By Derek Handova

Venture capitalists (VCs) and to some lesser extent private equity have played important roles in funding security technology startups. With the move of security to the cloud like so many other technologies, managed security service providers (MSSPs) in the channel are well positioned to reap the benefits of that investment. And as trends go, VCs anticipate that they will continue to lead the way in cybersecurity investments come 2019.

“We expect strong continued funding for cybersecurity in 2019, with valuations at the seed and early stage remaining relatively constant for true startups, but rapidly increasing as firms show traction,” says Thomas Weithman, managing director of CIT GAP Funds, a family of seed-stage venture funds. “We think hot spaces for VC investment will include security for IoT, endpoint, authentication, and orchestration/automated incident response, as well as solutions driven by and for the cloud.”

Security by Design, DevSecOps, AI, and IoT

In the wake of GDPR and other new privacy and security regulations, security by design and DevSecOps have taken on a bit more heat in their trend as a hot investment area in cybersecurity, according to infosec experts.

“VC funding will focus on a cybersecurity automation provider that focuses on B2B enterprise and business to developers,” says Min Pyo Hong, CEO of SEWorks, which offers both offensive and defensive security solutions for mobile and web apps. “The economy scale of cybersecurity industries comes from B2B and business to developers, or companies connected to the government.”

In addition, security as a service will expand as an investment trend in 2019 by intensifying the use of AI and push further into the edge by beginning to service IoT more extensively. This is because AI will actually be used to create new attack vectors on IoT.

“As IoT continues to expand and evolve in 2019, so will automated and AI-powered cyberthreats,” Hong says. “Penetration testing will need to become AI-powered. Security as a service will be recognized as a continuous security delivery model that makes sense for enterprises and developers.”

Investment Trends in Endpoint Security

AI will not only wend its way into IoT but also forward toward endpoint security. And while perhaps it’s been overhyped in the market, advances in machine learning and use of big data to provide better insights are showing true promise, according to experts. They say that amid the security skills shortage and onslaught of attacks that large organizations face, startups that harness these two technologies should flourish. IoT is a looming issue that security teams will start paying more and more attention to in the coming years. This trend leads the sector as the landscape changes and cycles.

Exabeam’s Nir Polak

“Security is in the middle of a technology refresh cycle,” says Nir Polak, CEO and co-founder, Exabeam, a security information and event management company. “Endpoint security, known as endpoint detection and response, has seen an IPO, a billion-dollar-plus buyout, and talk of another S1 filing in 2018. Next is security management, which is a top-three market in security, and has not seen a new public company in the space in over 10 years. Access and identity management remains an issue and will likely see activity over a longer time frame.”

Security Trends in Social Media Networks

One security trend investors are tracking is the growing need for corporate social network analysis. This comes in response to the continued evolution of business communications from email as the primary communication tool to social networks such as Yammer, Facebook Workplace, Microsoft Teams and Slack. And despite social-messaging services becoming a widely used communication method, 62 percent of companies are slow to make security policy changes to employee messaging services, according to a 2017 study by 451 Research.

“We’ll see demand rise for monitoring, compliance, retention and discovery solutions tailored to social platforms,” says Bill Baumel, managing director at Ohio Innovation Fund. “I think we’ll see more companies apply artificial intelligence and machine learning to ingested corporate messaging data to better identify insider threats. And then taking it one step further, uncovering trends in employee sentiment across communication channels to proactively identify the potential for – and squelch – insider threats before they occur.”

Counter Trends in Security Investing

While AI, IoT, security as a service and other headline-grabbing terms have captured the imagination of the channel, VCs, and private equity alike, not everything that requires investment in security will be found in the cloud. According to cybersecurity investors, some things like on-premises or private cloud computing will still exist for some time to come.

“As an investor, the concept of ‛hot’ often leads to a market being flooded with similar products,” says Ron Gula, president and co-founder, Gula Tech Adventures, a venture capital firm that invests in early cyber startups. “It would be easy to say that AI, IoT, and cloud are hot areas, but the reality is that there are so many cyber tech vendors innovating and iterating across the entire tech spectrum, some feel it is saturated.”

In contrast, he sees a few trends that are counter to general investment thinking, such as an undertow that everything is not going to the cloud.

“There will be private cloud data centers for a very long time,” he says.

Another trend he foresees in security in 2019 is that while threat intelligence helps many organizations,they will still struggle using it. But he expects more solutions that will enable security personnel to make better cyber decisions versus getting better information on the bad guys.