Security

Why are cybersecurity asset management startups so hot right now?

Comment

an illustration of a red light cast down on a bunch of computers
Image Credits: Bryce Durbin / TechCrunch

In the world of cybersecurity, you can’t secure something if you don’t know it’s there.

Enter cybersecurity asset management, an admittedly unsexy fragment of the booming industry that investors have shown an ever-increasing appetite for over the past 18 months.

The cybersecurity industry experienced what is being hailed by some as a “golden year” — funding for cyber startups climbed by 138% to $29.5 billion in 2021 and M&A activity skyrocketed by more than 294% to $77.5 billion. And those focused on securing an organization’s internet-facing assets have received more attention than most.

Over the past 12 months alone, Sternum, a Tel Aviv-based startup that provides real-time asset management for internet-connected devices, raised $27 million; Censys, a search engine for networked devices, secured $35 million; JupiterOne, a platform that helps companies see all of their digital and cloud assets, raised $19 million; and Axonius, which lets organizations manage and track computing-based assets, bagged $100 million.

Big-name tech giants clearly see the value in this often-overlooked area of the industry, too. Microsoft spent $500 million in July to acquire RiskIQ, a company that provides visibility into what assets, devices and services can be accessed outside of a company’s firewall, describing the takeover as a “powerful” addition to its portfolio.

Assets, assets everywhere

While asset management was once the concern of in-house IT teams managing on-premise hardware, it has evolved to warrant the purview of the chief information security officer and is the backbone of any effective cybersecurity strategy.

That’s because, in order to effectively address security issues, enterprises need a comprehensive and reliable inventory of their internet-facing assets. Once comprised of PCs and servers, the pandemic-induced digital shift means that organizations have increasingly diverse assets and more platforms in place than ever before — from operational technology systems and Internet of Things (IoT) devices to company-owned and cloud-based services.

The proliferation of new asset types, along with the widespread shift to remote work, has resulted in assets becoming more highly distributed, making them even more difficult to manage and inventory.

“Asset inventory has historically been a challenge when workforces were physically sitting in company offices and on company networks,” Paul Baird, chief technical security officer at security and compliance giant Qualys, told TechCrunch. “With the pandemic solidifying a new normal of either fully remote or hybrid working approaches, the complexities surrounding asset inventory have only increased in difficulty.”

Jeb Buckler, who founded and runs Startup Giants, a pre-seed tech investment company, said that not only has this shift to the cloud made asset management more difficult for in-house teams, but this, in turn, also makes it easier for hackers to infiltrate an organization.

“There’s more opportunity now for a hacker to get information about an organization by hacking into their blended cloud-based environment. It’s harder for organizations to control the entry and exit points with blended software-as-a-service approaches; the whole architecture of a firm’s data has changed and the old-school security firms that used to do all in-house hosting for organizations are struggling to catch or even keep up.”

Naturally, as a result, market opportunities for cybersecurity startups that have created innovative solutions to address this new paradigm have grown.

Noetic Cyber, a startup that built a cloud-based continuous cyber asset management and controls platform, credited its recent $15 million Series A raise led by Energy Insight Partners to the accelerated adoption of cloud-based services and the explosion in the number of unmanaged devices by remote workers.

“Asset management is a foundational challenge for security leaders, and the transformation we’ve seen with modern digital infrastructure has created a renewed impetus to fix it,” Shawn Cherian, a partner at Energy Insight Partners who joined Noetic’s board after its Series A investment, told TechCrunch. “Every mid-sized or larger organization, across every industry sector, will have gaps in their asset visibility they need to close to have an effective cybersecurity program. This market is a huge opportunity for startups with a differentiated approach.”

Bain partner Enrique Salem, who recently joined JupiterOne’s board, told TechCrunch that he also sees a huge market in the asset management space, slated to be worth $8.5 billion by 2024.

“We see a large multibillion-dollar market opportunity for this technology across mid-market and enterprise customers,” said Salem.

Cyber landscape

Organizations have been forced to contend with digital transformation at an unprecedented pace as a result of the pandemic and faced a cyber threat landscape like never before. Not only will 2021 be remembered as the year that hackers turned their attention to critical infrastructure as if to demonstrate the immense damage they’re capable of creating, but it also brought supply-chain weaknesses to the forefront, be it in the form of the wide-reaching Kaseya ransomware attack or the more recently discovered ‘Log4Shell’ vulnerability in the open-source Java-based logging utility.

