Is the Cloud Safe? – The View from Vectra on Reducing Business Risk as Enterprises Aggressively Move to the Public Cloud

Digital transformation is driving enterprises to rapidly enter the next chapter of cloud adoption. Nearly half of current infrastructure-as-a-service Enterprise users are running production applications on public cloud infrastructure. As such, organizations are acutely focused on dynamic scaling, 24×7 availability, streamlined management and development tools to make the migration seamless…yet, security seems to be an afterthought or maybe just assumed to be “locked down” given that the bulk of workloads are at Amazon Web Services, Microsoft Azure or Google Cloud. Given the brands and heft of these mega tech companies, how can these clouds possibly not be secure?

Recent high-profile breaches demonstrate that there are inherent risks in the public cloud. In fact, just moving workloads to these branded cloud providers does NOT make them more secure at all.  It’s clear that enterprises must ensure their security stack is properly architected for the cloud. The recent Capital One breach was a shock to the system.

In the case of Capital One, a combination of a tech savvy team and AWS were breached by vulnerabilities that were known and could have been avoided. Does that mean it’s inherently risky to migrate to the cloud? Probably not, but it is clear we need better tools and processes to make this migration secure, scalable and cost-effective.

In this podcast, TCV’s Tim McAdam and Vectra CEO, Hitesh Sheth, talk about what it takes to reduce business risk in the cloud – and keeping enterprises, consumers and their transactions/interactions secure – while capitalizing on the tremendous opportunities the cloud offers.

For these insights and more, settle back and press play.

***

Tim McAdam: Welcome to Growth Journeys, a podcast series from TCV, focused on lessons from the field from entrepreneurs in the TCV ecosystem. I’m Tim McAdam, General Partner at TCV, and I’m here with Hitesh Sheth, CEO of Vectra, a leader in applying artificial intelligence to detect and respond in real time to cyberattacks in the cloud, data center, and enterprise infrastructures. Hitesh brings a wealth of experience from senior roles at Aruba, Juniper, and Cisco, that affords him important lessons about how enterprises can assess and address security as they migrate workloads to the cloud. These lessons include views on encryption, 5G, and commingled log data, to name a few. We’re covering all these topics today, but first, thanks for joining me, Hitesh, and welcome to Growth Journeys.

Hitesh Sheth: Great to be here, Tim. Thank you for having me.

Tim McAdam: So, let’s start with a relatively simple one, but probably complicated in its scope. What’s the general state of cloud security today?

Hitesh Sheth: Cloud security today is, in my view, where Windows used to be circa 1990s. If you go back in time a couple of decades when Windows started to proliferate, security was really not the first thing that Microsoft thought about. And at that time, it looked like a pretty complex setup with multiple operating system versions, different devices on which Windows was getting deployed, and it felt like it was an endless opportunity for attackers to leverage.

Now, fast forward to today, and if you look at the cloud environment, whether you’re dealing with serverless computing, whether you’re looking at Kubernetes, none of the technologies that are being built for the cloud have had security at the front end, and by comparison we have a thousand-fold more complex scenario than we had when Windows started prevailing from a security point of view.

So, I think the scenario we have right now is that while cloud is taking off exponentially, the security holes that we are facing are indeed very profound.

Tim McAdam: And how do you think enterprises should approach assessing their security vulnerabilities as they migrate these workloads to the cloud?

Hitesh Sheth: One of the most important things that they should think about very carefully is that whatever strategy they had in place in their traditional on-prem networks is not the strategy they should deploy into the cloud. And a good example would be – you think of perimeters when you think of on-prem networks. So traditional firewalls tend to be the way you think about security. That already is disappearing in traditional networks, and that certainly cannot apply when you’re looking at cloud infrastructure.

Now, I think Gartner has come out with a very good synthesis of how to think about building visibility for next-generation SOCs and they’ve got this thing called the Triad, and the Triad has three components to it. There is a SIEM in it. There is NDR, which is network detect and response. And there is endpoint detect and response, EDR. And logically, if you have those three technologies in place, then you have the best shot at delivering comprehensive visibility for the SOC. And the good news there, is that it is independent of whether you’re in the cloud or on on-prem networks as well.

