Linux 5.14 set to boost future enterprise application security

Linux is set for a big release this Sunday August 29, setting the stage for enterprise and cloud applications for months to come. The 5.14 kernel update will include security and performance improvements.

A particular area of interest for both enterprise and cloud users is always security and to that end, Linux 5.14 will help with several new capabilities. Mike McGrath, vice president, Linux Engineering at Red Hat told TechCrunch that the kernel update includes a feature known as core scheduling, which is intended to help mitigate processor-level vulnerabilities like Spectre and Meltdown, which first surfaced in 2018. One of the ways that Linux users have had to mitigate those vulnerabilities is by disabling hyper-threading on CPUs and therefore taking a performance hit. 

“More specifically, the feature helps to split trusted and untrusted tasks so that they don’t share a core, limiting the overall threat surface while keeping cloud-scale performance relatively unchanged,” McGrath explained.

Another area of security innovation in Linux 5.14 is a feature that has been in development for over a year-and-a-half that will help to protect system memory in a better way than before. Attacks against Linux and other operating systems often target memory as a primary attack surface to exploit. With the new kernel, there is a capability known as memfd_secret () that will enable an application running on a Linux system to create a memory range that is inaccessible to anyone else, including the kernel.

“This means cryptographic keys, sensitive data and other secrets can be stored there to limit exposure to other users or system activities,” McGrath said.

At the heart of the open source Linux operating system that powers much of the cloud and enterprise application delivery is what is known as the Linux kernel. The kernel is the component that provides the core functionality for system operations. 

The Linux 5.14 kernel release has gone through seven release candidates over the last two months and benefits from the contributions of 1,650 different developers. Those that contribute to Linux kernel development include individual contributors, as well large vendors like Intel, AMD, IBM, Oracle and Samsung. One of the largest contributors to any given Linux kernel release is IBM’s Red Hat business unit. IBM acquired Red Hat for $34 billion in a deal that closed in 2019.

“As with pretty much every kernel release, we see some very innovative capabilities in 5.14,” McGrath said.

While Linux 5.14 will be out soon, it often takes time until it is adopted inside of enterprise releases. McGrath said that Linux 5.14 will first appear in Red Hat’s Fedora community Linux distribution and will be a part of the future Red Hat Enterprise Linux 9 release. Gerald Pfeifer, CTO for enterprise Linux vendor SUSE, told TechCrunch that his company’s openSUSE Tumbleweed community release will likely include the Linux 5.14 kernel within ‘days’ of the official release. On the enterprise side, he noted that SUSE Linux Enterprise 15 SP4, due next spring, is scheduled to come with Kernel 5.14. 

The new Linux update follows a major milestone for the open source operating system, as it was 30 years ago this past Wednesday that creator Linus Torvalds (pictured above) first publicly announced the effort. Over that time Linux has gone from being a hobbyist effort to powering the infrastructure of the internet.

McGrath commented that Linux is already the backbone for the modern cloud and Red Hat is also excited about how Linux will be the backbone for edge computing – not just within telecommunications, but broadly across all industries, from manufacturing and healthcare to entertainment and service providers, in the years to come.

The longevity and continued importance of Linux for the next 30 years is assured in Pfeifer’s view.  He noted that over the decades Linux and open source have opened up unprecedented potential for innovation, coupled with openness and independence.

“Will Linux, the kernel, still be the leader in 30 years? I don’t know. Will it be relevant? Absolutely,” he said. “Many of the approaches we have created and developed will still be pillars of technological progress 30 years from now. Of that I am certain.”

 

 


By Sean Michael Kerner

ActiveFence comes out of the shadows with $100M in funding and tech that detects online harm

Online abuse, disinformation, fraud and other malicious content is growing and getting more complex to track. Today, a startup called ActiveFence, which has quietly built a tech platform to suss out threats as they are being formed and planned, to make it easier for trust and safety teams to combat them on platforms, is coming out of the shadows to announce significant funding on the back of a surge of large organizations using its services.

The startup, co-headquartered in New York and Tel Aviv, has raised $100 million, funding that it will use to continue developing its tools and to continue expanding its customer base. To date, ActiveFence says that its customers include companies in social media, audio and video streaming, file sharing, gaming, marketplaces and other technologies — it has yet to disclose any specific names but says that its tools collectively cover “billions” of users. Governments and brands are two other categories that it is targeting as it continues to expand. It has been around since 2018 and is growing at around 100% annually.

The $100 million being announced today actually covers two rounds: its most recent Series B led by CRV and Highland Europe, as well as a Series A it never announced led by Grove Ventures and Norwest Venture Partners. Vintage Investment Partners, Resolute Ventures and other unnamed backers also participated. It’s not disclosing valuation but I understand it’s between $300 million and $400 million. (I’ll update this if we learn more.)

