Apr
15
2021
--

Cado Security locks in $10M for its cloud-native digital forensics platform

As computing systems become increasingly bigger and more complex, forensics have become an increasingly important part of how organizations can better secure them. As the recent SolarWinds breach has shown, it’s not always just a matter of being able to identify data loss, or prevent hackers from coming in in the first place. In cases where a network has already been breached, running a thorough investigation is often the only way to identify what happened, if a breach is still active and whether a malicious hacker can strike again.

As a sign of this growing priority, a startup called Cado Security, which has built forensics technology native to the cloud to run those investigations, is announcing $10 million in funding to expand its business.

Cado’s tools today are used directly by organizations, but also security companies like Redacted — a somewhat under-the-radar security startup in San Francisco co-founded by Facebook’s former chief security officer Max Kelly and John Hering, the co-founder of Lookout. It uses Cado to carry out the forensics part of its work.

The funding for London-based Cado is being led by Blossom Capital, with existing investors Ten Eleven Ventures also participating, among others. As another signal of demand, this Series A is coming only six months after Cado raised its seed round.

The task of securing data on digital networks has grown increasingly complex over the years: Not only are there more devices, more data and a wider range of configurations and uses around it, but malicious hackers have become increasingly sophisticated in their approaches to needling inside networks and doing their dirty work.

The move to the cloud has also been a major factor. While it has helped a wave of organizations expand and run much bigger computing processes as part of their business operations, it has also increased the so-called attack surface and made investigations much more complicated, not least because a lot of organizations run elastic processes, scaling their capacity up and down: This means when something is scaled down, logs of previous activity essentially disappear.

Cado’s Response product — which works proactively on a network and all of its activity after it’s installed — is built to work across cloud, on-premise and hybrid environments. Currently it’s available for AWS EC2 deployments and Docker, Kubernetes, OpenShift and AWS Fargate container systems, and the plan is to expand to Azure very soon. (Google Cloud Platform is less of a priority at the moment, CEO James Campbell said, since it rarely comes up with current and potential customers.)

Campbell co-founded Cado with Christopher Doman (the CTO) last April, with the concept for the company coming out of their respective experiences working on security services together at PwC, and respectively for government organizations (Campbell in Australia) and AlienVault (the security firm acquired by AT&T). In all of those, one persistent issue the two continued to encounter was the issue with adequate forensics data, essential for tracking the most complex breaches.

A lot of legacy forensics tools, in particular those tackling the trove of data in the cloud, was based on “processing data with open source and pulling together analysis in spreadsheets,” Campbell said. “There is a need to modernize this space for the cloud era.”

In a typical breach, it can take up to a month to run a thorough investigation to figure out what is going on, since, as Doman describes it, forensics looks at “every part of the disk, the files in a binary system. You just can’t find what you need without going to that level, those logs. We would look at the whole thing.”

However, that posed a major problem. “Having a month with a hacker running around before you can do something about it is just not acceptable,” Campbell added. The result, typically, is that other forensics tools investigate only about 5% of an organization’s data.

The solution — for which Cado has filed patents, the pair said — has essentially involved building big data tools that can automate and speed up the very labor intensive process of looking through activity logs to figure out what looks unusual and to find patterns within all the ones and zeros.

“That gives security teams more room to focus on what the hacker is getting up to, the remediation aspect,” Campbell explained.

Arguably, if there were better, faster tracking and investigation technology in place, something like SolarWinds could have been better mitigated.

The plan for the company is to bring in more integrations to cover more kinds of systems, and go beyond deployments that you’d generally classify as “infrastructure as a service.”

“Over the past year, enterprises have compressed their cloud adoption timelines while protecting the applications that enable their remote workforces,” said Imran Ghory, partner at Blossom Capital, in a statement. “Yet as high-profile breaches like SolarWinds illustrate, the complexity of cloud environments makes rapid investigation and response extremely difficult since security analysts typically are not trained as cloud experts. Cado Security solves for this with an elegant solution that automates time-consuming tasks like capturing forensically sound cloud data so security teams can move faster and more efficiently. The opportunity to help Cado Security scale rapidly is a terrific one for Blossom Capital.”

Dec
11
2019
--

Accel and Index back Tines, as the cybersecurity startup adds another $11M to its Series A

It was just a couple of months ago that Tines, the cybersecurity automation startup, raised $4.1 million in Series A funding led by Blossom Capital. The Dublin-based company is now disclosing an $11 million extension to the round.

This additional Series A funding is led by venture capital firm Accel, with participation from Index Ventures and previous backer Blossom Capital. The extra cash will be used to continue developing its cybersecurity automation platform and for further expansion into the U.S. and Europe.

Founded in February 2018 by ex-eBay, PayPal and DocuSign security engineer Eoin Hinchy, and subsequently joined by former eBay and DocuSign colleague Thomas Kinsella, Tines automates many of the repetitive manual tasks faced by security analysts so they can focus on other high-priority work. The pair had bootstrapped the company as recently as October.

“It was while I was at DocuSign that I felt there was a need for a platform like Tines,” explained Hinchy at the time of the initial Series A. “We had a team of really talented engineers in charge of incident response and forensics but they weren’t developers. I found they were doing the same tasks over and over again so I began looking for a platform to automate these repetitive tasks and didn’t find anything. Certainly nothing that did what we needed it to, so I came up with the idea to plug this gap in the market.”

