Differentiating Cybersecurity Startups

A number of investors from around the country tell us they have a problem. When considering early stage investments in cybersecurity companies, whether at Mach37 or elsewhere, investors have a hard time telling the companies apart. One issue is that companies abstract away the technical jargon for their investor pitches, and at the buzzword level they really DO sound similar. However we know from the Mach37 portfolio, where we pay attention to competitive issues within cohorts and are always looking for new ideas, that each company is unique. The challenge then is making those differences clear in an easily comprehensible way. We were searching for a way to depict the entire portfolio on a one page graph with a modest number of categories; here it is.

Company Differentiation v2.1


Across the bottom are the target users for each product, color coded and grouped into the corresponding market segments across the top. The technology categories on the vertical axis are based on our “Understanding the Technology” white paper, with a few additional categories added. This segmentation clearly gives a nice spread of the Mach37 companies, and corresponds well with our intuitive understanding of how the portfolio is beginning to meet the market needs. It also provides an interesting working definition of a company pivot, which we are beginning to see in a couple instances: a pivot is reflected by a company moving from one place on the graph to another.

We are interested in your feedback. Does this provide a useful differentiation of companies in the space? Do the categories make sense? How does your portfolio stack up? Could a similar depiction work for other verticals with a different set of technology categories and users?

3 thoughts on “Differentiating Cybersecurity Startups

  1. I believe that you are on the right track. However, I think there are other areas emerging that are not part of your graph/table because those areas are not from the Mach37 cohorts.

    • Charlie – thanks for the comment. You are certainly right that this is not an all-encompassing categorization. On the other hand it was not built specifically for the Mach37 portfolio either, so certainly willing to talk/think about extending the categories or other representations. What areas do you think would be good additions? One possibility we have discussed is Pentest, although that might be a bit narrow. Industrial controls or IoT might be good candidates as well, depending on how far it makes sense to stretch the definition of “Endpoint”. Thoughts?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s