Tim McAdam: Right. And just for the audience, could you define what a SIEM is?

Hitesh Sheth: Absolutely. SIEM is security information and event management systems. A vendor example here would be Splunk. When you’re looking at EDR, a vendor example would be CrowdStrike. And then certainly when it comes to NDR, Vectra would be the example in mind.

Tim McAdam: Perfect. So, talk about encryption for a second and what role encryption will play in securing workloads. And I think there are probably some schools of thought that say, “Why do you need any of this stuff if our data’s encrypted?”

Hitesh Sheth: Correct. So, I think there’s good news and bad news in encryption. Let me start with the good news. The good news is that you can indeed encrypt the traffic from say, the endpoint to the edge of the infrastructure, or to the SaaS application. And so, in theory, you are reducing the opportunities for a hacker to break into that workload or into the payload and initiate a cyberattack. So that’s the good news.

However, the reality is that whether you’re dealing with data centers or you’re dealing with cloud infrastructure, the number of times where the traffic’s going to get encrypted post the edge of the cloud or the data center tends to be very, very limited. And therefore, you have the need to still continuously monitor the inside of the data center or the inside of the cloud for tracking advance attacks. That’s number one.

But number two what is also probably not fully appreciated is that encryption is actually a friend for attackers. So, if your device is compromised, Tim, and then your traffic is encrypted from your device to the SaaS application, then if I’m the hacker, the chances that somebody’s going to pick me up really get diminished. Therefore, you know, logically the only way you can really find those attacks is by looking at the behavior of your device and how you’re interacting with the application. Therefore, behavioral approaches become really essential in this scenario.

Tim McAdam: Right. And that begs the question – that might be a device-specific viewpoint. But how about the data itself? Obviously, multi-tenant cloud applications have effectively commingled log data or log data from multiple customers. Is that a limitation or security risk as enterprises move their workloads to the cloud, and how do enterprises gain comfort that the integrity of their data will remain intact as they move workloads to the cloud?

Hitesh Sheth: The reason logs get commingled in the cloud environment – I’ll come back to the point I made earlier. Security is an afterthought in the scenario. The primary objective of doing that is to add efficiency to IT ops. That is the reason why they do that. For a customer, who is adopting cloud services, you have to reconsider the Triad that I described earlier. You have to have a SIEM. You can take this commingled log data and you can have this centralized in one place for analysis purposes.

But, what is really crucial is that you don’t rely on that by itself. You have to use network detect and response. You have to use endpoint detect and response. And so, the whole point of that Triad is to give you coverage in scenarios like the one you just described.

Tim McAdam: Got it. That makes sense. How about trends around next-gen communications like 5G, for example, and then this whole mindset of zero trust? How do you see these newer trends enhancing, or frankly, causing security issues?

Hitesh Sheth: The benefit of 5G is that we, as users, can bypass traditional networks, and with our devices – whether it’s a phone or a tablet – you can go straight to the cloud and order the SaaS application. You don’t have to worry about your traditional network and the security therein. Which is great.

Now, the challenge with that is that you have just now opened up a direct path into the data without any intermediary layers. So, this is where zero trust is supposed to come in.

Zero trust is supposed to introduce the notion that unless every device is authenticated, it should not be trusted. But frankly, it’s a very simplistic view of security because it essentially says, if Tim on Tim’s phone is authenticated, then Tim and Tim’s device are now automatically safe. But what if somebody stole your credentials? And that happens on a daily basis, as we know. And, therefore, it is not enough to rely on something like zero trust.

You have got to have the right monitoring principles in place in the cloud itself to ensure that if your credentials are stolen on one end, you’ve got the right mechanisms to watch for the behavior of the privileged user in the cloud.

Tim McAdam: Got it. So, let’s talk about responsibility for a second. I recently read a Gartner report that was talking about degrees of hand-off points from infrastructure as a service providers, to platform as a service providers, to SaaS providers. How do you think about this shared responsibility continuum, and do you see this security responsibility changing over time?

