• United States




More AI, consolidation and regionalization coming in 2019

Nov 26, 20185 mins
Data and Information SecurityPhysical SecurityTechnology Industry

It’s that time of year again, when we look back to look ahead. The 2019 security landscape holds new promise, threats, developments and opportunities to collectively tackle the issues our industry faces.

red number 7 on white wall top seven
Credit: Getty Images

In reflecting on 2018 from a security perspective, some of the major themes, as I’ve written previously, have been about new AI security tools, industry consolidation and the blurring of lines between physical and cyber security. GRDP, the California Consumer Privacy Act and Facebook’s seemingly never-ending scandals related to consumer privacy have also raised regulatory and public awareness of data privacy as a key issue and concern.

These discussions will continue into next year and beyond, and there a number of other big trends that are likely to dominate the security industry in 2019. Here are seven that I believe we’ll be looking at in the new year and for some time after that:

1. AI will bolster security solutions

As the number and range of threats continue to grow, it’s clear that only AI can counter them. That’s why we saw some big companies announce AI-based solutions in 2018, including Palo Alto Networks’ behavioral analytics solution Magnifier and Alphabet’s Chronicle. As of 2017, 12% of enterprise organizations have deployed AI-based security analytics extensively and 27% have done so on a limited basis according to ESG Research. As the report notes, these aren’t pure-play AI security solutions. Rather, AI adds analytical heft to existing technologies. Given the spread of AI in general at the corporate level, AI will continue to grow in the security segment as well.

2. AI will also bolster cybercriminals

It’s a familiar dynamic in this industry: the bad guys get access to the same tools – or even better tools(!) – as the cybersecurity people. This requires a new set of defensive solutions to be deployed by the good guys merely to keep up with the arms race. That’s where we are with AI. For example, many organizations have gotten smarter about phishing attacks. With anti-phishing solutions, if a gullible employee is intent on clicking on a link to a supposed amusing cat video, a URL blocker would sandbox that link to test it for malicious intent. But now cybercriminals have gotten wise to this maneuver. Using AI-based advanced analytics, hackers now detect when a link goes to an anti-phishing cloud platform so they instead actually send something innocuous, like an actual cat video. The system, assessing the link, gives it a free pass. But when the consumer actually then opens this “good” link, it is actually the intended malware.  That’s just the beginning. As a report from some 26 academics and business execs warned that AI could be used for everything from sophisticated social engineering attacks to weaponized “drone swarms.”

3. Physical security and cybersecurity will continue to merge

That nightmare scenario leads to my next prediction. In a world of IoT devices, the division between cybersecurity and physical security is fading. While physical security is at least 15 years behind cybersecurity in terms of sophistication, smart organizations are lumping the two together under the heading of Major Incident Management are pooling both teams. As the range of threats across both domains grow, expect more crossover in 2019.

4. There will be lots more consolidation

BlackBerry’s purchase of cybersecurity firm Cylance is just the latest example of stepped up M&A activity in a year that also included AT&T’s purchase of AlienVault and Spunk’s acquisition of Phantom Cyber.  The industry is rife for consolidation. Some 53% of companies with 1,000 or more employees have deployed three or more disparate endpoint security networks across their network, according to ESG Research. This causes lots of waste, as CISOs know all too well. In the coming year, the number of solution providers will decrease as the bigger players add startup technologies into their portfolios to create a broader product and product family offering.

5. Regionalization will increase

The security world doesn’t exist in a vacuum. A new wave of nationalism epitomized by Brexit will prompt more cybersecurity regionalization. Recent scandals involving Russia’s Kaspersky Lab and China’s Huawei and HTC augur a world in which foreign governments are deeply suspicious of each other’s tech security solutions. Thus, we might see more regional security companies and solutions pop-up globally.  Within the U.S., we are seeing another form of regionalism, focused on building robust centers for security innovation.   Clusters of security firm activity are popping up like Maryland’s Cyber Town, USA project. New York City has also introduced Cyber NYC, an initiative to “transform New York City into a global leader of cybersecurity innovation.”  It will be interesting to see what other organic security hot-spots like the Bay Area or Boston do to respond to these regional initiatives.

6. Biometrics will continue slowly replacing passwords

The iPhone X’s Face ID has made facial recognition mainstream. As passwords continue to be a vulnerability, expect biometrics to rise to the fore. MasterCard, for instance, will require all of its users to use biometric identification by April 2019.

7. Universities will step up their cybersecurity game

To end things on a positive note, it’s heartening that many universities have expanded their cybersecurity programs. Driven by an acute shortage of cybersecurity professionals, colleges including Texas A&M, College of Maryland, the University of Michigan and Virginia Tech have been investing in security programs. That’s a step in the right direction, but a welcome one. I, for one, am looking forward to seeing a steady uptick of universities stepping up their game in 2019.


Rick Grinnell is a founder and Managing Partner of Glasswing Ventures, an early-stage venture capital firm dedicated to investing in the next generation of AI-powered technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage.

During his 17 years of venture capital experience he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital) and is now lead investor and a member of the board of directors at Terbium Labs.

Rick is also active with various entrepreneurial programs at the Massachusetts Institute of Technology (MIT), Harvard and Tufts Universities, and is a frequent judge at MassChallenge. Rick’s contributions to the broader community include serving as a member of the Board of Directors of Big Brothers Big Sisters of Massachusetts Bay, as Vice Chairman of the Board of Overseers at the Museum of Science in Boston, and as a member of the Educational Council at MIT. Rick has been recognized by the New England Venture Network with the Community Leadership Award for his philanthropic work and contribution to the community.

Rick earned BS and MS degrees in Electrical Engineering from MIT and an MBA from HBS.

The opinions expressed in this blog are those of Rick Grinnell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.