To remedy this, Tines lets companies automate parts of their manual security processes with the help of six software “agents,” with each acting as a multipurpose building block. The idea is that, regardless of the process being automated, it only requires combinations of these six agent types configured in different ways to replicate a particular workflow.

In addition, the platform doesn’t rely on pre-built integrations to interact with external systems. Instead, Tines is able to plug in to any system that has an API. “This means integration with commercial, off-the-shelf products, or existing in-house tools is quick and simple, with most security teams automating stories (workflows) within the first 24 hours,” says the startup. Its software is also starting to find utility beyond cybersecurity processes, with several Tines customers using it in IT, DevOps and HR.

“We heard that Eoin, a senior member of the security team at DocuSign (another Accel portfolio company), had recently left to start Tines, so we got in touch,” Accel’s Seth Pierrepont tells TechCrunch. “They were in the final stages of closing their Series A. However, we were so convinced by the founders, their product approach and the market timing, that we asked them to extend the round.”

Pierrepont also points out that a unique aspect of the Dublin ecosystem is that many of the world’s largest tech companies have their European headquarters in the country (often attracted by relatively low corporation tax), “so it’s an incredibly rich talent pool despite being a relatively small city.”

Asked whether Accel views Tines as a cybersecurity automation company or a more general automation play that puts automation in the hands of non-technical employees for a multitude of possible use cases, Pierrepont says, given Hinchy and Kinsella’s backgrounds, the cybersecurity automation sector should be the primary focus for the company in the short term. However, longer term it is likely that Tines will be adopted across other functions as well.

“From our investment in Demisto (which was acquired by Palo Alto Networks earlier this year), we know the security automation or SOAR category (as Gartner defines it) very well,” he says. “Demisto pioneered the category and was definitively the market leader when it was acquired. However, we think the category is just getting started and that there is still a ton of whitespace for Tines to go after.”

Meanwhile, in less than a year, Tines says it has on-boarded 10 enterprise customers across a variety of industries, including Box, Auth0 and McKesson, with companies automating on average 100,000 actions per day.

Oct
24
2019
--

Cybersecurity automation startup Tines scores $4.1M Series A led by Blossom Capital

Tines, a Dublin-based startup that lets companies automate aspects of their cybersecurity, has raised $4.1 million in Series A funding. Leading the round is Blossom Capital, the venture capital firm co-founded by ex-Index Ventures and LocalGlobe VC Ophelia Brown.

Founded in February 2018 by ex-eBay, PayPal and DocuSign security engineer Eoin Hinchy, who was subsequently joined by former eBay and DocuSign colleague Thomas Kinsella, Tines automates many of the repetitive manual tasks faced by security analysts so they can focus on other high-priority work. The pair have bootstrapped the company until now.

“It was while I was at DocuSign that I felt there was a need for a platform like Tines,” explains Hinchy. “We had a team of really talented engineers in charge of incident response and forensics but they weren’t developers. I found they were doing the same tasks over and over again so I began looking for a platform to automate these repetitive tasks and didn’t find anything. Certainly nothing that did what we needed it to, so I came up with the idea to plug this gap in the market.”

To that end, Tines lets companies automate parts of their manual security processes with the help of six software “agents,” with each acting as a multipurpose building block. Therefore, regardless of the process being automated, it only requires combinations of these six agent types configured in different ways to replicate a particular workflow.

“I wanted there to be as few agent types as possible, to simplify the system, and I haven’t discovered a workflow in which tasks sit outside of these agents yet,” says Hinchy. “Once a customer signs up they can start automating their own workflows immediately, and most of our customers see value from day one. If they need a hand, my team works with them to establish how they currently manually carry out tasks, such as identifying and dealing with a phishing attack. Each step of dealing with the attack — from cross-checking the email address with trusted contacts or a blacklist, to scanning attachments for viruses or examining URLs — will be performed by one of the six agent types. This means we can assign these tasks to an agent to create the workflow, or as we call it, the “story.”

So, for example, once a phishing email triggers the first agent, the following steps in the “story” are automatically carried out. In this way, Tines might be described as akin to IFTTT, “but an exceptionally powerful, enterprise version of the IFTTT concept, designed to manage much more complex workflows.”

Competitors are cited as Phantom, which last year was acquired by Splunk, and Demisto, which was bought by Palo Alto Networks. However, Hinchy argues that a key differentiator is that Tines doesn’t rely on pre-built integrations to interact with external systems. Instead, he says the software is able to plug in to any system that has an API.

Meanwhile, Tines says it will use the new funding to hire engineers in Dublin who can help improve the platform through R&D, as well as grow its customer base with companies in the U.S. and in Europe. Notably, the startup plans to expand beyond cybersecurity automation, too.

“Our background is in security, so with Tines, we’ve initially focused on helping security teams automate their repetitive, manual processes,” says Hinchy. “What makes us different is that nowhere does it say we can’t expand beyond this, to help other teams and sectors automate tasks. The advantage of our direct-integration model is that Tines doesn’t care if you’re talking to a security tool, HR system or CRM, it treats them the same. In the next 18 months, we plan to expand Tines outside security, hire more talent and increase the product team from 8 to 20.”

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com