Hitesh Sheth: First of all, I think a lot of companies make the mistake of thinking that the security responsibility is solely the cloud provider’s responsibility. And I think that mistake originates from consumers of SaaS applications.

If you are consuming Salesforce, as an example, I think it’s very reasonable to expect that Salesforce has taken care of your security requirements. In theory, that’s generally true. However, if you are the entity that is actually deploying your applications into the cloud environment, having that expectation that AWS, Microsoft, Google, have done the same thing is fundamentally not true.

At the end of the day, the company that’s utilizing cloud resources is responsible for the security of the network layer, the data on top of that, the applications, and how people are interacting with those applications. That responsibility solely resides with the entity that is using those services. And I think even as cloud providers evolve their security offerings, it would be a mistake for consumers of those offerings to relinquish their responsibility back to the cloud provider.

Tim McAdam: So, Hitesh, you can’t pick up the paper today without reading headlines about the shortage of qualified cybersecurity talent relative to the size of the problem. This is a massive issue. Why haven’t more cybersecurity companies adopted an AI/ML framework like Vectra’s given the obvious dearth of humans in the sector?

Hitesh Sheth: I actually think, Tim, that a lot of security vendors are talking about AI today. It’s become one of the pain points for customers, where AI has evolved into a buzzword from vendors, and they talk about it all the time.

The issue fundamentally is that the vendors are approaching this completely wrong, in my view. Even for investors, as they think about investing in companies that are touting AI, the principle of generalized AI simply does not work. Generalized AI equals a human being. And AI is not advanced enough, from a software point of view, to repeat what a human being would do in technology. So, the notion of applied AI is really key here. Applied AI does work as evidenced from the work that we do at Vectra.

And I think the key there is you cannot just take AI by itself. If it’s application-specific, then domain becomes very critical. And one of the early epiphanies that we had in our journey here is that as we experimented with generalized AI, and frankly we made mistakes with that. And what struck us very quickly was that, “Hey, you need security domain, you’ve got to have security domain paired up with AI for this to work.” If I’m a customer, I would be testing for that every single day before accepting a vendor’s word that their tech is actually going to work in my environment. Otherwise, it’s the person behind the curtain actually doing the work, not the software.

Tim McAdam: Right. Well, thank you for making all those generalized AI mistakes before we invested, Hitesh.

Hitesh Sheth: And, yes, we did that in the first few years, Tim, as you know well, but if you don’t make mistakes, you don’t learn. And we are much better off as a result.

Tim McAdam: So lastly, at a recent offsite, one of my partners floated the concept of via negativa, or addition by subtraction, as it related to our business model as investors. That is to say, focus on fewer, more high-impact investment themes or investment types by not focusing on others. Hitesh, should via negativa apply to streamlining the security posture of enterprises as they think about moving to the cloud?

Hitesh Sheth: I think it’s an absolutely fantastic principle for how you think about where you invest in infrastructure broadly and certainly in security, because as we all know, security is rife with a plethora of technologies and vendors pitching the next-greatest tool to customers every single day. Yet, paradigms have evolved very, very rapidly.

So for example, if I am building something from ground up, a customer should ask themselves, why do they really need a firewall? For what purpose? If I have EDR on my endpoint, if I have the right setup for monitoring my workloads in the cloud, what role does a firewall really play? What role does a perimeter play? If you want to save your dollars, OpEx or CapEx, I’ll put something bold out there and say, eliminate the firewall. I would challenge somebody to do that. And then provided they are actually following the SOC Triad – be religious about implementing the SOC Triad.

Do that first and then question the need for spend on anything else next. That’s the approach – that’s how via negativa can apply to security spend.

Tim McAdam: That is bold. I like it. Hitesh, thanks for joining us today.

Hitesh Sheth: Thanks very much, Tim, really appreciate it.