The increase presence of social media and online chatter on other platforms has put a strong spotlight on how those forums are used by bad actors to spread malicious content. ActiveFence’s particular approach is a set of algorithms that tap into innovations in AI (natural language processing) and to map relationships between conversations. It crawls all of the obvious, and less obvious and harder-to-reach parts of the internet to pick up on chatter that is typically where a lot of the malicious content and campaigns are born — some 3 million sources in all — before they become higher-profile issues.  It’s built both on the concept of big data analytics as well as understanding that the long tail of content online has a value if it can be tapped effectively.

“We take a fundamentally different approach to trust, safety and content moderation,” Noam Schwartz, the co-founder and CEO, said in an interview. “We are proactively searching the darkest corners of the web and looking for bad actors in order to understand the sources of malicious content. Our customers then know what’s coming. They don’t need to wait for the damage, or for internal research teams to identify the next scam or disinformation campaign. We work with some of the most important companies in the world, but even tiny, super niche platforms have risks.”

The insights that ActiveFence gathers are then packaged up in an API that its customers can then feed into whatever other systems they use to track or mitigate traffic on their own platforms.

ActiveFence is not the only company building technology to help platform operators, governments and brands to have a better picture of what is going on in the wider online world. Factmata has built algorithms to better understand and track sentiments online; Primer (which also recently raised a big round) also uses NLP to help its customers track online information, with its customers including government organizations that used its technology to track misinformation during election campaigns; Bolster (formerly called RedMarlin) is another. Some of the bigger platforms have also gotten more proactive in bringing tracking technology and talent in-house: Facebook acquired Bloomsbury AI several years ago for this purpose; Twitter has acquired Fabula (and is working on a bigger efforts like Birdwatch to build better tools), and earlier this year Discord picked up Sentropy, another online abuse tracker.

It may well be that ultimately there will exist multiple companies doing good work in this area, not unlike other corners of the world of security, which ideally need multiple efforts thrown at problems to crack them. In this particular case, the growth of the startup to date, and its effectiveness in identifying early warning signs, is one reason why investors have been interested in ActiveFence.

“We are pleased to support ActiveFence in this important mission” commented Izhar Armony, the lead investor from CRV, in a statement. “We believe they are ready for the next phase of growth and that they can maintain leadership in the dynamic and fast growing trust and safety market.”

“ActiveFence has emerged as a clear leader in the developing online trust and safety category. This round will help the company to accelerate the growth momentum we witnessed in the past few years,” said Dror Nahumi, general partner at Norwest Venture Partners, in a statement.


By Ingrid Lunden

Cloud security platform Netskope boosts valuation to $7.5B following $300M raise

Netskope, focused on Secure Access Service Edge architecture, announced Friday a $300 million investment round on a post-money valuation of $7.5 billion.

The oversubscribed insider investment was led by ICONIQ Growth, which was joined by other existing investors, including Lightspeed Venture Partners, Accel, Sequoia Capital Global Equities, Base Partners, Sapphire Ventures and Geodesic Capital.

Netskope co-founder and CEO Sanjay Beri told TechCrunch that since its founding in 2012, the company’s mission has been to guide companies through their digital transformation by finding what is most valuable to them — sensitive data — and protecting it.

“What we had before in the market didn’t work for that world,” he said. “The theory is that digital transformation is inevitable, so our vision is to transform that market so people could do that, and that is what we are building nearly a decade later.”

With this new round, Netskope continues to rack up large rounds: it raised $340 million last February, which gave it a valuation of nearly $3 billion. Prior to that, it was a $168.7 million round at the end of 2018.

Similar to other rounds, the company was not actively seeking new capital, but that it was “an inside round with people who know everything about us,” Beri said.

“The reality is we could have raised $1 billion, but we don’t need more capital,” he added. “However, having a continued strong balance sheet isn’t a bad thing. We are fortunate to be in that situation, and our destination is to be the most impactful cybersecurity company in the world.

Beri said the company just completed a “three-year journey building the largest cloud network that is 15 milliseconds from anyone in the world,” and intends to invest the new funds into continued R&D, expanding its platform and Netskope’s go-to-market strategy to meet demand for a market it estimated would be valued at $30 billion by 2024, he said.

Even pre-pandemic the company had strong hypergrowth over the past year, surpassing the market average annual growth of 50%, he added.

Today’s investment brings the total raised by Santa Clara-based Netskope to just over $1 billion, according to Crunchbase data.

With the company racking up that kind of capital, the next natural step would be to become a public company. Beri admits that Netskope could be public now, though it doesn’t have to do it for the traditional reasons of raising capital or marketing.

“Going public is one day on our path, but you probably won’t see us raise another private round,” Beri said.