“Log4Shell was a prime example of a vulnerability within the software supply chain causing havoc — it’s a popular component — so when it came to addressing the risk, the first step for most businesses was trying to find out whether it was used and where it was used,” Gemma Moore, co-founder and director of cyber security consultancy Cyberis, told TechCrunch. “For many, this involved asking questions of suppliers and software maintainers, but this was time that would have been better spent applying the patch.

“Businesses with a comprehensive list of components and libraries in use cut out that time in their response and were able to move straight into mitigation,” Moore said. “Comprehensive asset management, done well, cuts down on time to mitigation significantly — meaning your window of exposure is reduced.”

If an organization doesn’t have real-time visibility over their IT assets — a task that has increased in complexity as a result of often-confusing cloud-based environments and, in some organizations, a lack of security know-how — it puts the company and its data in a vulnerable position and poses a huge risk to the business and its key stakeholders.

If an organization’s essential data or systems are brought offline because of a breach, that business may not be able to operate. That means their reputation takes a hit, but there are also serious financial consequences: IT downtime costs businesses $5,600 per minute on average, and in the case of a ransomware attack, large U.S companies lose an average of $5.66 million each year.

Vicarius, a New York-based startup that secured $24 million Series A for its fully autonomous vulnerability remediation platform, is perhaps a prime example of why asset management has become such an attractive investment opportunity in the wake of mounting cyber threat incidents, like supply-chain attacks.

Michael Feiertag, a partner at AllegisCyber Capital, which was one of the lead investors in Vicarius’ Series A round, said that the asset management market has long been ripe for innovation.

“As an industry, we’ve taken a cookie-cutter approach to these core components of an infosec program for a decade-plus,” he said. “At the same time, the systems that we’re protecting have exploded in diversity and complexity. Vicarius is the first company that I have encountered that has taken a ‘clean sheet of paper’ approach to this bedrock component of enterprise infosec. Their key innovation is to focus on actually eliminating risk rather than just measuring it.”

Futureproofing

This appetite for asset management startups is likely to gain momentum. Not only are some organizations planning to invest more heavily in the cloud and further diversify their assets by shifting to hybrid work, but the cyber landscape will also continue to evolve and organizations will need to keep a comprehensive inventory of their IT estate.

Ransomware attacks, for example, will become more relentless throughout 2022, according to recent IBM research, and we’ll see blockchain become a more common tool used by cybercriminals, making it easier for them to obfuscate their malicious traffic and avoid detection through the use of traditional cybersecurity tools. Supply-chain attacks are likely to ramp up over the next 12 months, too, making them a top concern in the boardroom.

What’s more, according to Cherian, many CISOs are only just starting to look at making investments in this technology, so there remains plenty of room for the industry to grow, he said.

Of course, the scalable nature of this new era of asset management, which now takes the form of subscription-based software-as-a-service products, means these emerging asset management and inventory startups can, and will likely continue to, grow at pace.

“You write a little bit of software, and you can get 100,000 customers paying you $9.99 or $1,000 a month and away you go,” Buckler said. “In terms of investment, these companies can grow incredibly quickly, and investors can see a high return.”

More TechCrunch

In 2021, Google kicked off work on Project Starline, a corporate-focused teleconferencing platform that uses 3D imaging, cameras and a custom-designed screen to let people converse with someone as if…

Google’s 3D video conferencing platform, Project Starline, is coming in 2025 with help from HP

The company is describing the event as “a chance to demo some ChatGPT and GPT-4 updates.”

OpenAI’s ChatGPT announcement: Watch live here

Over the weekend, Instagram announced that it is expanding its creator marketplace to 10 new countries — this marketplace connects brands with creators to foster collaboration. The new regions include…

Instagram expands its creator marketplace to 10 new countries

Four-year-old Mexican BNPL startup Aplazo facilitates fractionated payments to offline and online merchants even when the buyer doesn’t have a credit card.

Aplazo is using buy-now-pay-later as a stepping stone to financial ubiquity in Mexico

We received countless submissions to speak at this year’s Disrupt 2024. After carefully sifting through all the applications, we’ve narrowed it down to 19 session finalists. Now we need your…

Vote for your Disrupt 2024 Audience Choice favs

Co-founder and CEO Bowie Cheung, who previously worked at Uber Eats, said the company now has 200 customers.

Healthy growth helps B2B food e-commerce startup Pepper nab $30 million led by ICONIQ Growth

Booking.com has been designated a gatekeeper under the EU’s DMA, meaning the firm will be regulated under the bloc’s market fairness framework.

