Personal blog of Yzmir Ramirez

A lot of enterprise cybersecurity efforts focus on malicious hackers that work on behalf of larger organizations, be they criminal groups or state actors — and for good reason, since the majority of incidents these days come from phishing and other malicious techniques that originate outside the enterprise itself.

But there has also been a persistent, and now growing, focus also on “insider threats” — that is, breaches that start from within organizations themselves. And today a startup that specialises in this area is announcing a round of growth funding to expand its reach.

Dtex, which uses machine learning to monitor network activity within the perimeter and around all endpoints to detect unusual patterns or behaviour around passwords, data movement and other network activities, is today announcing that it has raised $17.5 million in funding.

The round is being led by new investor Northgate Capital with Norwest Venture Partners and Four Rivers Group, both previous investors, also participating. Prior to this, the San Jose-based startup had raised $57.5 million, according to data from PitchBook, while CrunchBase puts the total raised at $40 million.

CEO Bahman Mahbod said the startup is not disclosing valuation except to say that it’s “very excited” about it.

For some context, the company works with hundreds of large enterprises, primarily in the financial, critical infrastructure, government and defence sectors. The plan is to now extend further into newer verticals where it’s started to see more activity more recently: pharmaceuticals, life sciences and manufacturing. Dtex says that over the past 12 months, 80% of its top customers have been increasing their level of engagement with the startup.

Dtex’s focus on “insider” threats sounds slightly sinister at first. Is the implication here that people are more dishonest and nefarious these days and thus need to be policed and monitored much more closely for wrongdoing? The answer is no. There are no more dishonest people today than there ever have been, but there are a lot more opportunities to make mistakes that result in security breaches.

The working world has been on a long-term trend of becoming increasingly digitised in all of its interactions, and bringing on a lot more devices onto those networks. Across both “knowledge” and front-line workers, we now have a vastly larger number of devices being used to help workers do their jobs or just keep in touch with the company as they work, with many of them being brought by the workers themselves rather than being provisioned by the companies. There has also been a huge increase in cloud services,

And in the realm of “knowledge” workers, we’re seeing a lot more remote or peripatetic working, where people don’t have fixed desks and often work outside the office altogether — something that has skyrocketed in recent times with stay-at-home orders put in place to mitigate the spread of COVID-19 cases.

All of this translates into a much wider threat “horizon” within organizations themselves, before even considering the sophistication of external malicious hackers.

And the current state of business has exacerbated that. Mahbod tells us that Dtex is currently seeing spikes in unusual activity from the rise in home workers, who sometimes circumvent VPNs and other security controls, thus committing policy violations; as well as more problems arising from the fact that home networks have been compromised and that is leaving work networks, accessed from home, more vulnerable. These started, he said, with COVID-19 phishing attacks but have progressed to undetected malware from drive-by downloads.

And, inevitably, he added that there has been a rise in intentional data theft and accidental loss arising in cases where organizations have had to lay people off or run a round of furloughs, but might still result from negligence rather than intentional actions.

There are a number of other cybersecurity companies that provide ways to detect insider threats — they include CloudKnox and Obsidian Security, along with a number of larger and established vendors. But Mabhod says that Dtex “is the only company with ‘next-generation’ capabilities that are cloud-first, AI/ML baked-in, and enterprise scalable to millions of users and devices, which it sells as DMAP+.

“Effectively, Next-Gen Insider Threat solutions must replace legacy Insider Threat point solutions which were borne out of the UAM, DLP and UEBA spaces,” he said.

Those providing legacy approaches of that kind include Forcepoint with its SureView product and Proofpoint with its ObserveIT product. Interestingly, CyberX, which is currently in the process of getting acquired by Microsoft (according to reports and also our sources), also includes insider threats in its services.

This is one reason why investors have been interested.

“Dtex has built a highly scalable platform that utilizes a cloud-first, lightweight endpoint architecture, offering clients a number of use cases including insider threat prevention and business operations intelligence,” said Thorsten Claus, partner, Northgate Capital, in a statement. Northgate has a long list of enterprise startups in its portfolio that represent potential customers but also a track record of experience in assessing the problem at hand and building products to address it. “With Dtex, we have found a fast-growing, long-term, investible operation that is not just a band-aid collection of tools, which would be short-lived and replaced.”

Meet Leverice: A team messenger and collaboration platform that’s aiming to compete with b2b giants like Slack by tackling an issue that continues to plague real-time messaging — namely, ‘always-on’ information overload. This means these tools can feel like they’re eating into productivity as much as aiding it. Or else leave users stressed and overwhelmed about how to stay on top of the work comms firehose. 

Leverice’s pitch is that it’s been built from the ground up to offer a better triage structure so vital bits of info aren’t lost in rushing rivers of chatter than flow across less structured chat platforms.