 


By Christine Hall

Opaque raises $9.5M seed to secure sensitive data in the cloud

Opaque, a new startup born out of Berkely’s RISELabs, announced a $9.5 million seed round today to build a solution to access and work with sensitive data in the cloud in a secure way, even with multiple organizations involved. Intel Capital led today’s investment with participation by Race Capital, The House Fund and FactoryHQ.

The company helps customers work with secure data in the cloud while making sure the data they are working on is not being exposed to cloud providers, other research participants or anyone else, says company president Raluca Ada Popa.

“What we do is we use this very exciting hardware mechanism called Enclave, which [operates] deep down in the processor — it’s a physical black box — and only gets decrypted there. […] So even if somebody has administrative privileges in the cloud, they can only see encrypted data,” she explained.

Company co-founder Ion Stoica, who was a co-founder at Databricks, says the startup’s solution helps resolve two conflicting trends. On one hand, businesses increasingly want to make use of data, but at the same time are seeing a growing trend toward privacy. Opaque is designed to resolve this by giving customers access to their data in a safe and fully encrypted way.

The company describes the solution as “a novel combination of two key technologies layered on top of state-of-the-art cloud security—secure hardware enclaves and cryptographic fortification.” This enables customers to work with data — for example to build machine learning models — without exposing the data to others, yet while generating meaningful results.

Popa says this could be helpful for hospitals working together on cancer research, who want to find better treatment options without exposing a given hospital’s patient data to other hospitals, or banks looking for money laundering without exposing customer data to other banks, as a couple of examples.

Investors were likely attracted to the pedigree of Popa, a computer security and applied crypto professor at UC Berkeley and Stoica, who is also a Berkeley professor and co-founded Databricks. Both helped found RISELabs at Berkeley where they developed the solution and spun it out as a company.

Mark Rostick, vice president and senior managing director at lead investor Intel Capital says his firm has been working with the founders since the startup’s earliest days, recognizing the potential of this solution to help companies find complex solutions even when there are multiple organizations involved sharing sensitive data.

“Enterprises struggle to find value in data across silos due to confidentiality and other concerns. Confidential computing unlocks the full potential of data by allowing organizations to extract insights from sensitive data while also seamlessly moving data to the cloud without compromising security or privacy,” Rostick said in a statement

He added, “Opaque bridges the gap between data security and cloud scale and economics, thus enabling inter-organizational and intra-organizational collaboration.”


By Ron Miller

Network security startup ExtraHop skips and jumps to $900M exit

Last year, Seattle-based network security startup ExtraHop was riding high, quickly approaching $100 million in ARR and even making noises about a possible IPO in 2021. But there will be no IPO, at least for now, as the company announced this morning it has been acquired by a pair of private equity firms for $900 million.

The firms, Bain Capital Private Equity and Crosspoint Capital Partners, are buying a security solution that provides controls across a hybrid environment, something that could be useful as more companies find themselves in a position where they have some assets on-site and some in the cloud.

The company is part of the narrower Network Detection and Response (NDR) market. According to Jesse Rothstein, ExtraHop’s chief technology officer and co-founder, it’s a technology that is suited to today’s threat landscape, “I will say that ExtraHop’s north star has always really remained the same, and that has been around extracting intelligence from all of the network traffic in the wire data. This is where I think the network detection and response space is particularly well-suited to protecting against advanced threats,” he told TechCrunch.

The company uses analytics and machine learning to figure out if there are threats and where they are coming from, regardless of how customers are deploying infrastructure. Rothstein said he envisions a world where environments have become more distributed with less defined perimeters and more porous networks.

“So the ability to have this high quality detection and response capability utilizing next generation machine learning technology and behavioral analytics is so very important,” he said.

Max de Groen, managing partner at Bain, says his company was attracted to the NDR space, and saw ExtraHop as a key player. “As we looked at the NDR market, ExtraHop, which […] has spent 14 years building the product, really stood out as the best individual technology in the space,” de Groen told us.

Security remains a frothy market with lots of growth potential. We continue to see a mix of startups and established platform players jockeying for position, and private equity firms often try to establish a package of services. Last week, Symphony Technology Group bought FireEye’s product group for $1.2 billion, just a couple of months after snagging McAfee’s enterprise business for $4 billion as it tries to cobble together a comprehensive enterprise security solution.


By Ron Miller

Uptycs secures $50M Series C as security platform continues to expand

Uptycs, a Boston-area startup that uses data to help understand and prevent security attacks, announced a $50 million Series C today, 11 months after announcing a $30 million Series B. Norwest Venture Partners led the round with participation from Sapphire Ventures and ServiceNow Ventures.

Company co-founder and CEO Ganesh Pai says that he was still well capitalized from last year’s investment, and wasn’t actually looking to raise funds, but the investors came looking for him and he saw a way to speed up some aspects of the company’s roadmap.

