Recently, endpoint-protection startup LightCyber announced a second round of funding - $20 million – including an investment from an individual investor with an impressive track record backing successful security startups: Shlomo Kramer.
Kramer, who is Israeli, has a long-term relationship with the company’s CEO Gonen Fink, who worked with him for years at Check Point Software where Kramer was one of the founders.
That close personal tie had some influence on his decision to back LightCyber, but he also sees it as a company with an answer for an existing problem for which there is a big market. That is one of the key characteristics Kramer looks for when making investments.
He has a good eye for what will be successful. He has been involved in Check Point, Palo Alto Networks, Trusteer, Imperva, Exabeam, Indegy, Cato Networks and a long list of other startups. His involvement ranges from investing to serving as an executive to sitting on boards of directors.
Recently he spoke with Network World Senior Editor Tim Greene about LightCyber and how he goes about analyzing what companies to back. Here is an edited transcript of that interview.
What drew you to LightCyber?
One is the market. The notion of inside of the network and the outside of the network is merging. So internet security is really important and a big market and is growing to be an important category of solution. The second thing is the product. I think they’ve done a tremendous job in building a solution that doesn’t simply address the high-end organization but provides real greatly ignored [capabilities] for the mid enterprises as well.
So organizations that don’t necessarily have the manpower (or) the expertise to handle complex, chatty, noisy solutions but are looking for something that is very accurate, delivers just the actionable events. And finally, I’ve known Gonen for many years, (he) was one of the early employees at Check Point, did an outstanding job running - he was the chief product officer throughout the growth years of the company - so I’m delighted to work with him again.
How did the company come to your attention?
Basically Gonen kind of talked to me after he joined the company and we started a dialog.
Do you see that they have any advantage over their competitors?
Certainly their ability to detect slow and low type of attacks, sophisticated attacks using machine learning behavioral analysis of the traffic. I think that kind of breaks through versus the previous generation of intrusion-prevention solutions. Second is the scope of the solution. They cover signals both from the network and the endpoint. It’s either a network signal or an endpoint signal with all the other players in the market. And finally they package all this sophistication and breadth into a solution that is very accessible not only for the sophisticated organization but also for the midmarket, which is also I think very, very unique in this category.
Why do you have your finger in so many pies?
My involvement has two sides to it. One is operational. So I was one of the founders of Check Point, and then I was the founder and CEO of Imperva for 12 years, and in the last three years, the founder and CEO of Cato Networks. So that’s one aspect of the activity, and the other involves that I invest and sit on the board of companies and mentor the founders. In the more significant investments I am part of the company - Trusteer, that was sold to IBM, and I was the founding investor at a company called Lacoon Mobile Security that Check Point bought, a company called Secure Island that Microsoft bought and WatchDox a company that Blackberry bought. Some of my current investments - Exobin, which is a kind of a next generation SIEM play, Indegy, which is an industrial cyber security play, and we’re talking about LightCyber. And I have also other investments outside of security in other areas.
What are your outside interests?
One area is about trying to quantify risk and building a solution around that analysis of risk, so I invested in a company called Fundbox, which actually is doing great in cash advances to small businesses. So that’s an example of a company. [Insert Mobile] is a company with technology that comes from the security world of instrumenting mobile applications but the use case here is the fact that marketing organizations for mobile really want to innovate and change the application and engage with customers … but they are tied to development organizations.
Every change takes time and its six-months of a development cycle. So there’s a lot of friction between the innovation that the marketing wants and the development cycles on the IT side. And they came up with a solution that’s breaking this lock, that allows the marketing organization to innovate and change the application without the involvement of the development team on the instrumentation of the application.
Finally is a company called Gong. They are kind of a SaaS application that lets you record [inside sales conversations] to voice recognition and natural language and turn that data into business information and a management tool for the organization. Cato Networks, the company of which I am the CEO, is using this in the beta. And last but not least is Cato Networks, which I am really devoting all of my time to.
When you look at the way business is conducted today it’s not location-bound. It’s done everywhere on mobile devices building SaaS applications somewhere else, data in some AWS data center. This kind of gap between the shape of the business and the shape of the locality of [security] appliances creates huge challenges for the organization, for the networking side and the security side. So both the network security stack and the wide area network stack – MPLS, IP VPN – are really broken, and this is like a $50 billion market that is being transformed by cloud and mobility and Cato is proud of being a kind of a new architecture that meets the needs of organizations.
What are the key factors you look at when considering investing in a company?
First of all I really focus on areas where I have a lot of domain knowledge. My portfolio target is very concentrated around security. I really like companies that go after an existing market and sense a disruption, because then the use cases are very clear, the budgets are already there for refresh and renewal, and what you need is to address a new way of doing things in this market.
The other is companies that are in a market that I can feel is going to be an important market. This is more of a gut feeling. I invested for example in mobile security where it’s obvious that mobile security is going to be important. Both Lacoon and WatchDox are companies in this category and both are very good outcomes. One was bought by Check Point, one was bought by Blackberry. But in general I would say that the mobile security market, if I look in hindsight happened much more slowly than I would have expected. I can’t provide an analytical thing on what I’m looking for in the new markets except for the timing.
I would say great entrepreneurs is the number one requirement because a lot of the companies that I was involved with ended up doing not what they started doing. The number one parameter for success in these companies was the ability of the entrepreneurs to be intellectually honest, one, and second being smart enough to be able to navigate the market. Really these smart entrepreneurs are the key. So I guess a great market, a fertile market, let’s say it like that, and very smart entrepreneurs are the combinations that I am looking for.
How old are you?
Are you ever going to retire?
I don’t think of what I’m doing as work. I’ve been very fortunate to do what I like to do so I don’t see that kind of retirement as something that is an option.