Friends of Paladin:
With 2017 now underway, we want to share with you our Annual Cyber Year in Review.
2016 was another watershed year for cybersecurity, with several key trends to highlight as well as new themes likely to emerge as we move into 2017.
Cyber Security Trends in 2016
Looking back on 2016, it was a year filled with both excitement and controversy. U.S. Government agencies, major political parties, and state and local election systems were the targets of invasive cyber attacks that aimed to undermine our government and, in a new disconcerting development, the very integrity of our democratic system by influencing the 2016 presidential election.
In February, hackers breached the U.S. Department of Justice’s (DoJ) systems and released the names, phone numbers, and email addresses of 20,000 FBI employees, as well as those of 10,000 Department of Homeland Security employees whose information was accessible through the DoJ.
These so-called ‘hacktivists’ attacked Justice’s systems to protest U.S.-Israeli relations, claiming they would not stop until the U.S., “cut relations with Israel.”
In June, the Democratic National Committee (DNC) revealed it had been hacked by two groups linked to the Russian government and several states reported their election systems being probed by foreign entities.
While some attacked the U.S. government for political gain, others attacked U.S. companies for economic gain. Several healthcare providers, including MedStar Health, were paralyzed by ransomware attacks. The attacks forced hospitals to take their patients’ records offline for days, threatening doctors’ ability to prescribe medications, conduct emergency treatments, and record vital information. Technology stalwarts such as Yahoo and Oracle suffered significant financial losses and public backlash as a result of data breaches that compromised the personal information of employees and users.
In addition to stealing data, cyber attacks also proved their ability to disrupt critical systems. In October, a massive and highly sophisticated Distributed Denial of Service (DDoS) attack against a key Domain Name System (DNS) infrastructure provider caused extended service outages for prime Internet properties such as Twitter, Amazon, and Netflix, among many others. Not only was this DDoS attack unique in its scale, but it also showcased the highly vulnerable state of Internet of Things (IoT) endpoints – the attackers leveraged millions of unsecure smart home devices, turning them into an army of bots for the attack.
Further, we witnessed an increase in successful cyber assaults and attacks perpetrated by Iran against Saudi Arabia, by Russia against Germany and the U.S., by hackers against SWIFT (the global interconnection system between financial institutions) and critical infrastructure assets including dams and electric grids.
Paladin’s Year in Review
As the challenges of cyber security grow daily, Paladin in 2016 continued to prioritize investing in innovative companies and technologies designed to counter evolving cyber threats, building its cyber security practice by forging strong partnerships and collaborating with leading cyber security entrepreneurs and professionals.
Paladin’s thesis-driven cyber investing around the adoption of digital platforms which critical infrastructure is dependent upon is more relevant than ever, proven by a vibrant deal flow delivering multiples of new opportunities each week. Our focus is not only on cyber security investing, but also includes digital enablement and monitoring and management, providing us with a broader set of investment opportunities, expanded market size, and ultimately maximizes returns for our investors. Highlights from this year include:
Firm Leadership: Chris Inglis joined the firm as Managing Director. Mr. Inglis is the former Deputy Director and senior civilian leader of the National Security Agency (NSA). As NSA’s former chief operating officer, Mr. Inglis was responsible for guiding and directing strategies, operations, and policy. He brings key experience and expertise for Paladin’s cyber security practice, influencing future cyber security partnerships and investments.
Cyber Fund: In 2016, Paladin closed five investments through its new Cyber Fund. The Cyber Fund includes limited partner commitments from sovereign wealth, institutional, and high net worth investors from the United States, Europe, and the Middle East. Our new investments included:
- Digital Shadows: In February, Paladin participated in Digital Shadows’ $14 million Series B funding round. Digital Shadows’ cyber situational awareness tool, SearchLight, allows users to continuously monitor more than 100 million data sources in 27 languages across the visible, deep and dark web. Paladin participated in the financing alongside Trinity Ventures, Storm Ventures, Passion Capital, and TenEleven Ventures.
- Elliptic: In March, Paladin led Elliptic’s successful Series A funding round, closing the round with $5 million total. Elliptic’s products use graph analysis and machine learning to provide risk management solutions for blockchain based transactions. Paladin’s co-investors in the financing included Santander InnoVentures, Digital Currency Group, KRW Schindler, and Octopus Ventures.
- RiskSense: In August, RiskSense announced it closed a $7 million round of funding led by Paladin. RiskSense is a pioneer and market leader in proactive cyber risk management. Paladin was joined in the financing by a Fortune 500 strategic investor, Epic Ventures, and Sun Mountain Capital.