“It was one of those things where the round came in primarily as a function of execution and success to date, and we decided to capitalize on that because we know the partners and raised the capital so that we could use it meaningfully for a couple of different things, primarily sales and marketing acceleration,” Pai said.

He said that part of the reason for the company’s success over the last year was that the pandemic generated more customer interest as people moved to work from home, the SolarWinds hack happened and companies were moving to the cloud faster. “We provided a solution which was telemetric powered and very insightful when it came to solving their security problems and that’s what led to triple digit growth over the last year,” he said.

But Pai says that the company has not been sitting still in terms of the platform. While last year, he described it primarily as a forensic security data solution, helping customers figure out what happened after a security issue has happened, he says that the company has begun expanding on that vision to include all four main areas of security including being proactive, reactive, predictive and protective.

The company started primarily in being reactive by figuring what happened in the past, but has begun to expand into these other areas over the last year, and the plan is to continue to build out that functionality.

“In the context of SolarWinds, what everyone is trying to figure out is how soon into the supply chain can you figure out what could be potentially wrong by looking at indications of behavior or indications of compromise, and our ability to ingest telemetry from a diverse set of sources, not as a bolt on solution, but something which is built from the ground up, resonated really well,” Pai explained.

The company had 65 employees when we spoke last year for the Series B. Today, Pai says that number is approaching 140 and he is adding new people every week with a goal to get to around 200 people by the end of the year. He says as the company grows, he keeps diversity top of mind.

“As we grow and as we raise capital diversity has been something which has been a high priority and very critical for us,” he said. In fact, he reports that more than 50% of his employees come from under-represented groups whether it’s Latinx, Black or Asian heritage.

Pai says that one of the reasons he has been able to build a diverse workforce is his commitment to a remote workplace, which means he can hire from anywhere, something he will continue to do even after the pandemic ends.

 


By Ron Miller

Britive grabs $10M Series A to build automated multi-cloud permissions tool

Britive, an early stage startup that is trying to bring privileged access control to a multi-cloud world, announced a $10 million Series A this morning. Crosslink Capital led the investment with participation from previous investors Upfront Ventures and One Way Ventures.

The company helps automate permissioning across multiple cloud vendors and software services, whether that involves a human or a machine seeking permission. In a world of increasing automation, it’s often a machine seeking access, and that makes permissioning all the more critical, says Britive co-founder and CEO Art Poghosyan.

“What we offer is an automated approach to access, [moving from] what we call statically granted access, which constantly gets added all the time […] to completely ‘just in time access’,” he said. That means that after you define a policy, it sets the ground rules for access, and grants it based on that policy for the time required, and nothing more, whether you’re a human or a machine.

In today’s complex development world that could take many forms including API keys and secrets. “Yes, sometimes those things are granted to a human actor like a DevOps engineer, but a lot of times it also needs to be granted — quote, unquote — to a Terraform script or to GitHub to go and build out application infrastructure or deploy an application,” he said.

The company currently has 40 employees, a number that Poghosyan expects to double in the next 12 months as he puts this capital to work. As a first generation Armenian immigrant, Poghosyan says that he takes diversity and inclusion extremely seriously as he hires more employees.

“We’ve always been committed — in this business and our previous startup — to providing equal opportunities to talented people, no matter what background they come from. I’m really proud that even as a small company — we’re 40 at the moment — we have more than 50% of our workforce, which comes from ethnic minority groups,” he said.

Britive, which is based in Los Angeles, launched in 2018 and brought its first product to market in 2019. The company raised a $5.4 million seed round last July, which it announced in September, making the total raised so far approximately $15.4 million.


By Ron Miller

Cisco strikes again grabbing threat assessment tool Kenna Security as third acquisition this week

Cisco has been busy on the acquisition front this week, and today the company announced it was buying threat assessment platform Kenna Security, the third company it has purchased this week. The two companies did not disclose the purchase price.

With Kenna, Cisco gets a startup that uses machine learning to sort through the massive pile of threat data that comes into a security system on a daily basis and prioritizes the threats most likely to do the most damage. That could be a very useful tool these days when threats abound and it’s not always easy to know where to put your limited security resources. Cisco plans to take that technology and integrate into its SecureX platform.

Gee Rittenhouse, senior vice president and general manager of Cisco’s Security Business Group wrote in a blog post announcing the deal with Kenna, that his company is getting a product that brings together Cisco’s existing threat management capabilities with Kenna’s risk-based vulnerability management skills.

“That is why we are pleased to announce our intent to acquire Kenna Security, Inc., a recognized leader in risk-based vulnerability prioritization with over 14 million assets protected and over 12.7 billion managed vulnerabilities. Using data science and real-world threat intelligence, it has a proven ability to bring data in from a multi-vendor environment and provide a comprehensive view of IT vulnerability risk,” Rittenhouse wrote in the blog post.

