Cyber-security VCs Discuss Their Top Investment Criteria

Top investors from Menlo Ventures and Trident Capital Cybersecurity discuss what they invest in and what they want to see in a cyber-security firm.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

cybersecurity investors

IT security is one of the hottest markets in technology today, as organizations of all sizes try to protect themselves against a seemingly endless onslaught of adversaries and online threats. Where there is a need, there is also a sizable market opportunity for venture capitalists, as they aim to invest in the next big thing.

Venky Ganesan is managing director at Menlo Ventures, a leading cyber-security investment firm that has an enviable track record of picking winners. Menlo Venture was an early backer of Ironport, a company Cisco acquired in 2007 for $830 million, as well as Q1 Labs, which IBM bought in 2011.

Menlo Venture's portfolio also includes vArmour, which emerged from stealth mode in 2014, after raising $42 million in funding. Ganesan sees opportunity in the cloud security space, which is where vArmour fits in.

"Cyber-security is not a trend; it's a permanent long-term unfortunate issue that we all have to deal with as a cost of modern-day technology use," Ganesan told eWEEK.

In Ganesan's view, one of the next major waves of innovation and growth for the cyber-security industry will come from breach-detection vendors. Breach-detection technologies help organizations identify breaches as well as provide guidance on how to patch and fix the breach. Menlo Ventures has a stake in a company called BitSight, which is active in the breach-detection space.

Don Dixon, founder and managing director of Trident Capital Cybersecurity, also has an impressive track record of cyber-security investing, with a portfolio that includes Qualys, now a publicly traded company; Prolexic, which Akamai acquired for $370 million in 2013; and Voltage, which HP purchased in February.

Among Dixon's more recent investments is IronNet Cybersecurity, a company founded by former U.S. National Security Agency Director General Keith Alexander. Dixon said that as the security perimeter fades, with growing mobile and cloud use, there is an increasing need to track and secure endpoints and protect against advanced persistent threats, an area of focus for IronNet.

Determining a valuation for a startup company on which to base an investment is a challenge for venture capitalists.

"Valuation like beauty is in the eye of the beholder," Ganesan said. "Invariably, it's a topic of intense negotiation and frustration, rather than being a finite science."

For the most part, valuations for cyber-security companies in recent years have gone higher, as the market opportunity for security continues to grow, Ganesan said.

Dixon's rule of thumb before investing in a company is that he would like to see at least 18 months of prior funding for the company. In the case of IronNet, the company was bootstrapped (that is self-funded) while building the product, Dixon said. The venture capital funding that Dixon provided for IronNet is being used to ramp up the commercial side of the business for sales and marketing. IronNet has raised $32.5 million in a Series A round of funding led by Trident Capital Cybersecurity.

With so many companies now in the cyber-security market, it is increasingly difficult to pick the winners.

"It's a very crowded space; there probably isn't a single sector of security that isn't over-funded," Ganesan said. "The reason is simple; everyone sees the opportunity."

Dixon often hears complaints that the cyber-security sector is over-populated and over-funded, but that's not something he agrees with. His firm has an advisory council made up of 30 people that are industry professionals, including chief information security officers. That customer and user experience helps Trident Capital Cybersecurity find the companies that are trying to solve the problems that haven't been solved yet.

In terms of how Ganesan tries to pick the winner, he's looking for strong management teams that have been in security for a decade or longer. He's also looking for management teams that understand how to build a product platform rather than just features.

For Ganesan, a key challenge is figuring out what's real and what's an also-ran. "It turns out that doing a PowerPoint is a lot easier than building a product," Ganesan said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.