***

The views and opinions expressed are those of the speakers and do not necessarily reflect those of TCMI, Inc. or its affiliates (“TCV”). TCV has not verified the accuracy of any statements by the speakers and disclaims any responsibility therefor. This blog post is not an offer to sell or the solicitation of an offer to purchase an interest in any private fund managed or sponsored by TCV or any of the securities of any company discussed. The TCV portfolio companies identified above, if any, are not necessarily representative of all TCV investments, and no assumption should be made that the investments identified were or will be profitable. For a complete list of TCV investments, please visit www.tcv.com/all-companies/. For additional important disclaimers regarding this document, please see “Informational Purposes Only” in the Terms of Use for TCV’s website, available at http://www.tcv.com/terms-of-use/.


Vectra raises $100 million led by TCV to secure the cloud using network threat detection and response

SAN JOSE, Calif., June 10, 2019 /PRNewswire/ — Vectra, the leader in network threat detection and response (NDR), today closed a $100 million round of funding led by TCV, one of the largest growth equity firms backing private and public technology companies. Existing investors also participated in the funding round, bringing the company’s total funding to date to more than $200 million.

Vectra will use the investment to accelerate global market expansion and R&D innovation, solidifying its Cognito platform as the market-leading solution for artificial intelligence (AI)-driven cloud security using NDR.

The cloud has critical security gaps that leave organizations vulnerable. Cyberattackers take advantage of these gaps without leaving a trail of evidence. Underscoring this risk, a recent survey by the SANS Institute found that one in five businesses had serious unauthorized access to their cloud environments this past year alone, and many more were unknowingly breached.

The Cognito platform addresses these security gaps by providing 360-degree visibility into cloud, data center, user and internet-of-things (IoT) infrastructure, leaving attackers with nowhere to hide.

“TCV has an extensive track record of partnering with enterprise security companies, including Rapid7 and Splunk, from growth stage to public,” said Tim McAdam, general partner at TCV and a member of the Vectra board of directors. “In our research on the category, it became clear to us that Vectra was rapidly gaining momentum with customers by rethinking the way enterprises view both network and cloud security. The Vectra Cognito platform is poised to become requisite in the security infrastructure of multinational enterprises and midsize businesses alike.”

“The cloud has inherent security blind spots, making it imperative to eliminate cyber-risks as enterprises move their business to the cloud,” said Hitesh Sheth, president and chief executive officer at Vectra. “The Cognito platform enables them to stop hidden cyberattacks in the cloud. We look forward to partnering with TCV and our existing investors as we continue our rapid growth.”

Vectra experienced 104% growth in annual recurring revenue in 2018 compared to 2017. The company will continue to ramp up initiatives aimed at addressing the global deficit in cloud security, innovating on its existing platform and expanding its global customer base.

Cloud Security Solutions Forecast, 2018 to 2023” by Forrester Research, Inc.

About Vectra
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream sends security-enriched metadata to data lakes and SIEMs. Cognito Recall is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect uses AI to reveal and prioritize hidden and unknown attackers at speed. For more information, visit vectra.ai.

About TCV
Founded in 1995, TCV provides capital to growth-stage private and public companies in the technology industry. Since inception, TCV has raised over $15 billion in capital and has helped guide CEOs through more than 120 IPOs and strategic acquisitions. TCV’s investments include Airbnb, Altiris, AxiomSL, Dollar Shave Club, EmbanetCompass, EtQ, ExactTarget, Expedia, Facebook, Fandango, GoDaddy, HomeAway, LinkedIn, Netflix, OSIsoft, Rapid7, Rent the Runway, Sitecore, Splunk, Spotify, Varsity Tutors, Webroot, and Zillow. TCV is headquartered in Menlo Park, California, with offices in New York and London. For more information about TCV, including a complete list of TCV investments, visit https://www.tcv.com.

