Apr
14
2021
--

PlexTrac raises $10M Series A round for its collaboration-centric security platform

PlexTrac, a Boise, ID-based security service that aims to provide a unified workflow automation platform for red and blue teams, today announced that it has raised a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group. StageDot0 ventures also participated in this round, which the company plans to use to build out its team and grow its platform.

With this new round, the company, which was founded in 2018, has now raised a total of $11 million, with StageDot0 leading its 2019 seed round.

PlexTrac CEO and President Dan DeCloss

PlexTrac CEO and President Dan DeCloss. Image Credits: PlexTrac

“I have been on both sides of the fence, the specialist who comes in and does the assessment, produces that 300-page report and then comes back a year later to find that some of the critical issues had not been addressed at all. And not because the organization didn’t want to but because it was lost in that report,” PlexTrac CEO and President Dan DeCloss said. “These are some of the most critical findings for an entity from a risk perspective. By making it collaborative, both red and blue teams are united on the same goal we all share, to protect the network and assets.”

With an extensive career in security that included time as a penetration tester for Veracode and the Mayo Clinic, as well as senior information security advisor for Anthem, among other roles, DeCloss has quite a bit of firsthand experience that led him to found PlexTrac. Specifically, he believes that it’s important to break down the wall between offense-focused red teams and defense-centric blue teams.

Image Credits: PlexTrac

“Historically there has been more of the cloak and dagger relationship but those walls are breaking down — and rightfully so, there isn’t that much of that mentality today — people recognize they are on the same mission whether they are an internal security team or an external team,” he said. “With the PlexTrac platform the red and blue teams have a better view into the other teams’ tactics and techniques — and it makes the whole process into an educational exercise for everyone.”

At its core, PlexTrac makes it easier for security teams to produce their reports — and hence free them up to actually focus on “real” security work. To do so, the service integrates with most of the popular scanners like Qualys, and Veracode, but also tools like ServiceNow and Jira in order to help teams coordinate their workflows. All the data flows into real-time reports that then help teams monitor their security posture. The service also features a dedicated tool, WriteupsDB, for managing reusable write-ups to help teams deliver consistent reports for a variety of audiences.

“Current tools for planning, executing and reporting on security testing workflows are either nonexistent (manual reporting, spreadsheets, documents, etc. …) or exist as largely incomplete features of legacy platforms,” Madrona’s S. Somasegar and Chris Picardo write in today’s announcement. “The pain point for security teams is real and PlexTrac is able to streamline their workflows, save time, and greatly improve output quality. These teams are on the leading edge of attempting to find and exploit vulnerabilities (red teams) and defend and/or eliminate threats (blue teams).”

 

Nov
09
2018
--

Growing pains at venture-backed Moogsoft lead to layoffs

Eight months after bringing in a $40 million Series D, Moogsoft‘s co-founder and chief executive officer Phil Tee confirmed to TechCrunch that the IT incident management startup had shed 18 percent of its workforce, or just over 30 employees.

The layoffs took place at the end of October; shortly after, Moogsoft announced two executive hires. Among the additions was Amer Deeba, who recently resigned from Qualys after the U.S. Securities and Exchange Commission charged him with insider trading.

Founded in 2012, San Francisco-based Moogsoft provides artificial intelligence for IT operations (AIOps) to help teams work more efficiently and avoid outages. The startup has raised $90 million in equity funding to date, garnering a $220 million valuation with its latest round, according to PitchBook. It’s backed by Goldman Sachs, Wing Venture Capital, Redpoint Ventures, Dell’s corporate venture capital arm, Singtel Innov8, Northgate Capital and others. Wing VC founder and long-time Accel managing partner Peter Wagner and Redpoint partner John Walecka are among the investors currently sitting on Moogsoft’s board of directors.

Tee, the founder of two public companies (Micromuse and Riversoft) admitted the layoffs affected several teams across the company. The cuts, however, are not a sign of a struggling business, he said, but rather a right of passage for a startup seeking venture scale.

