Network Security

Auto Added by WPeMatico

Vectra AI picks up $130M at a $1.2B valuation for its network approach to threat detection and response

Cybersecurity nightmares like the SolarWinds hack highlight how malicious hackers continue to exploit vulnerabilities in software and apps to do their dirty work. Today a startup that’s built a platform to help organizations protect themselves from this by running threat detection and response at the network level is announcing a big round of funding to continue its growth.

Vectra AI, which provides a cloud-based service that uses artificial intelligence technology to monitor both on-premise and cloud-based networks for intrusions, has closed a round of $130 million at a post-money valuation of $1.2 billion.

The challenge that Vectra is looking to address is that applications — and the people who use them — will continue to be weak links in a company’s security set-up, not least because malicious hackers are continually finding new ways to piece together small movements within them to build, lay and finally use their traps. While there will continue to be an interesting, and mostly effective, game of cat-and-mouse around those applications, a service that works at the network layer is essential as an alternative line of defense, one that can find those traps before they are used.

“Think about where the cloud is. We are in the wild west,” Hitesh Sheth, Vectra’s CEO, said in an interview. “The attack surface is so broad and attacks happen at such a rapid rate that the security concerns have never been higher at the enterprise. That is driving a lot of what we are doing.”

Sheth said that the funding will be used in two areas. First, to continue expanding its technology to meet the demands of an ever-growing threat landscape — it also has a team of researchers who work across the business to detect new activity and build algorithms to respond to it. And second, for acquisitions to bring in new technology and potentially more customers.

(Indeed, there has been a proliferation of AI-based cybersecurity startups in recent years, in areas like digital forensics, application security and specific sectors like SMBs, all of which complement the platform that Vectra has built, so you could imagine a number of interesting targets.)

The funding is being led by funds managed by Blackstone Growth, with unnamed existing investors participating (past backers include Accel, Khosla and TCV, among other financial and strategic investors). Vectra today largely focuses on enterprises, highly demanding ones with lots at stake to lose. Blackstone was initially a customer of Vectra’s, using the company’s flagship Cognito platform, Viral Patel — the senior MD who led the investment for the firm — pointed out to me.

The company has built some specific products that have been very prescient in anticipating vulnerabilities in specific applications and services. While it said that sales of its Cognito platform grew 100% last year, Cognito Detect for Microsoft Office 365 (a separate product) sales grew over 700%. Coincidentally, Microsoft’s cloud apps have faced a wave of malicious threats. Sheth said that implementing Cognito (or indeed other network security protection) “could have prevented the SolarWinds hack” for those using it.

“Through our experience as a client of Vectra, we’ve been highly impressed by their world-class technology and exceptional team,” John Stecher, CTO at Blackstone, said in a statement. “They have exactly the types of tools that technology leaders need to separate the signal from the noise in defending their organizations from increasingly sophisticated cyber threats. We’re excited to back Vectra and Hitesh as a strategic partner in the years ahead supporting their continued growth.”

Looking ahead, Sheth said that endpoint security will not be a focus for the moment because “in cloud there is so much open territory”. Instead it partners with the likes of CrowdStrike, SentinelOne, Carbon Black and others.

In terms of what is emerging as a stronger entry point, social media is increasingly coming to the fore, he said. “Social media tends to be an effective vector to get in and will remain to be for some time,” he said, with people impersonating others and suggesting conversations over encrypted services like WhatsApp. “The moment you move to encryption and exchange any documents, it’s game over.”

Powered by WPeMatico

Vectra lands $100M Series E investment for AI-driven network security

Vectra, a seven-year-old company that helps customers detect intrusions at the network level, whether in the cloud or on premises, announced a $100 million Series E funding round today led by TCV. Existing investors, including Khosla Ventures and Accel, also participated in the round, which brings the total raised to more than $200 million, according to the company.