Media contacts
John Kreuzer
Lumina Communications for Vectra
vectra@luminapr.com

Katja Gagen
TCV
kgagen@tcv.com 
415 690 6689

SOURCE Vectra

Related Links

https://www.vectra.ai

Welsh, Carson, Anderson & Stowe to Lead Majority Investment in Avetta Alongside TCV and Norwest Venture Partners

OREM, Utah, March 21, 2018 /PRNewswire/ — Avetta (www.avetta.com), a leading provider of cloud-based supply chain risk management solutions, today announced that Welsh, Carson, Anderson & Stowe (WCAS), a leading private equity firm focused exclusively on the technology and healthcare industries, will acquire a majority equity interest in the Company. In addition, TCV, a leading provider of capital to growth-stage private and public companies in the technology industry, will acquire a minority equity interest in Avetta. Norwest Venture Partners (Norwest), a premier multi-stage investment firm that partnered with Avetta in 2012, intends to retain a portion of its investment in the Company, alongside the founders and management.

Avetta provides cloud-based supplier risk management and compliance software that allows enterprises to more effectively manage and qualify service providers performing activities across their global operating sites to drive better safety, regulatory compliance and sustainability outcomes. The Company’s platform centralizes the management of contractors in a single system, enabling efficient assessment of safety, compliance and performance records. Avetta’s customers include more than 220 enterprises in over 100 countries. Over 55,000 suppliers and service providers use Avetta’s platform to manage their relationships with enterprise clients.

“We are proud of the role played by Avetta today in connecting the world’s leading organizations with qualified suppliers, contractors and vendors, and look forward to the next phase of our Company’s growth,” said John Herr, Chief Executive Officer of Avetta. “As we welcome WCAS and TCV on board as new partners to Avetta, we also thank Norwest for the support they have provided to our team over the past six years. We are excited to benefit from the combined support and expertise of WCAS, TCV and Norwest.”

Christopher Hooper, General Partner of WCAS, said, “Avetta is a compelling network-based platform given its clear and quantifiable value proposition to both enterprise clients and suppliers, underpinned by a scalable cloud-based software platform and distinguished by a strong leadership team. We look forward to partnering with and supporting John Herrand the broader Avetta team to capitalize on the Company’s significant growth opportunities to build the premier global supply chain risk management platform and continue to enhance safety, compliance and sustainability outcomes for its customers.”

David Yuan, General Partner at TCV, said, “The Avetta platform is unique in that it helps transform how enterprises assess and mitigate risk within their supply chains, simplifying the engagement and evaluation of suppliers to ensure alignment with each client’s unique operating requirements. We are excited to partner with the Avetta team as it pursues a broad range of market opportunities.”

Jon Kossow, Managing Partner at Norwest, said, “This is a fantastic outcome for Avetta’s founders, management team and shareholders. The Company’s technology platform, product roadmap and huge greenfield market opportunity suggest a future that’s just as bright for all parties involved.”

The Company has locations in Utah, California and Texas, with international offices in the UK, Australia and Canada.

Avetta and Norwest were advised by William Blair & Company, LLC. WCAS was advised by Raymond James & Associates.

About Avetta

Avetta provides a cloud-based supply chain risk management platform. Avetta’s global solution connects the world’s leading organizations with qualified suppliers, driving safe and sustainable supply chains. Its next-generation software is used by more than 55,000 active customers in over 100 countries to reduce risk and optimize efficiency. Over 220 of the world’s biggest organizations depend on Avetta every day. See www.avetta.com for more information.

About TCV

Founded in 1995, TCV provides capital to growth-stage private and public companies in the technology industry. Since inception, TCV has invested over $10 billion in leading technology companies and has helped guide CEOs through more than 110 IPOs and strategic acquisitions. TCV’s investments include Airbnb, Altiris, AxiomSL, Dollar Shave Club, EtQ, ExactTarget, Expedia, Facebook, Fandango, GoDaddy, HomeAway, Netflix, Rent the Runway, Sitecore, Splunk, Spotify, VICE Media, and Zillow. TCV is headquartered in Palo Alto, California, with offices in New York and London. For more information about TCV, including a complete list of TCV investments, visit https://www.tcv.com.

All brands, names, or trademarks mentioned in this document are the property of their respective owners.

SOURCE Welsh, Carson, Anderson & Stowe; Avetta; TCV; Norwest Venture Partners

Contact:

Katja Gagen, TCV

kgagen@tcv.com

415-690-6689