Endpoint security has a funding problem. Endpoint security is no longer a market where best tech wins. Now it’s deepest pockets.

(Disclaimer: We invest in security companies. Our portfolio includes Rapid7, Blue Coat, InAuth, Network Intelligence, ObserveIT, Attivo, and Evident.io.)

Endpoint security companies have raised over $800M, and that capital is being deployed mostly on sales and marketing. Buyers, inundated with overlapping and competing messages, are confused. It’s not longer enough to have best-in-class technology. You also must have best-in-class funding.

Total endpoint security funding over $800m.

It’s ultimately bad for the industry: It means VCs are anointing the winners. You know that war for security talent? Well-funded vendors have hired security talent away from enterprises, and the enterprises have little ability to independently evaluate technology. They must rely on the vendors. And the best funded vendors have the best talent and the best ability to convince buyers of their worth…you get the point.

Don’t believe me? Look at this guy, this guy, and this guy. All Crowdstrike employees. All formerly had roles where they would’ve been Crowdstrike customers. (To be clear, this is a great vote of confidence for Crowdstrike. I love it when portfolio companies hire their customers…provided there are multiple champions in the account.)