HyperQube is a cybersecurity startup and autumn 2017 Mach37 accelerator graduate focused on developing platforms for customers to easily create and deploy virtual networks in order to evaluate and test their compute infrastructure’s configuration, robustness, and cybersecurity integrity. Founder and CEO Craig Stevenson cut his teeth building out VMWare infrastructures one-by-one, dealing with the arduous process of constructing virtual network copies and deploying them into new environments in sales and marketing, education, international defense, and various test laboratories evaluating cybersecurity solutions.
HyperQube has developed a platform whereby a team can build and deploy a virtual network measured in minutes not months. Built on top of open source project Kernel-base Virtual Machine (KVM) and Python’s Django, the platform has the flexibility to run on-premise, on Amazon Web Services (AWS), or in hybrid computing environments. CEO Stevenson describes the firm’s approach to virtualized networking as “cyber range as a service” which means having methods for cyber professionals to very efficiently evaluate new cyber tools and products in identical virtual environments.
In the hypervisor virtualization space, there are four major participants: Hyper-V by Microsoft, V-Sphere by VMWare, Xen Server by Citrix, and KVM by Redhat. Despite significant sales, a mature marketplace, and substantial competition, none of these firms offer a product or platform which allows technology professionals and others the ability to create, deploy and replicate a virtual network quickly. There are backup recovery products and migration tools, but none of them have the functionality to deploy a virtual network at scale in real time. VMWare has templates, but they are challenging to deploy and dependent upon a well developed IT/OT/DevOps shop in-house.
The HyperQube team has identified three core customer groups for its virtualized platform development services. The first group are firms with large VMWare installations. At present, there is enormous friction building out VMWare centric networks. They take weeks or months to establish and their portability is basically non-existent. As a result, teams need to rebuild them over and over as needed for test and production environments at great expense.
The second group are teams testing cybersecurity solutions. There are a lot of solutions available for sale and vetting them on their own or in various combinations is an enormous task. The cybersecurity industry structure has for many years been formed around managed security service providers (MSSP) and managed detection and response (MDR) firms. The former group provided a foundational layer, but without sophisticated abilities. The later category cherry picked the most profitable segments and fragmented the industry. Solution testing teams often feel they are at an enormous disadvantage because they can only gain limited insight into a potential vendor’s product suite and how the solution will impact the evaluating team’s network. There is always collateral damage.
The final and third group are cybersecurity vendors who want to be on the podium as one of three firms demonstrating their solution in a customer’s environment. At many firms, only three cybersecurity companies get chosen because of the time, cost, and effort involved in evaluating offerings. Thus, vendors spend a great deal of time and effort trying to determine what products and services might work, what tools to include, how a potential customer’s network topology is really configured from bare metal (where applicable) through the application layer. For many vendors, they optimize solutions in the dark.
HyperQube virtualized network solution – the capability to create a digital network twin – solves a top pain point for each of these customer segments. For a VMWare engineer, how would they respond to a solution that allowed them to copy an entire virtual network on-premise into a cloud environment in under ten minutes that formally took months? For a cybersecurity testing team, how would they react if they could test a hundred solutions simultaneously where previously they could only test three and where they could develop and deploy a test environment for those one hundred solutions in hours instead of months? Finally, for cybersecurity vendors, what would be the value if they had genuine insight into a prospective customer’s virtual network footprint and security environment and could position their products and services correctly, being highly confident their offering would actually work as promised?
At the time of writing, HyperQube has completed an on-premise installation with the National Guard in Indiana and Forrester Research is using their HyperQube platform. The team is building out the virtual infrastructure for a university cybersecurity department so each student has an individual platform to evaluate and test their subject knowledge. Additional projects and infrastructure build outs are in earlier stages and expected to be announced in March 2019. Later in 2019 the team expects to offer automation services that will allow network administrators, testing teams, and vendors to perform at an even greater efficiency level.
What I find compelling about HyperQube as a strategist is the firm’s understanding of their customer’s core challenges, the cultural foundations that perpetuate them, and the unique product platform they have built over two years that much larger and well capitalized competitors have not, despite the enormous benefits for customers. That core understanding was born out of CEO Stevenson’s personal frustration and those around him.