Booking.com latest to fall under EU market power rules

Featured Article

‘Got that boomer!’: How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts

Estate is an invite-only website that has helped hundreds of attackers make thousands of phone calls aimed at stealing account passcodes, according to its leaked database.

4 hours ago
‘Got that boomer!’: How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts

Squarespace is being taken private in an all-cash deal that values the company on an equity basis at $6.6 billion.

Permira is taking Squarespace private in a $6.9 billion deal

AI-powered tools like OpenAI’s Whisper have enabled many apps to make transcription an integral part of their feature set for personal note-taking, and the space has quickly flourished as a…

Buymeacoffee’s founder has built an AI-powered voice note app

Airtel, India’s second-largest telco, is partnering with Google Cloud to develop and deliver cloud and GenAI solutions to Indian businesses.

Google partners with Airtel to offer cloud and genAI products to Indian businesses

To give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch has been publishing a series of interviews focused on remarkable women who’ve contributed to…

Women in AI: Rep. Dar’shun Kendrick wants to pass more AI legislation

We took the pulse of emerging fund managers about what it’s been like for them during these post-ZERP, venture-capital-winter years.

A reckoning is coming for emerging venture funds, and that, VCs say, is a good thing

It’s been a busy weekend for union organizing efforts at U.S. Apple stores, with the union at one store voting to authorize a strike, while workers at another store voted…

Workers at a Maryland Apple store authorize strike

Alora Baby is not just aiming to manufacture baby cribs in an environmentally friendly way but is attempting to overhaul the whole lifecycle of a product

Alora Baby aims to push baby gear away from the ‘landfill economy’

Bumble founder and executive chair Whitney Wolfe Herd raised eyebrows this week with her comments about how AI might change the dating experience. During an onstage interview, Bloomberg’s Emily Chang…

Go on, let bots date other bots

Welcome to Week in Review: TechCrunch’s newsletter recapping the week’s biggest news. This week Apple unveiled new iPad models at its Let Loose event, including a new 13-inch display for…

Why Apple’s ‘Crush’ ad is so misguided

The U.K. Safety Institute, the U.K.’s recently established AI safety body, has released a toolset designed to “strengthen AI safety” by making it easier for industry, research organizations and academia…

U.K. agency releases tools to test AI model safety

AI startup Runway’s second annual AI Film Festival showcased movies that incorporated AI tech in some fashion, from backgrounds to animations.

At the AI Film Festival, humanity triumphed over tech

Rachel Coldicutt is the founder of Careful Industries, which researches the social impact technology has on society.

Women in AI: Rachel Coldicutt researches how technology impacts society

SAP Chief Sustainability Officer Sophia Mendelsohn wants to incentivize companies to be green because it’s profitable, not just because it’s right.

SAP’s chief sustainability officer isn’t interested in getting your company to do the right thing

Here’s what one insider said happened in the days leading up to the layoffs.

Tesla’s profitable Supercharger network is in limbo after Musk axed the entire team

StrictlyVC events deliver exclusive insider content from the Silicon Valley & Global VC scene while creating meaningful connections over cocktails and canapés with leading investors, entrepreneurs and executives. And TechCrunch…

Meesho, a leading e-commerce startup in India, has secured $275 million in a new funding round.

Meesho, an Indian social commerce platform with 150M transacting users, raises $275M

Some Indian government websites have allowed scammers to plant advertisements capable of redirecting visitors to online betting platforms. TechCrunch discovered around four dozen “gov.in” website links associated with Indian states,…

Scammers found planting online betting ads on Indian government websites

Around 550 employees across autonomous vehicle company Motional have been laid off, according to information taken from WARN notice filings and sources at the company.  Earlier this week, TechCrunch reported…

Motional cut about 550 employees, around 40%, in recent restructuring, sources say

The deck included some redacted numbers, but there was still enough data to get a good picture.

Pitch Deck Teardown: Cloudsmith’s $15M Series A deck

Unlike ChatGPT, Claude did not become a new App Store hit.

Anthropic’s Claude sees tepid reception on iOS compared with ChatGPT’s debut

Welcome to Startups Weekly — Haje‘s weekly recap of everything you can’t miss from the world of startups. Sign up here to get it in your inbox every Friday. Look,…

Startups Weekly: Trouble in EV land and Peloton is circling the drain

Scarcely five months after its founding, hard tech startup Layup Parts has landed a $9 million round of financing led by Founders Fund to transform composites manufacturing. Lux Capital and Haystack…

Founders Fund leads financing of composites startup Layup Parts