Encode co-founder talks cybersecurity growth

Panos Dimitriou, co-founder of Encode and recent speaker in at TMT Finance World Congress 2018, discusses growth prospects and opportunities in the global cyber security sector

What are the main cybersecurity challenges facing enterprises today? How have they evolved over recent years?

Volume and nature of cyberattacks have changed dramatically over the last decade, becoming much more ‘advanced’ and ‘costly’ to businesses of all sizes. Cyberattack methods have been developing at a faster rate than the corresponding defence methods – leading to an explosive growth in cybercrime and breaches: Forrester estimates that over the last 12 months more than half of European firms were hit, at least once, by a cyberattack. It is evident that monitoring, notification & handover are not adequate defence methods anymore, making way for new technologies and services that can offer early detection and warning, behaviour analytics, security automation and, ultimately, effective incident response. This is exactly what we have been doing at Encode, with the development of our proprietary Enorasys platform – offered either as software or as managed service to address all customer segments.


What are the main trends in the market in terms of solutions and services? What do customers want?

Organizations are moving away from “yet another alert feed” (or YAAF as we call it) monitoring solutions, and towards requesting outcome-oriented Managed Detection and Response (MDR) solutions. Traditional 24x7 security monitoring is about alert handling and triage (usually in isolation), client notification and (some) incident handling support – this is no longer adequate. Regardless of whether a company uses Cloud/SaaS, hosted or in-house business applications and IT services, its endpoints are the target and its user-population is the weakest link - therefore their 24x7 proactive protection is of paramount importance to mitigate such risks. With 24x7 detection & response, a Security Operations Centre (SOC) is enabled with “end-to-end” MDR capabilities, spanning the entire Incident Life Cycle, from breach detection to triage, advanced visibility sensors at various levels, threat hunting, playbooks for targeted investigation, along with SOC orchestration & automated response (containment, IoC development).

The Encode MDR solution has been designed to enable early breach detection and adaptive response against endpoint compromise-related threats. In our experience no single system can be a “catch all” solution – so our MDR solution incorporates multiple advanced indicators for early warning/breach detection at 3 different cyber kill-chain stages, namely exploitation (endpoint), command & control communication and post-exploitation. In this way we are uniquely positioned to provide true early breach detection, while being less prone to evasion techniques compared to endpoint-only solutions (i.e. the majority of other MDR solutions).


Cyber appears to be a crowded and fragmented market: how does a provider like Encode raise above the noise of multiple vendors and solution providers?

You need a clear USP and a consistently top track record. In terms of our USP, allow me to use a metaphor: our solutions act as the security camera at the exit door, as opposed to the entrance: we monitor outbound activity to detect unknown command-and-control communication. We provide enterprise customers and their cyber security teams with the means to hunt, track down and surgically respond to hard-to-spot, unknown malicious activity.

Our strategy is to provide outcome-oriented offerings that tackle specific, real problems, rather than emphasize the nuts and bolts of our technology. We see that our message resonates with our customers and channel partners, the latter acting as our ambassadors and delivery partners to different markets and geographies. Another pillar of our go to market strategy is to enable MSPs and large service providers to provide advanced MDR solutions - via a combination of our technology and managed services. In the medium term this will provide us with even further customer reach and strong strategic partnerships for continuous growth.


What is your view on the current valuations and M&A/fundraising activity in cyber?

The increasing need for additional and more advanced cybersecurity services (plus the cyber skills/personnel gap and sector complexity), have been driving prevailing valuations and the high number of transactions (both M&A and capital raisings). There were close to 200 M&A cybersecurity transactions in 2018 and more than 400 capital raisings - we don’t see this trend abating anytime soon. Cybersecurity companies on average enjoy significantly higher growth rates compared to most other tech verticals (mainly as a result of increasing security budgets) and high operating leverage - and this largely explains the public (and private) market valuations - one of our closest peers, Demisto, was recently acquired for over 40x EV/Revenue. We also see an emergence of new types of buyers from adjacent sectors: for example, leading telecom operators such as SingTel, AT&T, Orange have been acquiring cybersecurity companies and capabilities, while the private equity market is also very active.


Cyber is dominated by US/North American players - can mid-sized European players compete with well capitalized US counterparts?

Indeed, US/North America are the main cybersecurity hubs. In recent years however, a number of global challengers in various cybersecurity niches have emerged from other geographies, including Europe and APAC. Let us not forget that each geography is unique; there is always going to be a need for local providers who better understand the uniqueness of a region and a client from a business and cultural point of view. This is something we have experienced first-hand at Encode and explains our strong foothold in our core markets. Another geo-related issue is that of operating costs and personnel turnover: cybersecurity products and services can be offered remotely - meaning that even though on-the-ground presence helps, it is not essential - as such, certain non-US players like us have a structural cost advantage thanks to operating from lower-cost jurisdictions with lower personnel turnover rates.

TMT Finance Deal Data

Europe's Top 20 TMT Dealmakers 2019

USA's Top 30 Comms M&A Dealmakers

Asia's Top 50 TMT Dealmakers