As the dust settles from the apparent demise of Norse Corp., IT security professionals are looking at lessons that can be learned from the collapse of a company that was until recently considered one of the fastest-growing threat intelligence companies.
Norse has yet to comment on a detailed report by Brian Krebs over the weekend that said the company was “imploding.” An individual at a public relations firm that was working with Norse in November told SCMagazine.com that the firm is no longer working with Norse.
The developments at Norse raise uncomfortable questions for threat intelligence companies. Industry sources expect customers will more aggressively evaluate threat intelligence vendors. “I think threat intel feeds will be vetted better,” said RiskAnalytics director of threat intelligence Wayne Crowder. He expected customers to ask difficult questions vendors and demand that they differentiate threat data.
The scenario customers purchasing threat intelligence data for a six-figure fee will decline, he said, noting. “The à la carte option that applies to a specific sector or vertical may increase."
Paul Mockapetris, chief scientist at ThreatSTOP and inventor of the Domain Name System (DNS), said the situation is a “wake-up call” to figure out what products actually work. However, he doesn't believe consumers will be able to determine the products and services that are most effective. “The analyst community and journalists are going to need to ask the hard questions,” he said. For instance, last year Norse was placed on the industry's Cybersecurity 500 list.
The Norse website was offline on Sunday, then went back online temporarily on Monday and Tuesday, and was offline again as of press time.
Krebs reported that Norse's assets could be folded into SolarFlare, citing anonymous sources. A distressed sale to SolarFlare could make sense; the security software and hardware provider shares one of Norse's main investors, the venture capital firm Oak Investment Partners. The firm invested $10 million in Norse's series A, led by Oak Investment Partners partner Bandel Carano in 2013. (Norse raised another $11.4 million from KPMG in a Series A1 transaction in September 2015.)
The backend infrastructure that Norse created could be valuable to a buyer, said Crowder. He told SCMagazine.com, “The challenge for anyone who buys it will be in communicating how the product will differ from Norse.”
The Norse meltdown will certainly affect the venture funding landscape for threat intelligence companies, and could even have an impact on funding for the cyber security sector in general.
Venture investments into cybersecurity companies tend to differ from the traditional VC model in which investors assume most of their investments into startups may fail, while the successes fetch high multiples that justify the rest of the portfolio. Cyber security investments tend to be more conservative. That pattern is likely to increase following Norse, said RedSeal CEO Ray Rothrock.
“I hate to see it, but this may be the result of too much money in the business,” said Rothrock, previously a partner at venture firm Venrock Associates. Recent investment data suggests he may be right. According to CB Insights, cybersecurity investments increased from $1.1 billion to $3.8 billion, or 235 percent growth over the past five years.
Mockapetris at ThreatSTOP said he expects cybersecurity will continue to attract investors. Speaking with SCMagazine.com, he said, “The fact that investors pour so much money into cyber companies proves that it's an unmet need.”