Security
Auto Added by WPeMatico
Auto Added by WPeMatico
Over the course of their careers, Alex Bovee and Paul Querna realized that while the use of SaaS apps and cloud infrastructure was exploding, the process to give employees permission to use them was not keeping up.
The pair led Zero Trust strategies and products at Okta, and could see the problem firsthand. For the unacquainted, Zero Trust is a security concept based on the premise that organizations should not automatically trust anything inside or outside its perimeters and, instead must verify anything and everything trying to connect to its systems before granting access.
Bovee and Querna realized that while more organizations were adopting Zero Trust strategies, they were not enacting privilege controls. This was resulting in delayed employee access to apps, or to the over-permissioning employees from day one.
Last summer, Bovee left Okta to be the first virtual entrepreneur-in-residence at VC firm Accel. There, he and Accel partner Ping Li got to talking and realized they both had an interest in addressing the challenge of granting permissions to users of cloud apps quicker and more securely.
Recalls Li: “It was actually kind of fortuitous. We were looking at this problem and I was like ‘Who can we talk to about the space?’ And we realized we had an expert in Alex.”
At that point, Bovee told Li he was actually thinking of starting a company to solve the problem. And so he did. Months later, Querna left Okta to join him in getting the startup off the ground. And today, ConductorOne announced that it raised $5 million in seed funding in a round led by Accel, with participation from Fuel Capital, Fathom Capital and Active Capital.
ConductorOne plans to use its new capital to build what the company describes as “the first-ever identity orchestration and automation platform.” Its goal is to give IT and identity admins the ability to automate and delegate employee access to cloud apps and infrastructure, while preserving least-privilege permissions.
“The crux of the problem is that you’ve got these identities — you’ve got employees and contractors on one side and then on the other side you’ve got all this SaaS infrastructure and they all have sort of infinite permutations of roles and permissions and what people can do within the context of those infrastructure environments,” Bovee said.
Companies of all sizes often have hundreds of apps and infrastructure providers they’re managing. It’s not unusual for an IT helpdesk queue to be more than 20% access requests, with people needing urgent access to resources like Salesforce, AWS or GitHub, according to Bovee. Yet each request is manually reviewed to make sure people get the right level of permissions.
“But that access is never revoked, even if it’s unused,” Bovee said. “Without a central layer to orchestrate and automate authorization, it’s impossible to handle all the permissions, entitlements and on- and off-boarding, not to mention auditing and analytics.”
ConductorOne aims to build “the world’s best access request experience,” with automation at its core.
“Automation that solves privilege management and governance is the next major pillar of cloud identity,” Accel’s Li said.
Bovee and Querna have deep expertise in the space. Prior to Okta, Bovee led enterprise mobile security product development at Lookout. Querna was the co-founder and CTO of ScaleFT, which was acquired by Okta in 2018. He also led technology and strategy teams at Rackspace and Cloudkick, and is a vocal and active open-source software advocate.
While the company’s headquarters are in Portland, Oregon, ConductorOne is a remote-first company with 10 employees.
“We’re deep in building the product right now, and just doing a lot of customer development to understand the problems deeply,” Bovee said. “Then we’ll focus on getting early customers.”
Powered by WPeMatico
Every tech vendor has to pass security muster with customers, typically a tedious activity involving answering long questionnaires. Kintent, a new startup that wants to automate this process, announced a $4 million seed today led by Tola Capital with help from a bunch of tech industry angel investors.
After company co-founder and CEO Sravish Sridhar sold his previous startup Kinvey, which provided backend as a service to mobile app developers, he took a couple of years off while he decided what to do next. The sale to Progress Software in 2017 gave him that luxury.
He knew firsthand from his experience at Kinvey that companies like his had to adhere to a lot of compliance standards, and the idea for the next company began to form in his head. He wanted to create a new startup that could make it easier to figure out how to become compliant with a given standard, measure the current state of compliance and get recommendations on how to improve. He created Kintent to achieve that goal.
