Retail Staples, Sports Authority, Eagle
  Hardware, Dicks, Blue Nile
  
• Biotech Myco, PerSeptive Biosystems, Isis
  Pharmaceuticals
  
• Other Gartner Group, VistaCare
• Tech Portfolio
• Software Parametric, Veritas, SystemSoft,
  SMARTS
  
• Systems Ungermann-Bass, Cascade, Ciena, P-Com,
  Omnia, Flarion
  
• Services Keynote, PSI-Net, Verio, Mindspring,
  Hotjobs, Telocity, Skype
  
• Chips American Superconductor, QED, Maxim,
  C-Port, DSP Group
  

7
BESSEMER IS THE MOST ACTIVE EARLY-STAGE VENTURE
FIRM IN INFORMATION SECURITY.

• All but our 3 recent early-stage investments have
  run rates above 10mm
  
• 5 IPOs, 1 acquired by Cisco
• Not a single Realized or Unrealized Loss

8
OUR IT SECURITY TEAM

• David Cowan
• Co-Founder and former Chairman, VeriSign
• Devesh Garg
• Former GM, Broadcoms Security BU
• Chini Krishnan
• Founder, Valicert
• Peter Watkins
• Former President, Network Associates
• Chris Risley
• CEO, ON and Nominum
• Jeremy Levine
• Director of Determina and eEye
• Justin Label
• Director of Tripwire and Finjan

9
(No Transcript)
10
A VERY GOOD REASON TO BUY FROM BIG COMPANIES

• Integrated Security Suites Make Sense
• Integrated Console
• Event Correlation
• Consolidated Appliance
• Vendor Viability

