Personal blog of Yzmir Ramirez

APIs make the world go round in tech, but that also makes them a very key target for bad actors: As doorways into huge data troves and services, malicious hackers spent a lot of time looking for ways to pick their locks or just force them open when they’re closed, in order to access that information. And a lot of recent security breaches stemming from API vulnerabilities (see here, here and here for just a few) show just how real and current the problem is.

Today, a company that’s building a network of services to help those using and producing APIs to identify and eradicate those risks is announcing a round of funding to meet a growing demand for its services. Salt Security, which provides AI-based technology to identify issues and stop attacks across the whole of your API library, has closed $70 million in funding, money that it will be using both to meet current demand but also continue building out its technology for a wider set of services and use cases for API management.

The funding is being led by Advent International, by way of Advent Tech, with Alkeon Capital, DFJ Growth and previous backers Sequoia Capital, Tenaya Capital, S Capital VC and Y Combinator all also participating.

Salt, founded in Israel and now active globally, is not disclosing valuation, but I understand from a reliable source that it is in the region of $600-700 million.

As with many of the funding rounds that seem to be getting announced these days, this one is coming on the heels of both another recent round, as well as strong growth. Salt has raised $131 million since 2016, but nearly all of that — $120 million, to be exact — has been raised in the last year.

Part of the reason for that is Salt’s performance: In the last 12 months, it’s seen revenue grow 400% (with customers including a range of Fortune 500 and other large businesses in the financial services, retail and SaaS sectors like Equinix, Finastra, TripActions, Armis and DeinDeal); headcount grow 160%; and, perhaps most importantly, API traffic on its network grow 380%.

That growth in API traffic underscores the issue that Salt is tackling. Companies these days use a variety of APIs — some private, some public — in their tech stack as a way to interface with other businesses and run their services. APIs are a huge part of how the internet and digital services operate, with Akamai estimating that as much as 83% of all IP traffic is API traffic.

The problem, Roey Eliyahu, CEO and co-founder of Salt Security, told me, is that this usage has outpaced how well many manage those APIs.

“How APIs have evolved is very different to how developers used APIs years ago,” he said. “Before, there were very few, and you could say they were more manageable, and they contained less-sensitive data, and there were very few changes and updates made to them,” he said. “Today with the pace of development, not only are they always getting updated, but you have thousands of them now touching crown jewels of the company.”

This has made them a prime target for malicious hackers. Eliyahu notes Gartner stats that predict that by 2022, APIs will make up the largest attack vector in cybercrime.

Salt’s approach starts with taking stock of a whole network and doing a kind of spring clean to find all the APIs that might be used or abused.

“Companies don’t know how many APIs they even have,” Eliyahu said, noting that some 40%-80% of the APIs in existence for a typical company’s data are not even in active operation, lying there as “shadow APIs” for someone to pick up and misuse.

It then looks at what vulnerabilities might inadvertently be contained in this mix and makes suggestions for how to alter them to fix that. After this, it also monitors how they are used in order to stop attacks as they happen. The third of these also involves remediation “insights”, but carrying out the remediation is done by third parties at the moment, Eliyahu said. All of this is done through Salt’s automated, AI-based, flagship Salt Security API Protection Platform.

There are a number of competitors in the same space as Salt, including Ping, and newer players like Imvision and 42Crunch (which raised funding earlier this month), and the list is likely to grow as not just other API management companies get deeper into this huge space, but cybersecurity companies do, too.

“The rapid proliferation of APIs has dramatically altered the attack surface of applications, creating a major challenge for large enterprises since existing security mechanisms cannot protect against this new threat,” said Bryan Taylor, managing partner and head of Advent’s technology team, in a statement. “We continue to see API security incidents make the news headlines and cause significant reputational risk for companies. As we investigated the API security market, Salt stood out for its multi-year technical lead, significant customer traction and references, and talented team. We look forward to drawing on our deep experience in this sector to partner with Salt in this exciting new chapter.”