“So the big picture idea is can we build a system of record for trust and our first use case is information security and data privacy compliance, specifically if you’re a company that is building a SaaS business and you’re storing customer data or PHI, which is health information,” Sridhar explained.
The company’s product is called Trust Cloud. He says that they begin by looking at the lay of your technology land in terms of systems and the types of information you are storing, looking at how compliant each system is with whatever standard you are trying to adhere to.
Then based on how you classify your data, the Trust Cloud generates a list of best practices to stay in compliance with your desired standard, and finally it provides the means to keep testing to validate what you’ve done and that you are remaining in compliance.
The company launched in 2019, spent the first part of 2020 developing the product and began selling it last October. Today, it has 35 paying customers. “We’re in the high six figures in revenue. We’ve been growing at about 20-30% month-over-month consistently since we launched in October, and the customers are across 11 verticals already,” he said.
With 14 employees and some money in the bank from this funding round, he is thinking ahead to adding people. He says that diversity has to be more than something you just talk about, and he has made it one of the core founding values of the company, and one he takes very seriously.
“I’m very conscious with every hire that we make that we’re really pushing to extend ourselves to [find] people from different walks of life, different statuses and so on,” he said.
The company is also working on a DEI component for the Trust Cloud, which it will be offering for free, which enables companies to provide a set of diversity metrics to measure against and then report on how well you are doing, and how you can improve your numbers.
Powered by WPeMatico
Cybersecurity training is one of those things that everyone has to do but not something everyone necessarily looks forward to.
Living Security is an Austin-based startup out to change cybersecurity training something you look forward to, not dread. And the company has just closed on a $14 million Series B to continue its expansion beyond cybersecurity awareness training into human risk management.
Washington, D.C. based-Updata Partners led the financing, which also included participation from existing investors Silverton Partners, Active Capital, Rain Capital and SaaS Venture Partners. The investment comes after its $5 million Series A, led by Austin-based Silverton, raised last April.
Husband and wife Drew and Ashley Rose founded Living Security out of their house in June 2017 with the mission of making cybersecurity training less boring and more effective via gamified learning, with live action immersive storylines, role-based micro modules and reporting.
Living Security launched with its flagship product — Cyber Escape Room. When the pandemic hit, the startup brought its in-person training sessions online through the launch of CyberEscape Online.
With more people working remotely, the need for the type of offering Living Security provides has become even more paramount, considering how many people use personal devices for professional reasons, among other things. Employees are more vulnerable than ever to inadvertently providing entry points into the networks of the enterprises where they work — whether through social engineering, phishing or other methods.
Today, Living Security works with more than 100 large enterprises to train their global workforces to better protect sensitive data and secure their organizations. The startup’s customer list is impressive, and includes large enterprises such as CVS Health, Mastercard, Verizon, MassMutual, Biogen, AmerisourceBergen, Hewlett Packard, JPMorgan and Target.
So it’s not a big surprise that in 2020, Living Security tripled its revenue and employee headcount and more than doubled its customer count. The company declined to provide hard revenue figures, saying only that ARR grew nearly 200% last year.
“We have seen a significant increase in account growth and expansion in existing accounts…largely in part due to the scalability of our digital solution,” CEO Ashley Rose said.
With the success of its escape rooms and gamified training, Living Security’s team then asked themselves how they could make their efforts “more predictable.”
“We added risk management and scoring so program and security owners could become more targeted and focused on the delivery of their training,” Rose said.
So now Living Security aims to use behavioral data and analytics to measure and manage human risk. It plans to take that data and provide “predictive interventions” to employees.
“We’re focused on ‘How do we turn people from our greatest risk, to our greatest assets in cybersecurity?’ ” Rose said. “That’s our big vision for the company.”
Image Credits: Living Security
With its “Unify” human risk management platform, Living Security wants to provide an even more scalable solution. The company also plans to use its new capital toward expanding its geographic reach and scaling both direct and channel sales efforts.
