Personal blog of Yzmir Ramirez

At a time when remote work, cybersecurity attacks and increased privacy and compliance requirements threaten a company’s data, more companies are collecting and storing their observability data, but are being locked in with vendors or have difficulty accessing the data.

Enter Cribl. The San Francisco-based company is developing an “open ecosystem of data” for enterprises that utilizes unified data pipelines, called “observability pipelines,” to parse and route any type of data that flows through a corporate IT system. Users can then choose their own analytics tools and storage destinations like Splunk, Datadog and Exabeam, but without becoming dependent on a vendor.

The company announced Wednesday a $200 million round of Series C funding to value Cribl at $1.5 billion, according to a source close to the company. Greylock and Redpoint Ventures co-led the round and were joined by new investor IVP, existing investors Sequoia and CRV and strategic investment from Citi Ventures and CrowdStrike. The new capital infusion gives Cribl a total of $254 million in funding since the company was started in 2017, Cribl co-founder and CEO Clint Sharp told TechCrunch.

Sharp did not discuss the valuation; however, he believes that the round is “validation that the observability pipeline category is legit.” Data is growing at a compound annual growth rate of 25%, and organizations are collecting five times more data today than they did 10 years ago, he explained.

“Ultimately, they want to ask and answer questions, especially for IT and security people,” Sharp added. “When Zoom sends data on who started a phone call, that might be data I need to know so I know who is on the call from a security perspective and who they are communicating with. Also, who is sending files to whom and what machines are communicating together in case there is a malicious actor. We can also find out who is having a bad experience with the system and what resources they can access to try and troubleshoot the problem.”

Cribl also enables users to choose how they want to store their data, which is different from competitors that often lock companies into using only their products. Instead, customers can buy the best products from different categories and they will all talk to each other through Cribl, Sharp said.

Though Cribl is developing a pipeline for data, Sharp sees it more as an “observability lake,” as more companies have differing data storage needs. He explains that the lake is where all of the data will go that doesn’t need to go into an existing storage solution. The pipelines will send the data to specific tools and then collect the data, and what doesn’t fit will go back into the lake so companies have it to go back to later. Companies can keep the data for longer and more cost effectively.

Cribl said it is seven times more efficient at processing event data and boasts a customer list that includes Whole Foods, Vodafone, FINRA, Fannie Mae and Cox Automotive.

Sharp went after additional funding after seeing huge traction in its existing customer base, saying that “when you see that kind of traction, you want to keep doubling down.” His aim is to have a presence in every North American city and in Europe, to continue launching new products and growing the engineering team.

Up next, the company is focusing on go-to-market and engineering growth. Its headcount is 150 currently, and Sharp expects to grow that to 250 by the end of the year.

Over the last fiscal year, Cribl grew its revenue 293%, and Sharp expects that same trajectory for this year. The company is now at a growth stage, and with the new investment, he believes Cribl is the “future leader in observability.”

“This is a great investment for us, and every dollar, we believe, is going to create an outsized return as we are the only commercial company in this space,” he added.

Scott Raney, managing director at Redpoint Ventures, said his firm is a big enterprise investor in software, particularly in companies that help organizations leverage data to protect themselves, a sweet spot that Cribl falls into.

He feels Sharp is leading a team, having come from Splunk, that has accomplished a lot, has a vision and a handle on the business and knows the market well. Where Splunk is capturing the machine data and using its systems to extract the data, Cribl is doing something similar in directing the data where it needs to go, while also enabling companies to utilize multiple vendors and build apps to sit on top of its infrastructure.

“Cribl is adding opportunity by enriching the data flowing through, and the benefits are going to be meaningful in cost reduction,” Raney said. “The attitude out there is to put data in cheaper places, and afford more flexibility to extract data. Step one is to make that transition, and step two is how to drive the data sitting there. Cribl is doing something that will go from being a big business to a legacy company 30 years from now.”

YL Ventures, the Israel-focused cybersecurity seed fund, today announced that it has sold its stake in cybersecurity asset management startup Axonius, which only a week ago announced a $100 million Series D funding round that now values it at around $1.2 billion.

