Congratulations, Confer!

The Confer team, whom I met this past summer, is the answer to the prayers of many a CISO who has been looking for a converged antivirus, endpoint detection and response solution that enables advanced threat detection, prevention, remediation, forensic investigation, and incident response across a network of endpoints—all in real time. Confer had some compelling early customer wins, but it was their architecture and technology that put them far ahead of everyone else in the endpoint security space in my mind. Today, I am excited to welcome Confer to the Foundation Capital family.

Protecting servers, laptops, and mobile devices from modern cyber attacks is much more complex than the approaches taken by traditional enterprise antivirus (AV) products, such as those by Symantec, McAfee, TrendMicro, Sophos, and Kaspersky. These products are cumbersome and ineffective at identifying determined attackers. Moreover, the end-point agents in these products are heavy handed and bring down the performance of the endpoint while doing their daily scans of a whitelist or a blacklist. As a result, end users hate when they start their scans and the detection rates of today’s AV companies have fallen way below 5%*.

According to the 2015 Verizon Data Breach Investigations Report (DBIR), up to 90% of the malware organizations face today are repackaged versions of older versions. The core behavior of malware at the kernel level continues to look like that of a normal application—so it becomes very hard to identify them with signature-based approaches. More specifically:

  • Advanced threats bypass signature-based detection and prevention solutions.
  • Current solutions don’t track insider threats and lateral movement of advanced attacks across endpoints and servers.
  • These products do not give the complete context of the attack to help with investigations.
  • Many of these advanced cyberattacks don’t use malware to penetrate the enterprise.

Next generation antivirus platforms promise to deliver a comprehensive solution across any platform — desktops, laptops, servers and mobile and ultimately the Internet of Things. It has the following key characteristics:

  • Does not rely on signatures or DAT files
  • Protects endpoints and servers proactively without any human involvement
  • Has an intelligent brain that evolves with the constantly changing threat landscape
  • Has a cloud backend but works in disconnected mode
  • A very low footprint on the endpoint
  • Helps security analysts and management understand what happened before, during, and after the attack and its impact—also known as endpoint detection and response (EDR)

As a result, the market is going through transition where sophisticated enterprise customers no longer trust or want to buy AV solutions from established vendors. The endpoint security market segment—which is one of the largest in the security sector today—is in the midst of a growth spurt, moving from $13B in 2015 to a projected $15B by 2018 (Gartner, 2014). Because of its sheer size, this area is highly contested, with many startups (Cylance, CrowdStrike, Bit9/Carbon Black, Cybereason, SentinelOne) going for the big prize in next generation endpoint.

Having evaluated the architectures of all the companies in the endpoint security space, I was blown away by Confer’s product combined with their incredible growth and impressive customer adoption. Their visionary technical approach—a truly unique architecture that works across endpoints and servers, many sophisticated cloud-based analytics engines, and a highly scalable SaaS business model—has a huge potential to transform the security industry.

We are very excited to partner with Mark Quinlivan, Jeff Kraemer, Paul Morville, and the entire Confer team to help build the next great enterprise security company.

Learn more about the announcement here .