Extra Crunch roundup: 2 VC surveys, Tesla’s melt up, The Roblox Gambit, more

This has been quite a week.

Instead of walking backward through the last few days of chaos and uncertainty, here are three good things that happened:

  • Google employee Sara Robinson combined her interest in machine learning and baking to create AI-generated hybrid treats.
  • A breakthrough could make water desalination 30%-40% more effective.
  • Bianca Smith will become the first Black woman to coach a professional baseball team.

Despite many distractions in our first full week of the new year, we published a full slate of stories exploring different aspects of entrepreneurship, fundraising and investing.

We’ve already gotten feedback on this overview of subscription pricing models, and a look back at 2020 funding rounds and exits among Israel’s security startups was aimed at our new members who live and work there, along with international investors who are seeking new opportunities.

Plus, don’t miss our first investor surveys of 2021: one by Lucas Matney on social gaming, and another by Mike Butcher that gathered responses from Portugal-based investors on a wide variety of topics.

Thanks very much for reading Extra Crunch this week. I hope we can all look forward to a nice, boring weekend with no breaking news alerts.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist


Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


The Roblox Gambit

In February 2020, gaming platform Roblox was valued at $4 billion, but after announcing a $520 million Series H this week, it’s now worth $29.5 billion.

“Sure, you could argue that Roblox enjoyed an epic 2020, thanks in part to COVID-19,” writes Alex Wilhelm this morning. “That helped its valuation. But there’s a lot of space between $4 billion and $29.5 billion.”

Alex suggests that Roblox’s decision to delay its IPO and raise an enormous Series H was a grandmaster move that could influence how other unicorns will take themselves to market. “A big thanks to the gaming company for running this experiment for us.”

I asked him what inspired the headline; like most good ideas, it came to him while he was trying to get to sleep.

“I think that I had “The Queen’s Gambit somewhere in my head, so that formed the root of a little joke with myself. Roblox is making a strategic wager on method of going public. So, ‘gambit’ seems to fit!”

8 investors discuss social gaming’s biggest opportunities

girl playing games on desktop computer

Image Credits: Erik Von Weber (opens in a new window) / Getty Images

For our first investor survey of the year, Lucas Matney interviewed eight VCs who invest in massively multiplayer online games to discuss 2021 trends and opportunities:

  • Hope Cochran, Madrona Venture Group
  • Daniel Li, Madrona Venture Group
  • Niko Bonatsos, General Catalyst
  • Ethan Kurzweil, Bessemer Venture Partners
  • Sakib Dadi, Bessemer Venture Partners
  • Jacob Mullins, Shasta Ventures
  • Alice Lloyd George, Rogue
  • Gigi Levy-Weiss, NFX

Having moved far beyond shooters and sims, platforms like Twitch, Discord and Fortnite are “where culture is created,” said Daniel Li of Madrona.

Rep. Alexandria Ocasio-Cortez uses Twitch to explain policy positions, major musicians regularly perform in-game concerts on Fortnite and in-game purchases generated tens of billions last year.

“Gaming is a unique combination of science and art, left and right brain,” said Gigi Levy-Weiss of NFX. “It’s never just science (i.e., software and data), which is why many investors find it hard.”

How to convert customers with subscription pricing

Giant hand and magnet picking up office and workers

Image Credits: C.J. Burton (opens in a new window) / Getty Images

Startups that lack insight into their sales funnel have high churn, low conversion rates and an inability to adapt or leverage changes in customer behavior.

If you’re hoping to convert and retain customers, “reinforcing your value proposition should play a big part in every level of your customer funnel,” says Joe Procopio, founder of Teaching Startup.

What is up with Tesla’s value?

Elon Musk, founder of SpaceX and chief executive officer of Tesla Inc., arrives at the Axel Springer Award ceremony in Berlin, Germany, on Tuesday, Dec. 1, 2020. Tesla Inc. will be added to the S&P 500 Index in one shot on Dec. 21, a move that will ripple through the entire market as money managers adjust their portfolios to make room for shares of the $538 billion company. Photographer: Liesa Johannssen-Koppitz/Bloomberg via Getty Images

Image Credits: Bloomberg (opens in a new window) / Getty Images

Alex Wilhelm followed up his regular Friday column with another story that tries to find a well-grounded rationale for Tesla’s sky-high valuation of approximately $822 billion.

Meanwhile, GM just unveiled a new logo and tagline.

As ever, I learned something new while editing: A “melt up” occurs when investors start clamoring for a particular company because of acute FOMO (the fear of missing out).

Delivering 500,000 cars in 2020 was “impressive,” says Alex, who also acknowledged the company’s ability to turn GAAP profits, but “pride cometh before the fall, as does a melt up, I think.”

Note: This story has Alex’s original headline, but I told him I would replace the featured image with a photo of someone who had very “richest man in the world” face.

How Segment redesigned its core systems to solve an existential scaling crisis

Abstract glowing grid and particles

Image Credits: piranka / Getty Images

On Tuesday, enterprise reporter Ron Miller covered a major engineering project at customer data platform Segment called “Centrifuge.”

“Its purpose was to move data through Segment’s data pipes to wherever customers needed it quickly and efficiently at the lowest operating cost,” but as Ron reports, it was also meant to solve “an existential crisis for the young business,” which needed a more resilient platform.

Dear Sophie: Banging my head against the wall understanding the US immigration system

Image Credits: Sophie Alcorn

Dear Sophie:

Now that the U.S. has a new president coming in whose policies are more welcoming to immigrants, I am considering coming to the U.S. to expand my company after COVID-19. However, I’m struggling with the morass of information online that has bits and pieces of visa types and processes.

Can you please share an overview of the U.S. immigration system and how it works so I can get the big picture and understand what I’m navigating?

— Resilient in Romania

The first “Dear Sophie” column of each month is available on TechCrunch without a paywall.

