the only notable player. Raytheon’s $1.9 billion acquisition of San Diego-born Websense is another recent example of a defense contractor teaming up with a security company to combat cyber attacks. That deal could enable Raytheon (NYSE: [[ticker:RTN]]) to “approach a segment in the market they don’t have access to,” Div says. “It’s a smart move from their point of view.”
Last October, U.K. defense giant BAE Systems (LSE: BA.L) acquired network security firm SilverSky for about $230 million. Going in the opposite direction, Fidelis Cybersecurity said this week it has spun out from defense contractor General Dynamics as an acquisition by private equity firm Marlin Equity Partners. General Dynamics (NYSE: [[ticker:GD]]) had bought Fidelis back in 2012.
More collaboration seems to be happening between government types, technologists, and security startups. “One of the key themes is the importance of information sharing—not only with law enforcement, but also other enterprise security teams and vendors,” Fidelis CEO Peter George wrote in a blog post.
In a similar vein, IBM Security recently opened its archive of threat intelligence data to customers, partners, and other members of the security community. And there has been plenty of other local activity in cybersecurity. This week, Boston-based Rapid7 acquired NT Objectives, a small app-security firm in California. Earlier this year, Indian IT security company Quick Heal Technologies opened its first office in North America in Boston. Meanwhile, CyberArk (NASDAQ: [[ticker:CYBR]]) has been publicly traded since September, and Bit9 and Veracode are waiting in the wings for their IPOs.
Around the country (including New England), related startups such as Area 1 Security, DB Networks, Duo Security, Dtex, EdgeWave, Elastica, E8 Security, Recorded Future, and Sqrrl all have raised venture funding in the past few months.
“The market has become very, very noisy,” Div says. “A lot of money is poured into marketing, and a lot of companies get funded in security. But companies that truly try to disrupt the industry, we don’t see a lot of. That’s a shame.” He insists Cybereason is different. “We want to shape what the future of security will look like, not add another layer,” he says. “We are trying to build the brain for cybersecurity.”
Div gave an example from one of his customers, which he describes as “a provider to defense contractors.” Cybereason was able to tell the organization that a cyber attack had occurred and showed its leaders the “full story of the attack,” which was that “the hackers had the usernames and passwords of the whole system,” he says. Given the national security implications, the customer got the FBI involved, shut down its entire environment (including 20,000 endpoints), changed all the passwords, and cleaned the system, he says.
The big goal for Cybereason, Div says, is to “build a machine that can think and have a hunch like a human being” when it comes to detecting and responding to such attacks. And then “connect the dots and let someone who’s not a cyber expert see the full magnitude of the attack, and give them something to stop it,” he says.
Cybereason currently has about 40 employees split between Cambridge, MA, and Tel Aviv, Israel. Div says he is looking to nearly double the staff by the end of 2015. The company is planning to move its local office from Cambridge to Boston in the next month.
