Investing in computer network security
Mr. Chandna of Greylock said the bulk of security start-ups that solicit his firm fall into one of four categories: mobile security, authentication, intrusion detection and "big data" security companies.
Several recently secured millions in financing. Lookout, a firm that blocks malware and spyware on consumers' mobile devices, raised $78 million from top-tier firms like Accel Partners and Andreessen Horowitz. A range of new start-ups market a similar service to businesses that now must deal with the headache of employees' bringing their iPhones and iPads to work and carting confidential intellectual property around with them.
Zenprise, a start-up that brings business-level security to consumer phones, recently raised $65 million. Appthority, a one-year-old start-up that tracks suspicious behavior by mobile apps, raised $6.5 million from Venrock, U.S. Venture Partners and others last May. Solera Networks, a security start-up that tracks intrusions in real time, has raised over $50 million from Intel Capital and others, and many say it is ripe for a nine-figure acquisition.
Yet here in Silicon Valley, with all the feverish talk of innovation and billion-dollar start-ups, few entrepreneurs and venture capitalists have been eager to take on the security juggernauts Symantec and McAfee -- and in many cases cybercriminals -- for a piece of that action.
That has started to change. In the last 12 months, the initial public offerings of once obscure security start-ups have outperformed offerings from household names like Facebook and Zynga. Imperva, a data security company that went public last year, finished 2011 among the year's top offerings. Its shares jumped nearly 30 percent on their first day of trading, and remain 37 percent above the offering price. Zynga's stock, by comparison, has plunged 73 percent since its offering last December.
Shares of Splunk, a data security company, jumped nearly 65 percent from its offering in April. It raised $331 million in a secondary offering. Most recently, shares of Palo Alto Networks, a security start-up, climbed 26 percent when they started trading in July.
The reason for the enthusiasm? "People are starting to realize that the billions of dollars that have been invested into traditional network security is not working for them anymore," said Ted Schlein, a partner at Kleiner Perkins Caufield & Byers, the venture capital firm.
Security start-ups have also become red-hot takeover targets. Apple, which has avoided big-ticket deals, agreed to acquire AuthenTec for $356 million last month in its second-largest acquisition to date. And last year, the EMC Corporation, which already owned RSA, acquired NetWitness. The price was never disclosed but people close to the acquisition talks say NetWitness sold for $400 million, more than 10 times its 12-month trailing revenue.
Venture capitalists have taken notice.
Last year, they collectively poured $935 million into tech security companies, nearly double the $498 million they invested during 2010, according to a MoneyTree report compiled by PricewaterhouseCoopers, the National Venture Capital Association and Thomson Reuters.
"We're seeing a flow of new entrepreneurs interested in the space," said Asheem Chandna, a venture capitalist at Greylock who invested in Imperva and Palo Alto Networks.
The rise of security start-ups is the product of a confluence of new technology, fear and people with a lot of money to invest. Major technological shifts, like the move to mobile devices and cloud storage, have redirected and increased the flow of information -- for both employees and hackers.
Hackers are becoming more sophisticated, too. Last year was the year of the "Advanced Persistent Threat," or A.P.T., a computer attack in which hackers spend time researching a target and its intellectual property, figuring out who has access to it, and deploying any means necessary to steal it.