Revenue-based financing: The next step for private equity and early-stage investment

Shot of a group of people holding plants growing out of soil

Image Credits: Hiraman (opens in a new window) / Getty Images

For founders who aren’t interested in angel investment or seeking validation from a VC, revenue-based investing is growing in popularity.

To gain a deeper understanding of the U.S. RBI landscape, we published an industry report on Wednesday that studied data from 134 companies, 57 funds and 32 investment firms before breaking out “specific verticals and business models … and the typical profile of companies that access this form of capital.”

Lisbon’s startup scene rises as Portugal gears up to be a European tech tiger

Man using laptop at 25th of April Bridge in Lisbon, Portugal

Image Credits: Westend61 (opens in a new window)/ Getty Images

Mike Butcher continues his series of European investor surveys with his latest dispatch from Lisbon, where a nascent startup ecosystem may get a Brexit boost.

Here are the Portugal-based VCs he interviewed:

  • Cristina Fonseca, partner, Indico Capital Partners
  • Pedro Ribeiro Santos, partner, Armilar Venture Partners
  • Tocha, partner, Olisipo Way
  • Adão Oliveira, investment manager, Portugal Ventures
  • Alexandre Barbosa, partner, Faber
  • António Miguel, partner, Mustard Seed MAZE
  • Jaime Parodi Bardón, partner, impACT NOW Capital
  • Stephan Morais, partner, Indico Capital Partners
  • Gavin Goldblatt, managing partner, Portugal Gateway

How late-stage edtech companies are thinking about tutoring marketplaces

Life Rings flying out beneath storm clouds are a metaphor for rescue, help and aid.

Image Credits: John Lund (opens in a new window)/ Getty Images

How do you scale online tutoring, particularly when demand exceeds the supply of human instructors?

This month, Chegg is replacing its seven-year-old marketplace that paired students with tutors with a live chatbot.

A spokesperson said the move will “dramatically differentiate our offerings from our competitors and better service students,” but Natasha Mascarenhas identified two challenges to edtech automation.

“A chatbot won’t work for a student with special needs or someone who needs to be handheld a bit more,” she says. “Second, speed tutoring can only work for a specific set of subjects.”

Decrypted: How bad was the US Capitol breach for cybersecurity?

Image Credits: Treedeo (opens in a new window) / Getty Images

While I watched insurrectionists invade and vandalize the U.S. Capitol on live TV, I noticed that staffers evacuated so quickly, some hadn’t had time to shut down their computers.

Looters even made off with a laptop from Senator Jeff Merkley’s office, but according to security reporter Zack Whittaker, the damages to infosec wasn’t as bad as it looked.

Even so, “the breach will likely present a major task for Congress’ IT departments, which will have to figure out what’s been stolen and what security risks could still pose a threat to the Capitol’s network.”

Extra Crunch’s top 10 stories of 2020

On New Year’s Eve, I made a list of the 10 “best” Extra Crunch stories from the previous 12 months.

My methodology was personal: From hundreds of posts, these were the 10 I found most useful, which is my key metric for business journalism.

Some readers are skeptical about paywalls, but without being boastful, Extra Crunch is a premium product, just like Netflix or Disney+. I know, we’re not as entertaining as a historical drama about the reign of Queen Elizabeth II or a space western about a bounty hunter. But, speaking as someone who’s worked at several startups, Extra Crunch stories contain actionable information you can use to build a company and/or look smart in meetings — and that’s worth something.


By Walter Thompson

RedHat is acquiring container security company StackRox

RedHat today announced that it’s acquiring container security startup StackRox . The companies did not share the purchase price.

RedHat, which is perhaps best known for its enterprise Linux products has been making the shift to the cloud in recent years. IBM purchased the company in 2018 for a hefty $34 billion and has been leveraging that acquisition as part of a shift to a hybrid cloud strategy under CEO Arvind Krishna.

The acquisition fits nicely with RedHat OpenShift, its container platform, but the company says it will continue to support StackRox usage on other platforms including AWS, Azure and Google Cloud Platform. This approach is consistent with IBM’s strategy of supporting multi-cloud, hybrid environments.

In fact, Red Hat president and CEO Paul Cormier sees the two companies working together well. “Red Hat adds StackRox’s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints,” he said in a statement.

CEO Kamal Shah, writing in a company blog post announcing the acquisition, explained that the company made a bet a couple of years ago on Kubernetes and it has paid off. “Over two and half years ago, we made a strategic decision to focus exclusively on Kubernetes and pivoted our entire product to be Kubernetes-native. While this seems obvious today; it wasn’t so then. Fast forward to 2020 and Kubernetes has emerged as the de facto operating system for cloud-native applications and hybrid cloud environments,” Shah wrote.

Shah sees the purchase as a way to expand the company and the road map more quickly using the resources of Red Hat (and IBM), a typical argument from CEOs of smaller acquired companies. But the trick is always finding a way to stay relevant inside such a large organization.

StackRox’s acquisition is part of some consolidation we have been seeing in the Kubernetes space in general and the security space more specifically. That includes Palo Alto Networks acquiring competitor TwistLock for $410 million in 2019. Another competitor, Aqua Security, which has raised $130 million, remains independent.

StackRox was founded in 2014 and raised over $65 million, according to Crunchbase data. Investors included Menlo Ventures, Redpoint and Sequoia Capital. The deal is expected to close this quarter subject to normal regulatory scrutiny.


By Ron Miller

Lacework lands $525M investment as revenue grows 300%

As the pandemic took hold in 2020, companies accelerated their move to cloud services. Lacework, the cloud security startup, was in the right place at the right time as customers looked for ways to secure their cloud native workloads. The company reported that revenue grew 300% year over year for the second straight year.

It was rewarded for that kind of performance with a $525 million Series D today. It did not share an exact valuation, only saying that it exceeded $1 billion, which you would expect on such a hefty investment. Sutter Hill and Altimeter Capital led the round with help from D1, Coatue, Dragoneer Investment Group, Liberty Global Ventures, Snowflake Ventures and Tiger Capital. The company has now raised close to $600 million.

