Guy Horowitz
Jul 21, 2017 · 3 min read

The forming of a new category is almost as exciting as the birth of a child. Others’ children being born could be exciting, but nowhere near as emotional as a birth in the family. And since our portfolio companies are our next-of-kin, a new category created around the technology of a young company we backed exactly a year ago, is really uplifting.

This newborn is nicknamed BAS, short for Breach and Attack Simulation. The proud parents are a handful of companies providing such solutions, amongst which is our amazing portfolio company SafeBreach. Do I like the three-letter acronym? Personally I’d love to see a P in there, as “simulation” doesn’t necessarily imply that breaches and attacks are Preempted or Prevented through the use of such solutions. It is, however, also a blessing — since not all players listed by Gartner as BAS vendors can actually serve as proactive prevention solutions, it allows SafeBreach to stand out and excel even within its own new category.


The Gartner Hype Cycle, typically the first manifestation of a new category, could be a bit confusing. First and foremost, it’s self-dubbed as “hype”. Second — it features new categories at the extreme end of the parabolic curve, and even states that it would take 10 years for this new category to reach maturity. And third — it contains so many different technologies, all of which are more mature than our newborn. Not really significant, right?

Wrong. Categories typically form around a clear market need. Not all needs are created equal; some are more urgent than others, and some will end up being served in another way. But a distinct need calls for distinct solutions, and once such solutions enter the market, a new category can be formed. It’s not “hype” in the sense that it’s redundant or bound to over-promise and underdeliver. It’s simply how markets evolve. First, show me a need. Then show me some potential solutions. Now, the market will be educated over a period of a few years. Early adopters will adopt, best practices will be defined and adapted, false promises will be shattered, and the real winners will emerge and make it to the Plateau of Productivity.


But hold on… it says “10 years”! That’s eternity when it comes to startups, or venture capital. Isn’t 10 years too long?

Yes, a decade is a long time. But big markets form before technologies mature, and certainly way before 100% of enterprises adopt them. Timing is everything, so being early to a new category is paramount. SafeBreach enjoys great timing — its technology, which is extremely hard to develop and even harder to maintain in the face of new threats and more sophisticated adversaries, is ripe and ready. Customers and prospects are lining up and coming to the conclusion that manual vulnerability assessment is not scalable and expensive.


A category is only one (important) step for a company in order to fulfill its potential. Delivering value to customers is crucial, and this is where SafeBreach really shines. At a time of uncertainty, as CISOs and CEOs are challenged with the looming aftermath of a potential attack, understanding which of your defenses works, where you are vulnerable, and what’s the best step to take next, is no longer a luxury. SafeBreach is “just what the doctor ordered”, and its growing customer base is the best testament for that.


How long will it really take for BAS to become part of the security stack? In some ways it already is. Red Teams are already simulating attacks and breaches for most enterprises and many smaller companies. The automated BAS is where machine learning and AI meets Red Team work, and access to top-notch headcount is getting harder and harder. We invested in SafeBreach last year because we believe the talent crunch and the increased complexity of attack mitigation will drive the momentum for SafeBreach and its few competitors. 2017 is already a record year, and there’s no reason why 2018 won’t see multifold adoption rates — especially when the category is already defined.

)

Guy Horowitz

Written by

Partner @ Deutsche Telekom Capital Partners. Investor @ FireGlass, Replay, AppsFlyer, Morphisec, SafeBreach, Fornova, Dynamic Yield + Siemplify Craft.io, Utilis

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade