Startups

Why are cybersecurity asset management startups so hot right now?

Comment

an illustration of a red light cast down on a bunch of computers
Image Credits: Bryce Durbin / TechCrunch

In the world of cybersecurity, you can’t secure something if you don’t know it’s there.

Enter cybersecurity asset management, an admittedly unsexy fragment of the booming industry that investors have shown an ever-increasing appetite for over the past 18 months.

The cybersecurity industry experienced what is being hailed by some as a “golden year” — funding for cyber startups climbed by 138% to $29.5 billion in 2021 and M&A activity skyrocketed by more than 294% to $77.5 billion. And those focused on securing an organization’s internet-facing assets have received more attention than most.

Over the past 12 months alone, Sternum, a Tel Aviv-based startup that provides real-time asset management for internet-connected devices, raised $27 million; Censys, a search engine for networked devices, secured $35 million; JupiterOne, a platform that helps companies see all of their digital and cloud assets, raised $19 million; and Axonius, which lets organizations manage and track computing-based assets, bagged $100 million.

Big-name tech giants clearly see the value in this often-overlooked area of the industry, too. Microsoft spent $500 million in July to acquire RiskIQ, a company that provides visibility into what assets, devices and services can be accessed outside of a company’s firewall, describing the takeover as a “powerful” addition to its portfolio.

Assets, assets everywhere

While asset management was once the concern of in-house IT teams managing on-premise hardware, it has evolved to warrant the purview of the chief information security officer and is the backbone of any effective cybersecurity strategy.

That’s because, in order to effectively address security issues, enterprises need a comprehensive and reliable inventory of their internet-facing assets. Once comprised of PCs and servers, the pandemic-induced digital shift means that organizations have increasingly diverse assets and more platforms in place than ever before — from operational technology systems and Internet of Things (IoT) devices to company-owned and cloud-based services.

The proliferation of new asset types, along with the widespread shift to remote work, has resulted in assets becoming more highly distributed, making them even more difficult to manage and inventory.

“Asset inventory has historically been a challenge when workforces were physically sitting in company offices and on company networks,” Paul Baird, chief technical security officer at security and compliance giant Qualys, told TechCrunch. “With the pandemic solidifying a new normal of either fully remote or hybrid working approaches, the complexities surrounding asset inventory have only increased in difficulty.”

Jeb Buckler, who founded and runs Startup Giants, a pre-seed tech investment company, said that not only has this shift to the cloud made asset management more difficult for in-house teams, but this, in turn, also makes it easier for hackers to infiltrate an organization.

“There’s more opportunity now for a hacker to get information about an organization by hacking into their blended cloud-based environment. It’s harder for organizations to control the entry and exit points with blended software-as-a-service approaches; the whole architecture of a firm’s data has changed and the old-school security firms that used to do all in-house hosting for organizations are struggling to catch or even keep up.”

Naturally, as a result, market opportunities for cybersecurity startups that have created innovative solutions to address this new paradigm have grown.

Noetic Cyber, a startup that built a cloud-based continuous cyber asset management and controls platform, credited its recent $15 million Series A raise led by Energy Insight Partners to the accelerated adoption of cloud-based services and the explosion in the number of unmanaged devices by remote workers.

“Asset management is a foundational challenge for security leaders, and the transformation we’ve seen with modern digital infrastructure has created a renewed impetus to fix it,” Shawn Cherian, a partner at Energy Insight Partners who joined Noetic’s board after its Series A investment, told TechCrunch. “Every mid-sized or larger organization, across every industry sector, will have gaps in their asset visibility they need to close to have an effective cybersecurity program. This market is a huge opportunity for startups with a differentiated approach.”

Bain partner Enrique Salem, who recently joined JupiterOne’s board, told TechCrunch that he also sees a huge market in the asset management space, slated to be worth $8.5 billion by 2024.

“We see a large multibillion-dollar market opportunity for this technology across mid-market and enterprise customers,” said Salem.

Cyber landscape

Organizations have been forced to contend with digital transformation at an unprecedented pace as a result of the pandemic and faced a cyber threat landscape like never before. Not only will 2021 be remembered as the year that hackers turned their attention to critical infrastructure as if to demonstrate the immense damage they’re capable of creating, but it also brought supply-chain weaknesses to the forefront, be it in the form of the wide-reaching Kaseya ransomware attack or the more recently discovered ‘Log4Shell’ vulnerability in the open-source Java-based logging utility.