ICONIQ Growth, Alkeon Capital Management, DTCP and Harmony Partners acquired YL Venture’s stake for $270 million. This marks YL’s first return from its third $75 million fund, which it raised in 2017, and the largest return in the firm’s history.

With this sale, the company’s third fund still has six portfolio companies remaining. It closed its fourth fund with $120 million in committed capital in the middle of 2019.

Unlike YL, which focuses on early-stage companies — though it also tends to participate in some later-stage rounds — the investors that are buying its stake specialize in later-stage companies that are often on an IPO path. ICONIQ Growth has invested in the likes of Adyen, CrowdStrike, Datadog and Zoom, for example, and has also regularly partnered with YL Ventures on its later-stage investments.

“The transition from early-stage to late-stage investors just makes sense as we drive toward IPO, and it allows each investor to focus on what they do best,” said Dean Sysman, co-founder and CEO of Axonius. “We appreciate the guidance and support the YL Ventures team has provided during the early stages of our company and we congratulate them on this successful journey.”

To put this sale into perspective for the Silicon Valley and Tel Aviv-based YL Ventures, it’s worth noting that it currently manages about $300 million. Its current portfolio includes the likes of Orca Security, Hunters and Cycode. This sale is a huge win for the firm.

Its most headline-grabbing exit so far was Twistlock, which was acquired by Palo Alto Networks for $410 million in 2019, but it has also seen exits of its portfolio companies to Microsoft, Proofpoint, CA Technologies and Walmart, among others. The fund participated in Axonius’ $4 million seed round in 2017 up to its $58 million Series C round a year ago.

It seems like YL Ventures is taking a very pragmatic approach here. It doesn’t specialize in late-stage firms — and until recently, Israeli startups always tended to sell long before they got to a late-stage round anyway. And it can generate a nice — and guaranteed — return for its own investors, too.

“This exit netted $270 million in cash directly to our third fund, which had $75 million total in capital commitments, and this fund still has six outstanding portfolio companies remaining,” Yoav Leitersdorf, YL Ventures’ founder and managing partner, told me. “Returning multiple times that fund now with a single exit, with the rest of the portfolio companies still there for the upside is the most responsible — yet highly profitable path — we could have taken for our fund at this time. And all this while diverting our energies and means more towards our seed-stage companies (where our help is more impactful), and at the same time supporting Axonius by enabling it to bring aboard such excellent late-stage investors as ICONIQ and Alkeon — a true win-win-win situation for everyone involved!”

He also noted that this sale achieved a top-decile return for the firm’s limited partners and allows it to focus its resources and attention toward the younger companies in its portfolio.

A couple of weeks ago SentinelOne announced it was acquiring high-speed logging platform Scalyr for $155 million. Just this morning CrowdStrike struck next, announcing it was buying unlimited logging tool Humio for $400 million.

In Humio, CrowdStrike gets a company that will provide it with the ability to collect unlimited logging information. Most companies have to pick and choose what to log and how long to keep it, but with Humio, they don’t have to make these choices, with customers processing multiple terabytes of data every single day.

Humio CEO Geeta Schmidt writing in a company blog post announcing the deal described her company in similar terms to Scalyr, a data lake for log information:

“Humio had become the data lake for these enterprises enabling searches for longer periods of time and from more data sources allowing them to understand their entire environment, prepare for the unknown, proactively prevent issues, recover quickly from incidents, and get to the root cause,” she wrote.

That means with Humio in the fold, CrowdStrike can use this massive amount of data to help deal with threats and attacks in real time as they are happening, rather than reacting to them and trying to figure out what happened later, a point by the way that SentinelOne also made when it purchased Scalyr.

“The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our [eXtended Detection and Response (XDR)] capabilities beyond anything the market has seen to date,” CrowdStrike CEO and co-founder George Kurtz said in a statement.

While two acquisitions don’t necessarily make a trend, it’s clear that security platform players are suddenly seeing the value of being able to process the large amounts of information found in logs, and they are willing to put up some cash to get that capability. It will be interesting to see if any other security companies react with a similar move in the coming months.