11
SYMANTEC
Access
Network Firewall
IP Sec VPN
SSL VPN
Network
Network Intrusion Detection
Network Vulnerability Assessment
Network Traffic Forensics
Network Device Security
DNS Security
DDoS Protection
WLAN Security
Protection
OS Protection
Host Vulnerability Assessment
Config Scanning
Config Control
Host Intrusion Detection
Patch Distribution
Web Server Protection
Server
Spyware Removal
PC Firewall
Config Scanning
Config Control
Anti-Virus (Client-based)
Patch Distribution
PDA Security Mgmt
Client
Spyware Prevention
Web Application Firewall
Application Intrusion Prevention
Source Code Security Analysis
App
Endpoints
Alert
Decision Support
Configuration
Policy Analysis
Change Audit
Test
Workflow
Policy Articulation
Process
Policy Enforcement
Alert
Change Audit
Decision Support
Patch
Test
Workflow
Tokens (Hardware Software)
Single Sign-On
Directory Management
Password Management
AAA
PKI
Biometrics
Email Security
Web-Based Content Security
URL Filtering
Behavior-Based AV
Signature-Based AV
Content Security
Spam Filtering
Connection Mgmt
Data
Content / Attachment Management
Delivery Management
Instant Messaging Security
Digital Rights Management
Extrusion Detection
XML Security
Encryption
Authenticated Delivery Rcpt
Email Encryption
SSL
Storage Encryption
Mgmt
Security Monitoring Services
Security Device Management
Security Event Correlation
Security Forensics
Services
Security Strategy Planning
Security Design Consulting
Security Integration Implementation
Assessments Audits
Consulting
Internet / Brand Monitoring
Transaction Monitoring Fraud Scoring
Institution
Fraud Alerting
Cease Desist / Legal Action
Data Recovery
Forensic Analysis
Proactive Countermeasures
Fraud
Client-Side Real-Time Fraud Assessment
Anti-Fraud Authentication Schemes
Consumer Education Services
Identity Theft Monitoring Alerting
Consumer
12
McAFEE
Access
Network Firewall
IP Sec VPN
SSL VPN
Network
Network Intrusion Detection
Network Vulnerability Assessment
Network Traffic Forensics
Network Device Security
DNS Security
DDoS Protection
WLAN Security
Protection
OS Protection
Host Vulnerability Assessment
Config Scanning
Config Control
Host Intrusion Detection
Patch Distribution
Web Server Protection
Server
Spyware Removal
PC Firewall
Config Scanning
Config Control
Anti-Virus (Client-based)
Patch Distribution
PDA Security Mgmt
Client
Spyware Prevention
Web Application Firewall
Application Intrusion Prevention
Source Code Security Analysis
App
Endpoints
Alert
Decision Support
Configuration
Policy Analysis
Change Audit
Test
Workflow
Policy Articulation
Process
Policy Enforcement
Alert
Change Audit
Decision Support
Patch
Test
Workflow
Tokens (Hardware Software)
Single Sign-On
Directory Management
Password Management
AAA
PKI
Biometrics
Email Security
Web-Based Content Security
URL Filtering
Behavior-Based AV
Signature-Based AV
Content Security
Spam Filtering
Connection Mgmt
Data
Content / Attachment Management
Delivery Management
Instant Messaging Security
Digital Rights Management
Extrusion Detection
XML Security
Encryption
Authenticated Delivery Rcpt
Email Encryption
SSL
Storage Encryption
Mgmt
Security Monitoring Services
Security Device Management
Security Event Correlation
Security Forensics
Services
Security Strategy Planning
Security Design Consulting
Security Integration Implementation
Assessments Audits
Consulting
Internet / Brand Monitoring
Transaction Monitoring Fraud Scoring
Institution
Fraud Alerting
Cease Desist / Legal Action
Data Recovery
Forensic Analysis
Proactive Countermeasures
Fraud
Client-Side Real-Time Fraud Assessment
Anti-Fraud Authentication Schemes
Consumer Education Services
Identity Theft Monitoring Alerting
Consumer
13
ISS
Access
Network Firewall
IP Sec VPN
SSL VPN
Network
Network Intrusion Detection
Network Vulnerability Assessment
Network Traffic Forensics
Network Device Security
DNS Security
DDoS Protection
WLAN Security
Protection
OS Protection
Host Vulnerability Assessment
Config Scanning
Config Control
Host Intrusion Detection
Patch Distribution
Web Server Protection
Server
Spyware Removal
PC Firewall
Config Scanning
Config Control
Anti-Virus (Client-based)
Patch Distribution
PDA Security Mgmt
Client
Spyware Prevention
Web Application Firewall
Application Intrusion Prevention
Source Code Security Analysis
App
Endpoints
Alert
Decision Support
Configuration
Policy Analysis
Change Audit
Test
Workflow
Policy Articulation
Process
Policy Enforcement
Alert
Change Audit
Decision Support
Patch
Test
Workflow
Tokens (Hardware Software)
Single Sign-On
Directory Management
Password Management
AAA
PKI
Biometrics
Email Security
Web-Based Content Security
URL Filtering
Behavior-Based AV
Signature-Based AV
Content Security
Spam Filtering
Connection Mgmt
Data
Content / Attachment Management
Delivery Management
Instant Messaging Security
Digital Rights Management
Extrusion Detection
XML Security
Encryption
Authenticated Delivery Rcpt
Email Encryption
SSL
Storage Encryption
Mgmt
Security Monitoring Services
Security Device Management
Security Event Correlation
Security Forensics
Services
Security Strategy Planning
Security Design Consulting
Security Integration Implementation
Assessments Audits
Consulting
Internet / Brand Monitoring
Transaction Monitoring Fraud Scoring
Institution
Fraud Alerting
Cease Desist / Legal Action
Data Recovery
Forensic Analysis
Proactive Countermeasures
Fraud
Client-Side Real-Time Fraud Assessment
Anti-Fraud Authentication Schemes
Consumer Education Services
Identity Theft Monitoring Alerting
Consumer
14
COMPUTER ASSOCIATES
Access
Network Firewall
IP Sec VPN
SSL VPN
Network
Network Intrusion Detection
Network Vulnerability Assessment
Network Traffic Forensics
Network Device Security
DNS Security
DDoS Protection
WLAN Security
Protection
OS Protection
Host Vulnerability Assessment
Config Scanning
Config Control
Host Intrusion Detection
Patch Distribution
Web Server Protection
Server
Spyware Removal
PC Firewall
Config Scanning
Config Control
Anti-Virus (Client-based)
Patch Distribution
PDA Security Mgmt
Client
Spyware Prevention
Web Application Firewall
Application Intrusion Prevention
Source Code Security Analysis
App
Endpoints
Alert
Decision Support
Configuration
Policy Analysis
Change Audit
Test
Workflow
Policy Articulation
Process
Policy Enforcement
Alert
Change Audit
Decision Support
Patch
Test
Workflow
Tokens (Hardware Software)
Single Sign-On
Directory Management
Password Management
AAA
PKI
Biometrics
Email Security
Web-Based Content Security
URL Filtering
Behavior-Based AV
Signature-Based AV
Content Security
Spam Filtering
Connection Mgmt
Data
Content / Attachment Management
Delivery Management
Instant Messaging Security
Digital Rights Management
Extrusion Detection
XML Security
Encryption
Authenticated Delivery Rcpt
Email Encryption
SSL
Storage Encryption
Mgmt
Security Monitoring Services
Security Device Management
Security Event Correlation
Security Forensics
Services
Security Strategy Planning
Security Design Consulting
Security Integration Implementation
Assessments Audits
Consulting
Internet / Brand Monitoring
Transaction Monitoring Fraud Scoring
Institution
Fraud Alerting
Cease Desist / Legal Action
Data Recovery
Forensic Analysis
Proactive Countermeasures
Fraud
Client-Side Real-Time Fraud Assessment
Anti-Fraud Authentication Schemes
Consumer Education Services
Identity Theft Monitoring Alerting
Consumer
15
CISCO
Access
Network Firewall
IP Sec VPN
SSL VPN
Network
Network Intrusion Detection
Network Vulnerability Assessment
Network Traffic Forensics
Network Device Security
DNS Security
DDoS Protection
WLAN Security
Protection
OS Protection
Host Vulnerability Assessment
Config Scanning
Config Control
Host Intrusion Detection
Patch Distribution
Web Server Protection
Server
Spyware Removal
PC Firewall
Config Scanning
Config Control
Anti-Virus (Client-based)
Patch Distribution
PDA Security Mgmt
Client
Spyware Prevention
Web Application Firewall
Application Intrusion Prevention
Source Code Security Analysis
App
Endpoints
Alert
Decision Support
Configuration
Policy Analysis
Change Audit
Test
Workflow
Policy Articulation
Process
Policy Enforcement
Alert
Change Audit
Decision Support
Patch
Test
Workflow
Tokens (Hardware Software)
Single Sign-On
Directory Management
Password Management
AAA
PKI
Biometrics
Email Security
Web-Based Content Security
URL Filtering
Behavior-Based AV
Signature-Based AV
Content Security
Spam Filtering
Connection Mgmt
Data
Content / Attachment Management
Delivery Management
Instant Messaging Security
Digital Rights Management
Extrusion Detection
XML Security
Encryption
Authenticated Delivery Rcpt
Email Encryption
SSL
Storage Encryption
Mgmt
Security Monitoring Services
Security Device Management
Security Event Correlation
Security Forensics
Services
Security Strategy Planning
Security Design Consulting
Security Integration Implementation
Assessments Audits
Consulting
Internet / Brand Monitoring
Transaction Monitoring Fraud Scoring
Institution
Fraud Alerting
Cease Desist / Legal Action
Data Recovery
Forensic Analysis
Proactive Countermeasures
Fraud
Client-Side Real-Time Fraud Assessment
Anti-Fraud Authentication Schemes
Consumer Education Services
Identity Theft Monitoring Alerting
Consumer
16
(No Transcript)
17
BUT SECURITY IS FLUID, AND A CONSTANT
BATTLE.RAPID INNOVATION IS NEEDED, EVEN TO TREAD
WATER.
XML, PDA, IM, RSS, ATOM, PDA, VoIP, Longhorn,
WiFi, SAN
477 VC-backed companies since 03
-- VentureSource
18
NO SECURITY IPOS IN 2003, 2004 or 2005.
BUT
Source Morgan Stanley Research
19
(No Transcript)
20
Reasons People Buy Security Technology

