cybersecurity startup

Auto Added by WPeMatico

Breach simulation startup AttackIQ raises $44M to fuel expansion

AttackIQ, a cybersecurity startup that provides organizations with breach and attack simulation solutions, has raised $44 million in Series C funding as it looks to ramp up its international expansion.

The funding round was led by Atlantic Bridge, Saudi Aramco Energy Ventures (SAEV) and Gaingels, with existing vendors — including Index Ventures, Khosla Ventures, Salesforce Ventures and Telstra Ventures — also participating. The round brings the company’s total funding raised to date to $79 million. 

AttackIQ was founded in 2013 and is based out of San Diego, California. It provides an automated validation platform that runs scenarios to detect any gaps in a company’s defenses, enabling organizations to test and measure the effectiveness of their security posture and receive guidance on how to fix what’s broken. Broadly, AttackIQ’s platform helps an organization’s security teams anticipate, prepare and hunt for threats that may impact their business, before hackers get there first.

Its Security Optimization Platform platform, which supports Windows, Linux and macOS across public, private and on-premises cloud environments, is based on the MITRE ATT&CK framework, a curated knowledge base of known adversary threats, tactics and techniques. This is used by a number of cybersecurity companies also building continuous validation services, including FireEye, Palo Alto Networks and Cymulate.

AttackIQ says this latest round of funding, which comes more than two years after its last, arrives at a “dynamic time” for the company. Not only has cybersecurity become more of a priority for organizations as a result of a major uptick in both ransomware and supply-chain attacks, the company also recently accelerated its international expansion efforts through a partnership with technology distributor Westcon.

The startup says it’s planning to use these new funds to further expand internationally through its newfound partnership with Atlantic Bridge, which will also see Kevin Dillon, the company’s co-founder and managing director, join the AttackIQ board of directors. 

“AttackIQ has established itself as a category leader with a formidable enterprise customer base that includes four of the Fortune 20,” said Dillon. “We believe deeply in the company’s vision and potential to become the next billion-dollar cybersecurity software company and look forward to helping the company turn early traction in Europe and the Middle East into robust, long-term expansion.”

Brett Galloway, CEO of AttackIQ, said the round “reaffirms the strength” of its platform.

As well as enabling organizations to review the robustness of their security defenses, the startup also runs the AttackIQ Academy, which provides free entry-level and advanced cybersecurity training. It has accumulated 17,200 registered students to date across 176 countries.

Powered by WPeMatico

Orca Security raises $210M Series C at a unicorn valuation

Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.

If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.

Orca Security co-founders Gil Geron (left) and Avi Shua (right). Image Credits: Orca Security

As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.

“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”

Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.

“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”

It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”

Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.

“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”

As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.

“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Powered by WPeMatico

Decrypted: Contact-tracing privacy, Zoom buys Keybase, Microsoft eyes CyberX

As the world looks to reopen after weeks of lockdown, governments are turning to contact tracing to understand the spread of the deadly coronavirus.

Most nations are leaning toward privacy-focused apps that use Bluetooth signals to create an anonymous profile of where a person has been and when. Some, like Israel, are bucking the trend and are using location and cell phone data to track the spread, prompting privacy concerns.

Some of the biggest European economies — Germany, Italy, Switzerland and Ireland — are building apps that work with Apple and Google’s contact-tracing API. But the U.K., one of the worst-hit nations in Europe, is going it alone.

Unsurprisingly, critics have both security and privacy concerns, so much so that the U.K. may end up switching over to Apple and Google’s system anyway. Given that one of Israel’s contact-tracing systems was found on an passwordless server this week, and India denied a privacy issue in its contact-tracing app, there’s not much wiggle-room to get these things wrong.

Turns out that even during a pandemic, people still care about their privacy.

Here’s more from the week.


THE BIG PICTURE

Zoom acquires Keybase, but questions remain

When Zoom announced it acquired online encryption key startup Keybase, for many, the reaction was closer to mild than wild. Even Keybase, a service that lets users store and manage their encryption keys, acknowledged its uncertain future. “Keybase’s future is in Zoom’s hands, and we’ll see where that takes us,” the company wrote in a blog post. Terms of the deal were not disclosed.

Zoom has faced security snafu after snafu. But after dancing around the problems, it promised to call in the cavalry and double down on fixing its encryption. So far, so good. But where does Keybase, largely a consumer product, fit into the fray? It doesn’t sound like even Zoom knows yet, per enterprise reporter Ron Miller. What’s clear is that Zoom needs encryption help, and few have the technical chops to pull that off.