As company CEO Hitesh Sheth explained, there are two primary types of intrusion detection. The first is end point detection and the second is his company’s area of coverage, network detection and response, or NDR.  He says that by adding a layer of artificial intelligence, it improves the overall results.

“One of the keys to our success has been applying AI to network traffic, the networking side of NDR, to look for the signal in the noise. And we can do this across the entire infrastructure, from the data center to the cloud all the way into end user traffic including IoT,” he explained.

He said that as companies move their data to the cloud, they are looking for ways to ensure the security of their most valuable data assets, and he says his company’s NDR solution can provide that. In fact, securing the cloud side of the equation is one of the primary investment focuses for this round.

Tim McAdam, from lead investor TCV, says that the AI piece is a real differentiator for Vectra and one that attracted his firm to invest in the company. He said that while he realized that AI is an overused term these days, after talking to 30 customers he heard over and over again that Vectra’s AI-driven solution was a differentiator over competing products. “All of them have decided to standardize on the Vectra Cognito because to a person, they spoke of the efficacy and the reduction of their threat vectors as a result of standardizing on Vectra,” McAdam told TechCrunch.

The company was founded in 2012 and currently has 240 employees. That is expected to double in a year to 18 months with this funding.

Powered by WPeMatico

Huawei opens a cybersecurity transparency center in the heart of Europe

5G kit maker Huawei opened a Cyber Security Transparency center in Brussels yesterday as the Chinese tech giant continues to try to neutralize suspicion in Western markets that its networking gear could be used for espionage by the Chinese state.

Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: “Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.”

Huawei said the center, which will demonstrate the company’s security solutions in areas including 5G, IoT and cloud, aims to provide a platform to enhance communication and “joint innovation” with all stakeholders, as well as providing a “technical verification and evaluation platform for our
customers”.

“Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry,” it said in a press release.

“To build a trustworthy environment, we need to work together,” Hu also said in his speech. “Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour.

“We believe that facts must be verifiable, and verification must be based on standards. So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust. This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.”

The company made a similar plea at Mobile World Congress last week when its rotating chairman, Guo Ping, used a keynote speech to claim its kit is secure and will never contain backdoors. He also pressed the telco industry to work together on creating standards and structures to enable trust.

“Government and the mobile operators should work together to agree what this assurance testing and certification rating for Europe will be,” he urged. “Let experts decide whether networks are safe or not.”

Also speaking at MWC last week the EC’s digital commissioner, Mariya Gabriel, suggested the executive is prepared to take steps to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the Single Market.

She told delegates at the flagship industry conference that Europe must have “a common approach to this challenge” and “we need to bring it on the table soon”.

Though she did not suggest exactly how the Commission might act.

A spokesman for the Commission confirmed that EC VP Andrus Ansip and Huawei’s Hu met in person yesterday to discuss issues around cybersecurity, 5G and the Digital Single Market — adding that the meeting was held at the request of Hu.

“The Vice-President emphasised that the EU is an open rules based market to all players who fulfil EU rules,” the spokesman told us. “Specific concerns by European citizens should be addressed. We have rules in place which address security issues. We have EU procurement rules in place, and we have the investment screening proposal to protect European interests.”

“The VP also mentioned the need for reciprocity in respective market openness,” he added, further noting: “The College of the European Commission will hold today an orientation debate on China where this issue will come back.”

In a tweet following the meeting Ansip also said: “Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security.”

Met with @Huawei rotating CEO Ken Hu to discuss #5G and #cybersecurity.

Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security. pic.twitter.com/ltATdnnzvL

— Andrus Ansip (@Ansip_EU) March 4, 2019

Reuters reports Hu saying the pair had discussed the possibility of setting up a cybersecurity standard along the lines of Europe’s updated privacy framework, the General Data Protection Regulation (GDPR).

Although the Commission did not respond when we asked it to confirm that discussion point.