Currently, Living Security has 55 employees, with the goal of having 90 by year’s end.
Deb Walter, director of information security training and awareness at AmerisourceBergen, said she first engaged with Living Security in 2017 when she requested its CyberSecurity Card game.
“I wanted to gamify how I presented training,” she recalls.
Introducing episodic gamification and its “bingeable” content into her training program was a big hit with employees, according to Walter.
“Their new platform is enabling us to deploy an ‘Information security academy’ to encourage associates and contractors to use several modes of training to earn points and track themselves on a leaderboard,” she said.
Updata General Partner Jon Seeber, who is taking a seat on Living Security’s board with the funding, said his firm saw “breakout potential” in the startup’s platform.
“It comes as close as you can to closing the loop between people and the systems on which they’re operating,” he said.
Plus, he said, it does it in a way that avoids the compliance-focused, “check-the-box” mindset that so often dominates employee-focused cybersecurity solutions.
Powered by WPeMatico
“There is no doubt that over time, people are going to rely less and less on passwords… they just don’t meet the challenge for anything you really want to secure,” said Bill Gates.
That was 17 years ago. Although passwords have lost some of their charm, they have so far survived many attempts to kill them for good.
The perception of high cost and tricky implementations has stalled some smaller businesses from ditching passwords. But alternatives to passwords are affordable, easy to implement and safer, show industry insights gathered by Extra Crunch. The move to zero trust systems is acting as a catalyst.
First, a primer. Zero trust focuses on who you are, not where you are. Zero trust models require companies to never trust any attempt to access its network, and must verify every single time — even from logins from inside the network. Passwordless tech is a key part of zero trust models.
There are several alternatives for passwords, including:
Wolt, a Finnish food-delivery site, is just one example of going passwordless.
“The user registers by entering their email address or a phone number. Login to the app takes place by clicking the temporary link in the user’s inbox. The app on the user’s mobile phone places an authentication cookie, which enables the user to continue from that device without having to go through any further authentication,” said Erka Koivunen, CISO at F-Secure.
In this case, the service provider is in full control of the authentication, allowing it to set expiration time, revoke service and detect fraud. The service provider does not need to count on the user’s commitment to keep track of their passwords.
Passwordless tech is not inherently costly but may take some adjustment, explained Ryan Weeks, CISO at managed service provider Datto.
“It is not necessarily costly in terms of monetary investment, because there are a lot of easily accessible open-source alternatives for multi-factor authentication that don’t require any sort of investment,” said Weeks. But some companies believe passwordless tech may cause friction to their employees’ productivity.
Koivunen also dismissed that zero trust models are unaffordable for startups.
“Zero trust recognises the futility of forcing users to authenticate themselves by presenting something they should keep as secret. Instead, it prefers to establish the user’s identity using some context-aware method,” he said.
Zero trust goes further than authenticating users; it also includes the device and the user.
“From a zero trust perspective, there is an idea that there is a continuous authentication or revalidation of trust occurring. Therefore, passwordless in a zero trust model is potentially easier for the user and more secure as the combination of the ‘something you have’ and ‘something you are’ factors are more difficult to attack,” said Datto’s Weeks.
Larger companies, like Microsoft and Google, already offer zero trust technologies. But investors are also eyeing smaller companies that offer zero trust for growing companies.
Axis Security, a zero trust provider that allows remote employees to access their company’s network, raised $32 million last year. Beyond Identity raised $75 million in funding in December. And Israel identity validation startup Identiq raised $47 million in Series A funding in March.
Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.
Powered by WPeMatico
On the heels of Jumio announcing a $150 million injection this week to continue building out its AI-based ID verification and anti-money laundering platform, another startup in the space is levelling up. Feedzai, which provides banks, others in the financial sector, and any company managing payments online with AI tools to spot and fight fraud — its cornerstone service involves super-quick (3 millisecond) checks happening in the background while transactions are being made — has announced a Series D of $200 million. It said that the new financing is being made at a valuation of over $1 billion.
