Auf dieser IT-security Q&A Plattform gibt secUnity Anwender*innen die Möglichkeit konkrete Bedarfsfragen zu stellen, die dann von akademischer Seite beantwortet werden. Zusätzlich wird das secUnity-Team hier Fragen aus Veranstaltungen zur IT-Sicherheit präsentieren und beantworten. SecUnity unterstützt damit die Diskussion zwischen akademischer und industrieller Forschung zu aktuellen Forschungsthemen und bietet diese Plattform für den interdisziplinären Austausch.
Beteiligen Sie sich!
Interview: Do IT-security or privacy startups face different or additional challenges compared to other (IT )startups? And what motivates entrepreneurs to start a company in this field?
The call for new and more innovative solutions regarding IT security measures is ever increasing. Experts in research, practice and government largely agree that startups can be an excellent driver of innovation in the field of IT security. In order to identify particular constraints and also the motivation behind founding an IT security or privacy startup, the secUnity team set out to interview several startups across Europe. These interviews will be featured continuously in our IT security startup series.
The next interview in our series was held with Martin Gleißner, PR and Content Manager at Dutch-based company EclecticIQ.
Could you first describe your business model quickly and where you see your market resp. who your customers are?
EclecticIQ is a leading company in the relatively young but fast-growing cyber threat intelligence market. Our mission is to deliver innovative and effective technologies and solutions to address cyber threat challenges for organizations with their own security operations.
Our main target groups are IT personnel, threat analysts, security operations personnel and CISOs and CSOs in both the public and private sectors. In terms of geographies, we are keen on establishing EclecticIQ as the dominant force in the European market, while simultaneously building operations in new regions as part of our expansion strategy.
EclecticIQ’s business model is based on selling licenses for our threat intelligence platform as well as offering additional threat intelligence services and solutions to our customers. An example of this is EclecticIQ Fusion Center, a unified source of tailored cyber threat intelligence.
How and when did you develop your idea and what urged you to actually start a business? Which important milestones have you achieved thus far? And what are your plans for the next years?
EclecticIQ was founded by Joep Gommers and Raymon van der Velde, who were working at iSight Partners (acquired by FireEye) at the time. They realized that the complexity that threat analysts have to deal with needed to be automated and better supported to improve their workflow and result in better threat intelligence.
In 2014, they started building the EclecticIQ platform to do just that. As with every startup, every step feels like an important milestone in the beginning. But looking back at the past four years, the following ones stand out clearly:
- 2015: the first version of our Threat Intelligence Platform (TIP)
- 2017: EclecticIQ Fusion Center launched
- 2017: EclecticIQ closes its Series B funding
Looking back, what were [or still are] the biggest obstacles and challenges for you as a startup?
We were very lucky that our investors provided us with a good mix of hands-on support and enough freedom to do things our own way. But getting the first round of funding is obviously the first step for many startups.
The next challenge was recruitment, perhaps the first dozen hires, who are crucial for the future of your startup. You need to find people that you can rely on but who also share your vision and values to help build the company culture. Ideally this is the core team that you can build the company around, which sounds obvious. But if things are going well, then you need to scale up quickly and you need those people to help you find the next wave of employees who fit your company just as well.
You need to create an environment that people thrive in. One that makes them love coming to work. Traditionally there is a lot of turnover in startups but this is something that you should work to prevent as you don’t want to change teams and responsibilities too often.
Would you say that some of these challenges are specific or more pronounced for an IT security startup –opposed to “regular” IT startup?
Recruitment can be hard. For certain positions you need people with significant expertise in the field. For example, hiring a product manager with many years of cyber security expertise is a challenge, either because it’s hard to pry them away from large organizations or they have high salary expectations. Alternatively, you can look to hire overseas but people often expect you to cater for relocation, including visas – which is not an easy thing to do.
We were lucky that cyber security is a field that receives attention from policy makers. Also, we are part of the Hague Security Delta (HSD), a Dutch network of businesses, governments and knowledge institutions. This has helped us build relationships with foreign governments and become an interesting employer for candidates, since the very early days of our company
IT-Security is heavily dominated by the big players such as Kaspersky, Symantec, or Atos. How do you cope with that competition and what do you do differently in order to distinguish yourself from these heavy weights?
The companies you mentioned are obviously great at what they are doing and they all started out from scratch at one point. They saw a niche opening up and now in many cases they dominate it.
It is fair to say that we are not trying to compete with them or the market spaces that they have helped shape. We have decided to build our business around a relatively young space – the threat intelligence industry – with a goal of reducing the complexity of the threat landscape. Some of the heavyweights you mention have started taking steps in this direction and others will certainly follow.
Since the threat intelligence space is still so young we suspect some of the big players are watching this part of the market to see how it develops before releasing competing products. One thing to mention is that our products are not designed to make other security products obsolete. In fact, it’s the opposite. Our threat intelligence solutions complement existing security products.
This puts us in a position where we can partner with a wide range of security vendors rather than compete with them. Despite the rapid technological advancements in our field, such as automation and AI, we do believe that the good old-fashioned human touch is still very important. So we are dedicated to building solutions that highlight the human (threat analyst) aspect of cyber threat intelligence.
Interview August 3 2018
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products that align our clients’ cybersecurity focus with their threat reality. And we tightly integrate our solutions with our customers’ IT security controls and systems. The result is intelligence-led security, improved detection, prevention, and response.