GDPR was multiple years in the making and before European institutions had agreed on a final text that could come into force. So if the Commission is keen to act “soon” — per Gabriel’s comments on 5G security — to fashion supportive guardrails for next-gen network rollouts a full blown regulation seems an unlikely template.

More likely GDPR is being used by Huawei as a byword for creating consensus around rules that work across an ecosystem of many players by providing standards that different businesses can latch on in an effort to keep moving.

Hu referenced GDPR directly in his speech yesterday, lauding it as “a shining example” of Europe’s “strong experience in driving unified standards and regulation” — so the company is clearly well-versed in how to flatter hosts.

“It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe,” he went on. “As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.”

Hu ended his speech with a further industry-wide plea, saying: “We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.”

Huawei’s appetite to do business in Europe is not in doubt, though.

The question is whether Europe’s telcos and governments can be convinced to swallow any doubts they might have about spying risks and commit to working with the Chinese kit giant as they roll out a new generation of critical infrastructure.

Powered by WPeMatico

Huawei: ‘The US security accusation of our 5G has no evidence. Nothing.’

Huawei’s rotating chairman Guo Ping kicked off a keynote speech this morning at the world’s biggest mobile industry tradeshow with a wry joke. “There has never been more interest in Huawei,” he told delegates at Mobile World Congress. “We must be doing something right!”

The Chinese company is seeking to dispel suspicion around the security of its 5G network equipment which has been accelerated by U.S. president Trump who has been urging U.S. allies not to buy kit or services from Huawei. (And some, including Australia, have banned carriers from using Huawei kit.)

Last week Trump also tweet-shamed U.S. companies — saying they needed to step up their efforts to rollout 5G networks or “get left behind”.

In an MWC keynote speech yesterday the European Commission’s digital commissioner Mariya Gabriel signalled the executive is prepared to step in and regulate to ensure a “common approach” on the issue of network security — to avoid the risk of EU member states taking individual actions that could delay 5G rollouts across Europe.

Huawei appeared to welcome the prospect today.

“Government and the mobile operators should work together to agree what this assurance testing and certification rating for Europe will be,” said Guo, suggesting that’s Huawei’s hope for any Commission action on 5G security.

“Let experts decide whether networks are safe or not,” he added, implying Trump is the opposite of an expert. “Huawei has a strong track record in security for three decades. Serving three billion people around the world. The U.S. security accusation of our 5G has no evidence. Nothing.”

Geopolitical tensions about network security have translated into the biggest headache for Huawei which has positioned itself as a key vendor for 5G kit right as carriers are preparing to upgrade their existing cellular networks to the next-gen flavor.

Guo claimed today that Huawei is “the first company who can deploy 5G networks at scale”, giving a pitch for what he described as “powerful, simple and intelligent” next-gen network kit, while clearly enjoying the opportunity of being able to agree with U.S. president Trump in public — that “the U.S. needs powerful, faster and smarter 5G”. 🔥

But any competitive lead in next-gen network tech also puts the company in prime position for political blowback linked to espionage concerns related to the Chinese state’s access to data held or accessed by commercial companies.

Huawei’s strategy to counter this threat has been to come out fighting for its commercial business — and it had plenty more of that spirit on show this morning. As well as a bunch of in-jokes. Most notably a reference to NSA whistleblower Edward Snowden which drew a knowing ripple of laughter from the audience.

“We understand innovation is nothing without security,” said Guo, segwaying from making a sales pitch for Huawei’s 5G network solutions straight into the giant geopolitical security question looming over the conference.

“Prism, prism on the wall who is the most trustworthy of them all?” he said, throwing up a colorful slide to illustrate the joke. “It’s a very important question. And if you don’t ask them that you can go ask Edward Snowden.”

You can’t use “a crystal ball to manage cybersecurity”, Guo went on, dubbing it “a challenge we all share” and arguing that every player in the mobile industry has responsibility to defuse the network security issue — from kit vendors to carriers and standards bodies, as well as regulators.