Keybase’s team might — might — just help Zoom make good on its security promises.

Powered by WPeMatico

Helm.ai raises $13M on its unsupervised learning approach to driverless car AI

Four years ago, mathematician Vlad Voroninski saw an opportunity to remove some of the bottlenecks in the development of autonomous vehicle technology thanks to breakthroughs in deep learning.

Now, Helm.ai, the startup he co-founded in 2016 with Tudor Achim, is coming out of stealth with an announcement that it has raised $13 million in a seed round that includes investment from A.Capital Ventures, Amplo, Binnacle Partners, Sound Ventures, Fontinalis Partners and SV Angel. More than a dozen angel investors also participated, including Berggruen Holdings founder Nicolas Berggruen, Quora co-founders Charlie Cheever and Adam D’Angelo, professional NBA player Kevin Durant, Gen. David Petraeus, Matician co-founder and CEO Navneet Dalal, Quiet Capital managing partner Lee Linden and Robinhood co-founder Vladimir Tenev, among others.

Helm.ai will put the $13 million in seed funding toward advanced engineering and R&D and hiring more employees, as well as locking in and fulfilling deals with customers.

Helm.ai is focused solely on the software. It isn’t building the compute platform or sensors that are also required in a self-driving vehicle. Instead, it is agnostic to those variables. In the most basic terms, Helm.ai is creating software that tries to understand sensor data as well as a human would, in order to be able to drive, Voroninski said.

That aim doesn’t sound different from other companies. It’s Helm.ai’s approach to software that is noteworthy. Autonomous vehicle developers often rely on a combination of simulation and on-road testing, along with reams of data sets that have been annotated by humans, to train and improve the so-called “brain” of the self-driving vehicle.

Helm.ai says it has developed software that can skip those steps, which expedites the timeline and reduces costs. The startup uses an unsupervised learning approach to develop software that can train neural networks without the need for large-scale fleet data, simulation or annotation.

“There’s this very long tail end and an endless sea of corner cases to go through when developing AI software for autonomous vehicles, Voroninski explained. “What really matters is the unit of efficiency of how much does it cost to solve any given corner case, and how quickly can you do it? And so that’s the part that we really innovated on.”

Voroninski first became interested in autonomous driving at UCLA, where he learned about the technology from his undergrad adviser who had participated in the DARPA Grand Challenge, a driverless car competition in the U.S. funded by the Defense Advanced Research Projects Agency. And while Voroninski turned his attention to applied mathematics for the next decade — earning a PhD in math at UC Berkeley and then joining the faculty in the MIT mathematics department — he knew he’d eventually come back to autonomous vehicles. 

By 2016, Voroninski said breakthroughs in deep learning created opportunities to jump in. Voroninski left MIT and Sift Security, a cybersecurity startup later acquired by Netskope, to start Helm.ai with Achim in November 2016.

“We identified some key challenges that we felt like weren’t being addressed with the traditional approaches,” Voroninski said. “We built some prototypes early on that made us believe that we can actually take this all the way.”

Helm.ai is still a small team of about 15 people. Its business aim is to license its software for two use cases — Level 2 (and a newer term called Level 2+) advanced driver assistance systems found in passenger vehicles and Level 4 autonomous vehicle fleets.

Helm.ai does have customers, some of which have gone beyond the pilot phase, Voroninski said, adding that he couldn’t name them.

Powered by WPeMatico

Arceo.ai raises $37 million to expand cyber insurance coverage and access

Critical cyber attacks on both businesses and individuals have been grabbing headlines at an alarming rate. Cybersecurity has moved from a background risk for enterprises to a critical day-to-day threat to business operations, forcing executive teams to pour time and hundreds of billions in capital into monitoring and prevention efforts.

Yet even as investment in security ticks up, the frequency and cost of cybercrime to businesses continues to rapidly accelerate, with the World Economic Forum estimating the economic loss due to cybercrime could reach $3 trillion by 2020.

More companies are now turning to cyber insurance as a means of mitigating financial exposure. However, for traditional insurers, cybersecurity remains a relatively nascent and unfamiliar issue, requiring risk-assessment data points and methodologies largely different from those seen in traditional insurance products. As a result, businesses often struggle to get the scale of cybersecurity coverage they require.

Arceo.ai is hoping to expand the size and scope of the cyber insurance market for both insurers and companies, by providing insurers with effective real-time data, analytics and context, necessary for safely and efficiently underwrite cyber risk.

This morning, Arceo took a major step in achieving that goal, announcing the company has raised a $37 million round of funding led by Lightspeed Venture Partners and Founders Fund with participation from CRV and  UL Ventures.