Lacework CEO Dan Hubbard says one of the reasons for such widespread interest from investors is the breadth of the company’s security solution. “We enable companies to build securely in the cloud, and we span across multiple different categories of markets, which enable the customers to do that,” he said.

He says that encompasses a range of services including configuration and compliance, security for infrastructure as code, build time and runtime vulnerability scanning and runtime security for cloud native environments like Kubernetes and containers.

As the company has grown revenue, it has been adding employees quickly. It started the year with 92 employees and closed with over 200 with plans to double that by the end of this year. As he looks at hiring, Hubbard is aware of the need to build a diverse organization, but acknowledges that tech in general hasn’t done a great job so far.

He says they are working with the various teams inside the company to try and change that, while also working to support outside organizations that are helping educate under represented groups to get the skills they need and then building from that. “If you can help solve the problem at an earlier stage, then I think you’ve got a bigger opportunity [to have a base of people to hire] there,” he said.

The company was originally nurtured inside Sutter Hill and is built on top of the Snowflake platform. It reports that $20 million of today’s total comes from Snowflake’s new venture arm, which is putting some money into an early partner.

“We were an alpha Snowflake customer, and they were an alpha customer of ours. Our platform is built on top of the Snowflake data cloud and their new venture arm has also joined the round with an investment to further strengthen the partnership there,” Hubbard said.

As for Sutter Hill, investor Mike Speiser sees Lacework as one of his firm’s critical investments. “[Much] like Snowflake at a similar point in its evolution, Lacework is growing revenue at over 300% per year making Lacework one of Sutter Hill Ventures’ most important and promising portfolio companies,” he said in a statement.


By Ron Miller

BigID keeps rolling with $70M Series D on $1B valuation

BigID has been on the investment fast track, raising $94 million over three rounds that started in January 2018. Today, that investment train kept rolling as the company announced a $70 million Series D on a valuation of $1 billion.

Salesforce Ventures and Tiger Global co-led the round with participation from existing investors Bessemer Venture Partners, Scale Venture Partners and Boldstart Ventures. The company has raised almost $165 million in just over two years.

BigID is attracting this kind of investment by building a security and privacy platform. When I first spoke to CEO and co-founder Dimitri Sirota in 2018, he was developing a data discovery product aimed at helping companies coping with GDPR find the most sensitive data, but since then the startup has greatly expanded the vision and the mission.

“We started shifting I think when we spoke back in September from being this kind of best of breed data discovery privacy to being a platform anchored in data intelligence through our kind of unique approach to discovery and insight,” he said.

That includes the ability for BigID and third parties to build applications on top of the platform they have built, something that might have attracted investor Salesforce Ventures. Salesforce was the first cloud company to offer the ability for third parties to build applications on its platform and sell them in a marketplace. Sirota says that so far their marketplace includes just apps built by BigID, but the plan is to expand it to third party developers in 2021.

While he wasn’t ready to talk about specific revenue growth, he said he expects a material uplift in revenue for this year, and he believes that his investors are looking at the vast market potential here.

He has 235 employees today with plans to boost it to 300 next year. While he stopped hiring for a time in Q2 this year as the pandemic took hold, he says that he never had to resort to layoffs. As he continues hiring in 2021, he is looking at diversity at all levels from the makeup of his board to the executive level to the general staff.

He says that the ability to use the early investments to expand internationally has given them the opportunity to build a more diverse workforce. “We have staff around the world and we did very early […] so we do have diversity within our broader company. But clearly not enough when it came to the board of directors and the executives. So we realized that, and we are trying to change that,” he said.

As for this round, Sirota says like his previous rounds in this cycle he wasn’t necessarily. looking for additional money, but with the pandemic economy still precarious, he took it to keep building out the BigID platform. “We actually have not purposely gone out to raise money since our seed. Every round we’ve done has been preemptive. So it’s been fairly easy,” he told me. In fact, he reports that he now has five years of runway and a much more fully developed platform. He is aiming to accelerate sales and marketing in 2021.

The company’s previous rounds included $14 million Series A in January 2018, a $30 million B in June that year and a $50 million C in Sept 2019.


By Ron Miller

Ivanti has acquired security firms MobileIron and Pulse Secure

IT security software company Ivanti has acquired two security companies: enterprise mobile security firm MobileIron, and corporate virtual network provider Pulse Secure.

In a statement on Tuesday, Ivanti said it bought MobileIron for $872 million in stock, with 91% of the shareholders voting in favor of the deal; and acquired Pulse Secure from its parent company Siris Capital Group, but did not disclose the buying price.

The deals have now closed.

Ivanti was founded in 2017 after Clearlake Capital, which owned Heat Software, bought Landesk from private equity firm Thoma Bravo, and merged the two companies to form Ivanti. The combined company, headquartered in Salt Lake City, focuses largely on enterprise IT security, including endpoint, asset, and supply chain management. Since its founding, Ivanti went on to acquire several other companies, including U.K.-based Concorde Solutions and RES Software.

If MobileIron and Pulse Secure seem familiar, both companies have faced their fair share of headlines this year after hackers began exploiting vulnerabilities found in their technologies.

Just last month, the U.K. government’s National Cyber Security Center published an alert that warned of a remotely executable bug in MobileIron, patched in June, allowing hackers to break into enterprise networks. U.S. Homeland Security’s cybersecurity advisory unit CISA said that the bug was being actively used by advanced persistent threat (APT) groups, typically associated with state-backed hackers.

Meanwhile, CISA also warned that Pulse Secure was one of several corporate VPN providers with vulnerabilities that have since become a favorite among hackers, particularly ransomware actors, who abuse the bugs to gain access to a network and deploy the file-encrypting ransomware.


