Shlomo Kramer: a security investor looking for smart entrepreneurs to disrupt markets

Tips on how to invest wisely in tech startups

shlomo kramer

Shlomo Kramer

Recently, endpoint-protection startup LightCyber announced a second round of funding - $20 million – including an investment from an individual investor with an impressive track record backing successful security startups: Shlomo Kramer.

Kramer, who is Israeli, has a long-term relationship with the company’s CEO Gonen Fink, who worked with him for years at Check Point Software where Kramer was one of the founders.

That close personal tie had some influence on his decision to back LightCyber, but he also sees it as a company with an answer for an existing problem for which there is a big market. That is one of the key characteristics Kramer looks for when making investments.

He has a good eye for what will be successful. He has been involved in Check Point, Palo Alto Networks, Trusteer, Imperva, Exabeam, Indegy, Cato Networks and a long list of other startups. His involvement ranges from investing to serving as an executive to sitting on boards of directors.

Recently he spoke with Network World Senior Editor Tim Greene about LightCyber and how he goes about analyzing what companies to back. Here is an edited transcript of that interview.

What drew you to LightCyber?

One is the market. The notion of inside of the network and the outside of the network is merging. So internet security is really important and a big market and is growing to be an important category of solution. The second thing is the product. I think they’ve done a tremendous job in building a solution that doesn’t simply address the high-end organization but provides real greatly ignored [capabilities] for the mid enterprises as well.

So organizations that don’t necessarily have the manpower (or) the expertise to handle complex, chatty, noisy solutions but are looking for something that is very accurate, delivers just the actionable events. And finally, I’ve known Gonen for many years, (he) was one of the early employees at Check Point, did an outstanding job running - he was the chief product officer throughout the growth years of the company - so I’m delighted to work with him again.

How did the company come to your attention?

Basically Gonen kind of talked to me after he joined the company and we started a dialog.

Do you see that they have any advantage over their competitors?

Certainly their ability to detect slow and low type of attacks, sophisticated attacks using machine learning behavioral analysis of the traffic. I think that kind of breaks through versus the previous generation of intrusion-prevention solutions. Second is the scope of the solution. They cover signals both from the network and the endpoint. It’s either a network signal or an endpoint signal with all the other players in the market. And finally they package all this sophistication and breadth into a solution that is very accessible not only for the sophisticated organization but also for the midmarket, which is also I think very, very unique in this category.

Why do you have your finger in so many pies?

My involvement has two sides to it. One is operational. So I was one of the founders of Check Point, and then I was the founder and CEO of Imperva for 12 years, and in the last three years, the founder and CEO of Cato Networks. So that’s one aspect of the activity, and the other involves that I invest and sit on the board of companies and mentor the founders. In the more significant investments I am part of the company - Trusteer, that was sold to IBM, and I was the founding investor at a company called Lacoon Mobile Security that Check Point bought, a company called Secure Island that Microsoft bought and WatchDox a company that Blackberry bought. Some of my current investments - Exobin, which is a kind of a next generation SIEM play, Indegy, which is an industrial cyber security play, and we’re talking about LightCyber. And I have also other investments outside of security in other areas.

What are your outside interests?

One area is about trying to quantify risk and building a solution around that analysis of risk, so I invested in a company called Fundbox, which actually is doing great in cash advances to small businesses. So that’s an example of a company. [Insert Mobile] is a company with technology that comes from the security world of instrumenting mobile applications but the use case here is the fact that marketing organizations for mobile really want to innovate and change the application and engage with customers … but they are tied to development organizations.

Every change takes time and its six-months of a development cycle. So there’s a lot of friction between the innovation that the marketing wants and the development cycles on the IT side. And they came up with a solution that’s breaking this lock, that allows the marketing organization to innovate and change the application without the involvement of the development team on the instrumentation of the application.

Finally is a company called Gong. They are kind of a SaaS application that lets you record [inside sales conversations] to voice recognition and natural language and turn that data into business information and a management tool for the organization. Cato Networks, the company of which I am the CEO, is using this in the beta. And last but not least is Cato Networks, which I am really devoting all of my time to.

When you look at the way business is conducted today it’s not location-bound. It’s done everywhere on mobile devices building SaaS applications somewhere else, data in some AWS data center. This kind of gap between the shape of the business and the shape of the locality of [security] appliances creates huge challenges for the organization, for the networking side and the security side. So both the network security stack and the wide area network stack – MPLS, IP VPN – are really broken, and this is like a $50 billion market that is being transformed by cloud and mobility and Cato is proud of being a kind of a new architecture that meets the needs of organizations.

What are the key factors you look at when considering investing in a company?

First of all I really focus on areas where I have a lot of domain knowledge. My portfolio target is very concentrated around security. I really like companies that go after an existing market and sense a disruption, because then the use cases are very clear, the budgets are already there for refresh and renewal, and what you need is to address a new way of doing things in this market.

The other is companies that are in a market that I can feel is going to be an important market. This is more of a gut feeling. I invested for example in mobile security where it’s obvious that mobile security is going to be important. Both Lacoon and WatchDox are companies in this category and both are very good outcomes. One was bought by Check Point, one was bought by Blackberry. But in general I would say that the mobile security market, if I look in hindsight happened much more slowly than I would have expected. I can’t provide an analytical thing on what I’m looking for in the new markets except for the timing.

I would say great entrepreneurs is the number one requirement because a lot of the companies that I was involved with ended up doing not what they started doing. The number one parameter for success in these companies was the ability of the entrepreneurs to be intellectually honest, one, and second being smart enough to be able to navigate the market. Really these smart entrepreneurs are the key. So I guess a great market, a fertile market, let’s say it like that, and very smart entrepreneurs are the combinations that I am looking for.

How old are you?

I’m 50.

Are you ever going to retire?

I don’t think of what I’m doing as work. I’ve been very fortunate to do what I like to do so I don’t see that kind of retirement as something that is an option.

Join the CSO newsletter!

Error: Please check your email address.

More about AWSCheck PointImpervaIslandKramerMicrosoftPalo Alto NetworksTrusteerWatchDox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place