FORTUNE -- The normally humdrum world of IT security is heating up, and not just because of comedian Stephen Colbert's controversial closing keynote at last week's RSA Conference.
Why? As the number of large-scale cyberattacks grows, so does the number of innovative startups developing new solutions to thwart those attacks. Venture capitalists are taking notice: In 2013, they made a total 123 investments in security-focused companies, up 108% from the year before, according to research from AGC Partners.
Then there are the recent exits, like FireEye's (FEYE) $1 billion acquisition of computer forensics firm Mandiant and VMware's (VMW) bid to buy mobile security player AirWatch for $1.5 billion. The IPO market is also healthy, with newly public security companies like Palo Alto Networks (PAN), Proofpoint (PFPT), and Barracuda Networks (CUDA) all showing steady if not stellar growth since their debut. In short, it would appear that the recent spate of cyberattacks has been good to the security industry.
"The security market is incredibly interesting," says Shardul Shah, a partner with venture capital firm Index Ventures. "What's happening today is data is residing in new locations -- like the cloud and mobile devices. This is really a change in computing, and it's presenting new opportunities [in security]."
Shah's firm has invested in security startups like Lookout and a still-stealth company called Niara. That said, starting a new security company isn't as easy as, say, launching a mobile app or social media tool. Many security entrepreneurs have already spent years working in the sector, dealing with security-related issues for larger vendors or various branches of government. And they aren't necessarily Ivy League dropouts in their 20s -- more like fully graduated executives in their 30s or 40s.
At last week's RSA Conference in San Francisco, Index Ventures' Shah says he met with about 40 companies seeking investment. (Over 30,000 people attended the confab.) Larger incumbents are taking notice of the increased interest -- and competition -- in the security space. Last year Cisco Systems (CSCO) snapped up security software provider Sourcefire for a whopping $2.7 billion, and this week the networking giant unveiled its strategy for integrating the smaller company's technology. For starters, it is adding Sourcefire's malware protection capabilities into its email and web security appliances. It's also open-sourcing some of its software, allowing users to "create, share, and implement custom application detection."
"Before Sourcefire we weren't doing a ton in the open source community on the security side," says Christopher Young, SVP of Cisco's security group. "Now we're investing heavily in that."
Cisco isn't embracing open source for the sake of the larger community. Rather, it's trying to weave in newer technologies and platforms in an effort to beef up and legitimize its own product portfolio. The fact is, as the sophistication and breadth of cyberattacks has grown, the old tools -- antivirus software and firewalls -- are no longer sufficient. But evolving along with the "bad guys" is harder for larger companies than for new upstarts. That's why it's likely Cisco and its equally deep-pocketed peers are eyeing additional security acquisitions in the coming months and years.
With such consolidation, innovation (on the part of both the good guys and the bad guys), and competition, it's likely investments in security startups will grow even more in 2014. Another perk to the growth in cyberattacks? The RSA conference is a lot less boring -- and more controversial -- than in the past.
We talk to Amnon Bar-Lev about security trends at this year's RSA Conference.
FORTUNE -- This year's RSA Conference, an annual gathering of the nation's top information security executives, has already had its share of controversy. But most of the companies in attendance -- both big and small -- are there simply to show off their latest and greatest cybercrime-fighting technologies.
Lucky for them, the growing number of high-profile cyber-attacks have led MOREMichal Lev-Ram, writer - Feb 26, 2014 9:01 AM ET
Citigroup is the latest to report a security breach, but the hack occurred more than a month ago. It's time for companies to open up about exposures to its systems.
FORTUNE -- Given the number of recent, high-profile network security breaches, it might be tempting to call 2011 the Year of the Hack. The danger is that there's a good chance 2012 might be even worse.
The underlying reason for this is MOREDan Mitchell, contributor - Jun 9, 2011 3:57 PM ET
|Water becoming more valuable than gold|
|What stumps Warren Buffett? Minimum wage|
|Will 7 Apples a day keep the bears away? - The Buzz|
|GM's $1.3 billion recall cost wipes out profit|
|Apple's stock split makes the math easier; new all-time high is $100|