The round is being led by KKR, with Sapphire Ventures and strategic backer Citi Ventures — both past investors — also participating. Feedzai said it will be using the funds for further R&D and product development, to expand into more markets outside the U.S. — it was originally founded in Portugal but now is based out of San Mateo — and towards business development, specifically via partnerships to integrate and sell its tools.
One of those partners looks to be Citi itself:
“Citi is committed to advancing global payments anchored on transparency, efficiency, and control, and our partnership with Feedzai is allowing us to provide customers with technology that seamlessly balances agility and security,” said Manish Kohli, global head of Payments and Receivables, with Citi’s Treasury and Trade Solutions, in a statement.
This latest round comes nearly four years after Feedzai raised its Series C, a $50 million round led by an unnamed investor and with an undisclosed valuation. Sapphire also participated in that round. It has now raised some $182 million to date.
Feedzai’s funding is happening at a time when the need for fraud protection for those managing transactions online has reached a high watermark, leading to a rush of customers for companies in the field.
Feedzai says that its customers include four of the five largest banks in North America, 80% of the world’s Fortune 500 companies, 154 million individual and business taxpayers in the U.S., and has processed $9 billion in online transactions for two of the world’s most valuable athletic brands. In total its reach covers some 800 million customers of businesses that use its services.
In addition to Citibank, its customers include Fiserv, Santander, SoFi and Standard Chartered’s Mox.
While money laundering, fraud and other kinds of illicit financial activity were already problems then, in the interim, the problem has only compounded, not least because of how much activity has shifted online, accelerating especially in the last year of pandemic-driven lockdowns. That’s been exacerbated also by a general rise in cybercrime — of which financial fraud remains the biggest component and motivator.
Within that bigger trend, solutions based on artificial intelligence have really emerged as critical to the task of identifying and fighting those illicit activities. Not only is that because AI solutions are able to make calculations and take actions and simply process more than non-AI based tools, or humans for that matter, but they are then able to go head to head with much of the fraud taking place, which itself is being built out on AI-based platforms and requires more sophistication to identify and combat.
For banking customers, Feedzai’s approach has been disruptive in part because of how it has conceived of the problem: It has built solutions that can be used across different scenarios, making them more powerful since the AI system is subsequently “learning” from more data. This is in contrast to how many financial service providers had conceived and tackled the issue in the past.
“Until now banks have used solutions based on verticals,” Nuno Sebastiao, co-founder and CEO of Feedzai, said in the past to TechCrunch. “The fraud solution you have for an ATM wouldn’t be the same fraud solution you would use for online banking which wouldn’t be the same fraud solution you would have for a voice call center.” As these companies have refreshed their systems, many have taken a more agnostic approach like the kind Feedzai has built.
The scale of the issue is clear, and unfortunately also something many of us have experienced firsthand. Feedzai says its data indicates that the last quarter of 2020 shows consumers saw a 650% increase in account takeover scams, a 600% in impersonation scams and a 250% increase in online banking fraud attacks versus the first quarter of 2020. (Those periods are, essentially, before-pandemic and during-pandemic comparisons.)
“The past 12 months have accelerated the world’s dependency on electronic financial services – from online banking to mobile payments, and in turn have increased fraud and money laundering activity. Our services are in more demand than ever,” said Sebastiao in a statement today.
Indeed, yesterday, when I covered Jumio’s $150 million round, I said I wouldn’t consider its funding to be an outlier (even though Jumio made clear it was the largest funding to date in its space): the fast follow from Feedzai, with an even higher amount of financing, really does underscore the trend at the moment.