By Zack Whittaker

Menlo Security announces $100M Series E on $800M valuation

Menlo Security, a malware and phishing prevention startup, announced a $100 million Series E today on an $800 million valuation. The round was led by Vista Equity Partners with help from Neuberger Berman, General Catalyst, JP Morgan and other unnamed existing investors. The company has now raised approximately $250 million.

CEO and co-founder Amir Ben-Efraim says that while the platform has expanded over the years, the company stays mostly focused on web and email as major attack vectors for customers. “We really focused on a better kind of security outcome relative to the major threat factors of web and email. So web and email is really how most of the world or the enterprise world at least does its work, and these channels remain forever vulnerable to the latest attack,” Ben-Efraim explained.

He says that to protect those attack surfaces, the company pioneered a technology called web isolation to disconnect the user from the content and send only safe visuals. “When they click a link or engage with a website, the safe visuals are guaranteed to be malware-free, no matter where you go or you end up,” Ben-Efraim said.

With a valuation of $800 million, he’s proud having built his company from the ground up to this point. He’s not quite ready to discuss an IPO yet, but he expects to take this large influx of cash and continue to grow an independent company with an IPO perhaps three years out.

With an increase in business and the new capital, the company, which has 270 employees of which around 70 came on board this year, hopes to continue to grow at that pace in 2021. He says that as that happens the security startup has been paying close attention to the social justice movements.

“As a management team and for myself as a CEO, it’s an important topic. So we were paying close attention to our own diversification goals. We want Menlo to become a more diversified company,” Ben-Efraim said. He believes the way to get there is to prioritize recruiting channels where they can tap into a wider variety of potential recruits for the company.

While he wouldn’t discuss revenue, he did say in spite of the pandemic, the business is growing rapidly and sales are up 155% in terms of net new sales over last year. “The momentum for that being customers specifically in critical infrastructure, financial services, government and the like are seeing an uptick in attacks associated with COVID, and are looking at security as essential in an area that they need to double down on. So despite the financial difficulties, that’s created a bit of a tailwind for us strangely in 2020, even though the world economy as a whole is clearly being challenged by this epidemic,” he said.


By Ron Miller

Palo Alto Networks to acquire Expanse in deal worth $800M

Palo Alto Networks has been on buying binge for the last couple of years, and today it added to its haul, announcing a deal to acquire Expanse for $800 million in cash and equity awards. The deal breaks down to $670 million in cash and stock and another $130 million in equity awards to Expanse employees.

Expanse provides a service to help companies understand and protect their attack surface, where they could be most vulnerable to attack. It works by giving the security team a view of how the company’s security profile could look to an attacker trying to gain access.

The plan is to fold Expanse into Palo Alto’s Cortex Suite, an AI-driven set of tools designed to detect and prevent attacks in an automated way. Expanse should provide Palo Alto with a highly valuable set of data to help feed the AI models.

“By integrating Expanse’s attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organization’s attack surface with an inside view to proactively address all security threats,” Palo Alto Networks chairman and CEO Nikesh Arora said in a statement.

Expanse sees the acquisition as a way to accelerate the company road map using the resources of a larger company like Palo Alto, a typical argument from companies being acquired. “Joining forces with Palo Alto Networks will let us achieve our most important business goals years ahead of schedule. During the course of conversations with Palo Alto Networks leadership, we shared optimism that the right combination of technology and people can solve many cybersecurity challenges that to date have seemed intractable,” the startup’s founders wrote in a blog post announcing the deal.

The two co-founders, Dr. Tim Junio and Dr. Matt Kraning, will be joining Palo Alto under the terms of the deal, which is expected to close in Palo Alto’s fiscal second quarter, assuming it passes regulatory muster.

Expanse was founded in 2012 and has raised $130 million, according to Crunchbase data. Its most recent raise was a $70 million Series C last year, which was led by TPG.

Today’s acquisition is Palo Alto’s third in 2020 and the 10th since 2018. Palo Alto stock was up 2.15% in early trading.


By Ron Miller

Greylock’s Asheem Chandna on ‘shifting left’ in cybersecurity and the future of enterprise startups

Last week was a busy week, what with an election in Myanmar and all (well, and the United States, I guess). So perhaps you were glued to your TV or smartphone, and missed out on our conversation with Asheem Chandna, a long-time partner at Greylock who has invested in enterprise and cybersecurity startups for nearly two decades now, backing such notable companies as Palo Alto Networks, AppDynamics and Sumo Logic. We have more Extra Crunch Live shows coming up.

Enterprise software is changing faster this year than it has in a decade. Coronavirus, remote work, collaboration and new cybersecurity threats have combined to force companies to rethink their IT strategies, and that means more opportunities — and challenges — for enterprise founders than ever before. In some cases, we are seeing an acceleration of existing trends, and in others, we are seeing all new trends come to the forefront.

All that is to say that there was so much on the docket to talk about last week. Chandna and I discussed what’s happening in early-stage enterprise startups, whether vertical SaaS is the future of enterprise investing, data and no-code platforms, and then this rise of “shift left” security.

The following interview has been edited and condensed from our original Extra Crunch Live conversation.

What’s happening today in the early-stage startup world?

Chandna has been a long-time backer of startups at their earliest stages, with some of his investments being literally birthed in Greylock’s offices. So I was curious how he saw the landscape today given all that prior experience.

TechCrunch: What sort of companies are exciting for you today? Are there particular markets you’re particularly attuned to?

Asheem Chandna: One is digital transformation. Every company is trying to figure out how to become more digital, and this has been accelerated by COVID-19. Second is information technology today and its journey to the cloud. I would say we might be about 10% or 15% of the way there. Some of the trends are clear, but the journey is actually still relatively early, and so there’s just a ton of opportunity ahead.

The third one is leveraging data for better predictability along with analytics. Every CEO is looking to make better decisions. And you know, most leaders make decisions based on gut instinct and a combination of data. If the data can tell a story, if the data can help you better predict, there’s a lot of potential here.