In addition, he saw first hand the lack of innovation in a domain where established virtualization competitors chose to focus on their cloud offerings or partner with dominant cloud providers, such as AWS, for competitive reasons. In doing so, virtualization firms have undermined their competitive positions in the industry. VMWare is the most prominent example, but others exist as well.
The cultural challenges in the virtualization space have some well understood dynamics. An innovative technology with a steep learning curve becomes dominant and with it a set of professionals who invested the time and energy to become proficient. But as the technology matured, so do those managing it. Both became complacent and stagnated. HyperQube has created a platform providing virtual networking professionals with new methods for making their jobs easier with an environment and tools they will understand immediately.
For cybersecurity testing teams, who are predominantly viewed as an expensive cost center, they now have a platform that radically alters their cost structure and their capabilities. Evaluating one hundred products instead of three in close to real time changes decision making in the C-Suite around innovation and time-to-market. Culturally, this helps to reframe the value proposition for these teams – defining them as strategic assets instead of as cost centers.
For cybersecurity vendors in need of a top three placing for consideration, HyperQube’s platform provides them with the resources to dig much deeper into customer needs, see how their networks are actually working (or not), and tease out some of the cultural decision making every organization makes which is often at odds with a secure posture. For vendors, they may be able to focus greater energy on actual security, instead of compliance.
CEO Stevenson defines HyperQube as “cyber range as a service” for IT infrastructure and as cybersecurity professionals are a core customer beach head for the company, I understand the value of the phrase. However, the technology platform the firm has developed in the virtualized space has very broad based network implications. Ease of deployment, cost savings, and automation (later this year) are the 2019 headlines, but the deeper story is around data, analytics and innovation.
Despite the expansive nature of their work, cybersecurity professionals lack access to large high quality datasets for analysis. Globally, many cyber related datasets don’t get published due to privacy concerns and legal issues around disclosure. On the technical side, there are many challenges around correctly labelling structured and unstructured cyber data. While email has been a success story – large clean data sets, structured frameworks, corporate analysis aided by government agencies – anomaly detection, listening agents, human hacking, and others remain vexing challenges. Cybersecurity firms have worked around these issues with blue, red, and purple teams. Newer iterations include some artificial intelligence. Websites focused on cybersecurity datasets have tried to fill the gap as well, but with limited success. The following are a few examples:
www.privacyright.org/databreaches
In my view, HyperQube’s platform is an innovation engine that provides customers with ways to reimagine how they solve problems. Hypercube’s platform moves beyond the tradition ways network virtualization has functioned over the last twenty years and gives users deeper visibility into their own and key partner networks. While network formation and iteration have always been driven by technical need, there are nevertheless many behavioral assumptions built in by a company’s culture.
For example, during my HyperQube background preparation, I spent considerable time on Reddit and Stackoverflow reviewing posts on the top four virtualization products, network virtualization in general, problems users were having, and what else wasn’t working with their virtualization implementation. Users on both services tend to be direct. In a number of posts, one could find references to the cultural challenges at their organization – based on a prevalent way things were always done and causing further barriers to success.
Essentially, HyperQube is reframing what their three core customer groups can accomplish and how these users will define success from the C-Suite down. Solving cybersecurity challenges is a significant passion of the team and the security domain will always be a very important constituency. The team’s expertise in the field will serve other and new customer segments in meaningful ways that won’t always be obvious, with the cybersecurity value-add being defined in strategic and brand terms as much as solving customer technical problems.
Ultimately, CEO Stevenson wants to crush the cycle of selling fear by pointing a giant halogen beam into every corner of the cybersecurity industry, making it impossible for any entity or team to gain a sale or achieve a desired outcome based on lopsided information and exploiting a customer’s perception of vulnerability.
For current startup challenges, HyperQube’s includes scaling personnel to meet demand and finding the necessary financial resources for the next eighteen months beyond current bootstrapping. CEO Stevenson will be hiring a VP of Sales shortly and has identified candidates for CTO, CFO, and VP of Engineering. The team’s second challenge is managing growth in ways that won’t overrun their resources. CEO Stevenson’s mission is to build and lead a high growth, profitable company, not a West Coast style unicorn. Thus, market and financial success will be defined by discipline and focus instead of growth at any cost. This means the team, financial partners, and other stakeholders will be working to a different sheet of music.
Like you, I look forward to following the firm’s progress over the next eighteen months and getting back in touch for an update.
Stay tuned.