In addition to these two, one of Feedzai’s biggest competitors, Kount, was acquired by credit ratings giant Equifax earlier this year for $640 million to move deeper into the space. (And related to that field, in the area of identity management, which goes hand-in-hand with tools for laundering and fraud, Okta acquired Auth0 for $6.5 billion.)
Other big rounds for startups in the wider space have included ForgeRock ($96 million round), Onfido ($100 million), Payfone ($100 million), ComplyAdvantage ($50 million), Ripjar ($36.8 million) Truework ($30 million), Zeotap ($18 million) and Persona ($17.5 million).
KKR’s involvement in this round is notable as another example of a private equity firm getting in earlier with venture rounds with fast-scaling startups, similar to Great Hill’s investment in Jumio yesterday and a number of other examples. The firm says it’s making this investment out of its Next Generation Technology Growth Fund II, which is focused on making growth equity investment opportunities in the technology space.
“Feedzai offers a powerful solution to one of the biggest challenges we are facing today: financial crime in the digital age. Global commerce depends on future-proof technologies capable of dealing with a rapidly evolving threat landscape. At the same time, consumers rightfully demand a great customer experience, in addition to strong security layers when using banking or payments services,” said Stephen Shanley, managing director at KKR, in a statement
“We believe Feedzai’s platform uniquely meets these expectations and more, and we are looking forward to working with Nuno and the rest of the team to expand their offering even further,” added Spencer Chavez, principal at KKR.
Powered by WPeMatico
OneTrust, a late stage privacy platform startup, announced it was adding ethics and compliance to the mix this morning by acquiring Convercent, a company that was built to help build more ethical organizations. The companies did not share the purchase price.
OneTrust just raised $300 million on a fat $5.1 billion valuation at the end of last year, and it’s putting that money to work with this acquisition. Alan Dabbiere, co-chairman at OneTrust sees this acquisition as a way to add a missing component to his company’s growing platform of services.
“Integrating Convercent instantly brings a proven ethics and compliance technology, team, and customer base into the OneTrust, further aligning the Chief Ethics & Compliance Officer strategy alongside privacy, data governance, third-party risk, GRC (governance, risk and compliance), and ESG (environmental, social and governance) to build trust as a competitive advantage,” he said.
Convercent brings 750 customers and 150 employees to the OneTrust team along with its ethics system, which includes a way for employees to report ethical violations to the company and a tool for managing disclosures.
Convercent can also use data to help surface bad behavior before it’s been reported. As CEO Patrick Quinlan explained in a 2018 TechCrunch article:
“Sometimes you have this interactive code of conduct, where there’s a new vice president in a region and suddenly page views on the sexual harassment section of the Code of Conduct have increased 200% in the 90 days after he started. That’s easy, right? There’s a reason that’s happening, and our system will actually tell you what’s happening.”
Quinlan wrote in a company blog post announcing the deal that joining forces with OneTrust will give it the resources to expand its vision.
“As a part of OneTrust, we’ll be combining forces with the leader across privacy, security, data governance, third-party risk, GRC, ESG—and now—ethics and compliance. Our customers will now be able to build centralized programs across these workstreams to make trust a competitive differentiator,” Quinlan wrote.
Convercent was founded in 2012 and has raised over $100 million, according to Pitchbook data. OneTrust was founded in 2016. It has over 8000 customers and 150 employees and has raised $710 million, according to the company.
Powered by WPeMatico
Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.
If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.
As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.
“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”
Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.
“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”
It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”
Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.
“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”
As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.
“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”
Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.
Powered by WPeMatico
Digital identity services — used as a key link between organizations to verify that you are who you say you are online and individuals logging into those services — have come into their own in this past year. Now, one of the companies providing digital identity products is announcing a large round of funding, underscoring both the market size and its ambitions to be a central player in that space.
Jumio, which has built a platform that provides a variety of digital identity tools and technology — using biometrics, machine learning, computer vision, big data and more to run checks on ID documents, log-ins, to help prevent suspicious financial activity, identity theft and more — has closed a $150 million round of funding. The Palo Alto-based company says it will use the funds to build more tools on its platform, and to double down on customer growth after a big year.