“With 5G we have made a lot of progress over 4G and we can proudly say that 5G is safer than 4G. As a vendor we don’t operate carriers network, and we don’t all carry data. Our responsibility — what we promise — is that we don’t do anything bad,” he said. “We don’t do bad things.”

“Let me says this as clear as possible,” he went on, putting up another slide that literally underlined the point. “Huawei has not and will never plant backdoors. And we will never allow anyone to do so in our equipment.

“We take this responsibility very seriously.”

Guo’s pitch on network trust and security was to argue that where 5G networks are concerned security is a collective industry responsibility — which in turn means every player in the chain plays a monitoring role that allows for networks to be collectively trusted.

“Carriers are responsible for secure operations of their own networks. 5G networks are private networks. The boundary between different networks are clear. Carriers can prevent outside attacks with firewalls and security gateways. For internal threats carriers can manage, monitor and audit all vendors and partners to make sure their network elements are secure,” he said, going on to urge the industry to work together on standards which he described as “our shared responsibility”.

“To build safer networks we need to standardize cybersecurity requirements and these standards must be verifiable for all vendors and all carriers,” he said, adding that Huawei “fully supports” the work of industry standards and certification bodies the GSMA and 3GPP who he also claimed have “strong capabilities to verify 5G’s security”.

Huawei’s strategy to defuse geopolitical risk by appealing to the industry as a whole to get behind tackling the network trust issue is a smart one given the uncertainty generated by Trump’s attacks is hardly being welcomed by anyone in the mobile business.

Huawei’s headache might lead to the industry as a whole catching a cold — and no one at MWC wants that.

Later in the keynote Guo also pointed to the awkward “irony” of the U.S Cloud Act — given the legislation allows U.S. entities to “access data across borders”.

U.S. overreach on accessing the personal data of foreign citizens continues to cause major legal headaches in Europe as a result of the clash between its national security interest and EU citizens fundamental privacy rights. So Guo’s point there won’t have been lost on an MWC audience packed with European delegates attending the annual tradeshow.

“So for best technology and greater security choose Huawei. Please choose Huawei!” Guo finished, ending his keynote with a line that could very well make it as an upbeat marketing slogan writ large on one of the myriad tech-packed booths here at Fira Gran Via, Barcelona.

Powered by WPeMatico

Forward Networks nets $16M to help prevent network outages

 As IP networks continue to grow and become ever more complex, and people become ever more dependent on them staying up all the time, a startup that is building software tools to help administrators keep networks running has landed a round of funding. Forward Networks — a startup that only emerged from stealth last November and has built a platform aimed at service providers and… Read More

Powered by WPeMatico

Illumio, a specialist in segmented security, raises $125M at $1b+ valuation

 Another day, another major round of funding for a security startup, underscoring just how active the area of IT protection is right now — both in terms of business need and as an investment opportunity. Today, Illumio — a startup that provides data center and cloud security services, monitoring and protecting individual applications and processes within an enterprise network by… Read More

Powered by WPeMatico

ForeScout Foresees IPO After $76 Million Round Led By Wellington Management

Collection of devices. ForeScout, a security company that helps firms detect devices on their networks they might not know about, announced a $76 million investment round today on a billion dollar valuation, making it a member of the vaunted unicorn club.
The company has come a long way in a short time to attain that unicorn status, reporting it has tripled its value in just 18 months.
What’s particularly… Read More

Powered by WPeMatico

Cisco Beefs Up Security, Buys Lancope For $453M

White digital padlock over circuit board ground As HP downsizes its own holdings in network security, another IT giant is ramping up: today Cisco announced that it would acquire Lancope, which focuses on behavior analytics, threat visibility and security intelligence to detect malicious activity on corporate networks. Cisco is paying $452.5 million in a cash and equity deal, with the Lancope team becoming part of the Cisco Security… Read More

Powered by WPeMatico