The security sphere has been complex for a long time, but with employees moving to work from home because of COVID, it became even more pronounced in the last year. In a world where the threat landscape changes quickly, having a tool that prioritizes what to look at first in its arsenal could be very useful.

Kenna Security CEO Karim Toubba gave a typical executive argument for being acquired: it gives him a much bigger market under Cisco than his company could have built alone.

“Now is our opportunity to change the industry: once the acquisition is complete, we will be one step closer to delivering Kenna’s pioneering Risk-Based Vulnerability Management (RBVM) platform to the more than 7,000 customers using Cisco SecureX today. This single action exponentially increases the impact Kenna’s technology will have on the way the world secures networks, endpoints and infrastructures.,” he wrote in the company blog.

The company, which launched in 2010, claims to be the pioneer in the RBVM space. It raised over $98 million on a $320 million post-money valuation, according to Pitchbook data. Customers include HSBC, Royal Bank of Canada, Mattel and Quest Diagnostics.

For those customers, the product will cease to be stand-alone at some point as the companies work together to integrate Kenna technology into the SecureX platform. When that is complete, the stand-alone customers will have to purchase the Cisco solution to continue using the Kenna tech.

Cisco has had a busy week on the acquisition front. It announced its intent to acquire Sedona Systems on Tuesday, Socio Labs on Wednesday and this announcement today. That’s a lot of activity for any company in a single week. The deal is expected to close in Cisco Q4 FY 2021. The company’s 170 employees will be joining the Security Business Group led by Rittenhouse.


By Ron Miller

BluBracket nabs $12M Series A to expand source code security platform

BluBracket, an early stage startup that focuses on keeping source code repositories secure, even in distributed environments, announced a $12 million Series A today.

Evolution Equity Partners led the round with help from existing investors Unusual Ventures, Point72 Ventures, SignalFire and Firebolt Ventures. When combined with the $6.5 million seed round we reported on last year, the company has raised $19.5 million so far.

As you might imagine, being able to secure code in distributed environments came in quite handy when much of the technology world moved to work from home last year. BluBracket co-founder and CEO Ajay Arora says that the pandemic forced many organizations to look carefully at how they secured their code base.

“So the anxiety organizations had about making sure their source code was secure and that it wasn’t leaking, from that standpoint that was a big tailwind for us. [With companies moving to a] completely remote development workforce, and with code being so important to their business as intellectual property, they needed to get that visibility into what vulnerabilities were there,” Arora explained.

Even prior to the pandemic, the company was finding they were gaining traction with developers and security pros by using a bottom up approach offering a free community version of the software. Having that free version as a top of the funnel for their sales motion was also helpful once COVID hit full force.

Today, Arora says the company has multiple thousands of developers, DevOps and SecOps users across dozens of organizations using the company’s suite of products. The big reference company right now is Priceline, but he says there are other big names that would prefer not to be public about it.

The company currently has 30 employees with plans to double that by the end of the year, and he says that building diversity and inclusion into the hiring process is part of the company’s core values, and part of how the executive team gets measured.

“We’re big believers in putting our money where our mouth is and one of the OKRs for me and my co-founder [CTO Prakash Linga], or one of the things that we’re actually compensated for is how well we are doing in building diversity and inclusion on the team,” he said. He adds that the recruiters that they are using are also being held to the same standard when it comes to providing a diverse set of candidates for open positions.

The company launched in 2018 and the founding team came from Vera, a startup that helped secure documents in motion. That company was sold to HelpSystems in December 2020 after Arora and Linga had left to start BluBracket.


By Ron Miller

Jamf snags zero trust security startup Wandera for $400M

Jamf, the enterprise Apple device management company, announced that it was acquiring Wandera, a zero trust security startup, for $400 million at the market close today. Today’s purchase is the largest in the company’s history.

Jamf provides IT at large organizations with a set of management services for Apple devices. It is the leader in the market, and snagging Wandera provides a missing modern security layer for the platform.

Jamf CEO Dean Hager says that Wandera’s zero trust approach fills in an important piece in the Jamf platform tool set. “The combination of Wandera and Jamf will provide our customers a single source platform that handles deployment, application lifecycle management, policies, filtering and security capabilities across all Apple devices while delivering zero trust network access for all mobile workers,” Hager said in a statement.

Zero trust, as the name implies, is an approach to security where you don’t trust anybody regardless of whether they are inside or outside your network. It requires that you force everyone to provide multiple forms of authentication to prove their identity before they can access company resources.

The need for a zero trust approach became even more acute during the pandemic when employees  have often been working from home and have needed access to applications and other company resources from wherever they happened to be, a trend that was happening even prior to COVID, and is likely to continue after it ends.

