VC firm seeks portfolio of start-ups to suppress cyber adversaries

Strategic Cyber Ventures creates synergistic team to deceive, divert, disrupt embedded foes

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

I’ve known Tom Keller­mann for more than a decade, and have always enjoyed my live­ly dis­cus­sions with him when he was vice pres­i­dent of secu­ri­ty aware­ness at Core Secu­ri­ty and, more recent­ly, dur­ing his stint as Trend Micro’s chief cyber­se­cu­ri­ty officer.

So when I heard that Tom was head­ing up a new ven­ture cap­i­tal invest­ment firm, I was eager to speak with him. We met last week at RSA 2017, the giant cyber­se­cu­ri­ty trade show held at the Moscone Cen­ter in San Fran­cis­co.

Relat­ed arti­cle: VC invest­ment in cyber­se­cu­ri­ty remains strong

Keller­mann now is CEO of Strate­gic Cyber Ven­tures, which launched in Feb­ru­ary 2016 with a siz­able war chest. He described how he is in the midst of direct­ing ven­ture cap­i­tal to a port­fo­lio of proven star­tups with a very spe­cif­ic, col­lec­tive mis­sion in mind. Essen­tial­ly, he wants to get SCV-backed com­pa­nies work­ing in con­cert to mate­ri­al­ly upgrade the capac­i­ty of U.S. orga­ni­za­tions to flush out and neu­tral­ize elite cyber intruders.

These are the hack­ers, often backed by nation-states, who’ve made it past the strongest perime­ter defens­es and who lurk deep inside strate­gic net­works. Here’s our con­ver­sa­tion, edit­ed for clar­i­ty and length. You also can lis­ten to the entire inter­view in the accom­pa­ny­ing podcast.

Third­Cer­tain­ty: How did you get into the ven­ture cap­i­tal game?

tom-kellerman_head_500Keller­mann: After 19 years in cyber­se­cu­ri­ty, I real­ized that the archi­tec­ture of cyber­se­cu­ri­ty was flawed. This is why the Rus­sians and Chi­nese and elite threat actors of the world have col­o­nized wide swaths of Amer­i­can and Euro­pean cyber space. We need­ed to elim­i­nate dwell time and have greater vis­i­bil­i­ty of their lat­er­al move­ment. And we need to begin to deceive and divert the adver­sary unbe­knownst to them, in order to hunt them in return.

And so I was giv­en the oppor­tu­ni­ty in a part­ner­ship with Hud­son Bay Cap­i­tal, a New York hedge fund, to deploy approx­i­mate­ly $100 mil­lion into com­pa­nies that are synergistic—that pro­vide for greater capac­i­ty to sup­press, con­tain, divert and then sub­se­quent­ly hunt elite hack­ers in today’s world.

3C: So you’ve already start­ing doing exact­ly what with this $100 million?

Keller­mann: The goal is real­ly to invest in a port­fo­lio of com­pa­nies that can cre­ate this con­struct of intru­sion sup­pres­sion. … So to achieve that, my first invest­ment was in TrapX Secu­ri­ty, a leader in the decep­tion tech­nol­o­gy space. The sec­ond invest­ment was E8 Secu­ri­ty, which is AI (arti­fi­cial intel­li­gence) applied to behav­ior ana­lyt­ics and threat intel­li­gence. The third invest­ment was ID DataWeb, which allows you to adap­tive­ly change authen­ti­ca­tion and adap­tive­ly increase lev­els of ver­i­fi­ca­tion for autho­rized transmissions.

3C: What ties them together?

Keller­mann: I’ve chal­lenged my port­fo­lio mem­bers to part­ner with one anoth­er. We will nev­er invest in redun­dant secu­ri­ty con­trol. We only focus on one spe­cif­ic solu­tion set per secu­ri­ty con­trol that we’ve iden­ti­fied as being a gap. In addi­tion to that, we hope that these orga­ni­za­tions go to mar­ket togeth­er and real­ly begin to change the archi­tec­ture of cybersecurity.

If you’re a CISO in today’s world, you’re not going to rip and replace your fire­walls and your en-point secu­ri­ty. So how can you actu­al­ly dra­mat­i­cal­ly improve ROI for your secu­ri­ty invest­ments and react faster to adver­saries once they bypass your perime­ters? You can do it by decreas­ing dwell time. And in order to decrease dwell time, you need to employ decep­tive tech­nolo­gies, user behav­ior ana­lyt­ics and adap­tive authentication.

3C: Explain dwell time.

Tom Kellermann, Strategic Cyber Ventures CEO
Tom Keller­mann, Strate­gic Cyber Ven­tures CEO

Keller­mann: Dwell time is the amount of time that a hack­er can sit on your net­work unde­tect­ed, then move lat­er­al­ly to set up back doors, steal cre­den­tials or deposit mal­ware fur­ther in your sys­tem. When a hack­er hacks you, after they steal from you, they then use your brand to attack your con­stituen­cy, which is why we’ve seen an uptick in the num­ber of water­ing hole attacks, and which is why we see more and more busi­ness email com­pro­mise attacks.

3C: So you have three com­pa­nies you’ve invest­ed in. Are you look­ing for more?

Keller­mann: Under an over­ar­ch­ing go-to-mar­ket strat­e­gy. They will reach out to CISOs who desire to decrease dwell time, improve sit­u­a­tion aware­ness and lat­er­al move­ment, and react faster to an adversary.

3C: How did you come up with this invest­ment strategy?

Keller­mann: Nine­teen years of doing secu­ri­ty. Whether I was doing secu­ri­ty at the World Bank or whether I was doing pen­e­tra­tion test­ing for Core Secu­ri­ty or when I was the chief secu­ri­ty offi­cer for Trend Micro, I began to real­ize we always had the sim­ple conun­drum, which was that the adver­saries are already in your house, it’s not just one indi­vid­ual, it’s mul­ti­ple indi­vid­u­als, and they’re becom­ing more punitive.

3C: So your work­ing premise is that the bad guys are already inside, and you’re try­ing to flush them out.

Keller­mann: Most net­work com­pro­mis­es are more than five months in length. The adver­saries are already inside of your net­work, or inside some seg­ment of your sup­ply chain. How are you going to dimin­ish and decrease the amount of time they have to roam freely?

E8 Secu­ri­ty is like the Rot­tweil­er that doesn’t bark or growl. This dog reacts to the anom­alous pres­ence in the house, and then the ani­mal will fol­low and track this indi­vid­ual through the house, unbe­knownst to the indi­vid­ual. What ID DataWeb essen­tial­ly does is, if you know a bur­glar came in with a skele­ton key, and has dupli­cates of all your keys, ID DataWeb allows you to replace all your door locks and key­pads instan­ta­neous­ly. By com­bin­ing decep­tion tech­nolo­gies, user behav­ior ana­lyt­ics and adap­tive authen­ti­ca­tion, you can elim­i­nate dwell time, appre­ci­ate lat­er­al move­ment, and begin to hunt those who are hunt­ing you.

More sto­ries relat­ed to cyber­se­cu­ri­ty investments:
Ven­ture cap­i­tal­ists start to tap into cyber­se­cu­ri­ty potential
Despite cyber­se­cu­ri­ty boom, few­er firms acquired or go public