Arceo logoUsing an expansive set of global sources across a customer’s digital footprint, Arceo.AI collects internal, external and macro cyber risk data which it uses to evaluate a company’s security and cyber risk management behavior. By automating the data collection process and connecting it with insurer underwriting processes, Arceo is able to keep its data and policy assessments up to date in real-time and enable faster, more efficient quotes.

A vital component of Arceo’s platform is its analytics offering. Using patented data science and cyber risk models, Arceo generates analytics-driven insights for insurance carriers, brokers and end-insured customers. For end-insured customers, Arceo helps companies understand whether they’re using the best mitigation strategies by providing policy recommendations and industry benchmarking to help contextualize day-to-day cyber behavior and hygiene. For underwriters, Arceo can provide specific insurance recommendations based on particular policy coverages.

Ultimately, Arceo looks to provide both insurers and the insured with actionable answers to key questions such as how one assesses cyber risk, how one determines what risks can be mitigated with technology alone, how one knows which systems are best and whether those systems are being used appropriately.

Raj Shah

Arceo.ai Chairman Raj Shah. Image via Arceo.ai

In an interview with TechCrunch, Arceo Chairman Raj Shah explained that the company’s background expertise, proprietary data systems, and deep pedigree in both the security and insurance truly differentiate Arceo from competing solutions. For starters, both Shah and Arceo co-founder and CEO Vishaal Hariprasad have spent close to the entirety of their careers in national security and cybersecurity. Hariprasad started his career in the Airforce’s first cohort of cyber warfare officers, before teaming up with Shah to start Morta Security in 2012, a security startup the two sold to Palo Alto networks in just roughly two years.

After selling the company, Shah and Hariprasad remained in the security world before realizing that there was a natural intersection between security and insurance, and a real opportunity for risk transfer solutions.

“Having studied the market, we saw that people are spending more and more dollars on cybersecurity products… There are hundreds of thousands of new vendors every year… Spend is going up, but we don’t feel any safer!” Shah told TechCrunch.

“That’s when we said ‘Hey, we need to move beyond just thinking about technology points and products, and think about holistic cyber risk management.’ And this is where insurance has historically done a great job. Putting a price on behavior and making people think and letting them take risks… From life and death and health to buyers and property and casualty. And so cyber is that next class risk… So that’s really why we started the business. We wanted to provide a real way to manage the cyber stress that they’re facing and that will impact every single one of our digital lives.”

Since the company’s founding, Raj and Vishaal have been joined by a deep network of cyber and insurance experts. Today, Arceo also announced that Hemant Shah, founder and former CEO of catastrophe risk modeling company RMS has joined Arceo’s Board of Directors. Additionally, earlier this month, the company announced that Mario Vitale, the former CEO of publically-traded insurance companies Willis Towers Watson and Zurich Insurance Group, would be joining the Arceo team as the company’s President.

The company noted that participation from high-profile industry vets like Hemant and Mario not only further advance Arceo’s competitive advantage but also acts as another major validation of the company’s future and work to date.

According to Arceo Chairman Raj Shah, after years of investing in R&D, the latest funds will be used towards expansion efforts and scaling Arceo to the broader ecosystem of insurance and brokers. Longer-term, the company hopes to offer the most complete combined cybersecurity and risk transfer solution to insurers and the insured, easing the stress around cyber threats for both enterprises and individuals and ultimately improving broader cyber resiliency.

If you’d like to hear more from Arceo’s Raj Shah, Raj will also be joining us this year on the Extra Crunch stage at TechCrunch Disrupt SF, where he’ll discuss how founders and companies should think about potential US government investment. Grab tickets here and we hope to see you there!

Powered by WPeMatico

Startups Weekly: Will the real unicorns please stand up?

Hello and welcome back to Startups Weekly, a newsletter published every Saturday that dives into the week’s noteworthy venture capital deals, funds and trends. Before I dive into this week’s topic, let’s catch up a bit. Last week, I wrote about the sudden uptick in beverage startup rounds. Before that, I noted an alternative to venture capital fundraising called revenue-based financing. Remember, you can send me tips, suggestions and feedback to kate.clark@techcrunch.com or on Twitter @KateClarkTweets.

Here’s what I’ve been thinking about this week: Unicorn scarcity, or lack thereof. I’ve written about this concept before, as has my Equity co-host, Crunchbase News editor-in-chief Alex Wilhelm. I apologize if the two of us are broken records, but I think we’re equally perplexed by the pace at which companies are garnering $1 billion valuations.