Wandera, which is based in London, was founded in 2012 by brothers Roy and Eldar Tuvey, who had previously co-founded another security startup called ScanSafe. Cisco acquired that company, which helped protect web gateways as a service for $183 million back in 2009. The brothers raised over $53 million along the way for Wandera. Investors included Bessemer Venture Partners, 83North and Sapphire Ventures.

Sapphire co-founder and managing director Andreas Weiskam had this to say about the deal: “[Wandera] created a unique security product which addresses mobile threats by leveraging the increasingly important zero trust network. By joining the Jamf family, the two will help shape the future of the zero trust cloud. And it goes without saying that this is a big win for the customers, especially for those in the Apple ecosystem.”

Jamf now has access to all of that technology and everything else the company has developed since. Under the terms of the deal, Jamf is paying Wandera $350 million in cash, then paying them two $25 million payments on October 1, 2021 and December 15, 2021. The deal is expected to close in the third quarter assuming it passes regulatory scrutiny.

 


By Ron Miller

Emerging open cloud security framework has backing of Microsoft, Google and IBM

Each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. The Cloud Security Notification Framework (CSNF), a new working group that includes Microsoft, Google and IBM is trying to create a new open and standard way of delivering this information.

Nick Lippis, who is co-founder and co-chairman of ONUG, an open enterprise cloud community, which is the primary driver of CSNF says that what they’ve created is part standard and part open source. “What we’ve been really focusing on is how do we automate governance on the cloud. And so security was the place that was ripe for that where we can actually provide some value right away for the community,” he said.

While they’ve pulled in some of the big cloud vendors, they’ve also got large companies who consume cloud services like FedEx, Pfizer and Goldman Sachs. Conspicuously missing from the group is AWS, the biggest player in the cloud infrastructure market by far. But Lippis says that he hopes as the project matures, other companies including AWS will join.

“There’s lots of security programs and industry programs that get out there and that people are asking them to join, and so some companies want to wait to see how well this pans out [before making a commitment to it],” Lippis said. His hope is that over time, that Amazon will come around and join the group, but in the meantime they are working to get to the point everyone in the community will feel good about what they’re doing.

The idea is to start with security alerts and find a way to build a common format to give companies the same kind of system they have in the data center to track security alerts in the cloud. The way they hope to do that is with this open dialogue between the cloud vendors and the companies involved with the group.

“So the structure of that is that there’s a steering committee that is chaired by CISOs from these large cloud consumer brands, and also the cloud providers, and they provide voting and direction. And then there’s the working group where all the work is done. The beauty of what we do is that we have now consumers and also providers working together and collaborating,” he said.

Don Duet, a member of ONUG, who is CEO and co-founder of Concourse Labs, has been involved in the formation of the CSNF. He says to keep the project focused they are looking at this as a data management problem and they are establishing a common vocabulary for everyone to work within the group.

“How do you build a consensus on what are the types of terms that everybody can agree on and then you build the underlying basis so that the experts in your resource providers in this case, Cloud Service Providers, can bless how their data [connects] to those common standards,” Duet explained.

He says that particular problem is more of an organizational problem than a technical one, getting the various stakeholders together and just building consensus around this. At this point, they have that process in place and the next step is proving it by having the various companies involved in this test it out in the coming months.

After they get past the testing phase, in October they plan to actually demonstrate what this looks like in a before and after scenario, with the new framework and without it. As the group works toward these goals, the hope is that eventually the framework will become more established and other companies and vendors will come on board and make this a more standard way of sharing security alerts. If all goes well, they hope to build in other security information into this framework over time.


By Ron Miller

Cymulate nabs $45M to test and improve cybersecurity defenses via attack simulations

With cybercrime on course to be a $6 trillion problem this year, organizations are throwing ever more resources at the issue to avoid being a target. Now, a startup that’s built a platform to help them stress-test the investments that they have made into their security IT is announcing some funding on the back of strong demand from the market for its tools.

Cymulate, which lets organizations and their partners run machine-based attack simulations on their networks to determine vulnerabilities and then automatically receive guidance around how to fix what is not working well enough, has picked up $45 million, funding that the startup — co-headquartered in Israel and New York — will be using to continue investing in its platform and to ramp up its operations after doubling its revenues last year on the back of a customer list that now numbers 300 large enterprises and mid-market companies, including the Euronext stock exchange network as well as service providers such as NTT and Telit.

London-based One Peak Partners is leading this Series C, with previous investors Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital also participating.

According to Eyal Wachsman, the CEO and co-founder, Cymulate’s technology has been built not just to improve an organization’s security, but an automated, machine-learning-based system to better understand how to get the most out of the security investments that have already been made.

“Our vision is to be the largest cybersecurity ‘consulting firm’ without consultants,” he joked.

