Zero Abstraction - Advancing or Redefining Cybersecurity?

Cybersecurity is about as competitive a market as you can get. Mature vendors pushing out their credentials from decades of [assumed] success that maintain their hundreds of millions of revenue, alongside new start-ups and up-starts claiming to have found the only answer for their niche focus, looking to repay the confidence of their backers. Nothing new here. So why would the emergence of another start-up cause me to put pen to paper, when their only visible field activity is a socially distanced coffee run?

btw the company in question is Zero Abstraction.

It's down to their claims

Not the bit they promote about "In this effort we wanted to make a major, positive, impact on the cyber security industry we love", as I'm hoping that all cybersecurity providers enjoy (maybe not love) what they do and want to make a positive impact, its the next statement "this is not about replacing an existing solution or out rivalling a current vendor."  Again, we have all seen orchestration platforms and heard about collaboration or coopetition, but in a world where revenue, or as a previous CFO had a habit of telling me, "cash is king", if your offering is better than the one already installed surely you are a replacement technology?

When a CISO has no spare cash for 'nice to haves' your business case doesn't go down well if you are after something to make something you already acquired, work.

But do they have the credentials to make a difference?

Lets look at the founders:

• Michael Fey at the helm who has leadership and technical authority with the likes of Symantec, McAfee and Blue Coat as well as numerous active board positions.
• Dan Amiga as CTO looks compelling , especially as he developed one of the first Web Browser Isolation Technologies at Fireglass (acquired by Symantec), subsequently focusing on cyber startups.
• Brian Kenyon is the strategy guy, nothing new for him as this echoes his past roles at McAfee and Symantec.

Not your normal make-up for a start up. Three heavyweights that have a wealth of cyber credentials and no doubt a black book of contacts that will help them over the those initial breakthrough challenges. Where start-ups go wrong is being 100% focused on the functionality or technology used to develop the product and not fully appreciating their markets willingness to recognise how it will resolve known issues and the challenges with evaluation and operationalisation. You would guess these guys are using their strong mix of commercial astuteness and technical expertise to recognise these challenges?

Who believes Zero Abstraction is viable?

There's only so far this start-up can spread the love of cyber, so where does tangible confidence come from?

• Cyberstarts - Not a normal VC, this is a (cybersecurity) members only firm. Unlike the plethora of VC's and PE's that spread their bets across different industries, these guys do nothing other than cyber.
• Sequoia - You don't get much bigger than Sequoia. We know that not all investments are successful, but the ethos behind Sequoia is about about creating successful 'Dentmakers'. Organisations that change the norm.

Focus appears to be plentiful; the people and the backing, but what about those claims for success; "this is is not about replacing an existing solution or out rivalling a current vendor." 

The website soundbites intentionally leave visitors wanting more: Viable compliance; Agile networking; User freedom; Improved Productivity; Safe and productive BYOD; Privacy for all; Reduced expense; Unprecedented visibility; Attack surface reduction; Frictionless UX, Simplified DLP, Security by design.

They also believe they have a unique concept that is not competitive with the existing security landscape. Making statements about the future of compute, what people really want protecting, as well as the complexity and difficulty of delivering cyber security - can this be a security offering in its true sense as it doesn't appear to fit that model or is their nirvana something bigger that strives to change the way that we as users and individuals consume technology?

Why do they look interesting (I don't get excited that quickly):

• They are a cybersecurity vendor not leading with the dark clouds of doom, they believe they add value not just mitigation
• They talk about simplification, which is something that cybersecurity desperately needs
• They focus on the individual, an area that many other vendors need to focus on to help protect the user from themselves
• They intimate that this is not rip and replace. Have you ever asked a CISO about the effort it takes to remove an incumbent and then start from scratch?
• As businesses evolve due to work place flexibility, cloud, edge computing etc, businesses need to increase their security posture across a wider landscape (flip side = a reduced attack surface).

In a world where the new normal is being redefined at a pace never anticipated, I'm hoping that  Michael and his cohorts come out of stealth mode and the market is still receptive to their approach, or could the attack surface have moved on and everyone has gone to the beach after drinking another box of marketing Kool-Aid?