When we last heard from BigID at the end of 2020, the company was announcing a $70 million Series D at a $1 billion valuation. Today, it announced a $30 million extension on that deal valuing the company at $1.25 billion just 4 months later.

This chunk of money comes from private equity firm Advent International, and brings the total raised to over $200 million across 4 rounds, according to the company. The late stage startup is attracting all of this capital by building a security and privacy platform. When I spoke to CEO Dimitri Sirota in September 2019 at the time of the $50 million Series C, he described the company’s direction this way:

“We’ve separated the product into some constituent parts. While it’s still sold as a broad-based [privacy and security] solution, it’s much more of a platform now in the sense that there’s a core set of capabilities that we heard over and over that customers want.”

Sirota says he has been putting the money to work, and as the economy improves he is seeing more traction for the product set. “Since December, we’ve added employees as we’ve seen broader economic recovery and increased demand. In tandem, we have been busy building a whole host of new products and offerings that we will announce over the coming weeks that will be transformational for BigID,” he said.

He also said that as with previous rounds, he didn’t go looking for the additional money, but decided to take advantage of the new funds at a higher valuation with a firm that he believes can add value overall. What’s more, the funds should allow the company to expand in ways it might have held off on.

“It was important to us that this wouldn’t be a distraction and that we could balance any funding without the need to over-capitalize, which is becoming a bigger issue in today’s environment. In the end, we took what we thought could bring forward some additional product modules and add a sales team focused on smaller commercial accounts,” Sirota said.

Ashwin Krishnan, a principal on Advent’s technology team in New York says that BigID was clearly aligned with two trends his firm has been following. That includes the explosion of data being collected and the increasing focus on managing and securing that data with the goal of ultimately using it to make better decisions.

“When we met with Dimitri and the BigID team, we immediately knew we had found a company with a powerful platform that solves the most challenging problem at the center of these trends and the data question,”Krishnan said.

Past investors in the company include Boldstart Ventures, Bessemer Venture Partners and Tiger Global. Strategic investors include Comcast Ventures, Salesforce Ventures and SAP.io.

Malicious hacking has become a pernicious and dogged fact of life for more organizations, and it’s a threat that has seemingly grown more complicated and sophisticated over time. One effective approach to tackling that has been collaboration: not just applying an array of services to address the issue, but creating environments to help those building cybersecurity to work better together. Today one of the startups building tools to do just that is announcing a round of funding, underscoring the opportunity and its own growth within that.

Cyware, a New York startup that has created a platform for organizations to build and operate virtual “cyber fusion centers” — spaces for people to share threat intelligence, run end-to-end security automation and orchestrate and execute 360-degree threat responses — has picked up $30 million in funding, a Series B that it will use to continue growing its business.

The funding is being co-led by Advent International and Ten Eleven Ventures. Advent made some waves in the cybersecurity industry last year when it partnered with Crosspoint to acquire Forescout for $1.9 billion. Ten Eleven, meanwhile, is a VC that specializes in cybersecurity startups. Prelude Fund (the venture practice at Mercato Partners), Emerald Development Managers, Great Road Holdings and cloud security firm Zscaler — a mix of financial and strategic investors — also participated. Before this, the startup had raised around $13 million, and it is not disclosing its valuation.

The story of the last year in the world of business has been about how everything has gone online: people and their companies have been working remotely; consumers are browsing, buying and entertaining themselves over the internet and with apps. Digital is where all the traffic is.

Unsurprisingly that has also played out in the world of cybersecurity: the threat landscape has grown, and so cybersecurity responses have grown with them. Cyware said that in the last year it saw 120% year-over-year growth in annual recurring revenue — although it doesn’t disclose actual revenue figures. Its customers are a mix of large enterprises, but also those that both collaborate with others to manage cybersecurity, such as information sharing communities (ISACs), as well as organizations that manage cybersecurity on behalf of a number of others, such as managed security service providers and computer emergency response teams.