“We are a classic VC-backed startup that has sort of grown up,” Tee told TechCrunch earlier today. “In pretty much every successful company, there is a point in time where there’s an adjustment in strategy … Unfortunately, when you do that, it becomes a question of do we have the right people?”

Moogsoft doubled revenue last year and added 50 Fortune 200 companies as customers, according to a statement announcing its latest capital infusion. Tee said he’s “extremely chipper” about the road ahead and the company’s recent C-suite hires.

Moogsoft’s newest hires, CFO Raman Kapur (left) and COO Amer Deeba (right).

Moogsoft announced its latest executive hires on November 2, only one week after completing the round of layoffs, a common strategy for companies looking to cast a shadow on less-than-stellar news, like major staff cuts. Those hires include former Splunk vice president of finance Raman Kapur as Moogsoft’s first-ever chief financial officer and Amer Deeba, a long-time Qualys executive, as its chief operating officer.

Deeba spent the last 17 years at Qualys, a publicly traded provider of cloud-based security and compliance solutions. In August, he resigned amid allegations of insider trading. The SEC announced its charges against Deeba on August 30, claiming he had notified his two brothers of Qualys’ missed revenue targets before the company publicly announced its financial results in the spring of 2015.

“Deeba informed his two brothers about the miss and contacted his brothers’ brokerage firm to coordinate the sale of all of his brothers’ Qualys stock,” the SEC wrote in a statement. “When Qualys publicly announced its financial results, it reported that it had missed its previously-announced first-quarter revenue guidance and that it was revising its full-year 2015 revenue guidance downward. On the same day, Deeba sent a message to one of his brothers saying, ‘We announced the bad news today.’ The next day, Qualys’s stock price dropped 25%. Although Deeba made no profits from his conduct, Deeba’s brothers collectively avoided losses of $581,170 by selling their Qualys stock.”

Under the terms of Deeba’s settlement, he is ineligible to serve as an officer or director of any SEC-reporting company for two years and has been ordered to pay a $581,170 penalty.

Tee, for his part, said there was never any admission of guilt from Deeba and that he’s already had a positive impact on Moogsoft.

“[Deeba] is a tremendously impressive individual and he has the full confidence of myself and the board,” Tee said.

 

Nov
28
2016
--

How to estimate a company’s health without really trying

Conceptual image of a female doctor with a stethoscope Within the past few months, NetSuite, Marketo, LinkedIn, FleetMatics and LogMeIn have each been acquired or merged for a combined value of more than $50 billion. At this rate, public SaaS companies may become an endangered species. Clearly, PE investors and larger technology companies sense opportunity and value. Read More

Jan
29
2015
--

GHOST vulnerability (CVE-2015-0235) Percona response

Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.”

As the announcement from Qualys indicates, it is believed that MySQL and by extension Percona Server are not affected by this issue.

Percona is in the process of conducting our own review into the issue related to the Percona Server source code – more information will be released as soon as it is available.

In the interim the current advisory is to update your glibc packages for your distributions if they are in fact vulnerable. The C code from the Qualys announcement may aid in your diagnostics, section 4 of this document or via this gist. I also wrote a very quick python script to help identify processes which may be running libc that you can access here.

Compiling the above and executing it will yield an output indicating if your glibc version is believed to be vulnerable or not vulnerable.

Distribution Resource Resource Links

    1. RedHat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
    2. RedHat EL5 Errata: https://rhn.redhat.com/errata/RHSA-2015-0090.html
    3. RedHat EL6 / 7 Errata: https://rhn.redhat.com/errata/RHSA-2015-0092.html
    4. Ubuntu USN: http://www.ubuntu.com/usn/usn-2485-1/ (affects 10.04 12.04)
    5. Debian security tracker: https://security-tracker.debian.org/tracker/CVE-2015-0235

Distributions which use musl-libc (http://www.musl-libc.org/) are not affected by this issue.

Acknowledgements

Qualys

Robert Barabas – Percona
Raghavendra Prabhu – Percona
Laurynas Biveinis – Percona

The post GHOST vulnerability (CVE-2015-0235) Percona response appeared first on MySQL Performance Blog.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com