Currently, Jumio’s primary business is B2B: It provides tools to enterprise customers like HSBC to manage digital identity verification. Some of the areas where it will be investing include expanding its AI capabilities to do more anti-money laundering work, and to look at building a B2C product, using the data, tools and network of customers that it has to help individuals better manage their identities online.
“I think the big thing is that the foundation of the internet is identity not anonymity,” said CEO Robert Prigge in an interview, who said the trend of digital transformation has spurred that change. “It’s been a big shift over the last couple of years. People wanted to originally hide behind anonymity, but now identify is the keystone. Whether it’s online banking or social networks, you need to be able to establish trust remotely.”
Of course, anonymity still is there, just in a different form: data protection regulations are all about making sure that we can stay private if we so choose as we use the tools that are now the norm, and countries like the U.K. are fleshing that out further with regulations in the works to make sure that services that use or manage digital identities are carried out on a common framework and with adequate oversight from users themselves. That presents the challenge and opportunity for a company like Jumio: how to navigate the push for identity while still providing a way to do that with privacy protections in mind.
The funding is coming from a single investor, Great Hill Partners, which will be joining Centana and Millennium as shareholders in the company. The valuation is not being disclosed, but Prigge noted a few details that he believes point to the company’s position right now.
He confirmed that Jumio made $100 million in revenues last year; this is the first money the company has raised in nearly five years after bringing in a modest $16 million in 2016; and this looks to be the largest single round ever raised for a digital identity company.
However, given the market environment and the advances of tech, there has been quite a lot of momentum in the space, and a number of other digital identity and anti-money laundering (AML) prevention startups have been launching, growing and raising money. Just in the last year, they have included ForgeRock ($96 million round), Onfido ($100 million), Payfone ($100 million), ComplyAdvantage ($50 million), Ripjar ($36.8 million) Truework ($30 million), Zeotap ($18 million) and Persona ($17.5 million) — so I wouldn’t be surprised if this is not an outlier at the end of the day.
Acquisitions like Equifax buying Kount earlier this year, and Okta acquiring Auth0 for $6.5 billion, meanwhile, point to encroaching competition from other areas of the market such as credit rating agencies and those providing login services for corporates, as well as the bigger consolidation trends.
The pandemic has precipitated a shift where many services we might have used in person are now accessible via the web and apps, but at the same time, the amount of cybercrime aimed at abusing that environment is on the rise, and both trends fuel a stronger demand for ID verification tools.
Jumio is notable among the group of companies providing those services both for being one of the bigger and older players. Prigge said that currently has around 1,000 customers, including some of the very biggest enterprises like the banking group HSBC, United Airlines and the telecoms operator Singtel, and it is active in 200 countries.
It’s also distinctive for having developed a platform approach, where it offers a range of different kinds of tools. This is in contrast to many others, which — partly as newer entrants — are focusing on more specific technology or addressing a narrower aspect of what is a pretty complex problem. That said, the company’s earliest work seems to still be the mainstay of what it does. The number of documents that it can “read” to begin the process of verifying users now numbers about 3,500. That has propelled more than 300 million verifications made on Jumio’s platform.
“Almost all vendors verify you are who you say you are, not that it’s really you. That is why the biometrics is so important. In our case we see it as a holistic onboarding,” Prigge said. “We are one of the only AML and KYC [know your customer] providers.” The AML tools came by way of an acquisition the company made last year, of Beam Solutions.
This funding round, nevertheless, is a big step up for a company that has, in fact, seen a lot of ups and downs.
To be clear, Prigge is very explicit when he says that the Jumio he runs has nothing to do with an older incarnation of the company.
