Spending Spree: Whats on Security Investors Minds for 2019

Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.

The new year will bring waves of consolidation and innovation to the cybersecurity market as investors decide which startups will provide the strongest defenses to businesses in need of them.
Global spending on security products and services will close out the year in excess of $114 billion, marking a 12.4% increase from 2017, Gartner research
indicates
. Next year, the security market is expected to grow 8.7% and hit $124 billion as security leaders aim to use technology to help organizations become more competitive, addressing a broad landscape of risks and varying corporate needs.
As we look to 2019, investors are weighing these risks and needs as they allocate funds toward the companies and technologies holding the most promise for next year. But before we think about the year ahead, lets first recap the year were leaving behind.
A Look Back: 2018 in Hindsight
According to Hank Thomas, CEO and partner at Strategic Cyber Ventures (SCV), 2018 was really about people playing catch-up with the attack surface that had gotten out of control.
The top questions companies were asking this past year: Where is my data? What is my most important data? Where does my network begin and end? What do I need to protect? What does my rapidly expanding attack surface look like, and how do I protect it?
Security was top-of-mind for private equity firms, which spent 2018 building out their infosec portfolios. Thoma Bravo, for example, in May took a
majority stake
in LogRhythm, a security information and event management (SIEM) company. It later
bought
security firm Imperva for $2.1 billion in October, which was followed by a $950 million acquisition of Veracode the
next month
.
The trend affected both large and early-stage companies as private equity players were willing to consider startups in their B or C funding rounds and bring them into the fold, explains Jeff Pollard, Forrester vice president and principal analyst serving security and risk professionals.
It definitely appears the private equity firms … theyve figured out a way to make money off cybersecurity, he explains. While their end game is still a bit up in the air, he also expects the trend of private equity cybersecurity investment to continue into 2019.
This year also saw security startups exit as bigger firms snapped them up. Automation and analytics were hot technologies for giants including Microsoft and Amazon, neither of which are traditional security firms but are interested in integrating analytics into their feature sets. Other traditional firms invested to address weak spots like identity, says Pollard: Ciscos
purchase of
Duo Security for $2.35 billion was one of the giants largest security deals to date.
Investors will be watching as larger firms aim to shore up defenses. Cloud security, for example, is a top priority for Palo Alto Networks, which in March
acquired
Evident.io for $300 million to strengthen the cloud. Later this year, it doubled its efforts with a $173 million
purchase
of RedLock.
Future Funding: Whats Coming in 2019
Thinking about next year, Pollard expects a wave of innovation and consolidation as startups founded to build specific solutions see their technologies integrated into broader platforms.
Whenever you have a flurry of startup activity, what you find is a lot of vendors trying to solve very similar problems, he explains. What happens in the enterprise is these capabilities make more sense as features of bigger products. The endpoint space, for example, has a wealth of advanced technology and has experienced much consolidation as firms aim to offer a suite instead of a single tool.
Which technologies are investors thinking about in 2019? Unlike in years past, artificial intelligence (AI) and machine learning will not set startups apart, Pollard says. In 2018 we saw a bit of a swerve, and much of the allure of AI and machine learning disappeared as both became expected features in other technologies. Theyre not nice-to-have, but must-have, additions.
Its not that machine learning and artificial intelligence will go away – its just a default expectation, he explains. Youre not going to be funded because you do cool artificial intelligence and machine learning for security. The people who make more sophisticated use of that and show how it makes a solution will be the organizations that can power forward.
SCVs Thomas foresees the rise of different up-and-coming security products that arent specifically built for security but have many applications in the space. Computer vision technology, a form of AI, is one example and has varying use cases, from facial recognition to collaboration tools. It can also be used to identify deep fake videos that can be used to spread disinformation.
This is an area SCV has been closely considering, Thomas says. Deep fake videos are realistic videos that circulate online and can prompt corporations to ask security teams to react. He describes it as similar to fake news but in the form of an incident that could affect a major organizations security posture. A hacker group that wanted to add a layer of obfuscation and hide their activity could use a deep fake video to distract security teams from their work.
Threats are potentially catastrophic and could have major security implications, Thomas adds. SCV has been looking at tech that can confirm with high probability whether content is fake and untangle the spiderweb of disinformation online. Corporate America might have to get into the business of identifying fake news as it pertains to network threat activity, he explains.
A Fortune 100 company could save a lot of money on a threat thats not real, Thomas says. Its going to be important they have a capability to confirm or deny these threats if its gonna be in the public domain.
He also expects identity and access management (IAM) will reach a new level in 2019, with different forms of multifactor authentication. The single sign-on password is mostly dead in the business world, Thomas continues, and new forms of authentication will surface. A number of companies have started to use computer vision for facial recognition on-premise, he adds.
Pollard anticipates investment in tools designed to bridge the gap between security and business teams. New solutions will emerge to provide security leaders with metrics, dashboards, and visualizations so they can better present security-related data to stakeholders and help enterprise employees view security in a different way. He also expects a growth in services, which he says used to be less attractive to investors but have since seen positive growth.
It definitely looks like security budgets, and people buying security technologies, are definitely going up, he says. Thats also leading to the investment side going up as well.
New Solutions for New (and Old) Problems
As security budgets rise, so will investments, Thomas says. Many companies still dont know what they need to defend, and their networks are expanding as a result of new trends such as the Internet of Things. Reality will set in during the upcoming year, he adds.
They have been forced to expand in areas they didnt want to go into, [and] now theyre forced to defend more territory than they ever planned on defending, Thomas explains.
Still, the security industry continues to deal with the same problems it dealt with a decade ago, says Pollard, and big security players havent sufficiently done their jobs to solve them.
We need innovation, he admits. The market needs new people and talent, he continues, and there is both ample funding and investor interest to bring new ideas to fruition. If you have an idea for security, start it, Pollard emphasizes. Theres an appetite for this.
Related Content:
2019 Attacker Playbook
7 Business Metrics Security Pros Need to Know
Security 101: How Businesses and Schools Bridge the Talent Gap
How to Optimize Security Spending While Reducing Risk

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Spending Spree: Whats on Security Investors Minds for 2019