I view these as three macro trends, and then if one was to add to that, I would say cybersecurity has never been more important than it is today. I’ve been around cyber for over two decades, and just the prominence and importance and priority has never been more important than today. So that’s kind of another key area.

I want to dive into your first category, digital transformation. This is a phrase that I feel like I’ve heard for a decade now, with “Data is the new oil” and all these sorts of buzzwords and marketing phrases. Where are we in that process? Are we at the beginning? Are we at the end? What’s next from a startup perspective?

Due to COVID-19 and because of the way people are working today, digital’s become the primary medium. I would still say we’re early, and you can literally look sector by sector to see how much more work there is to do here.

Take enterprise sales itself, which is early in what I consider digitalization. It’s even more important today than it was a year ago. I’m using video to basically communicate, and then the next piece would basically be trialing of software. Can I allow even complex software to be self trials and can I measure the customer journey through that trial? Then there’s the contracting of the software, and we go to the sale process, can all that be done digitally?

So even when you take something as very mundane as enterprise sales, it’s being transformed. Winning teams, winning software entrepreneurs, they understand this well, and they’d be wise to examine every step of this process, and instrument it and digitize it.

Vertical versus horizontal plays in enterprise


By Danny Crichton

SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation

This year, more than ever before because of the Covid-19 pandemic, huge droves of workers and consumers have been turning to the internet to communicate, get things done, and entertain themselves. That has created a huge bonanza for cybercriminals, but also companies that are building tools to combat them.

In the latest development, an Israel-hatched, Mountain View-based enterprise startup called SentinelOne — which has built a machine learning-based solution that it sells under the brand Singularity that works across the entire edge of the network to monitor and secure laptops, phones, containerised applications and the many other devices and services connected to a network — has closed $267 million in funding to continue expanding its business to meet demand, which has seen business boom this year. Its valuation is now over $3 billion.

Given the large sums the company has now raised — $430 million to date — the funding will likely be used for acquisitions (cyber is a very crowded market and will likely see some strong consolidation in the coming years) as well as more in-house development and sales and marketing. Earlier this year, CEO and founder Tomer Weingarten told me that an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he said at the time. “We have one to two years of growth left as a private company.”

SentinelOne contacted TechCrunch with the above details but said that an official press release was due only to be released at 3pm UK time. We’ll update with more details if they’re available when they are published. In the meantime, other outlets such as Calcalist in Israel (in Hebrew) have also published these details. And it should be noted that the round was rumored for almost a month ahead of this, although the sums raised were off by quite a bit: the reports had said $150-200 million.

(Sidenote: Why the pointless games with timings and exclusives? Who knows — I certainly don’t. )

This round included Tiger Global, Sequoia, Insight Partners, Third Point Ventures and Qualcomm Ventures. It looks like Sequoia — which is currently building up a new European operation to look more closely at opportunities on this side of the globe — is the only new name in that list. The others have all backed SentinelOne in previous rounds.

In the world of startups, we are firmly living in a time when investors are looking for strong opportunities to back companies that are shining in a market that is particularly challenging. Covid-19 has all but decimated the travel industry and live in-person event industry, among others.

But services that are helping people continue to live their lives, and those that are helping find a cure or at least solutions to minimise the impact, are very much in demand.

The curecybersecurity market — in particular for companies that are providing solutions that can immediately prove to be effective in what is an increasingly sophisticated threat landscape — is incredibly active right now, even more than it already was. It was only in February of this year that SentinelOne had raised $200 million at a $1.1 billion valuation.

Within that, endpoint security, the area where SentinelOne concentrates its efforts, is particularly strong. Last year, endpoint security solutions was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

While SentinelOne has a lot of competitors — they include Microsoft, CrowdStrike, Kaspersky, McAfee, and Symantec — it is also a strong player in the market. Relying on the advances of AI and with roots in the Israeli cyberintelligence community, its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said to me this year. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

As of February, it had 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. Those numbers will have likely grown significantly since then. (We’ll update as and when we learn more.)


By Ingrid Lunden

With $29M in funding, Isovalent launches its cloud-native networking and security platform

Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreesen Horowitz and Google. In addition, the company today officially launched its Cilium platform (which was in stealth until now) to help enterprises connect, observe and secure their applications.

The open-source Cilium project is already seeing growing adoption, with Google choosing it for its new GKE dataplane, for example. Other users include Adobe, Capital One, Datadog and GitLab. Isovalent is following what is now the standard model for commercializing open-source projects by launching an enterprise version.

Image Credits: Cilium

The founding team of CEO Dan Wendlandt and CTO Thomas Graf has deep experience in working on the Linux kernel and building networking products. Graf spent 15 years working on the Linux kernel and created the Cilium open-source project, while Wendlandt worked on Open vSwitch at Nicira (and then VMware).

Image Credits: Isovalent

“We saw that first wave of network intelligence be moved into software, but I think we both shared the view that the first wave was about replicating the traditional network devices in software,” Wendlandt told me. “You had IPs, you still had ports, you created virtual routers, and this and that. We both had that shared vision that the next step was to go beyond what the hardware did in software — and now, in software, you can do so much more. Thomas, with his deep insight in the Linux kernel, really saw this eBPF technology as something that was just obviously going to be groundbreaking technology, in terms of where we could take Linux networking and security.”

As Graf told me, when Docker, Kubernetes and containers, in general, become popular, what he saw was that networking companies at first were simply trying to reapply what they had already done for virtualization. “Let’s just treat containers as many as miniature VMs. That was incredibly wrong,” he said. “So we looked around, and we saw eBPF and said: this is just out there and it is perfect, how can we shape it forward?”

And while Isovalent’s focus is on cloud-native networking, the added benefit of how it uses the eBPF Linux kernel technology is that it also gains deep insights into how data flows between services and hence allows it to add advanced security features as well.

