Venture capitalists are well-versed in “as-a-service” investments these days—the software-as-a-service, platform-as-service, and infrastructure-as-a-service companies made possible by the cloud.
But what about “malware-as-a-service”?
It was one of the topics broached at a recent panel discussion held alongside the giant RSA cybersecurity conference and featuring top Silicon Valley security investors, held at San Francisco’s Town Hall restaurant. At the event, panelist Dharmesh Thakker, a Battery Ventures general partner, noted that the same cloud technologies enabling legitimate software companies today are also fueling illegal hacking operations through which criminals can obtain the tools to build computer malware–then covertly funnel it out to unsuspecting targets.
These online, malware-creation enterprises are so sophisticated you might even think they come with guarantees, Thakker joked: “If it doesn’t bring down your (targeted) systems, you get your money back.”
But overall, the threats posed by malware and other tools are extremely serious, both to businesses and governments, the panelists agreed. The panel’s moderator, New York Times cybersecurity reporter Nicole Perlroth, said she recently heard an estimate that 80 new security startups are being launched every month to address the growing problem.
It’s the job of venture capitalists to pick the winners from this huge pool of companies. The VCs on the panel—whose past and current security investments include companies like Palo Alto Networks, FireEye, Shape Security and Securent—said they are looking for nimble, integrated companies, and not startups offering simple anti-virus software or other types of “point” solutions for individual applications.
The good thing about the security market is that “you don’t have to create demand” for products, said Venky Ganesan of Menlo Ventures. Everyone from Fortune 500 companies to utilities is clamoring for technology to protect them from the type of online attacks that have recently hit organizations such as Target, J.P. Morgan and Anthem.
The problem is so widespread that even smaller companies that serve as suppliers to larger ones will have to up-level their security to do business, predicted Promod Haque, a senior managing partner with Norwest Venture Partners. And the panelists agreed that the U.S. government is far behind in terms of being able to adequately fight back against cyber-terrorists.
Still, recent government actions have raised privacy and other concerns among many Silicon Valley technology companies, which might impact their willingness to partner with government when it comes calling for help, noted Asheem Chandna, a partner with Greylock Partners. Just last week, new U.S. Defense Secretary Ashton Carter visited Silicon Valley to mend fences.
“I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary,” Carter said in a meeting with Stanford University students and faculty, as reported in an April 26 New York Times piece by Perlroth.