Humio was founded in 2016 and raised just over $31 million, according to Pitchbook Data. Its most recent funding round came in March 2020, a $20 million Series B led by Dell Technologies Capital. It would appear to be a decent exit for the startup.

CrowdStrike was founded in 2011 and raised over $480 million before going public in 2019. The deal is expected to close in the first quarter, and is subject to typical regulatory oversight.

Google today announced that BeyondCorp Enterprise, the zero trust security platform modeled after how Google itself keeps its network safe without relying on a VPN, is now generally available. BeyondCorp Enterprise builds out Google’s existing BeyondCorp Remote Access offering with additional enterprise features. Google describes it as “a zero trust solution that enables secure access with integrated threat and data protection.”

Over the course of the last few years, Google — and especially its Cloud unit — has evangelized the zero trust model and built a large partner network around this idea. Those partners include the likes of Check Point, Citrix, CrowdStrike, Symantec and VMWare.

As part of BeyondCorp Enterprise, businesses get an end-to-end zero trust solution that includes everything from DDoS protection and phishing-resistant authentication, to the new security features in the Chrome browser and the core continuous authorization features that protect every interaction between users and resources protected by BeyondCorp.

“The rapid move to the cloud and remote work are creating dynamic work environments that promise to drive new levels of productivity and innovation. But they have also opened the door to a host of new security concerns and sparked a significant increase in cyberattacks,” said Fermin Serna, chief information security officer at Citrix. “To defend against them, enterprises must take an intelligent approach to workspace security that protects employees without getting in the way of their experience following the zero trust model.”

As cybercrime continues to evolve and expand, a startup that is building a business focused on endpoint security has raised a big round of funding. SentinelOne — which provides a machine learning-based solution for monitoring and securing laptops, phones, containerised applications and the many other devices and services connected to a network — has picked up $200 million, a Series E round of funding that it says catapults its valuation to $1.1 billion.

The funding is notable not just for its size but for its velocity: it comes just eight months after SentinelOne announced a Series D of $120 million, which at the time valued the company around $500 million. In other words, the company has more than doubled its valuation in less than a year — a sign of the cybersecurity times.

This latest round is being led by Insight Partners, with Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of Vista Equity Partners, Third Point Ventures and other undisclosed previous investors all participating.

Tomer Weingarten, CEO and co-founder of the company, said in an interview that while this round gives SentinelOne the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he added. “We have one to two years of growth left as a private company.”

While cybercrime is proving to be a very expensive business (or very lucrative, I guess, depending on which side of the equation you sit on), it has also meant that the market for cybersecurity has significantly expanded.

Endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

Driving it is the single biggest trend that has changed the world of work in the last decade. Everyone — whether a road warrior or a desk-based administrator or strategist, a contractor or full-time employee, a front-line sales assistant or back-end engineer or executive — is now connected to the company network, often with more than one device. And that’s before you consider the various other “endpoints” that might be connected to a network, including machines, containers and more. The result is a spaghetti of a problem. One survey from LogMeIn, disconcertingly, even found that some 30% of IT managers couldn’t identify just how many endpoints they managed.

“The proliferation of devices and the expanding network are the biggest issues today,” said Weingarten. “The landscape is expanding and it is getting very hard to monitor not just what your network looks like but what your attackers are looking for.”

This is where an AI-based solution like SentinelOne’s comes into play. The company has roots in the Israeli cyberintelligence community but is based out of Mountain View, and its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go — in a product that it calls its Singularity Platform that works across the entire edge of the network.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

SentinelOne is by no means the only company working in the space of endpoint protection. Others in the space include Microsoft, CrowdStrike, Kaspersky, McAfee, Symantec and many others.

But nonetheless, its product has seen strong uptake to date. It currently has some 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with what it says has been 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. It has 500 employees today and plans to hire up to 700 by the end of this year.

One of the key differentiators is the focus on using AI, and using it at scale to help mitigate an increasingly complex threat landscape, to take endpoint security to the next level.

