“Neither Rapid7”. It’s from the interview of HD Moore, founder of the Metasploit and ex-CRO of Rapid7, that he recently gave to Paul Asadoorian, ex-Product Strategist Tenable, in the latest episode of “Startup Security Weekly”. It’s a great show, strongly recommend it, as well as “Enterprise Security Weekly” and others. See all subscription options available here.
The most interesting part for me is 00:05:00 till 00:10:00. Talking about the best areas for security startups, HD Moore recommended to take a close look on cloud-based WAFs, like Signal Sciences, Cloudflare. It’s relatively easy to find customers for such projects. However it’s very expansive to build it up and investments are required.
HD Moore doesn’t see lot’s of folks building new content-based security products, such as Tenable, Rapid7, Metasploit. It makes him sad and me either. Instead of regular updates of security content and signatures, new companies rely more on things like machine learning. It’s a good start, but it won’t solve all the problems.