Jumio the first came into existence around a decade ago and raised nearly $40 million in funding from investors like Andreessen Horowitz and Eduardo Saverin as an early player in mobile payments, with technology that could use the camera on a phone to scan cards and IDs to enable the payments. That business ran into a lot of hot water for misstating financial results and mostly likely other related things, and eventually it filed for bankruptcy in March 2016. Saverin apparently wanted to buy the business — if only to encourage other buyers to come out of the woodwork — eventually Centana did, at a bargain price of $850,000.
While that took a portion of the business (mainly branding, a business concept and some employees) out of bankruptcy, the legacy Jumio remained in a bankruptcy process that is, almost exactly five years to the date, still ongoing, partly because the original founder is being accused of destroying documents needed to finally conclude that mess.
The fact that Great Hill Partners is doing the investing here is notable. It’s mostly a PE firm that has been doing an increasing amount of investing in tech companies, part of a bigger trend where more PE firms are getting involved in rounds for later-stage startups. Its interest is in backing a company that has emerged as a leader in a crowded space but one targeting a big opportunity in digital identity, forecast to be worth some $12.8 billion by 2024, from $6 billion in 2019.
“Jumio has an incredible foundation – an expert management team, deep product roadmap and a global reach that is positioning the company for significant growth as the volume of online transactions and interactions, and associated fraud, is reaching record-highs. In particular, we have deep conviction in the company’s AI-enabled identity verification solution Jumio Go and KYC orchestration platform,” said Nick Cayer, partner at Great Hill Partners, in an emailed interview. “Jumio will need to both keep pace with incredible demand for online identity verification services, and of course outlast new and evolving competition in the space. We have strong conviction that Jumio has the right management team, innovative product roadmap and group of supporting investors to maintain leadership in the space.”
Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.
Powered by WPeMatico
SecurityScorecard has been helping companies understand the security risk of its vendors since 2014 by providing each one with a letter grade based on a number of dimensions. Today, the company announced a $180 million Series E.
The round includes new investors Silver Lake Waterman, T. Rowe Price, Kayne Anderson Rudnick and Fitch Venture, along with existing investors Evolution Equity Partners, Accomplice, Riverwood Capital, Intel Capital, NGP Capital, AXA Venture Partners, GV (Google Ventures) and Boldstart Ventures. The company reports it has now raised $290 million.
Co-founder and CEO Aleksandr Yampolskiy says the company’s mission has not changed since it launched. “The idea that we started the company was a realization that when I was CISO and CTO I had no metrics at my disposal. I invested in all kinds of solutions where I was completely in the dark about how I’m doing compared to the industry and how my vendors and suppliers were doing compared to me,” Yampolskiy told me.
He and his co-founder COO Sam Kassoumeh likened this to a banker looking at a mortgage application and having no credit score to check. The company changed that by starting a system of scoring the security posture of different companies and giving them a letter grade of A-F just like at school.
Today, it has ratings on more than 2 million companies worldwide, giving companies a way to understand how secure their vendors are. Yampolskiy says that his company’s solution can rate a new company not in the data set in just five minutes. Every company can see its own scorecard for free along with advice on how to improve that score.
He notes that the disastrous SolarWinds hack was entirely predictable based on SecurityScorecard’s rating system. “SolarWinds’ score has been lagging below the industry average for quite a long time, so we weren’t really particularly surprised about them,” he said.
The industry average is around 85 or a solid B in the letter grade system, whereas SolarWinds was sitting at 70 or a C for quite some time, indicating its security posture was suspect, he reports.
While Yampolskiy didn’t want to discuss valuation or revenue or even growth numbers, he did say the company has 17,000 customers worldwide, including 7 of the 10 top pharmaceutical companies in the world.
The company has reached a point where this could be the last private fundraise it does before going public, but Yampolskiy kept his cards close on timing, saying it could happen some time in the next couple of years.