“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, managing director of Insight Partners, in a statement. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”

Weingarten said that SentinelOne “gets approached every year” to be acquired, although he didn’t name any names. Nevertheless, that also points to the bigger consolidation trend that will be interesting to watch as the company grows. SentinelOne has never made an acquisition to date, but it’s hard to ignore that, as the company to expand its products and features, that it might tap into the wider market to bring in other kinds of technology into its stack.

“There are definitely a lot of security companies out there,” Weingarten noted. “Those that serve a very specific market are the targets for consolidation.”

A few days before Christmas, TechCrunch caught up with CrowdStrike CEO George Kurtz to chat about his company’s public offering, direct listings and his expectations for the 2020 IPO market. We also spoke about CrowdStrike’s product niche — endpoint security — and a bit more on why he views his company as the Salesforce of security.

The conversation is timely. Of the 2019 IPO cohort, CrowdStrike’s IPO stands out as one of the year’s most successful debuts. As 2020’s IPO cycle is expected to be both busy and inclusive of some of the private market’s biggest names, Kurtz’s views are useful to understand. After all, his SaaS security company enjoyed a strong pricing cycle, a better-than-expected IPO fundraising haul and strong value appreciation after its debut.

Notably, CrowdStrike didn’t opt to pursue a direct listing; after chatting with the CEO of recent IPO Bill.com concerning why his SaaS company also decided on a traditional flotation, we wanted to hear from Kurtz as well. The security CEO called the current conversation around direct listings a “great debate,” before explaining his perspective.

Pulling from a longer conversation, what follows are Kurtz’s four tips for companies gearing up for a public offering, why his company elected chose a traditional public offering over a more exotic method, comments on endpoint security and where CrowdStrike fits inside its market, and, finally, quick notes on upcoming debuts.

The following interview has been condensed and edited for clarity.

How to go public successfully

Share often

What’s most important is the fact that when we IPO’d in June of 2019, we started the process three years earlier. And that is the number one thing that I can point to. When [CrowdStrike CFO Burt Podbere] and I went on the road show everybody knew us, all the buy side investors we had met with for three years, the sell side analysts knew us. The biggest thing that I would say is you can’t go on a road show and have someone not know your company, or not know you, or your CFO.

And we would share — as a private company, you share less — but we would share tidbits of information. And we built a level of consistency over time, where we would share something, and then they would see it come true. And we would share something else, and they would see it come true. And we did that over three years. So we built, I believe, trust with the street, in anticipation of, at some point in the future, an IPO.

Practice early

We spent a lot of time running the company as if it was public, even when we were private. We had our own earnings call as a private company. We would write it up and we would script it.

You’ve seen other companies out there, if they don’t get their house in order it’s very hard to go [public]. And we believe we had our house in order. We ran it that way [which] allowed us to think and operate like a public company, which you want to get out of the way before you come become public. If there’s a takeaway here for folks that are thinking about [going public], run it and act like a public company before you’re public, including simulated earnings calls. And once you become public, you already have that muscle memory.

Raw numbers matter

The third piece is [that] you [have to] look at the numbers. We are in rarified air. At the time of IPO we were the fastest growing SaaS company to IPO ever at scale. So we had the numbers, we had the growth rate, but it really was a combination of preparation beforehand, operating like a public company, […] and then we had the numbers to back it up.

TAM is key, even at scale

One last point, we had the [total addressable market, or TAM] as well. We have the TAM as part of our story; security and where we play is a massive opportunity. So we had that market opportunity as well.

On this topic, Kurtz told TechCrunch two interesting things earlier in the conversation. First that what many people consider as “endpoint security” is too constrained, that the category includes “traditional endpoints plus things like mobile, plus things like containers, IoT devices, serverless, ephemeral cloud instances, [and] on and on.” The more things that fit under the umbrella of endpoint security, CrowdStrike’s focus, the bigger its market is.

Kurtz also discussed how the cloud migration — something that builds TAM for his company’s business — is still in “the early innings,” going on to say that in time “you’re going to start to see more critical workloads migrate to the cloud.” That should generate even more TAM for CrowdStrike and its competitors, like Carbon Black and Tanium.

