June 23, 2025

Beyond the patch: Enterprise cybersecurity reset (Part 2)

In Part 1, Avataar's Nishant Rao, Shobhit Gupta, and Gulshan Dhanani examined why today’s enterprise security model is flawed, characterized by fragmented tools, reactive postures, and overwhelmed teams. In Part 2, we shift focus to where change is happening — and where we believe the next breakout companies will emerge.

That post was about the cracks.
This one is about the shift.

Mapping the cybersecurity stack

As security priorities shift, buyers are rethinking how they evaluate and consolidate tools. Below is a representative snapshot of how the cybersecurity software landscape is evolving – layered like NIST CSF 2.0 framework.

*Figure 1: Cybersecurity Market map - this is a representative – not an exhaustive – view of the cybersecurity ecosystem. Focus is on functional clarity, not logo saturation.*

‍

We see:

PROTECT layer is dense and expanding – buyers have historically worried about ‘not letting in’ threats to their various attack surfaces.
Upper layers — DETECT, RESPOND & GOVERN — are thinner and SecOps-heavy today, with few legacy platforms dominating.
IDENTIFY is becoming the strategic control plane – increasingly becoming the area of buyer interest as witnessed across RSA and Gartner events this year, with stats like ‘80% of breaches now involve misuse of credentials. Identity hygiene and visibility across humans, machines, and APIs are becoming the locus of modern cyber resilience.

Where do we see opportunity?

Not every part of the map is equally open — but some parts still hold opportunity. Here’s how we think about where to play and how to wedge in.

1. Building in the PROTECT layer – most of the companies here are being rolled up to one of the old guards (viz. CISCO, IBM) or new guards (viz. CrowdStrike, Palo Alto etc.). It’s becoming increasingly difficult to understand what’s a feature v/s what’s a (standalone) product in this category. Securing your perimeter will continue to be interesting for founders and buyers alike but here’s our take.

Where to play	Winning recipe?
• *Horizontal* – shift-left application security that embeds security without hampering development velocity e.g., Seezo that embeds security at design stage itself. Akto protects APIs across development lifecycle • *Vertical* – protect key operational technology (OT/IoT) in regulated industries e.g., Asimily protects various devices used in hospitals or Protectt.ai that offers app security for banking mobile apps with various transaction protection features	• Integrate where users already work instead of new UI (e.g., integration with GitHub, CI/CD, Terraform, or communication tools like Notion, Slack, Jira etc.) • Low-friction deployments – e.g., Wiz's USP was agentless CSPM with 15-min deployments • Product that acts and not just provides posture – lightweight auto-patches or suggested code blocks • GTM motion that targets application/product owners and not just InfoSec teams

Where to play

Winning recipe?

• Horizontal – shift-left application security that embeds security without hampering development velocity e.g., Seezo that embeds security at design stage itself. Akto protects APIs across development lifecycle

• Vertical – protect key operational technology (OT/IoT) in regulated industries e.g., Asimily protects various devices used in hospitals or Protectt.ai that offers app security for banking mobile apps with various transaction protection features

• Integrate where users already work instead of new UI (e.g., integration with GitHub, CI/CD, Terraform, or communication tools like Notion, Slack, Jira etc.)

• Low-friction deployments – e.g., Wiz's USP was agentless CSPM with 15-min deployments

• Product that acts and not just provides posture – lightweight auto-patches or suggested code blocks

• GTM motion that targets application/product owners and not just InfoSec teams

Our thoughts on Security for AI
As more AI-native apps (or agentic systems) are going into production, we are seeing security catching up. From model pipelines to prompt flows, a new category of attack surface is forming. To counter the same, we are seeing companies in several categories: • LLM red-teaming and threat simulation - Testing models for jailbreaks, hallucinations, and data leakage under real-world scenarios e.g., Mirror Security, Repello AI, Enkrypt AI, Calypso AI. Protect AI. • Prompt firewall tools - Filtering unsafe prompts, adversarial inputs, and exfiltration attempts in real time e.g., Prompt Security • Governance layers for AI use - Classifying what models are in use, who's using them, and whether enterprise policy is being followed e.g., Cranium, Credo AI We are watching the space closely, given our understanding and recent buyer conversations signal that: • Model builders want to self-govern first – they want to understand and govern LLM behaviour themselves before bringing in third-party tooling. • Runtime risks are being addressed during development – every API security company is introducing an MCP/A2A security layer so that security is built-in, even in AI era • Incumbents are not asleep at the wheel– given the nature of AI being yet another (although very differentiated) attack surface. Palo Alto's acquisition of Protect AI is just the beginning; others are likely to follow.

Our thoughts on Security for AI

As more AI-native apps (or agentic systems) are going into production, we are seeing security catching up. From model pipelines to prompt flows, a new category of attack surface is forming. To counter the same, we are seeing companies in several categories:

• LLM red-teaming and threat simulation - Testing models for jailbreaks, hallucinations, and data leakage under real-world scenarios e.g., Mirror Security, Repello AI, Enkrypt AI, Calypso AI. Protect AI.