- Expel: In September, Expel closed a $7.5 million Series A funding round led by Paladin. Expel is developing a technology platform and unique customer engagement model to help enterprises decrease the burden of maintaining security systems and acquiring scarce cyber security talent. Paladin was joined in the Series A by New Enterprise Associates (NEA), Battery Ventures, Greycroft Partners, Lightbank, and other strategic and individual investors.
Paladin III: Several of Paladin’s portfolio companies continued on a robust growth trajectory this past year, successfully completing later stage financing rounds. In total, portfolio companies in our Paladin III Fund raised over $350 million in growth capital in 2016. Some of the financing and performance highlights in this portfolio included:
- PhishMe: Paladin led PhishMe’s successful Series C financing of $42.5 million. PhishMe’s innovative products aim to engage public and private sector employees in cyber security by conditioning behavior to recognize and report malicious phishing emails, thus providing security professionals with critical, real-time attack intelligence.
- WhiteOps: Paladin led WhiteOps’ $20 million Series B financing. WhiteOps provides solutions to detect and stop Sophisticated Invalid Traffic (SIVT, also known as bot fraud) for the digital advertising market. In December, WhiteOps exposed the largest scale ad bot fraud network uncovered to date, involving Russian-based “Methbot” operators siphoning $3-5 million per day from U.S. brand advertisers and media companies.
- Endgame: Endgame continued its solid growth, securing a $19 million endpoint detection and response (EDR) contract with the U.S. Air Force to safeguard networks of their elite Cyber Protection Teams. Endgame’s comprehensive EDR platform succeeds where others fail, detecting attacks at their earliest stage, without prior threat intelligence.
- Anomali: Paladin helped Anomali secure $30 million in Series C funding, as well as an investment from In-Q-Tel, the independent investment arm of the U.S. Intelligence Community (IC) focused on identifying innovative, advanced solutions for IC customer needs. Anomali is a leading cyber threat intelligence platform provider.
- BugCrowd: Paladin participated in BugCrowd’s $15 million Series B funding. BugCrowd leverages the intellectual power of its community of 45,000+ security testers and white hat hackers, allowing customers to proactively uncover and resolve security deficiencies in their products.
Cyber Security Outlook in 2017
Looking forward to 2017, we anticipate cyber security concerns growing beyond computers, tablets, and smart phones as new digital platforms are adopted. We see the following key trends:
The Internet of Things (IoT) will continue its explosive growth. Consumers are eagerly accepting home control devices, such as the Amazon Echo and Google Home which act as personal assistants, manage household utilities, and serve as a connection point across various on-line accounts and household devices. Yet these smart home systems continue to pose a significant security threat by introducing additional vulnerabilities to existing networks. When these single endpoints are breached, hackers can gain control of devices for use in DDoS attacks, expose personal account and financial information, or eavesdrop and surveil compromised households.
We see 2017 being the year of debate about the ethical and legal aspects of “offense,” in the sense of moving the fight to the adversary. We expect to see a shift from cyber reaction to cyber hunting as analytics and artificial intelligence tools come of age to help security operations centers be more proactive in surveillance. Commercial adoption of these types of products and services in 2017 will enable enterprise customers to shift from reactive defense to “offense” within their own networks. As security teams use these technologies to create an active defense, the line between defense and offense will inevitably blur.
In addition to consumer device vulnerabilities, the growing adoption of autonomous platforms will begin to revolutionize transportation and logistics, with autonomous vehicles, drones, and machinery expanding the list of cyber targets – with serious safety implications.
Paladin’s distinguished Strategic Advisory Group (SAG) chaired by Richard Schaeffer and under the leadership of Sir David Omand, Richard Clarke, Sally Tennant, and Jeremy Bash, predicts 2017 will see more efforts to legislate mandatory cyber regulations for the thousands of private companies that provide and defend our nation’s critical infrastructure. They also believe the cabinet nominees proposed by the President-Elect for Defense (retired four-star Marine General James “Mad Dog” Mattis) and for Homeland Security (retired four-star Marine General John Kelly) have substantial cyber offensive and defensive backgrounds. Should these gentlemen be confirmed by the Senate, we can expect the U.S. government will enhance and expand its cyber research, development, offensive and defensive capabilities, and purchase of cyber security technologies, products, and services.
As cyber sabotage, espionage, disruption, and destruction continue, Paladin remains well placed to continue to leverage its knowledge, skills, and networks gained over our 15 years of cyber investing for the benefit of our investors.
In 2017 and beyond, Paladin is well-positioned to identify and invest in companies and technologies focused on the ever-growing list of cyber challenges and opportunities.
We wish everyone a happy, safe, and prosperous New Year!
Michael R. Steed, Managing Partner