“Log4Shell was a prime example of a vulnerability within the software supply chain causing havoc — it’s a popular component — so when it came to addressing the risk, the first step for most businesses was trying to find out whether it was used and where it was used,” Gemma Moore, co-founder and director of cyber security consultancy Cyberis, told TechCrunch. “For many, this involved asking questions of suppliers and software maintainers, but this was time that would have been better spent applying the patch.

“Businesses with a comprehensive list of components and libraries in use cut out that time in their response and were able to move straight into mitigation,” Moore said. “Comprehensive asset management, done well, cuts down on time to mitigation significantly — meaning your window of exposure is reduced.”

If an organization doesn’t have real-time visibility over their IT assets — a task that has increased in complexity as a result of often-confusing cloud-based environments and, in some organizations, a lack of security know-how — it puts the company and its data in a vulnerable position and poses a huge risk to the business and its key stakeholders.

If an organization’s essential data or systems are brought offline because of a breach, that business may not be able to operate. That means their reputation takes a hit, but there are also serious financial consequences: IT downtime costs businesses $5,600 per minute on average, and in the case of a ransomware attack, large U.S companies lose an average of $5.66 million each year.

Vicarius, a New York-based startup that secured $24 million Series A for its fully autonomous vulnerability remediation platform, is perhaps a prime example of why asset management has become such an attractive investment opportunity in the wake of mounting cyber threat incidents, like supply-chain attacks.

Michael Feiertag, a partner at AllegisCyber Capital, which was one of the lead investors in Vicarius’ Series A round, said that the asset management market has long been ripe for innovation.

“As an industry, we’ve taken a cookie-cutter approach to these core components of an infosec program for a decade-plus,” he said. “At the same time, the systems that we’re protecting have exploded in diversity and complexity. Vicarius is the first company that I have encountered that has taken a ‘clean sheet of paper’ approach to this bedrock component of enterprise infosec. Their key innovation is to focus on actually eliminating risk rather than just measuring it.”

Futureproofing

This appetite for asset management startups is likely to gain momentum. Not only are some organizations planning to invest more heavily in the cloud and further diversify their assets by shifting to hybrid work, but the cyber landscape will also continue to evolve and organizations will need to keep a comprehensive inventory of their IT estate.

Ransomware attacks, for example, will become more relentless throughout 2022, according to recent IBM research, and we’ll see blockchain become a more common tool used by cybercriminals, making it easier for them to obfuscate their malicious traffic and avoid detection through the use of traditional cybersecurity tools. Supply-chain attacks are likely to ramp up over the next 12 months, too, making them a top concern in the boardroom.

What’s more, according to Cherian, many CISOs are only just starting to look at making investments in this technology, so there remains plenty of room for the industry to grow, he said.

Of course, the scalable nature of this new era of asset management, which now takes the form of subscription-based software-as-a-service products, means these emerging asset management and inventory startups can, and will likely continue to, grow at pace.

“You write a little bit of software, and you can get 100,000 customers paying you $9.99 or $1,000 a month and away you go,” Buckler said. “In terms of investment, these companies can grow incredibly quickly, and investors can see a high return.”

More TechCrunch

The French Secretary of State for the Digital Economy as of this year, Marina Ferrari, revealed this year’s laureates during VivaTech week in Paris. According to its promoters, this fifth…

The biggest French startups in 2024 according to the French government

Spotify is notifying customers who purchased its Car Thing product that the devices will stop working after December 9, 2024. The company discontinued the device back in July 2022, but…

Spotify to shut off Car Thing for good, leading users to demand refunds

Elon Musk’s X is preparing to make “likes” private on the social network, in a change that could potentially confuse users over the difference between something they’ve favorited and something…

X should bring back stars, not hide ‘likes’

The FCC has proposed a $6 million fine for the scammer who used voice-cloning tech to impersonate President Biden in a series of illegal robocalls during a New Hampshire primary…

$6M fine for robocaller who used AI to clone Biden’s voice

Welcome back to TechCrunch Mobility — your central hub for news and insights on the future of transportation. Sign up here for free — just click TechCrunch Mobility! Is it…

Tesla lobbies for Elon and Kia taps into the GenAI hype

Crowdaa is an app that allows non-developers to easily create and release apps on the mobile store. 