As the team noted, though, users definitely don’t need to understand or program eBPF, which is essentially the next generation of Linux kernel modules, themselves.

Image Credits: Isovalent

“I have spent my entire career in this space, and the North Star has always been to go beyond IPs + ports and build networking visibility and security at a layer that is aligned with how developers, operations and security think about their applications and data,” said Martin Casado, partner at Andreesen Horowitz (and the founder of Nicira). “Until just recently, the technology did not exist. All of that changed with Kubernetes and eBPF.  Dan and Thomas have put together the best team in the industry and given the traction around Cilium, they are well on their way to upending the world of networking yet again.”

As more companies adopt Kubernetes, they are now reaching a stage where they have the basics down but are now facing the next set of problems that come with this transition. Those, almost by default, include figuring out how to isolate workloads and get visibility into their networks — all areas where Isovalent/Cilium can help.

The team tells me its focus, now that the product is out of stealth, is about building out its go-to-market efforts and, of course, continue to build out its platform.


By Frederic Lardinois

JumpCloud raises $75M Series E as cloud directory service thrives during pandemic

JumpCloud, the cloud directory service that debuted at TechCrunch Disrupt Battlefield in 2013, announced a $75 million Series E today. The round was led by BlackRock with participation from existing investor General Atlantic.

The company wasn’t willing to discuss the current valuation, but has now raised over $166 million, according to Crunchbase data.

Changes in the way that IT works have been evolving since the company launched. Back then, most companies used Microsoft Active Directory in a Windows-centric environment. Since then, things have gotten more heterogeneous with multiple operating systems, web applications, the cloud and mobile and that has required a different way of thinking about directory structures.

JumpCloud co-founder and CEO Rajat Bhargava says that the pandemic has only accelerated the need for his company’s kind of service as more companies move to the cloud. “Obviously now with COVID, all these changes made it much more difficult for IT to connect their users to all the resources that they needed, and to us that’s one of the most critical tasks that an IT organization has is making their team productive,” he said.

He said their idea was to build an “independent cloud directory platform that would connect people to really whatever it is they need and do that in a secure way while giving IT complete control over that access.”

The product which includes a free tier for 10 users on 10 systems for an unlimited amount of time, has 100,000 users. Of those, Bhargava says that about 3000 are paying.

The company has 300 employees with plans to add 200-250 in the next year with a goal of adding 500 in the next couple of years. As he does that, Bhargava, who is South Asian, sees diversity and inclusion as an important component of the hiring process. In fact, the company tries to make sure it always has diverse candidates in the hiring pool.

“Some of the things that we’ve tried to do is make sure that every role has some diversity candidates involved in the hiring process. That’s something that our recruiting team is working on and making sure that we’re having that conversation with every single hire,” he said. He acknowledges that it’s a work in progress, and a problem across the entire tech industry that he and his company continue to try and address.

Since the pandemic, the company, which is based in Colorado, has made the decision to be remote first and they will be hiring from across the country and across the world as they make these new hires, which could help contribute to a more diverse workforce over time.

With a $75 million investment, and having reached Series E, it’s fair to ask if the company is thinking ahead to an IPO, but Bhargava didn’t want to discuss that. “We just raised this $75 million round. There’s so much work to be done, so we’re just looking forward to that right now,” he said.


By Ron Miller

That dreadful VPN might finally be dead thanks to Twingate, a new startup built by Dropbox alums

VPNs, or virtual private networks, are a mainstay of corporate network security (and also consumers trying to stream Netflix while pretending to be from other countries). VPNs create an encrypted channel between your device (a laptop or a smartphone) and a company’s servers. All of your internet traffic gets routed through the company’s IT infrastructure, and it’s almost as if you are physically located inside your company’s offices.

Despite its ubiquity though, there are significant flaws with VPN’s architecture. Corporate networks and VPN were designed assuming that most workers would be physically located in an office most of the time, and the exceptional device would use VPN. As the pandemic has made abundantly clear, fewer and fewer people work in a physical office with a desktop computer attached to ethernet. That means the vast majority of devices are now outside the corporate perimeter.

Worse, VPN can have massive performance problems. By routing all traffic through one destination, VPNs not only add latency to your internet experience, they also transmit all of your non-work traffic through your corporate servers as well. From a security perspective, VPNs also assume that once a device joins, it’s reasonably safe and secure. VPNs don’t actively check network requests to make sure that every device is only accessing the resources that it should.

Twingate is fighting directly to defeat VPN in the workplace with an entirely new architecture that assumes zero trust, works as a mesh, and can segregate work and non-work internet traffic to protect both companies and employees. In short, it may dramatically improve the way hundreds of millions of people work globally.

It’s a bold vision from an ambitious trio of founders. CEO Tony Huie spent five years at Dropbox, heading up international and new market expansion in his final role at the file-sharing juggernaut. He’s most recently been a partner at venture capital firm SignalFire . Chief Product Office Alex Marshall was a product manager at Dropbox before leading product at lab management program Quartzy. Finally, CTO Lior Rozner was most recently at Rakuten and before that Microsoft.

Twingate founders Alex Marshall, Tony Huie, and Lior Rozner. Photo via Twingate.

The startup was founded in 2019, and is announcing today the public launch of its product as well as its Series A funding of $17 million from WndrCo, 8VC, SignalFire and Green Bay Ventures. Dropbox’s two founders, Drew Houston and Arash Ferdowsi, also invested.

The idea for Twingate came from Huie’s experience at Dropbox, where he watched its adoption in the enterprise and saw first-hand how collaboration was changing with the rise of the cloud. “While I was there, I was still just fascinated by this notion of the changing nature of work and how organizations are going to get effectively re-architected for this new reality,” Huie said. He iterated on a variety of projects at SignalFire, eventually settling on improving corporate networks.