The valuation is not being disclosed but as some measure of what is going on, David Klein, managing partner at One Peak, said in an interview that that he expects Cymulate to hit a $1 billion valuation within two years at the rate it’s growing and bringing in revenue right now. The startup has now raised $71 million, so it’s likely the valuation is in the mid-hundreds of millions. (We’ll continue trying to get a better number to have a more specific data point here.)

Cymulate — pronounced “sigh-mulate”, like the “cy” in “cyber” and a pun of “simulate”) is cloud-based but works across both cloud and on-premises environments and the idea is that it complements work done by (human) security teams both inside and outside of an organization, as well as the security IT investments — in terms of software or hardware) that they have already made.

“We do not replace — we bring back the power of the expert by validating security controls and checking whether everything is working correctly to optimize a company’s security posture,” Wachsman said. “Most of the time, we find our customers are using only 20% of the capabilities that they have. The main idea is that we have become a standard.”

The company’s tools are based in part on the MITRE ATT&CK framework, a knowledge base of threats, tactics and techniques used by a number of other cybersecurity services, including a number of others building continuous validation services that compete with Cymulate. These include the likes of FireEye, Palo Alto Networks, Randori, Khosla-backed AttackIQ and many more.

Although Cymulate is optimized to help customers better use the security tools they already have, it is not meant to replace other security apps, Wachsman noted, even if the by-product might become buying less of those apps in the future.

“I believe my message every day when talking with security experts is to stop buying more security products,” he said in an interview. “They won’t help defend you from the next attack. You can use what you’ve already purchased as long as you configure it well.”

In his words, Cymulate acts as a “black box” on the network, where it integrates with security and other software (it can also work without integrating but integrations allow for a deeper analysis). After running its simulations, it produces a map of the network and its threat profile, an executive summary of the situation that can be presented to management and a more technical rundown, which includes recommendations for mitigations and remediations.

Alongside validating and optimising existing security apps and identifying vulnerabilities in the network, Cymulate also has built special tools to fit different kinds of use cases that are particularly relevant to how businesses are operation today. They include evaluating remote working deployments, the state of a network following an M&A process, the security landscape of an organization that links up with third parties in supply chain arrangements, how well an organization’s security architecture is meeting (or potentially conflicting) with privacy and other kinds of regulatory compliance requirements, and it has built a “purple team” deployment, where in cases where security teams do not have the resources for running separate “red teams” to stress test something, blue teams at the organization can use Cymulate to build a machine learning-based “team” to do this.

The fact that Cymulate has built the infrastructure to run all of these processes speaks to a lot of potential of what more it could build, especially as our threat landscape, and how we do business, both continue to evolve. Even as it is, though, opportunity today is a massive one, with Gartner estimating that some $170 billion will be spent on information security by enterprises in 2022. That’s one reason why investors are here, too.

“The increasing pace of global cyber security attacks has resulted in a crisis of trust in the security posture of enterprises and a realization that security testing needs to be continuous as opposed to periodic, particularly in the context of an ever-changing IT infrastructure and rapidly evolving threats. Companies understand that implementing security solutions is not enough to guarantee protection against cyber threats and need to regain control,” said Klein, in a statement. “We expect Cymulate to grow very fast,” he told me more directly.


By Ingrid Lunden

Vectra AI picks up $130M at a $1.2B valuation for its network approach to threat detection and response

Cybersecurity nightmares like the SolarWinds hack highlight how malicious hackers continue to exploit vulnerabilities in software and apps to do their dirty work. Today a startup that’s built a platform to help organizations protect themselves from this by running threat detection and response at the network level is announcing a big round of funding to continue its growth.

Vectra AI, which provides a cloud-based service that uses artificial intelligence technology to monitor both on-premise and cloud-based networks for intrusions, has closed a round of $130 million at a post-money valuation of $1.2 billion.

The challenge that Vectra is looking to address is that applications — and the people who use them — will continue to be weak links in a company’s security set-up, not least because malicious hackers are continually finding new ways to piece together small movements within them to build, lay and finally use their traps. While there will continue to be an interesting, and mostly effective, game of cat-and-mouse around those applications, a service that works at the network layer is essential as an alternative line of defense, one that can find those traps before they are used.

“Think about where the cloud is. We are in the wild west,” Hitesh Sheth, Vectra’s CEO, said in an interview. “The attack surface is so broad and attacks happen at such a rapid rate that the security concerns have never been higher at the enterprise. That is driving a lot of what we are doing.”

Sheth said that the funding will be used in two areas. First, to continue expanding its technology to meet the demands of an ever-growing threat landscape — it also has a team of researchers who work across the business to detect new activity and build algorithms to respond to it. And second, for acquisitions to bring in new technology and potentially more customers.

