What Israel’s cybersecurity landscape foreshadows for 2018

In recent years, global-scale cyber-attacks have become more frequent and hackers continue to discover new attack vectors in existing and evolving domains, forcing cybersecurity vendors to constantly reinvent solutions in this cat-and-mouse game. At the same time, the “traditional” enterprise network is expanding and becoming increasingly complex, undefined and diffuse, as the enterprise perimeter moves into the cloud. These unique dynamics, which keep the market in an ongoing explosive phase, are catalysts for cybersecurity-related innovation and result in attractiveness for investments and M&A deals.

The fast pace of change also makes the Chief Information Security Officer’s job quite challenging. CISOs address endless alerts aggregated on multiple monitoring screens while simultaneously investigating and responding to the significant ones. To stay ahead, they need tools that grant more visibility. They also need orchestration, automation, and consolidation solutions, preferably from as few different vendors as possible (“one-stop shop”).

To get a grasp of the security landscape in 2018, we looked at the Israeli cybersecurity ecosystem, which is considered a global leader in the field. We created an infographic map of the Israeli cybersecurity landscape that highlights the main industry categories, startups, public companies, and M&As. After many hours of analysis and numerous validation calls, over 500 companies were reduced to the 199 included on the map. It is important to note that we excluded companies specializing in offensive cybersecurity and security services. To qualify, companies must have raised at least $1 million in funding or generated at least $100,000 in annual revenues. Companies who offer more than one product were classified by either their core product/main offering or the target they are protecting.

Funding and exit trends

According to IVC-Meitar’s fundraising and exit report for 2017, there is a clear decline in both the number of financing deals and the amount raised compared to 2016 and 2015. On the M&A side, the market set a record in total exit volume in 2017, while the number of exits decreased dramatically. In theory, that means larger amounts per exit. However, after taking a deeper look at the numbers it turns out that in practice, if you exclude outlier exits such as Argus Cybersecurity ($430 million), Skycure ($275 million), and FireGlass ($250 million) in 2017, and Cloudlock ($293 million) in 2016, the average exit size of cybersecurity companies in the past two years is less than $80 million. Although most of the exits have generated great returns, that might explain why there is a decline in investments, and why the local cybersecurity market in its current state is not attractive enough for large venture capital funds that generally seek over $500 million exits.

Above: Israeli cybersecurity landscape, as of January 2018

Security categories and product trends

Today’s complex enterprise environment creates a high degree of overlap between the security categories. Therefore, we redefined the “traditional” enterprise perimeter to include solutions that not only overlap with the perimeter but can also “extend” it (e.g. containers and serverless security). Vertical-focused categories such as automotive, industrial, and unmanned aerial vehicles (UAVs) were placed outside of the perimeter. In addition, while it is common to treat “deception” as a standalone category, we perceive it as a technology enabler/approach rather than a core product, since the goal is endpoint or network protection. For that reason, we decided to add another dimension to our map and highlight companies who use deception with a special purple “mask” icon.

Another category that is making its first appearance in 2018 is Gartner’s SOAR (Security Orchestration, Automation and Response).

Through the research process we uncovered several new cybersecurity findings:

• Being a “single-feature” company is no longer sufficient. CISOs are looking for a one-stop-shop vendor. From an investment perspective, being a niche or “single feature” company is just not enough.
• Security integration and orchestration should be considered key criteria of any new technology investment since the product’s ability to integrate and orchestrate with other products in the target environment is elementary.
• There is a shift away from AI-based solutions, which suffer from high false-positive rates and indeterminate results, to a whitelisting-based approach, which is more accurate, non-statistical, and in most cases enhances protection.
• Budgets and venture capital investments are shifting in emphasis from prevention solutions to incident investigation and response to overcome the cyber-talent shortage in Security Operations Centers (SOCs) and enable quick and effective responses.
• Emerging new technologies and frameworks, such as serverless and docker/containers, are quickly being adopted, driving tailor-made cybersecurity solutions that operate on a micro-service level.
• Industrial Control System (ICS) security has experienced a recent increase in demand, but in terms of market adoption, there is a long way to go, probably due to the conservative nature of the customers.
• A new domain, healthcare security, is on the rise, driven by the recent WannaCry attack, which shut down the UK National Healthcare Service (NHS), as well as by increased demand for Electronic Medical Records (EMR) on the DarkNet.
• The area of automotive security is seeing divergent trends. Solutions deployed outside the vehicles’ network are gaining momentum (e.g. cloud-based solutions for fleet protection), but in-vehicle security adoption is relatively slow, perhaps because the industry is awaiting regulation — and because OEMs are taking the time to assess different solutions, trying to find the best fit.
• Many companies use buzzwords to make their value proposition more appealing, but it seems to create more confusion than clarity. Our advice is, be accurate, coherent, and concise.
• The General Data Protection Regulation (GDPR) will raise the stakes for companies who suffer from cyber breaches causing privacy-related data loss. Those who experience these breaches or fail to meet GDPR requirements could face serious fines. To prepare, companies’ cybersecurity budgets are expected to increase.

These trends, which we see clearly in the Israeli cybersecurity landscape, are very likely global as well, since they map to the redefining of the traditional enterprise security perimeter. Overall, the landscape provides a good look at what types of solutions and solution categories currently define the market and where the blue and red oceans are as we go into 2018.

Nir Donitza is Senior Manager of Business Development and Partnering at Deutsche Telekom.

Gal Ringel is Investment Manager at Verizon Ventures.