VC firm seeks portfolio of start-ups to suppress cyber adversaries
Strategic Cyber Ventures creates synergistic team to deceive, divert, disrupt embedded foes
By Byron Acohido, ThirdCertainty
I’ve known Tom Kellermann for more than a decade, and have always enjoyed my lively discussions with him when he was vice president of security awareness at Core Security and, more recently, during his stint as Trend Micro’s chief cybersecurity officer.
So when I heard that Tom was heading up a new venture capital investment firm, I was eager to speak with him. We met last week at RSA 2017, the giant cybersecurity trade show held at the Moscone Center in San Francisco.
Related article: VC investment in cybersecurity remains strong
Kellermann now is CEO of Strategic Cyber Ventures, which launched in February 2016 with a sizable war chest. He described how he is in the midst of directing venture capital to a portfolio of proven startups with a very specific, collective mission in mind. Essentially, he wants to get SCV-backed companies working in concert to materially upgrade the capacity of U.S. organizations to flush out and neutralize elite cyber intruders.
These are the hackers, often backed by nation-states, who’ve made it past the strongest perimeter defenses and who lurk deep inside strategic networks. Here’s our conversation, edited for clarity and length. You also can listen to the entire interview in the accompanying podcast.
ThirdCertainty: How did you get into the venture capital game?
Kellermann: After 19 years in cybersecurity, I realized that the architecture of cybersecurity was flawed. This is why the Russians and Chinese and elite threat actors of the world have colonized wide swaths of American and European cyber space. We needed to eliminate dwell time and have greater visibility of their lateral movement. And we need to begin to deceive and divert the adversary unbeknownst to them, in order to hunt them in return.
And so I was given the opportunity in a partnership with Hudson Bay Capital, a New York hedge fund, to deploy approximately $100 million into companies that are synergistic—that provide for greater capacity to suppress, contain, divert and then subsequently hunt elite hackers in today’s world.
3C: So you’ve already starting doing exactly what with this $100 million?
Kellermann: The goal is really to invest in a portfolio of companies that can create this construct of intrusion suppression. … So to achieve that, my first investment was in TrapX Security, a leader in the deception technology space. The second investment was E8 Security, which is AI (artificial intelligence) applied to behavior analytics and threat intelligence. The third investment was ID DataWeb, which allows you to adaptively change authentication and adaptively increase levels of verification for authorized transmissions.
3C: What ties them together?
Kellermann: I’ve challenged my portfolio members to partner with one another. We will never invest in redundant security control. We only focus on one specific solution set per security control that we’ve identified as being a gap. In addition to that, we hope that these organizations go to market together and really begin to change the architecture of cybersecurity.
If you’re a CISO in today’s world, you’re not going to rip and replace your firewalls and your en-point security. So how can you actually dramatically improve ROI for your security investments and react faster to adversaries once they bypass your perimeters? You can do it by decreasing dwell time. And in order to decrease dwell time, you need to employ deceptive technologies, user behavior analytics and adaptive authentication.
3C: Explain dwell time.
Kellermann: Dwell time is the amount of time that a hacker can sit on your network undetected, then move laterally to set up back doors, steal credentials or deposit malware further in your system. When a hacker hacks you, after they steal from you, they then use your brand to attack your constituency, which is why we’ve seen an uptick in the number of watering hole attacks, and which is why we see more and more business email compromise attacks.
3C: So you have three companies you’ve invested in. Are you looking for more?
Kellermann: Under an overarching go-to-market strategy. They will reach out to CISOs who desire to decrease dwell time, improve situation awareness and lateral movement, and react faster to an adversary.
3C: How did you come up with this investment strategy?
Kellermann: Nineteen years of doing security. Whether I was doing security at the World Bank or whether I was doing penetration testing for Core Security or when I was the chief security officer for Trend Micro, I began to realize we always had the simple conundrum, which was that the adversaries are already in your house, it’s not just one individual, it’s multiple individuals, and they’re becoming more punitive.
3C: So your working premise is that the bad guys are already inside, and you’re trying to flush them out.
Kellermann: Most network compromises are more than five months in length. The adversaries are already inside of your network, or inside some segment of your supply chain. How are you going to diminish and decrease the amount of time they have to roam freely?
E8 Security is like the Rottweiler that doesn’t bark or growl. This dog reacts to the anomalous presence in the house, and then the animal will follow and track this individual through the house, unbeknownst to the individual. What ID DataWeb essentially does is, if you know a burglar came in with a skeleton key, and has duplicates of all your keys, ID DataWeb allows you to replace all your door locks and keypads instantaneously. By combining deception technologies, user behavior analytics and adaptive authentication, you can eliminate dwell time, appreciate lateral movement, and begin to hunt those who are hunting you.
More stories related to cybersecurity investments:
Venture capitalists start to tap into cybersecurity potential
Despite cybersecurity boom, fewer firms acquired or go public