“It’s all the same, only the names will change …” — Bon Jovi
Thrilled to be investors again in Cylance… and yet for the first time on behalf of our new firm, Ten Eleven Ventures.
Our firm only started recently, so this is the first round of Cylance fundraising in which Ten Eleven could participate. The name of the investing entity has changed a few times, but the belief in the founder, team and mission has never changed. What made it easy to advocate investment in Cylance was Stuart’s passion and belief system in his vision. Additionally, Stuart brings a very detailed knowledge of the competitive landscape that he’s going to disrupt, from a decade of various entrepreneurial roles as a co-Founder of Foundstone and then as McAfee Worldwide CTO.
Investing in Cylance is a play on several industry themes, beyond the obvious strength of the entrepreneur and team. In the early days, they were an advocate of the controversial view to many VCs that services business models can seed product businesses. There is a dated view in VC circles that somehow “services” are bad business. While this may be true in enterprise software or general IT, in a unique field like cybersecurity, services are a strategic way to subsidize customer acquisition costs for your products. Innovators at the early stages work closely with customers and have technical teams closely aligned with their missionary customers. Cylance and 1011 share the view that we might as well get paid for our SE and early customer work, if we can add that value to our first deployments.
In addition, it establishes Cylance as the trusted advisor and partner to the customer, something that is beyond the scope of marketing ROI calculators. Some three years later, this use of services as a starting business model, controversial to some investors, now seems visionary. After our success and the publicly observable success of Mandiant that culminated in its $1 billion acquisition by FireEye, the debate seems over on whether cybersecurity services and products can and should reinforce each other in the same business.
The second major area that Cylance saw very early — but has now become common knowledge — is the failure of signature-based AV. Malware writers today use the 70 or so popular threat security software packages (traditionally Anti Virus) as quality assurance testing on their code. If they can’t deceive the shipping versions of AV, they will simply go back to work on deception techniques. There were a handful of security entrepreneurs and VCs also aware of AV’s declining effectiveness, but Cylance had the right call and gut instincts on the ultimate operational and scaling shortcomings of the other early approaches to replace AV (whitelisting, sandboxing, behavioral).
Finally Cylance tapped fully into automation and machine learning in building a new approach to malware. These concepts are all the rage now in using automation and big data to facilitate better security outcomes, but three years ago when we started, they were less obvious and less supported by investors. Cylance is the original “AI of AV”.
Cylance is a special company to Ten Eleven, in that it’s where Mark and I conducted our first complete company founding and inception at the same time. This was a real “proof of working together” and a great opportunity where we partnered with the founder to help him raise funds, recruit employees and be a trusted advisor for whatever he had on his mind. We were involved with different firms at the founding of Cylance, but both became founding board members as part of the investments. The original mission was the same thing Cylance has built and delivered today: machine-based learning applied to malware reversing. It has been validating to the 1011 fund thesis in our support of Cylance, that conversing with the team in the entrepreneurs’ language and the industry’s language can really make the crucial difference in building security companies.