Mar
23
2021
--

Orca Security raises $210M Series C at a unicorn valuation

Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.

If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.

Orca Security co-founders Gil Geron (left) and Avi Shua (right). Image Credits: Orca Security

As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.

“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”

Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.

“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”

It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”

Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.

“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”

As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.

“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Apr
10
2019
--

Google Cloud unveils new identity tools based on Zero Trust framework

Google Cloud announced some new identity tools today at Google Cloud Next designed to simplify identity Access Management within the context of the BeyondCorp Zero Trust security model.

Zero Trust, as the name implies, means you have to assume you can’t trust anyone using your network. In the days before the cloud, you could set up a firewall and with some reasonable degree of certainty assume people inside had permission to be there. The cloud changed that, and Zero Trust was born to help provide a more modern security posture that took that into account.

The company wants to make it easier for developers to build identity into applications without a lot of heavy lifting. It sees identity as more than a way to access applications, but as an integral part of the security layer, especially in the context of the BeyondCorp approach. If you know who the person is, and can understand the context of how they are interacting with you, that can give strong clues as to whether the person is who they actually say they are.

This is about more than protecting your applications, it’s about making sure that your entire system from your virtual machine to your APIs are all similarly protected. “Over the past few months, we added context-aware access capabilities in Beta to C?loud Identity-Aware Proxy ?(IAP) and V?PC Service Controls ?to help protect web apps, VMs and Google Cloud Platform (GCP) APIs. Today, we are making these capabilities generally available in Cloud IAP, as well as extending them in Beta to C?loud Identity? to help you protect access to G Suite apps,” the company wrote in an introductory blog post.

Diagram: Google

This context-aware access layer protects all of these areas across the cloud. “Context-aware access allows you to define and enforce granular access to apps and infrastructure based on a user’s identity and the context of their request. This can help increase your organization’s security posture while giving users an easy way to more securely access apps or infrastructure resources, from virtually any device, anywhere,” the company wrote.

The G Suite protection is in beta, but the rest is generally available starting today.

Jan
10
2019
--

OneLogin snares $100M investment to expand identity solution into new markets

OneLogin is not a young startup by any means. The identity access management company was founded in 2009 and has watched while companies like Ping Identity, Duo Security and Okta had tidy exits. But as CEOs are fond of pointing out, the total addressable market is large and where investors see a chance, they take it. Today, the company announced a $100 million investment.

The latest round was led by new investors Greenspring Associates and Silver Lake Waterman, the late-stage investing arm of Silver Lake. Existing investors CRV and Scale Venture Partners also contributed to the round. Today’s investment brings the total raised since inception to more than $170 million, according to the company.

It is referring to this as a “growth round,” but indicated that actually means Series D plus “flexible capital.” Whatever you call it, it would appear to give OneLogin some runway to grow large enough to find a way to exit.

CEO Brad Brooks says his company is well-positioned to compete with the likes of Okta and Microsoft in this market by offering a multi-faceted authentication solution that works both on-prem and in the cloud. He swept aside questions of revenue, valuation or IPO plans, only indicating that the company was growing and they had big expansion plans.

Photo: OneLoginThat would include building on its success in Europe, while expanding to Asia and creating more specific solutions in the U.S., such as focusing on FedRamp federal government compliance. The company currently has more than 260 employees, and with the new money, Brooks wants to put the pedal to the metal.

He plans to double that number in the next 18 months, as he fuels that expansion plan, bringing in new engineers along with sales, marketing and support. He wouldn’t rule out acquisitions to expand the company’s capabilities, but said his preference is building in-house over buying. He believes that building provides an internal goal of innovation and offers the kind of challenges that attract engineering talent.

Brooks came on board in 2017, replacing co-founder Thomas Pedersen, who moved into the role of chairman of the board and chief technology Officer. Its most recent round prior to today was a $22.5 million Series C last June.

Oct
03
2017
--

Who are you? Google Cloud releases custom identities Beta

 Figuring out who can access services across a platform as varied as Google Cloud can be a challenge for IT administrators. Google has done a lot of the work for you with a set of fairly granular pre-defined roles, but recognizing that canned roles won’t suit everyone’s needs, the company announced a Beta of custom roles today. As the name implies, administrators can define roles… Read More

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com