- VC Joydeep Bhattacharyya is an investor in billion-dollar cybersecurity startup Snyk, and sits on the board of industrial security firm Dragos.
- As a general partner at the firm Canaan Partners, he scouts for trends in the booming but complicated cybersecurity industry.
- Right now Bhattacharyya sees a handful of trends he believes will soon see an infusion of cash from investors.
- The startups in those areas include his firms Snyk, Dragos, and PerimeterX, but also firms he is not invested in, including Signal Sciences, Banyan Security, Whitesource, Claroty, and Arctic Wolf.
- Visit Business Insider’s homepage for more stories.
Venture capital investor Joydeep Bhattacharyya has his finger on the pulse of five major emerging trends in cybersecurity, and can point out startups to watch in each, some that he has invested in and many that he has not.
Bhattacharyy, a general partner at San Francisco venture capital firm Canaan Partners, invested in the booming $1 billion cybersecurity startup Snyk, sits on the board of the industrial cybersecurity firm Dragos, and previously led enterprise investing at Silicon Valley’s Shasta Ventures. He’s also a former Microsoft engineer.
Here are five cybersecurity trends and a dozen companies where he expects to see more investment soon:
The pandemic has finally killed the network perimeter once and for all
For years companies clung to the notion of a defensible boundary around their computer networks, where employees working at a corporate office are inside the boundary and the bad guys are outside of it. But, as remote work gained in popularity the idea of a perimeter, protected by a firewall, grew increasingly old fashioned.
COVID has finally made that way of looking at security “almost irrelevant,” Bhattacharyya says, as entire workforces became remote, accessing company data and tools from home.
A new way of looking at security is now becoming the norm: patrolling key assets rather than watching a perimeter. Companies need to protect the areas where they actually do business today: websites, mobile applications and application programming interfaces (APIs), which are where different computer programs connect.
PerimeterX, one of Bhattacharyya’s investments, identifies and stops attacks on these key areas. He also likes the companies Signal Sciences, and Shape Security, which also protect these areas.
New VPNs for long-term remote work that segment employee access
When remote workers need to connect to company data, communications, and tools, they still need a virtual private network (VPN), to securely pipe them into company networks. But old-school VPNs can be a skeleton key that connects an employee – or hacker – to everything in the company. That access needs to be more focused and limited, he says.
“There’s a class of companies that provide granular, pointed access to precise apps on your network in a way that’s easy for employees. They could very well disrupt the whole firewall ecosystem,” he says. The public company Zscaler, and the startups Banyan Security, Axis Security, and Odo Security are succeeding in this area, Bhattacharyy believes.
Solving security mistakes before developers make them
“It used to be security was added on, like maybe you alluded to security as an afterthought when you were building a software product or application,” Bhattacharyya says. Addressing security during development is a way of “nipping all the vulnerabilities in the bud,” he says.
In this area, he is an investor in Snyk, a booming Boston startup that saw a 3x valuation step-up to reach billion-dollar “unicorn” valuation. Snyk harnesses the knowledge of open source code to learn all the known code vulnerabilities in different software code snippets, and alerts developers when they are repeating any of those mistakes.
Another company he likes in this area is Whitesource, an Israeli startup that has raised more than $46 million from investors including Susquehanna Growth Equity.
Stopping hacks of power grids, oil refineries, and airlines
Major industrial systems around the world have historically been notoriously vulnerable to hackers. With the rise in the Internet of Things and its cousin, the Industrial Internet of Things, hackers can now cause trouble in new ways.
“If you think about oil refineries, electrical grids, railways, airlines – all of these are in some way or form connected to the internet,” Bhattacharyy says. “When these are vulnerable, it’s not about some financial ramifications. People can lose their lives.”
Bhattacharyy sits on the board of Dragos, which he says is an industry leader in IIoT security, and likes the competing companies Nozomi Networks and Claroty.
New cybersecurity services watching out for small firms
Big companies have always had access to powerful cybersecurity tools; not so for the little guys. And that can cause problems in the era of ransomware, when data stolen from big companies can be used “downstream,” as hackers steal log-in credentials and other data that makes partners and customers vulnerable.
Managed security service providers, companies that provide cybersecurity to smaller firms, can address issues small companies cannot with their limited in-house personnel and tools.
“Large businesses can actually pay off the ransomware or somehow extricate themselves by going into their rainy day fund. If you are a small to mid-sized business, you could be affected by the same attack and be on the precipice of of losing your business,” he says.
Such managed security firms help small and mid-sized businesses affordably handle their cybersecurity in general to prevent them from becoming victims from new threats like ransomware.
He likes the companies Coronet and Arctic Wolf, which are working in this area of managed services.