"When a space like DLP gets overinvested, obviously that's bad for investment, but you have to make sure that you don't get caught up in overcompensation as sometimes when people think a space is overdone, like search, along comes a Google," Maeder said. "VC is very much an industry of gossip, and that helps keep things from getting overinvested, but you also have to remember that you don't need to be the first company into a market, you just want to be the first that crosses the finish line."
Among the security startups that Highland is backing these days are Bit9, a vendor that specializes in applications and device control tools for Windows environments, and Imprivata, a maker of SSO (single sign-on) authentication applications. In both cases, the expert contends, the companies his firm has invested in have the chance to address issues of serious concern to business customers in new ways, around data leakage and network access, respectively.
How VCs gauge the market
Most VCs agree that the key to finding the right companies to invest is based on staying in close contact with IT buyers to gauge their pain points and better understand their spending habits.
Some security startups may have terrific ideas and strong people behind them, but if there isn't a market for the technology being pitched or a chance to create a new opportunity with something truly unique, the investors take a far more cautious approach.
"Our best source for information is customers -- that is the first place startups go to prove their ideas," said Maeder. "We have a cadre of CIOs who we are constantly talking with; we ask them if they're looking for something new, run business plans by them, ask if there are already too many solutions to a problem that is being addressed, and if something is an attractive value proposition."
In some cases, VCs backed by specific sets of customers are emerging to help funnel money into areas of the market where customers feel there is a significant need but perhaps too few viable alternatives. One such firm is FTVentures, which is bankrolled by 40 different investors from the financial services sector. Among the businesses funding the VC are huge names, including Bank of America, Citigroup, and Wells Fargo.
Having such a focused group of backers helps the VC isolate security markets that truly have the potential to meet emerging demands, said Mark Lotke, a partner leading the Software Investment Team at FTVentures.
In many cases the firm's backers are looking for products that can help them move away from technologies they have developed internally and continue to maintain at great expense, he said.
"We talk to IT and operations executives in these companies and ask where their pain points are, and in many cases they've already built homegrown tools that they're looking to replace with packaged solutions," Lotke said. "Besides addressing some problem, the companies we're invested in have had a first-mover advantage in terms of coming to market; the companies we want to invest in have to serve real-life problems today."
FTVentures specializes in so-called expansion-stage investment, handing out money to companies that have already been in business for several years that are looking for additional capital to help them continue to grow.
One vendor that the VC firm recently awarded millions in series-b expansion funding to is Aveksa, a maker of access control governance software. "That's a perfect example of the kind of company we're looking for, where we surveyed the market to find innovative suppliers and invested because the technology was purpose-built to solve a problem, and already had great customer traction," Lotke said. "Despite spending, it is a scary world out there right now for vendors as it can be tough to pull dollars from customers and sales cycles are being extended. But we feel that by finding these types of companies that are already proving their value, we get a much simpler road map than trying to guess what the next big thing is going to be."