• I understand how this technology will likely
  secure important assets from entire classes of
  attack at a reasonable cost
  
• Lots of people seem to think that this technology
  works.
  
• I wont get fired so long as I deployed what
  everyone else deployed.
  
• I got a good deal on a bundle.
• Need to prove best practice security
• I have budget to prevent an attack from recurring.

• Wild party at Olympic Garden.

• Wild party at Olympic Garden.

21
Bloopers, Blights Blunders
Classes of Security Technology
WORKS
SELLS
Blights
Bessemer
Blunders
Bloopers
22
(No Transcript)
23
Bloopers
Universal Consoles -- this is Integration, not I
nnovation Enterprise DRM -- pain is too episodi
c, and difficult to quantify never stays long in
the top 3 concerns Enterprise DDOS -- by the ti
me the traffic hits the edge, its too late!
PKI -- benefits never justified the expense App
let signing -- too much useless information
24
Blights
IDS Unmanaged Firewalls Server A/V Singl
e Sign On

25
Blunders
Anomaly-Based IPS -- slow -- requires training

-- requires more training -- FALSE POSITIVES
26
Ineffective Ways to Secure Online Transactions
Prevent Phishing Empower the User Educate t
he User Authenticate the Email Source Strongly
Authenticate Everyone Authenticate the Login
Authenticate with smart cards like SecurID
Apply Biometrics Online Defeat Phishing with Wa
termarks
27
Effectively, Affordably Secure Online Transactions

• Banks
• Authenticate the transaction
• Profile the risk
• Escalate the response
• Authenticate over multiple channels
• Email Providers
• Restore credibility to Email through behavior
  tracking
  
• End-User Security Tools
• Help the user make good judgment calls

28
(No Transcript)
29
Security Opportunities Im Wondering About
Is it possible to scale accurate reputational
services? Email address IP address ISP Be
havior Do we need to secure RSS and Atom feeds?
Can we nip VOIP Spam in the bud?
dc_at_bvp.com www.bvp.com http//WhoHasTimeForT
his.blogspot.com

30
(No Transcript)