(Indeed, there has been a proliferation of AI-based cybersecurity startups in recent years, in areas like digital forensics, application security and specific sectors like SMBs, all of which complement the platform that Vectra has built, so you could imagine a number of interesting targets.)

The funding is being led by funds managed by Blackstone Growth, with unnamed existing investors participating (past backers include Accel, Khosla and TCV, among other financial and strategic investors). Vectra today largely focuses on enterprises, highly demanding ones with lots at stake to lose. Blackstone was initially a customer of Vectra’s, using the company’s flagship Cognito platform, Viral Patel — the senior MD who led the investment for the firm — pointed out to me.

The company has built some specific products that have been very prescient in anticipating vulnerabilities in specific applications and services. While it said that sales of its Cognito platform grew 100% last year, Cognito Detect for Microsoft Office 365 (a separate product) sales grew over 700%. Coincidentally, Microsoft’s cloud apps have faced a wave of malicious threats. Sheth said that implementing Cognito (or indeed other network security protection) “could have prevented the SolarWinds hack” for those using it.

“Through our experience as a client of Vectra, we’ve been highly impressed by their world-class technology and exceptional team,” 
John Stecher, CTO at Blackstone, said in a statement. “They have exactly the types of tools that technology leaders need to separate the signal from the noise in defending their organizations from increasingly sophisticated cyber threats. We’re excited to back Vectra and Hitesh as a strategic partner in the years ahead supporting their continued growth.”

Looking ahead, Sheth said that endpoint security will not be a focus for the moment because “in cloud there is so much open territory”. Instead it partners with the likes of CrowdStrike, SentinelOne, Carbon Black and others.

In terms of what is emerging as a stronger entry point, social media is increasingly coming to the fore, he said. “Social media tends to be an effective vector to get in and will remain to be for some time,” he said, with people impersonating others and suggesting conversations over encrypted services like WhatsApp. “The moment you move to encryption and exchange any documents, it’s game over.”


By Ingrid Lunden

DigitalOcean says data breach exposed customer billing data

DigitalOcean has emailed customers warning of a data breach involving customers’ billing data, TechCrunch has learned.

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22.

The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date, and the name of the card-issuing bank. The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.

“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.

DigitalOcean said it fixed the flaw and notified data protection authorities, but it’s not clear what the apparent flaw was that put customer billing information at risk.

In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.

Companies with customers in Europe are subject to GDPR, and can face fines of up to 4% of their global annual revenue.

Last year, the cloud company raised $100 million in new debt, followed by another $50 million round, months after laying off dozens of staff amid concerns about the company’s financial health. In March, the company went public, raising about $775 million in its initial public offering. 


By Zack Whittaker

With $30M extension, BigID boosts Series D to $100M at $1.25B valuation

When we last heard from BigID at the end of 2020, the company was announcing a $70 million Series D at a $1 billion valuation. Today, it announced a $30 million extension on that deal valuing the company at $1.25 billion just 4 months later.

This chunk of money comes from private equity firm Advent International, and brings the total raised to over $200 million across 4 rounds, according to the company. The late stage startup is attracting all of this capital by building a security and privacy platform. When I spoke to CEO Dimitri Sirota in September 2019 at the time of the $50 million Series C, he described the company’s direction this way:

“We’ve separated the product into some constituent parts. While it’s still sold as a broad-based [privacy and security] solution, it’s much more of a platform now in the sense that there’s a core set of capabilities that we heard over and over that customers want.”

Sirota says he has been putting the money to work, and as the economy improves he is seeing more traction for the product set. “Since December, we’ve added employees as we’ve seen broader economic recovery and increased demand. In tandem, we have been busy building a whole host of new products and offerings that we will announce over the coming weeks that will be transformational for BigID,” he said.

He also said that as with previous rounds, he didn’t go looking for the additional money, but decided to take advantage of the new funds at a higher valuation with a firm that he believes can add value overall. What’s more, the funds should allow the company to expand in ways it might have held off on.

“It was important to us that this wouldn’t be a distraction and that we could balance any funding without the need to over-capitalize, which is becoming a bigger issue in today’s environment. In the end, we took what we thought could bring forward some additional product modules and add a sales team focused on smaller commercial accounts,” Sirota said.

Ashwin Krishnan, a principal on Advent’s technology team in New York says that BigID was clearly aligned with two trends his firm has been following. That includes the explosion of data being collected and the increasing focus on managing and securing that data with the goal of ultimately using it to make better decisions.

“When we met with Dimitri and the BigID team, we immediately knew we had found a company with a powerful platform that solves the most challenging problem at the center of these trends and the data question,”Krishnan said.

Past investors in the company include Boldstart Ventures, Bessemer Venture Partners and Tiger Global. Strategic investors include Comcast Ventures, Salesforce Ventures and SAP.io.


By Ron Miller