Tackling Cyber Security from the Inside Out

Authors: Albert Wang, Director at Qualcomm Ventures and Houman Haghighi, Director of Business Development for Qualcomm Ventures

Technology has made the world more “connected” and seamless by giving us the ability to do just about anything like making purchases via any of our mobile devices, access our medical records and communicate with people across all geographies. The upcoming wave of Internet of Things further expands the reach of the “network” to many previously unconnected consumer electronics and industrial equipment. While these advancements bring a great deal of progress, they also bring an enormous amount of risk and threat as the opportunity of cyberattacks also increases as a result of the increased endpoints.

In the enterprise world, the consequences of a network security breach can be very severe. Unfortunately, in recent years we have seen many high profile enterprise security breaches, such as the major cybersecurity breach of one of the biggest entertainment film studios resulting in the exposure of several private emails. Or the breach of a major retailer that compromised personal information and data of over 70 million customers. And the huge federal government data hack of 2015 that negatively impacted 22.1 million people. These examples highlight the reality that the threat is real and ever evolving. According to Experian, 43% of companies had a breach that resulted in the loss of 1000+ sensitive and confidential records. Such incidents have brought to light the need for more sophisticated solutions to combat the ever-changing network security threats.

High profile enterprise cyber security breaches have triggered a surge of startups that offer various solutions to an ever growing list of security problems. As enterprises bring in various types of security companies, each addressing specific needs and at times overlapping capabilities, it is leaving the typical Chief Information Security Officer (CISO) with more questions than answers. As a result, the validation of security controls is becoming extremely important within enterprise networks. As more endpoints and IOT devices proliferate within networks, it is resulting in higher points of exposure and ultimately in a larger attack surface.

AttackIQ is a security startup that aims to provide significant insight on the performance of various tools and the security health of a network. AttackIQ has a unique way of detecting cyber security threats which automates a red team approach providing a continuous testing mechanism. This approach essentially addresses the network security from a new angle. Their goal is to poke as many holes as possible in an enterprise’s security measures from the inside out performing continuous testing vs. the typical extremely expensive work for hire, point in time consultants. Their solution challenges the security industry as it is today by providing an audit of the effectiveness of security controls and of enterprise networks.

When Qualcomm Ventures, the investment arm of Qualcomm Incorporated, first came across San Diego based, AttackIQ one of the things that stood out about the company was not only the strength of the team but the unique approach they were taking. As a leader in the mobile space, Qualcomm has a deep understanding of mobile terminals and how these systems could be comprised. We leveraged that knowledge when assessing the company and what stood out about their solution was both their inside out approach as well as the fact that their solution leverages the knowledge of the enterprise security community. This is an important element since that has always been the best fountain of information leading to the most relevant and up to date data. Looking at historical success when we invested in Waze we were very impressed with the way they used crowdsourcing of information to improve the effectiveness of their solution. Waze set out to create maps and relevant real-time information utilizing the data from the many nodes (people) that functioned as sensors in the real world. The model proved to be successful with Waze and when we saw it applied to security, we saw the potential. AttackIQ has built a first of its kind crowdsourced moderated recipe for security. The crowdsourced aspect can enable enterprises to run test sequences based on input from security experts in other enterprises. This in turn, strengthens the capabilities of the solution and findings.

We believe this is a large opportunity and one that AttackIQ is poised to make a significant impact. As technology continues to advance and the amount of connected people and things becomes even more predominant, the proliferation of cyber threats will grow. The impact this will have on enterprises will be extensive and costly. To put this in perspective, the total cost of security breaches in the world in 2013 was $300Billion. In 2015, companies spent a total of $655 million on security testing tools.

We recognize the importance of combating these threats and supporting companies that are providing differentiated solutions that can help enterprises protect their data and in turn protect consumers. We feel that AttackIQ can make a difference in helping enterprises improve their security. We welcome them to the Qualcomm Ventures family!

Albert Wang is a Director at Qualcomm Ventures. His current investment focuses are mobile cloud computing and cross-platform solutions with an expanded interest in disruptive startups that harness the confluence of social, mobile, and cloud computing trends. Learn more at https://www.qualcommventures.com/team/albert-wang

Houman Haghighi leads Qualcomm Ventures’ external business development efforts which include building and maintaining key relationships, strategic partnerships and furthering the portfolio company value add program. Learn more at https://www.qualcommventures.com/team/houman-haghighi