So what does Twingate ultimately do? For corporate IT professionals, it allows them to connect an employee’s device into the corporate network much more flexibly than VPN. For instance, individual services or applications on a device could be setup to securely connect with different servers or data centers. So your Slack application can connect directly to Slack, your JIRA site can connect directly to JIRA’s servers, all without the typical round-trip to a central hub that VPN requires.

That flexibility offers two main benefits. First, internet performance should be faster, since traffic is going directly where it needs to rather than bouncing through several relays between an end-user device and the server. Twingate also says that it offers “congestion” technology that can adapt its routing to changing internet conditions to actively increase performance.

More importantly, Twingate allows corporate IT staff to carefully calibrate security policies at the network layer to ensure that individual network requests make sense in context. For instance, if you are salesperson in the field and suddenly start trying to access your company’s code server, Twingate can identify that request as highly unusual and outright block it.

“It takes this notion of edge computing and distributed computing [and] we’ve basically taken those concepts and we’ve built that into the software we run on our users’ devices,” Huie explained.

All of that customization and flexibility should be a huge win for IT staff, who get more granular controls to increase performance and safety, while also making the experience better for employees, particularly in a remote world where people in, say, Montana might be very far from an East Coast VPN server.

Twingate is designed to be easy to onboard new customers according to Huie, although that is almost certainly dependent on the diversity of end users within the corporate network and the number of services that each user has access to. Twingate integrates with popular single sign-on providers.

“Our fundamental thesis is that you have to balance usability, both for end users and admins, with bulletproof technology and security,” Huie said. With $17 million in the bank and a newly debuted product, the future is bright (and not for VPNs).


By Danny Crichton

Daily Crunch: Zoom adds end-to-end encryption to free calls

Zoom adds a much-requested feature (but with a catch), TikTok partners with Shopify and Jack Dorsey lays out his argument for tomorrow’s Senate hearing. This is your Daily Crunch for October 27, 2020.

The big story: Zoom adds end-to-end encryption to free calls

Zoom was criticized earlier this year for saying it would only offer end-to-end encryption to paid users. Now it says free users will have the option as well, starting in Zoom 5.4.0 on both desktop and mobile.

There are, however, a few catches. If you use end-to-end encryption in a free meeting, features like cloud recording, live transcription and meeting reactions will not be available, nor will participants be able to join the call by phone.

In addition, you’ll need to provide a phone number and billing information. And you’ll need to use the Zoom app rather than joining a meeting via web browser.

The tech giants

TikTok partners with Shopify on social commerce — At launch, the agreement allows Shopify merchants to create, run and optimize their TikTok marketing campaigns directly from the Shopify dashboard.

How Jack Dorsey will defend Twitter in tomorrow’s Senate hearing on Section 230 — In his opening statement, the Twitter CEO calls Section 230 “the Internet’s most important law for free speech and safety” and focuses on the kind of cascading effects that could arise if tech’s key legal shield comes undone.

Microsoft stock flat despite better-than-expected earnings, strong Azure growth — In the three months ending September 30, Microsoft had revenues of $37.2 billion and per-share profit of $1.82.

Startups, funding and venture capital

Next-gen skincare, silk without spiders and pollution for lunch: Meet the biotech startups pitching at IndieBio’s Demo Day — Starting in 2015, IndieBio has provided resources to founders solving complex challenges with biotech, from fake meat to sustainability.

SpaceX launches Starlink app and provides pricing and service info to early beta testers — In terms of pricing, SpaceX says the cost for participants in this beta program will be $99 per month, plus a one-time cost of $499 for hardware.

SimilarWeb raises $120M for its AI-based market intelligence platform for sites and apps — The company will expand through acquisitions and its own R&D, with a focus on providing more analytics services to larger enterprises.

Advice and analysis from Extra Crunch

Five startup theses that will transform the 2020s — Danny Crichton lays out five clusters: wellness, climate, data society, creativity and fundamentals.

Ten favorite startups from Techstars’ October 2020 class — Ten favorites culled from the Atlanta, Los Angeles and New York City cohorts, as well as its accelerator with Western Union.

(Reminder: Extra Crunch is our membership program, which aims to democratize information about startups. You can sign up here.)

Everything else

Hands-on: Sony’s DualSense PS5 controller could be a game changer — The question is whether developers will truly embrace the new haptics and audio features.

T-Mobile launches new TVision streaming bundles, pricing starts at $10 per month — The carrier is launching new skinny bundles of live TV and streaming services to compete with expensive cable subscriptions.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.


By Anthony Ha

DataFleets keeps private data useful, and useful data private, with federated learning and $4.5M seed

As you may already know, there’s a lot of data out there, and some of it could actually be pretty useful. But privacy and security considerations often put strict limitations on how it can be used or analyzed. DataFleets promises a new approach by which databases can be safely accessed and analyzed without the possibility of privacy breaches or abuse — and has raised a $4.5 million seed round to scale it up.

To work with data, you need to have access to it. If you’re a bank, that means transactions and accounts; if you’re a retailer, that means inventories and supply chains, and so on. There are lots of insights and actionable patterns buried in all that data, and it’s the job of data scientists and their ilk to draw them out.

But what if you can’t access the data? After all, there are many industries where it is not advised or even illegal to do so, such as in health care. You can’t exactly take a whole hospital’s medical records, give them to a data analysis firm, and say “sift through that and tell me if there’s anything good.” These, like many other data sets, are too private or sensitive to allow anyone unfettered access. The slightest mistake — let alone abuse — could have serious repercussions.

In recent years a few technologies have emerged that allow for something better, though: analyzing data without ever actually exposing it. It sounds impossible, but there are computational techniques for allowing data to be manipulated without the user ever actually having access to any of it. The most widely used one is called homomorphic encryption, which unfortunately produces an enormous, orders-of-magnitude reduction in efficiency — and big data is all about efficiency.

