Where founders should focus to capitalise on the $2tn security opportunity

(Thanks to our MBA intern Shyam Anjaria, who co-authored this piece.)

This is the second part in our mini-series on the evolving security market. In part one, we looked at the status quo, and examined the drivers priming five technology areas for disruption. You can read it here, but to recap:

Security spend is increasing, as businesses attempt to shore up their defences against new and growing threats. Attacks are on the rise, as bad actors exploit the vulnerabilities created by the proliferation of SaaS integrations, and the potential of GenAI.

Buyers are investing in tools that streamline and integrate defence layers, in order to reduce cost, complexity and risk. At the same time, they’re exploring AI solutions to automate as much as possible, and fight back against sophisticated threats.

We see scope for innovative solutions in Cloud Security, Identity and Access Management, DevSecOps, Security of Things and AI Security. Founders that can identify emerging pains in these areas, and be first to market with products that solve them, could achieve considerable scale. 

Let’s take a look at the trends we think founders should pay attention to, what market-winning products would look like, and which companies are currently leading the charge.

The direction of travel for security solutions

Security leaders are strategising to remain secure and competitive in a changing threat landscape. We’ve noticed four key themes developing in the space, and influencing where businesses spend their money:

1) Shift-left development is critical

It’s no longer enough to treat security as an add-on. As cloud adoption increases, so too are breaches across the environment. And, as modern software becomes more complex and more interconnected, traditional late-stage security measures are proving insufficient to address new and growing vulnerabilities. Instead, security needs to be considered from the outset, and embedded at the core of the application development process. 

There are a number of benefits to doing so. Most obviously, shift-left improves overall security posture – but it also drives efficiency gains. By baking security into the development lifecycle from the start, potential issues can be flagged and fixed early. This accelerates the delivery of secure applications, and reduces redevelopment costs. With more industries now becoming subject to data, system and network security regulations, shift-left is critical to keep compliance costs and processes under control.

2) The future is ZTNA

As internal and external threats multiply, zero trust network access (ZTNA) is the only way for any security programme to succeed. The threat landscape is evolving and expanding. Today, threats can originate from anywhere: the rise in remote work means more users are accessing corporate resources from different locations and devices, and the multiplication of third-party integrations increases the risk of internal environments being breached. Traditional security models can’t keep up.

ZTNA addresses these challenges by treating all users and devices as potential threats. It keeps networks, applications and data secure by ensuring that external users never gain access, and that internal users only gain access to authorised applications. By enabling micro-segmentation, and isolating access across multi-platform environments, ZTNA helps avoid breaches, and takes the complexity out of compliance.

3) Securing AI will unlock scale

AI expands the enterprise attack surface, offers new ways for adversaries to exploit them, and increases complexity for security professionals. In particular, there’s a growing fear of data poisoning – that the proprietary data enterprises use to train their own AI models will be exposed to the outside world – and model theft.

If data is interfered with, it can impact the model’s accuracy. And, because AI is increasingly being integrated into wider applications and systems, it can also put critical infrastructure at risk. The stakes are high: AI adoption is accelerating rapidly across industries, and market leaders are seeing explosive revenue growth.

Securing AI is therefore not only a protective measure, but a potential market opportunity. Unsurprisingly, businesses are becoming increasingly aware of the importance of protecting their own AI models against the risks posed by others, and taking proactive measures to prevent them.

4) Security is being verticalised

Several segments within security – especially IOT security, Cloud security and IAM – are trending towards verticalisation. There are a number of reasons for this. The first is to shore up defences against breaches. Misconfiguration is one of the leading causes of security breaches. With virtualised software, specific nuances can be factored in. Likewise, it can be developed to protect against the specialised attack vectors that present in each industry.

The second is to make governance and compliance easier to manage. Different verticals have different degrees of sensitivity to risk, and therefore different priorities when it comes to their security tooling. Data security in a healthcare business looks different to data security in a media business, not only from a regulatory perspective (where it’s classed as ‘critical’ and sensitive, respectively), but also in terms of the way it is governed. As more segments emerge, more nuance is required, and this is leading to the development of verticalised products.

Verticalisation is an important growth lever. Industry-specific regulatory expertise is becoming a critical factor in security procurement decisions, and those that have it will shorten both their sales cycle and their pathway to scale.

The winning hand in security

In this context, we think winning products will be those built around four core capabilities:

1) Seamless integration into shift-left

With DevOps and security teams working together more closely, enterprises will be looking for tooling that creates an effortless dynamic between the two. A critical assessment criteria will be how seamlessly products integrate into the software development lifecycle, and enable shift-left security.

2) Ease of configuration

Misconfiguration is one of the most common causes for security breaches, and consequently one of the highest costs for enterprises. But solutions shouldn’t only focus on ensuring they detect misconfigurations: those that create a playbook to enable fast, effective configuration will be better placed to prove their value.

3) Remediation at the core

Automated breach remediation is one of the highest priorities for security leaders. It's also among the most difficult propositions for founders to build. 

Solutions that automate the remediation of high-priority vulnerabilities, or at least put a stop-gap in place, will do well. Winners will leverage GenAI to go beyond rules-based remediation, further reducing manual intervention while limiting the reach and impact of breaches.

4) Flexibility and speed

Security solutions tend to have longer sales cycles. This is usually for one of two reasons: a lack of flexibility, or the lead time it takes to effectively implement the solution. Disruptors will find success in these spaces by creating flexible solutions that seamlessly integrate across different tech stacks.

Essential qualities for security founders

These are the core capabilities that products need in order to succeed in the new future of security – but what about founders? In an increasingly competitive space, leadership teams need to be sure they have the right personal attributes as well as the right product in order to achieve outsized results.

The founder’s journey is hard. Relentless hustle, a clear view of their why, and an ability to turn mission into actionable strategy are crucial skills. Founders need to be great people managers, too; able to pull together best in class talent, and nurture a culture in which teams thrive. 

Change is the only constant in scaling businesses, so the ability to adapt and thrive is paramount. This is underpinned by a focus on continuous learning, driving a deep understanding of customer pain points, and a passion to enact positive change.

Ones to watch

Innovators who have coupled strong products with strong founding teams are already seeing success. Below are some of the Moonfire portcos we’re most excited about, and how they’re adding value for security buyers: 

Filigran is an open-source extended threat management suite, designed to bolster organisational defences against security threats. What sets Filigran apart is its ease of integration. It overlays risk intelligence platforms, aggregating data to present a unified and actionable threat perspective. 

MAIHEM creates AI agents that test AI products, enabling automated QA and enhancing AI performance. It offers real world stress-testing and risk assessment, helping ensure the security and scalability of AI models as adoption increases.

Fleet is an open-source endpoint management platform that secures laptops, servers, and other devices. It helps automate security and IT management and, by providing an open interface for every endpoint, provides flexibility, accessibility, and transparency to security teams.

Trickest empowers bug bounty hunters, penetration testers, and SecOps teams to build and automate workflows from scratch. It stands out with its unique no-code workflow management platform, which lowers barriers to entry for offensive security work.

At Moonfire, we want to work with founders who have a strong foundation in cyber-resilience, and a vision for solving critical problems like vulnerability, remediation, misconfiguration and AI security. If you’re creating breakthrough technology in the security space, we’d love to hear from you.