Powered by WPeMatico
Malicious hacking has become a pernicious and dogged fact of life for more organizations, and it’s a threat that has seemingly grown more complicated and sophisticated over time. One effective approach to tackling that has been collaboration: not just applying an array of services to address the issue, but creating environments to help those building cybersecurity to work better together. Today one of the startups building tools to do just that is announcing a round of funding, underscoring the opportunity and its own growth within that.
Cyware, a New York startup that has created a platform for organizations to build and operate virtual “cyber fusion centers” — spaces for people to share threat intelligence, run end-to-end security automation and orchestrate and execute 360-degree threat responses — has picked up $30 million in funding, a Series B that it will use to continue growing its business.
The funding is being co-led by Advent International and Ten Eleven Ventures. Advent made some waves in the cybersecurity industry last year when it partnered with Crosspoint to acquire Forescout for $1.9 billion. Ten Eleven, meanwhile, is a VC that specializes in cybersecurity startups. Prelude Fund (the venture practice at Mercato Partners), Emerald Development Managers, Great Road Holdings and cloud security firm Zscaler — a mix of financial and strategic investors — also participated. Before this, the startup had raised around $13 million, and it is not disclosing its valuation.
The story of the last year in the world of business has been about how everything has gone online: people and their companies have been working remotely; consumers are browsing, buying and entertaining themselves over the internet and with apps. Digital is where all the traffic is.
Unsurprisingly that has also played out in the world of cybersecurity: the threat landscape has grown, and so cybersecurity responses have grown with them. Cyware said that in the last year it saw 120% year-over-year growth in annual recurring revenue — although it doesn’t disclose actual revenue figures. Its customers are a mix of large enterprises, but also those that both collaborate with others to manage cybersecurity, such as information sharing communities (ISACs), as well as organizations that manage cybersecurity on behalf of a number of others, such as managed security service providers and computer emergency response teams.
Although many might have in their heads a stereotype of a malicious hacker who sits alone in a darkened room with a determined look in his/her eye, the reality is more likely to be a collaboration between a number of people, providing tips, technology and threads that are developed, and so on. Cyware, in its focus on providing a platform for collaboration and creating operations centers, seems to take the same approach in what it has built, a platform to make collaborating easier and part of the solution.
It does so through security orchestration, automation and response (known as SOAR), used by teams to collaborate better and make more informed threat scoring, and to respond better to threat alerts. Indeed, a key part of the challenge for a lot of security services is that they cross multiple parts of organizations, including IT, compliance, trust and safety, and indeed security itself. One aim of Cyware is to create a platform for these all to meet and exchange information that could be helpful to others in one place.
“Over the past decade, security operations teams have had difficulty with trying to sift through copious amounts of threat data and lacked the humans’ role as part of their security orchestration strategies,” said Anuj Goel, PhD, co-founder and CEO of Cyware, in a statement. “Our goal with our Virtual Cyber Fusion platform is to help our customers unite their security teams to efficiently respond to high-priority threats by connecting the dots in their environments, and the momentum we’re experiencing is proof that we are executing on that mission. This Series B financing will help us continue to overdeliver for customers, expand our team, improve our platform and truly revolutionize how security operations and threat intelligence teams work together.”
Goel, who co-founded the company with CTO Akshat Jain, cut his teeth in a big security team, as head of global cyber strategy for Citi. He is also an advisor for the Centre for Strategic Cyberspace in London and has worked with other organizations on collaborative approaches to the problem and consequences of malicious hacking.
Investors will have not just been looking at the company’s growth, but also the list of customers — themselves also leaders in cyber — that are trusting Cyware.
“In our increasingly connected environment, companies of all sizes are demanding new and innovative cybersecurity solutions,” said Eric Noeth, principal, Advent International, in a statement. “Cyware’s early traction among leading enterprises and major ISACs reflects its unique ability to bring together all key security functions to seamlessly anticipate, contextualize and remediate threats. We look forward to drawing on our experience in this sector to help the talented Cyware team make its Virtual Cyber Fusion platform the gold standard technology for enterprises around the world.”
Powered by WPeMatico