This is where DataFleets steps in. It hasn’t reinvented homomorphic encryption, but has sort of sidestepped it. It uses an approach called federated learning, where instead of bringing the data to the model, they bring the model to the data.

DataFleets integrates with both sides of a secure gap between a private database and people who want to access that data, acting as a trusted agent to shuttle information between them without ever disclosing a single byte of actual raw data.

Illustration showing how a model can be created without exposing data.

Image Credits: DataFleets

Here’s an example. Say a pharmaceutical company wants to develop a machine learning model that looks at a patient’s history and predicts whether they’ll have side effects with a new drug. A medical research facility’s private database of patient data is the perfect thing to train it. But access is highly restricted.

The pharma company’s analyst creates a machine learning training program and drops it into DataFleets, which contracts with both them and the facility. DataFleets translates the model to its own proprietary runtime and distributes it to the servers where the medical data resides; within that sandboxed environment, it runs grows into a strapping young ML agent, which when finished is translated back into the analyst’s preferred format or platform. The analyst never sees the actual data, but has all the benefits of it.

Screenshot of the DataFleets interface. Look, it’s the applications that are meant to be exciting.

It’s simple enough, right? DataFleets acts as a sort of trusted messenger between the platforms, undertaking the analysis on behalf of others and never retaining or transferring any sensitive data.

Plenty of folks are looking into federated learning; the hard part is building out the infrastructure for a wide-ranging enterprise-level service. You need to cover a huge amount of use cases and accept an enormous variety of languages, platforms, and techniques, and of course do it all totally securely.

“We pride ourselves on enterprise readiness, with policy management, identity access management, and our pending SOC 2 certification,” said DataFleets COO and co-founder Nick Elledge. “You can build anything on top of DataFleets and plug in your own tools, which banks and hospitals will tell you was not true of prior privacy software.”

But once federated learning is set up, all of a sudden the benefits are enormous. For instance, one of the big issues today in combating COVID-19 is that hospitals, health authorities, and other organizations around the world are having difficulty, despite their willingness, in securely sharing data relating to the virus.

Everyone wants to share, but who sends whom what, where is it kept, and under whose authority and liability? With old methods, it’s a confusing mess. With homomorphic encryption it’s useful but slow. With federated learning, theoretically, it’s as easy as toggling someone’s access.

Because the data never leaves its “home,” this approach is essentially anonoymous and thus highly compliant with regulations like HIPAA and GDPR, another big advantage. Elledge notes: “We’re being used by leading healthcare institutions who recognize that HIPAA doesn’t give them enough protection when they are making a data set available for third parties.”

Of course there are less noble, but no less viable, examples in other industries: wireless carriers could make subscriber metadata available without selling out individuals; banks could sell consumer data without violating anyone in particular’s privacy; bulky datasets like video can sit where they are instead of being duplicated and maintained at great expense.

The company’s $4.5M seed round is seemingly evidence of confidence from a variety of investors (as summarized by Elledge): AME Cloud Ventures (Jerry Yang of Yahoo!) and Morado Ventures, Lightspeed Venture Partners, Peterson Ventures, Mark Cuban, LG, Marty Chavez (President of the Board of Overseers of Harvard), Stanford-StartX fund, and three unicorn founders (Rappi, Quora, and Lucid).

With only 11 full time employees DataFleets appears to be doing a lot with very little, and the seed round should enable rapid scaling and maturation of its flagship product. “We’ve had to turn away or postpone new customer demand to focus on our work with our lighthouse customers,” Elledge said. They’ll be hiring engineers in the U.S. and Europe to help launch the planned self-service product next year.

“We’re moving from a data ownership to a data access economy, where information can be useful without transferring ownership,” said Elledge. If his company’s bet is on target, federated learning is likely to be a big part of that going forward.


By Devin Coldewey

Contrast launches its security observability platform

Contrast, a developer-centric application security company with customers that include Liberty Mutual Insurance, NTT Data, AXA and Bandwidth, today announced the launch of its security observability platform. The idea here is to offer developers a single pane of glass to manage an application’s security across its lifecycle, combined with real-time analysis and reporting, as well as remediation tools.

“Every line of code that’s happening increases the risk to a business if it’s not secure,” said Contrast CEO and chairman Alan Nauman. “We’re focused on securing all that code that businesses are writing for both automation and digital transformation.”

Over the course of the last few years, the well-funded company, which raised a $65 million Series D round last year, launched numerous security tools that cover a wide range of use cases from automated penetration testing to cloud application security and now DevOps — and this new platform is meant to tie them all together.

DevOps, the company argues, is really what necessitates a platform like this, given that developers now push more code into production than ever — and the onus of ensuring that this code is secure is now also often on that.

Image Credits: Contrast

Traditionally, Nauman argues, security services focused on the code itself and looking at traffic.

“We think at the application layer, the same principles of observability apply that have been used in the IT infrastructure space,” he said. “Specifically, we do instrumentation of the code and we weave security sensors into the code as it’s being developed and are looking for vulnerabilities and observing running code. […] Our view is: the world’s most complex systems are best when instrumented, whether it’s an airplane, a spacecraft, an IT infrastructure. We think the same is true for code. So our breakthrough is applying instrumentation to code and observing for security vulnerabilities.”

With this new platform, Contrast is aggregating information from its existing systems into a single dashboard. And while Contrast observes the code throughout its lifecycle, it also scans for vulnerabilities whenever a developers check code into the CI/CD pipeline, thanks to integrations with most of the standard tools like Jenkins. It’s worth noting that the service also scans for vulnerabilities in open-source libraries. Once deployed, Contrast’s new platform keeps an eye on the data that runs through the various APIs and systems the application connects to and scans for potential security issues there as well.

The platform currently supports all of the large cloud providers like AWS, Azure and Google Cloud, and languages and frameworks like Java, Python, .NET and Ruby.

Image Credits: Contrast


By Frederic Lardinois