There is no doubt that Cyber Security is a hot button issue. Major companies across the globe have announced breaches in the past couple of years, including Sony (USD$76 Billion Revenue), JP Morgan Chase (USD$25 Billion Revenue) and Home Depot (USD$80 Billion Revenue). If these large organisations with their, likely, huge IT Operation and Security budgets cannot stop the bad guys from breaching their networks what chances does the average organisation have of stopping them?
The answer is, you can’t stop them, they are going to get in, or are already in your environment, that’s the new reality. That is why companies are moving away from a prevention and block approach, towards a detection and response approach. Gartner will tell you that budgets are quickly realigning towards the detection and response strategies and expect that by 2020 75% of enterprises information security budget will be allocated towards rapid detection and response approaches, up from less than 10% in 2012.
The world’s hottest cyber security startup in this space is Tanium. To empathize that point, they have just raised USD$120 million at a valuation of USD$3.5 Billion dollars, 3.5 BILLION! For a company that is a few years old! Not from a bunch of amateur investors, from statesmen of the funding industry, TPG, Institutional Venture Partners and T. Rowe Price, on top of their original and largest investor Andreessen Horowitz.
What do these guys at Tanium do that justifies this huge valuation? Well the are one of the first companies to focus on the “response” end of detection and response. There are plenty of companies out there that will help you detect the threat, think Fireeye, Palo Alto and LogRhythm, but response companies are few and far between.
Let’s say Palo Alto has detected a botnet in your environment, on say a few dozen machines out of your ten thousand odd endpoints, you check out the first machine to workout the extent of the compromise, what services have been installed, what registry keys have been created and what files have been modified.
Now you have your “Indicators of Compromise” you could manually check a few dozen machines, it might take a while but it is achievable. However your boss wants assurances that none of the other ten thousand endpoints are compromised, how do you check ten thousand endpoints? The answer is Tanium.
Tanium allows you to “query” the end point, ask it questions, what services are running, what files are on the system, does this registry key exist, etc etc, in REALTIME. You have answers back from tens of thousands of endpoints in seconds, which means you now know how much of your organisation has been compromised.
You can then use Tanium to clear up the compromise, disable rouge processes, quarantine infected machines or delete malware from the system, etc etc. Without a system like Tanium cleanup and assurance that you are no longer compromised is just not feasible at scale.
It comes as no surprise then that these boys have such a huge valuation, a valuation that has grown faster and is higher than Fireeye, Splunk or Palo Alto did at the same time of their life cycle and those companies are now trading in the USD$10 billion market cap range.