Although many might have in their heads a stereotype of a malicious hacker who sits alone in a darkened room with a determined look in his/her eye, the reality is more likely to be a collaboration between a number of people, providing tips, technology and threads that are developed, and so on. Cyware, in its focus on providing a platform for collaboration and creating operations centers, seems to take the same approach in what it has built, a platform to make collaborating easier and part of the solution.

It does so through security orchestration, automation and response (known as SOAR), used by teams to collaborate better and make more informed threat scoring, and to respond better to threat alerts. Indeed, a key part of the challenge for a lot of security services is that they cross multiple parts of organizations, including IT, compliance, trust and safety, and indeed security itself. One aim of Cyware is to create a platform for these all to meet and exchange information that could be helpful to others in one place.

“Over the past decade, security operations teams have had difficulty with trying to sift through copious amounts of threat data and lacked the humans’ role as part of their security orchestration strategies,” said Anuj Goel, PhD, co-founder and CEO of Cyware, in a statement. “Our goal with our Virtual Cyber Fusion platform is to help our customers unite their security teams to efficiently respond to high-priority threats by connecting the dots in their environments, and the momentum we’re experiencing is proof that we are executing on that mission. This Series B financing will help us continue to overdeliver for customers, expand our team, improve our platform and truly revolutionize how security operations and threat intelligence teams work together.”

Goel, who co-founded the company with CTO Akshat Jain, cut his teeth in a big security team, as head of global cyber strategy for Citi. He is also an advisor for the Centre for Strategic Cyberspace in London and has worked with other organizations on collaborative approaches to the problem and consequences of malicious hacking.

Investors will have not just been looking at the company’s growth, but also the list of customers — themselves also leaders in cyber — that are trusting Cyware.

“In our increasingly connected environment, companies of all sizes are demanding new and innovative cybersecurity solutions,” said Eric Noeth, principal, Advent International, in a statement. “Cyware’s early traction among leading enterprises and major ISACs reflects its unique ability to bring together all key security functions to seamlessly anticipate, contextualize and remediate threats. We look forward to drawing on our experience in this sector to help the talented Cyware team make its Virtual Cyber Fusion platform the gold standard technology for enterprises around the world.”

Forescout, the network security company that has been publicly traded since 2017, announced today it was going private again. Private equity firms Advent International and Crosspoint Capital are acquiring the company in an all-cash purchase of $1.9 billion.

The two private equity firms will pay $33 per share, which represented a premium of 30% over the company’s closing price of $25.45 on October 19, 2019. The stock hit $39.87 on October 4th before starting a precipitous drop later that month, dropping to $24.57 on October 10th.

Not coincidentally, that was the day the company reported its earnings and had a bad revenue miss. Projections had revenue in the $98.8 million – $101.8 million range. Actual reported revenue was far less, at $91.6 million, according to data from the company.

In the earnings call that followed on November 7th, Forescout president and CEO Michael DeCesare tried to blame the bad results on extended sales, but it didn’t really help, as private equity firms swooped in to make the deal. “We experienced extended sales cycles across several of our customers that pushed out deals and which did not become apparent until we entered the final days of the quarter. We do not believe that any of these deals have been lost to competitors,” he told analysts.

In a statement today, DeCesare tried to put a positive spin on the acquisition. “This transaction represents an exciting new phase in the evolution of Forescout. We are excited to be partnering with Advent International and Crosspoint Capital, premier firms with security DNA and track records of success in strengthening companies and supporting them through transitionary times.”

Forescout is not a young company, having launched way back in 2000. It raised almost $290 million, according to PitchBook data. It went public on October 26, 2017.

The deal is not finalized as of yet. The company has a go-shop provision in place until March 8th in which it can try to find a better deal, but that seems unlikely. Should they fail to find a better suitor, the deal is expected to close in the second quarter, at which point the company will cease to be publicly traded.