• Prompt firewall tools - Filtering unsafe prompts, adversarial inputs, and exfiltration attempts in real time e.g., Prompt Security

• Governance layers for AI use - Classifying what models are in use, who's using them, and whether enterprise policy is being followed e.g., Cranium, Credo AI

We are watching the space closely, given our understanding and recent buyer conversations signal that:

• Model builders want to self-govern first – they want to understand and govern LLM behaviour themselves before bringing in third-party tooling.

• Runtime risks are being addressed during development – every API security company is introducing an MCP/A2A security layer so that security is built-in, even in AI era

• Incumbents are not asleep at the wheel– given the nature of AI being yet another (although very differentiated) attack surface. Palo Alto's acquisition of Protect AI is just the beginning; others are likely to follow.

2. GOVERN/IDENTITY – strategic but underserved – Companies and regulators alike are waking up to realize they don’t have complete coverage over their digital assets. Access is overprovisioned, governance and compliance (SOC2, ISO etc.) are treated as point-in-time checklist items. This will be an important area of innovation as companies move to cloud, serve up their data to AI workloads, and look to comply with newer governance and privacy standards emerging every year. Cyber insurers are also an important tailwind we see – with its ever-growing premiums, insurers are also asking enterprises for quantified real-time assessment of cyber risk posture.

Where to play	Winning recipe?
• *Real-time cyber risk quantification and management* that serves the boards, CISOs and their teams alike with actionable and quantifiable risk. Instead of saying "4,200 critical CVEs in your environment", say – "exposure worth $80M in primary/secondary losses", e.g., Safe Security that's combining 1P and 3P cyber risk with an industry-accepted FAIR standard. • *Identity security as the new perimeter* — automation of human and non-human access controls is critical. e.g., Zluri (SaaS governance), Andromeda Security (machine identity drift).	• API-first, not agent-based or questionnaire-driven data capture • Enterprise-focused GTM – solving one use-case (board reporting, compliance audit) and expanding • Value-based pricing (v/s # of assets, integrations etc. that hinder 100% asset coverage) • Offer remediation actions, either generate runbooks yourself or integrate deeply downstream with JIRA, ServiceNow

Where to play

Winning recipe?

• Real-time cyber risk quantification and management that serves the boards, CISOs and their teams alike with actionable and quantifiable risk. Instead of saying "4,200 critical CVEs in your environment", say – "exposure worth $80M in primary/secondary losses", e.g., Safe Security that's combining 1P and 3P cyber risk with an industry-accepted FAIR standard.

• Identity security as the new perimeter — automation of human and non-human access controls is critical. e.g., Zluri (SaaS governance), Andromeda Security (machine identity drift).

• API-first, not agent-based or questionnaire-driven data capture

• Enterprise-focused GTM – solving one use-case (board reporting, compliance audit) and expanding

• Value-based pricing (v/s # of assets, integrations etc. that hinder 100% asset coverage)

• Offer remediation actions, either generate runbooks yourself or integrate deeply downstream with JIRA, ServiceNow

3. Future of SOC (DETECT+RESPOND layers) – Traditional SIEM platforms are flush with rule-based alerts that do little to actually alert. They generate volume (and price that way too), not signal. Hence, SOC teams are overwhelmed. To cut through the noise, the most experienced engineers are typically on-call. We believe SOC teams of the future will have AI layers for L1/L2 and L3 will be human analysts armed with AI.

Where to play	Winning recipe?
• *AI SOC analysts:* built on an army of AI agents (threat detection, summarization, prioritization, remediation) e.g., Simbian, Skydda, Trench Security. • *Security data pipelines/lakes:* very much like enterprise data infra – decouple storage and compute. Such pipelines pre-process data before it reaches SIEM leading to cost efficiencies and faster triaging e.g., DataBahn.	• Quick time-to-value: no long learning curves or training sets • Value-based pricing (time saved, alerts resolved, productivity improvement) • Enterprise motion via MSSPs who offer MDR capabilities – help them see margin improvements quickly • Superior UI/UX like a copilot – not just another dashboard, but one that summarizes, informs and prioritizes

To summarize, most of the winning companies would have a few common characteristics, irrespective of the categories they play in:

Fast time to value - show measurable ROI within 30–90 days, preferably linked to a business metric ($ saved, loss prevented)
Light and composable products – agentless and able to integrate with the ecosystem instead of trying to do everything from scratch
Embedded into existing workflows – instead of yet another dashboard, become a part of existing workflow stack e.g., Jira, ServiceNow, Slack, Terraform etc.

At Avataar, we are bullish on cybersecurity, mainly because –

Has unique industry attributes: both horizontal (large TAM) and vertical SaaS (specialized by threat surface, sector, region etc. leading to multiple winners) like attributes
External actors force continuous innovation: never a sunset industry
Adoption is generally enterprise-first: attractive unit economics to build large scale companies
Strong right-to-win: we believe winning teams will increasingly bring combined experience of cybersecurity and infrastructure tooling – and talent for both is flourishing within the India-US corridor.

‍

If you’re a founder building in this space – or a buyer rethinking your stack – we’d love to hear from you. You can reach out to us at:

Nishant: nishant@avataar.vc Shobhit: shobhit@avataar.vc Gulshan: gulshan@avataar.vc

Latest Blogs