Cybersecurity Investor David Cowan on Hackers, Valuations, and What’s Hot

David CowanWhen the news emerged last week that Defense.net, a cloud service that defends data centers and applications from cyber attacks, was selling to publicly traded F5 Networks, some were surprised it was being swept up so soon. Its founder, Barrett Lyon, had started two other cyber security companies; it had been incubated at Bessemer Venture Partners just last year. Could it be that the market – spending for which is expected to hit $77 billion this year – is peaking right now?

Longtime cybersecurity investor David Cowan, a general partner at Bessemer’s Palo Alto, Ca., insists that’s far from the case. Rather, in a call yesterday, he said that Defense.net’s business is “an expensive one to build. There’s a reason there aren’t a lot of companies out there that provide this kind of business. I would have been happy to keep going, but I can understand why the team found it attractive to take a strategic multiple when it was offered.”

Here’s some more from that conversation yesterday, edited for length:

A lot of businesses complain that it costs more to safeguard their systems than deal with a breach. What are you seeing?

I wouldn’t say that companies would rather spend to remedy the breach rather than prevent it, but [there’s now an] awareness that breaches are inevitable, so part of any cyber plan has to be preparations for dealing with a breach. There are startups out there today that all they do is sell breach-response services to help companies prepare for that inevitability, though those aren’t particularly interesting to me because [they] don’t use a lot of technology to do it.

As we connect more things to the Internet, more things become vulnerable to attack, including heart monitors and other medical devices. Is that an area that interests Bessemer? Do you have a vertical approach?

We generally don’t have a vertical approach, but having said that, I do think the medical device vertical is pretty interesting. There’s a vast sea of medical devices out there and hospitals that are running on old Windows machines, many of which are no longer even supported by Microsoft. And those connected machines are likely swamps for malware. And nobody has any visibility into them. Companies that are going after I that . . . it’s an interesting vertical.

What’s one thing you’re seeing in cybersecurity right now that wasn’t possible until recently?

I invested in this company, Internet Identity, because they enable companies to do what no one has done before, which is to collaborate on cyber defense.

There’s a lot of collusion by attackers in the form of exchanges, [including] people buying and selling [personally identifiable information]. As a result, it’s easy for someone to ramp up quickly as a cyberattacker. But until 18 months ago, no one ever talked openly about security infrastructure outside of their company or government agency. It was viewed as terribly private and intimate.

Since then, there’s been a really a big shift in people’s understanding that the private and the public sector all need to work together to share cyberintelligence, so that if an attacker is identified in one place, all doors [will be] closed [to that person] in buildings everywhere. That requires a lot of technology . . .and that’s what Internet Identity has developed and built. It now supports 30 federal agencies and at least three of the world’s six most valuable technology companies, and everyone who joins the exchange gets the benefit of all that intelligence in real time on their own network. It’s kind of like the social network of cyber; you share and you get back [a lot], and once someone joins the exchange, he or she naturally wants to invites lots of friends into the exchange as well.

You say Defense.net’s sale wasn’t related to valuations. What’s happening out there, though?

There’s been a huge increase in the value and multiples for companies selling cloud services to enterprises [in recent years]. With a huge pullback this year in the public market, I think it’s fair to expect that the private markets will have to respond accordingly . . .generally, when the [public] market goes up, it’s a matter of weeks before the private market does the same. When it goes down, it’s a matter of months [before private markets follow suit].

Sign up for our morning missive, StrictlyVC, featuring all the venture-related news you need to start you day.

    Filed Under:

    ,

    Don’t Miss Out!

    Sign up today to receive a free daily email with everything you need to start your day. Plus, keep track of the companies and personalities that will shape the industry in the months and years to come. Let StrictlyVC be your very own venture capital concierge.

    Sign Up →

    StrictlyVC on Twitter