Why CrowdStrike opted for a traditional IPO instead of a direct listing

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between.

It’s the second to last day of 2019, meaning we’re very nearly out of time this year; our space for repretrospection is quickly coming to a close. Before we do run out of hours, however, I wanted to peek at some data that former Kleiner Perkins investor and Packagd founder Eric Feng recently compiled.

Feng dug into the changing ratio between enterprise-focused Seed deals and consumer-oriented Seed investments over the past decade or so, including 2019. The consumer-enterprise split, a loose divide that cleaves the startup world into two somewhat-neat buckets, has flipped. Feng’s data details a change in the majority, with startups selling to other companies raising more Seed deals than upstarts trying to build a customer base amongst folks like ourselves in 2019.

The change matters. As we continue to explore new unicorn creation (quick) and the pace of unicorn exits (comparatively slow), it’s also worth keeping an eye on the other end of the startup lifecycle. After all, what happens with Seed deals today will turn into changes to the unicorn market in years to come.

Let’s peek at a key chart from Feng, talk about Seed deal volume more generally, and close by positing a few reasons (only one of which is Snap’s IPO) as to why the market has changed as much as it has for the earliest stage of startup investing.

Changes

Feng’s piece, which you can read here, tracks the investment patterns of startup accelerator Y Combinator against its market. We care more about total deal volume, but I can’t recommend the dataset enough if you have the time.

Concerning the universe of Seed deals, here’s Feng’s key chart:

Chart via Eric Feng / Medium

As you can see, the chart shows that in the pre-2008 era, Seed deals were amply skewed towards consumer-focused Seed investments. A new normal was found after the 2008 crisis, with just a smidge under 75% of Seed deals focused on selling to the masses for nearly a decade.

In 2016, however, a new trend emerged: a gradual decline in consumer Seed deals and a shift towards enterprise investments.

This became more pronounced in 2017, sharper in 2018, and by 2019 fewer than half of Seed deals focused on consumers. Now, more than half are targeting other companies as their future customer base. (Y Combinator, as Feng notes, got there first, making a majority of investments into enterprise startups since 2010, with just a few outlying classes.)

This flip comes as Seed deals sit at the 5,000-per-quarter mark. As Crunchbase News published as Q3 2019 ended, global Seed volume is strong:

So, we’re seeing a healthy number of deals as the consumer-enterprise ratio changes. This means that the change to more enterprise deals as a portion of all Seed investments isn’t predicated on their number holding steady while Seed deals dried up. Instead, enterprise deals are taking a rising share while volume appears healthy.

Now we get to the fun stuff; why is this happening?

Blame SaaS

As with many trends long in the making, there is no single reason why Seed investors have changed up their investing patterns. Instead, there are likely a myriad that added up to the eventual change. I’m going to ping a number of Seed investors this week to get some more input for us to chew on, but there are some obvious candidates that we can discuss today.

In no particular order, here are a few:

• Snap’s IPO: Snap went public in early 2017 at $17 per share. Its equity quickly spiked to into the high 20s. By July of that same year, Snap slipped under its IPO price. Its high-growth, high-spend model was under attack by both high costs and slim gross margins. Snap then went into a multi-year purgatory before returning to form — somewhat — in 2019. It’s not great for a category’s investment pace if one of its most prominent companies stumble very publicly, especially for Seed investors who make the riskiest bets in venture.

 The business of hacking has dealt a huge blow to our democracy, not to mention a plethora of organizations and individuals, and our collective sense of sanity. One silver lining, however, has been that it has led to the emergence of a number of security startups that are building and deploying a range of tools to try to track and stop the nefarious activity. One of the larger of these… Read More

 If you need proof that security is a red hot market these days, how about this morning’s announcement that cybersecurity company CrowdStrike landed a $100 million Series C investment round? The round was led by Google Capital with Rackspace, which happens to be one of the company’s customers also investing. Existing investors Accel and Warburg Pincus also participated.… Read More