App developer Crowdaa raises €1.2M and plans a US expansion

Back in 2019, Canva, the wildly successful design tool, introduced what the company was calling an enterprise product, but in reality it was more geared toward teams than fulfilling true…

Canva launches a proper enterprise product — and they mean it this time

TechCrunch Disrupt 2024 isn’t just an event for innovation; it’s a platform where your voice matters. With the Disrupt 2024 Audience Choice Program, you have the power to shape the…

2 days left to vote for Disrupt Audience Choice

The United States Department of Justice and 30 state attorneys general filed a lawsuit against Live Nation Entertainment, the parent company of Ticketmaster, for alleged monopolistic practices. Live Nation and…

Ticketmaster is at the heart of a US antitrust lawsuit against parent company Live Nation

The U.K. will shortly get its own rulebook for Big Tech, after peers in the House of Lords agreed Thursday afternoon to pass the Digital Markets, Competition and Consumer bill…

‘Pro-competition’ rules for Big Tech make it through UK’s pre-election wash-up

Spotify’s addition of its AI DJ feature, which introduces personalized song selections to users, was the company’s first step into an AI future. Now, Spotify is developing an alternative version…

Spotify experiments with an AI DJ that speaks Spanish

Call Arc can help answer immediate and small questions, according to the company. 

Arc Search’s new Call Arc feature lets you ask questions by ‘making a phone call’

After multiple delays, Apple and the Paris area transportation authority rolled out support for Paris transit passes in Apple Wallet. It means that people can now use their iPhone or…

Paris transit passes now available in iPhone’s Wallet app

Redwood Materials, the battery recycling startup founded by former Tesla co-founder JB Straubel, will be recycling production scrap for batteries going into General Motors electric vehicles.  The company announced Thursday…

Redwood Materials is partnering with Ultium Cells to recycle GM’s EV battery scrap

A new startup called Auggie is aiming to give parents a single platform where they can shop for products and connect with each other. The company’s new app, which launched…

Auggie’s new app helps parents find community and shop

Andrej Safundzic, Alan Flores Lopez and Leo Mehr met in a class at Stanford focusing on ethics, public policy and technological change. Safundzic — speaking to TechCrunch — says that…

Lumos helps companies manage their employees’ identities — and access

Remark trains AI models on human product experts to create personas that can answer questions with the same style of their human counterparts.

Remark puts thousands of human product experts into AI form

ZeroPoint claims to have solved compression problems with hyper-fast, low-level memory compression that requires no real changes to the rest of the computing system.

ZeroPoint’s nanosecond-scale memory compression could tame power-hungry AI infrastructure

In 2021, Roi Ravhon, Asaf Liveanu and Yizhar Gilboa came together to found Finout, an enterprise-focused toolset to help manage and optimize cloud costs. (We covered the company’s launch out…

Finout lands cash to grow its cloud spend management platform

On the heels of raising $102 million earlier this year, Bugcrowd is making good on its promise to use some of that funding to make acquisitions to strengthen its security…

Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops

Google is preparing to build what will be the first subsea fiber-optic cable connecting the continents of Africa and Australia. The news comes as the major cloud hyperscalers battle it…

Google to build first subsea fiber-optic cable connecting Africa with Australia

The Kia EV3 — the new all-electric compact SUV revealed Thursday — illustrates a growing appetite among global automakers to bring generative AI into their vehicles.  The automaker said the…

The new Kia EV3 will have an AI assistant with ChatGPT DNA

Bing, Microsoft’s search engine, was working improperly for several hours on Thursday in Europe. At first, we noticed it wasn’t possible to perform a web search at all. Now it…

Bing’s API was down, taking Microsoft Copilot, DuckDuckGo and ChatGPT’s web search feature down too

If you thought autonomous driving was just for cars, think again. The “autonomous navigation” market — where ships steer themselves guided by AI, resulting in fuel and time savings —…

Autonomous shipping startup Orca AI tops up with $23M led by OCV Partners and MizMaa Ventures

The best known mycoprotein is probably Quorn, a meat substitute that’s fast approaching its 40th birthday. But Finnish biotech startup Enifer is cooking up something even older: Its proprietary single-cell…

Meet the Finnish biotech startup bringing a long-lost mycoprotein to your plate

Silo, a Bay Area food supply chain startup, has hit a rough patch. TechCrunch has learned that the company on Tuesday laid off roughly 30% of its staff, or north…

Food supply chain software maker Silo lays off ~30% of staff amid M&A discussions

Featured Article

Meta’s new AI council is composed entirely of white men

Meanwhile, women and people of color are disproportionately impacted by irresponsible AI.

23 hours ago
Meta’s new AI council is composed entirely of white men

If you’ve ever wanted to apply to Y Combinator, here’s some inside scoop on how the iconic accelerator goes about choosing companies.

Garry Tan has revealed his ‘secret sauce’ for getting into Y Combinator

Indian ride-hailing startup BluSmart has started operating in Dubai, TechCrunch has exclusively learned and confirmed with its executive. The move to Dubai, which has been rumored for months, could help…

India’s BluSmart is testing its ride-hailing service in Dubai