IT and Business Insights for SMB Solution Providers

How to Evaluate Security Vendors Like a Venture Capital Firm

The five questions Alberto Yépez (pictured), managing director of Forgepoint Capital, asks about security startups aren’t exactly the same ones channel pros should ask, but they’re similar in instructive ways. By Rich Freeman

Legions of security vendors clamoring for your attention every day. New ones popping up all the time. Each of them claiming to have the tool, technology, or expertise no potential victim can be without. Which ones deserve a piece of your finite time and capital?

It’s a predicament familiar to any IT provider responsible for building a security stack deep enough to keep clients safe but lean enough to be affordable. And it’s also, as it happens, pretty much the same quandary faced by another core component of the tech industry ecosystem: venture capital firms.

Granted, VC firms have a lot more cash at their disposal than the average channel pro. Collectively, venture capital funds worldwide cleared $2 trillion of assets under management for the first time ever last September and had close to half a trillion dollars in uninvested “dry powder” at their disposal as of May, according to researcher Prequin. They also have skilled number-crunching analysts on staff and access to input from some of the world’s most knowledgeable subject matter experts.

Yet fundamentally, the central challenge a VC fund that invests in cybersecurity startups confronts daily is identical to the one an MSP or solution provider faces: sifting through a mass of potential partners for the ones worthy of their money.

“It’s exactly the same thing,” says Alberto Yépez, managing director of Forgepoint Capital. Founded in 2015 and focused solely on cybersecurity, the company has raised $770 million to date, deployed over $500 million of it, and helped launch AlienVault (bought by AT&T in 2018), Area 1 (bought by Cloudflare this February), and Attivo Networks (bought by SentinelOne this March).

Today, it owns a piece of security testing and attack surface management vendor Bishop Fox, network detection and response vendor IronNet, and threat hunting/MDR vendor Huntress, among nearly three dozen others. Forescout, a security automation vendor among Forgepoint's holdings, completed its recently announced acquisition of SOC-as-a-service company Cysiv just last week.

Forgepoint puts a lot of effort into evaluating potential investments, and has identified five criteria for picking winners. “You need to align all five to be successful,” says Yépez. They’re not the exact same qualities a channel pro should look for, but they’re similar enough to make thinking like a venture capitalist useful just the same.

1. How big is the market opportunity?
This is an obvious, vital consideration for venture capital firms seeking to maximize ROI, but according to Yépez, even more important for MSPs. 

“Because MSPs don’t have a lot of resources,” he says. “Why am I going to go invest in a small market when I have very few resources?”

Size, though, isn’t the only variable to consider. Forgepoint looks as well for rapid growth and plenty of “white space”—unclaimed sales territory that newcomers have room to seize for themselves. A firewall startup, after all, is going to have a hard time grabbing market share from the likes of Palo Alto and SonicWall. 

Rather than rely solely on input from vendors or industry analysts to measure market size, Yépez adds, Forgepoint goes straight to the end users themselves, and so should channel pros.


About the Author

Rich Freeman's picture

Rich Freeman is ChannelPro's Founding Editor

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.