Here’s the latest data, according to Crunchbase: “2018 outstripped all previous years in terms of the number of unicorns created and venture dollars invested. Indeed, 151 new unicorns joined the list in 2018 (compared to 96 in 2017), and investors poured more than $135 billion into those companies, a 52% increase year-over-year and the biggest sum invested in unicorns in any one year since unicorns became a thing.”

2019 has already coined 42 new unicorns, like Glossier, Calm and Hims, a number that grows each and every week. For context, a total of 19 companies joined the unicorn club in 2013 when Aileen Lee, an established investor, coined the term. Today, there are some 450 companies around the globe that qualify as unicorns, representing a cumulative valuation of $1.6 trillion. 😲

We’ve clung to this fantastical terminology for so many years because it helps us classify startups, singling out those that boast valuations so high, they’ve gained entry to a special, elite club. In 2019, however, $100 million-plus rounds are the norm and billion-dollar-plus funds are standard. Unicorns aren’t rare anymore; it’s time to rethink the unicorn framework.

Petition to stop using the term “unicorn” unless the company is valued at more than $1 billion *and* profitable.

— Kate Clark (@KateClarkTweets) May 22, 2019

Last week, I suggested we only refer to profitable companies with a valuation larger than $1 billion as unicorns. Understandably, not everyone was too keen on that idea. Why? Because startups in different sectors face barriers of varying proportions. A SaaS company, for example, is likely to achieve profitability a lot quicker than a moonshot bet on autonomous vehicles or virtual reality. Refusing startups that aren’t yet profitable access to the unicorn club would unfairly favor certain industries.

So what can we do? Perhaps we increase the valuation minimum necessary to be called a unicorn to $10 billion? Initialized Capital’s Garry Tan’s idea was to require a startup have 50% annual growth to be considered a unicorn, though that would be near-impossible to get them to disclose…

While I’m here, let me share a few of the other eclectic responses I received following the above tweet. Joseph Flaherty said we should call profitable billion-dollar companies Pegasus “since [they’ve] taken flight.” Reagan Pollack thinks profitable startups oughta be referred to as leprechauns. Hmmmm.

The suggestions didn’t stop there. Though I’m not so sure adopting monikers like Pegasus and leprechaun will really solve the unicorn overpopulation problem. Let me know what you think. Onto other news.

Image by Rafael Henrique/SOPA Images/LightRocket via Getty Images

IPO corner

CrowdStrike has set its IPO terms. The company has inked plans to sell 18 million shares at between $19 and $23 apiece. At a midpoint price, CrowdStrike will raise $378 million at a valuation north of $4 billion.

Slack inches closer to direct listing. The company released updated first-quarter financials on Friday, posting revenues of $134.8 million on losses of $31.8 million. That represents a 67% increase in revenues from the same period last year when the company lost $24.8 million on $80.9 million in revenue.

Startup Capital

Online lender SoFi has quietly raised $500M led by Qatar
Groupon co-founder Eric Lefkofsky just-raised another $200M for his new company Tempus
Less than 1 year after launching, Brex eyes $2B valuation
Password manager Dashlane raises $110M Series D
Enterprise cybersecurity startup BlueVoyant raises $82.5M at a $430M valuation
Talkspace picks up $50M Series D
TaniGroup raises $10M to help Indonesia’s farmers grow
Stripe and Precursor lead $4.5M seed into media CRM startup Pico

Funds

Maveron, a venture capital fund co-founded by Starbucks mastermind Howard Schultz, has closed on another $180 million to invest in early-stage consumer startups. The capital represents the firm’s seventh fundraise and largest since 2000. To keep the fund from reaching mammoth proportions, the firm’s general partners said they turned away more than $70 million amid high demand for the effort. There’s more where that came from, here’s a quick look at the other VCs to announce funds this week:

~Extra Crunch~

This week, I penned a deep dive on Slack, formerly known as Tiny Speck, for our premium subscription service Extra Crunch. The story kicks off in 2009 when Stewart Butterfield began building a startup called Tiny Speck that would later come out with Glitch, an online game that was neither fun nor successful. The story ends in 2019, weeks before Slack is set to begin trading on the NYSE. Come for the history lesson, stay for the investor drama. Here are the other standout EC pieces of the week.

Equity

If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm and I debate whether the tech press is too negative or too positive in its coverage of tech startups. Plus, we dive into Brex’s upcoming round, SoFi’s massive raise and CrowdStrike’s imminent IPO.

Powered by WPeMatico