It does this by giving users the ability to organize chat content into nested subchannels. So its theory is that hyper structured topic channels will let users better direct and navigate info flow, freeing them from the need to check everything or perform lots of searches in order to find key intel. Instead they can just directly drill down to specific subchannels, tuning out the noise.

The overarching aim is to bring a little asynchronicity to the world of real-time collaboration platforms, per co-founder and COO Daniel Velton.

“Most messaging and collaboration tools are designed for and built around synchronous communications, instant back-and-forth. But most members of remote teams communicate at their own pace — and there was no go-to messaging tool built around asynchronous communications,” he tells TechCrunch.

“We set out to solve that problem, to build a messenger and collaboration platform that breaks rivers down into rivulets. To do that, we needed a tech stack and unique architecture that would allow teams to efficiently work with hundreds of channels and subchannels distributed between scores of channel branches of varying depths. Having that granularity ensures that each little shelf maintains topical integrity.

“We’re not discussing Feature 2.1.1 and 2.1.2 and 2.1.3 and 2.1.4 inside a single ‘Features’ channel, where the discussions would blend together. Each has its own little home.”

Of course Slack isn’t blind to the info-overload issues its platform can generate. Last month it announced “a simpler, more organized Slack”, which includes the ability for users to organize channels, messages and apps into “custom, collapsible sections”. Aka folders.

So how is Leverice’s subchannel architecture a great leap forward on the latest version of Slack — which does let users organize themselves (and is now in the process of being rolled out across its user-base)?

“All structuring (including folders) on other popular messengers is essentially an individual preference setting,” says Velton. “It does not reflect on a teamwide channel tree. It’s definitely a step in the right direction but it’s about each user adding a tiny bit of structure to their own private interface, not having a structure that affects and improves the way an entire team communicates.

“Leverice architecture is based on structuring of channels and subchannels into branches of unlimited depth. This kind of deep structuring is not something you can simply ‘overlay’ on top of an existing messenger that was designed around a single layer of channels. A tremendous number of issues arise when you work with a directory-like structure of infinite depth, and these aren’t easily solved or addressed unless the architecture is built around it.”

“Sure, in Leverice you can build the ‘6-lane autobahns’,” he adds, using an analogy of vehicle traffic on roads to illustrate the concept of a hierarchy of topic channels. “But we are the only messenger where you can also construct a structured network of ‘country roads’. It’s more ‘places’ but each ‘place’ is so narrow and topical that working through it all becomes more manageable, quick and pleasant, and it’s something you can do at your own pace without fear of missing important kernels of information as they fly by on the autobahn.”

To be clear, while Slack has now started letting users self-organize — by creating a visual channel hierarchy that suits them — Leverice’s structure means the same structured tree of channels/subchannels applies for the whole team.

“At the end of the day, for communications to work, somebody on a team needs to be organized,” argues Velton. “What we allow is structuring that affects the channel tree for an entire team, not just an individual preference that reflects only on a user’s local device.”

Leverice has other features in the pipeline which it reckons will further help users cut through the noise — with a plan to apply AI-powered prioritization to surface the most pressing inbound comms.

There will also be automated alerts for conversation forks when new subchannels are created. (Though generating lots of subchannel alerts doesn’t sound exactly noise-free…)

“We have features coming that alert users to forks in a conversation and nudge the user toward those new subchannels. At this stage those forks are created manually, although our upcoming AI module will have nudges based on those forks,” says Velton.

“The architecture (deep structuring) also opens the door to scripting of automated workflows and open source plug-ins,” he adds.

Leverice officially launched towards the end of February after a month-long beta which coincided with the coronavirus-induced spike in remote work.

At this stage they have “members of almost 400 teams” registered on the platform, per Velton, with initial traction coming from mid-size tech companies — who he says are either unhappy with the costs of their current messaging platform or with distraction/burnout caused by “channel fatigue”; or who are facing info fragmentation as internal teams are using different p2p/messaging tools and lack a universal choice.

“We have nothing but love and respect for our competitors,” he adds. “Slack, Teams, WhatsApp, Telegram, Skype, Viber, etc.: each have their own benefits and many teams are perfectly content to use them. Our product is for teams looking for more focus and structure than existing solutions offer. Leverice’s architecture is unique on the market, and it opens the door to powerful features that are neither technically nor practically feasible in a messenger with a single layer containing a dozen or two dozen channels.”

Other differentiating features he highlights as bringing something fresh to the team messaging platform conversation are a whiteboard feature that lets users collaborate in the app for brainstorming or listing ideas, prorities; and a Jira integration for managing and discussing tasks in the project- and issue-tracking tool. The team is planning further integrations including with Zoom, Google Docs and “other services you use most”.

The startup — which was founded by CEO Rodion Zhitomirsky in Minsk but is now headquartered in San Jose, California, also with offices in Munich, Germany — has been bootstrapping development for around two years, taking in angel investment of around $600,000.

“We are three friends who managed complex project-based teams and personally felt the pains of all the popular messengers out there,” says Velton, discussing how they came to set up the business. “We used all the usual suspects, and even tried using p2p messengers as substitutes. They all led us and our teams to the same place: we couldn’t track large amounts of communications unless we were in “always-on” mode. We knew there had to be a better way, so we set out to build Leverice.”

The third co-founder is Dennis Dokutchitz.

Leverice’s business model is freemium, with a free tier, a premium tier, and a custom enterprise tier. As well as offering the platform as SaaS via the cloud, they do on-premise installations — for what Velton describes as “the highest level of security and privacy”.

On the security front the product is not end-to-end encrypted but he says the team is developing e2e encrypted channels to supplement the client-server encryption it applies as standard.

Velton notes these forthcoming channels would not support the usual search features, while AI analysis would be limited to “meta-information analysis”, i.e. excluding posts’ content.

“We don’t process customer or message data for commercial purposes, only for internal analytics and features to improve the product for users,” he adds when asked about any additional uses made of customer data. (Leverice’s Privacy Policy can be found here.)

With remote work the order of the day across most of the globe because of the COVID-19 pandemic, it seems likely there will be a new influx of collaboration tools being unboxed to help home workers navigate a new ‘professionally distant’ normal.

“We’ve only been on the market for 6 weeks and have no meaningful revenue to speak of as of yet,” adds Velton.

At its annual TechCon event in San Jose, Arm today announced Custom Instructions, a new feature of its Armv8-M architecture for embedded CPUs that, as the name implies, enables its customers to write their own custom instructions to accelerate their specific use cases for embedded and IoT applications.

“We already have ways to add acceleration, but not as deep and down to the heart of the CPU. What we’re giving [our customers] here is the flexibility to program your own instructions, to define your own instructions — and have them executed by the CPU,” ARM senior director for its automotive and IoT business, Thomas Ensergueix, told me ahead of today’s announcement.

He noted that Arm always had a continuum of options for acceleration, starting with its memory-mapped architecture for connecting over a bus GPUs and today’s neural processor units. This allows the CPU and the accelerator to run in parallel, but with the bus being the bottleneck. Customers also can opt for a co-processor that’s directly connected to the CPU, but today’s news essentially allows Arm customers to create their own accelerated algorithms that then run directly on the CPU. That means the latency is low, but it’s not running in parallel, as with the memory-mapped solution.

As Arm argues, this setup allows for the lowest-cost (and risk) path for integrating customer workload acceleration, as there are no disruptions to the existing CPU features and it still allows its customers to use the existing standard tools with which they are already familiar.

For now, custom instructions will only be available to be implemented in the Arm Cortex-M33 CPUs, starting in the first half of 2020. By default, it’ll also be available for all future Cortex-M processors. There are no additional costs or new licenses to buy for Arm’s customers.

Ensergueix noted that as we’re moving to a world with more and more connected devices, more of Arm’s customers will want to optimize their processors for their often very specific use cases — and often they’ll want to do so because by creating custom instructions, they can get a bit more battery life out of these devices, for example.

Arm has already lined up a number of partners to support Custom Instructions, including IAR Systems, NXP, Silicon Labs and STMicroelectronics .

“Arm’s new Custom Instructions capabilities allow silicon suppliers like NXP to offer their customers a new degree of application-specific instruction optimizations to improve performance, power dissipation and static code size for new and emerging embedded applications,” writes NXP’s Geoff Lees, SVP and GM of Microcontrollers. “Additionally, all these improvements are enabled within the extensive Cortex-M ecosystem, so customers’ existing software investments are maximized.”

In related embedded news, Arm also today announced that it is setting up a governance model for Mbed OS, its open-source operating system for embedded devices that run an Arm Cortex-M chip. Mbed OS has always been open source, but the Mbed OS Partner Governance model will allow Arm’s Mbed silicon partners to have more of a say in how the OS is developed through tools like a monthly Product Working Group meeting. Partners like Analog Devices, Cypress, Nuvoton, NXP, Renesas, Realtek,
Samsung and u-blox are already participating in this group.

Hewlett Packard Enterprise is moving from Palo Alto to San Jose. The company will relocate 1,000 employees to a 220,000-square-foot space in late 2018. HPE was spun-off from Hewlett-Packard in 2015 and is focused on servers and storage.

This news comes months after HPE announced a different plan in which the company was moving to Santa Clara, where Aruba Networks, a company it previously acquired, is headquartered.

HPE is going to occupy six floors in San Jose’s America Center, which is located near a forthcoming Berryessa BART station.

This move is the latest win for San Jose. Google recently announced it would move in the coming years. According to a report in The Mercury News, the city of San Jose did not offer HPE any financial incentives.