Personal blog of Yzmir Ramirez

Hunters, a Tel Aviv-based cybersecurity startup that helps enterprises defend themselves from intruders and analyze attacks, today announced that it has raised a $15 million Series A funding round from Microsoft’s M12 and U.S. Venture Partners. Seed investors YL Ventures and Blumberg Captial also participated in this round, as well as new investor Okta Ventures, the venture arm of identity provider Okta. With this, Hunters has now raised a total of $20.4 million.

The company’s SaaS platform basically automates the threat-hunting processes, which has traditionally been a manual process. The general idea here is to take as much data from an enterprise’s various networking and security tools to detect stealth attacks.

“Hunters is basically this layer, a cognitive layer or connective tissue that you put on top of your telemetry stack,” Hunters co-founder and CEO Uri May told me. “So you have your [endpoint detection and response], your firewalls, cloud, production environment sensors — and all of those are shooting telemetry and detections all over the organization, generating huge amounts of data. And, basically, our place in the world depends on our ability to generate that delta. So without being able to find things that you can’t see with a single point solution or without really expediting response procedures and workflows by correlating things in a nontrivial way, we don’t have any excuse to exist. But we got pretty good at those — at showing that delta — and we onboarded customers — nice logos — and that was a very strong validation.”

Image Credits: Hunters

Hunters’ first customer was actually data management service Snowflake, which functioned as the company’s design partner. In addition to being a customer, Snowflake now also features Hunters in its partner marketplace, as does security service CrowdStrike. May also noted that Crowdstrike is a good example for the kind of customer Hunters is going after.

“Not necessarily Global 2000 or Fortune 500. It’s really high-end mid-market organizations, not necessarily tens of thousand employees, but billions of dollars in revenues, a lot of value at risk, born to the cloud, super mature tech stack, not necessarily a big security operation center, but definitely CISO and a team of security engineers and analysts, and they’re looking for the solution, that on-top solution that can make sense of a lot of the data and give them the confidence and also give them results in terms of cybersecurity, posture and their detection and response capabilities.”

Microsoft already has a large security development center in Israel and so it’s no surprise that Hunters appeared on the company’s radar. Hunters also spent some time proactively looking at the Microsoft ecosystem, May told me, but the company’s VCs also made some introductions. All of this culminated in a number of meetings at the Tel Aviv CyberTech conference in January and the RSA Conference in San Francisco in February, just before the coronavirus pandemic essentially shut down travel.

Hunters says it will use the new funding to build out its go-to-market capabilities in the U.S. and expand its R&D team in Israel. As for the product itself, the company will look to broaden its product integration and machine learning capabilities to help it generate better attack stories. May also noted that it plans to give its users capabilities to customize the system for their needs by allowing them to develop their own signals and detections to augment the company’s default tools. This, May argued, will allow the company to go after higher-end enterprise customers that already have threat-hunting teams but that are looking to automate more of the process. With that, it will also look to partner with other security firms to leverage its system to provide better services to their customers as well.

Every company today is struggling to deal with security and understanding what is happening on their systems. This is even more pronounced as companies have had to move their employees to work from home. Uptycs, a Boston-area security analytics startup, announced a $30 million Series B today to help companies detect and understand breaches when they happen.

Sapphire Ventures led the round with help from Comcast Ventures and ForgePoint Capital. The startup has now raised a total of $43 million, according to the company. Under the terms of today’s deal, Sapphire Ventures’ president and managing director Jai Das will be joining the company’s board.

Company co-founder and CEO Ganesh Pai says he and his co-founders previously worked at Akamai, where they observed Akamai’s debugging and diagnostic tools, which were designed to work at massive scale. The founders believed they could use a similar approach to building a security analytics platform, and in 2016 the group launched Uptycs .

“We help people to solve intrusion detection, compliance and audit and incident investigation. These are table stakes requirements [for security solutions] that most large scale organizations have, and of course with their scale the challenges vary. What we at Uptycs do is provide a solution for that,” Pai told TechCrunch.

The company uses a flight recorder approach to security, giving security operations teams the ability to sift through the data and review exactly how a detection happened and how the intruder got through the company’s defenses.

He recognizes his company is fortunate to get a round this large right now, but he says the solution has attracted a number of customers signing seven-digit contracts and this in turn got the attention of investors. “That customer engagement, their experience and this commitment from our customers led to this substantial round of funding,” he said.

The company currently has 65 employees spread across offices in Waltham, a Boston suburb, as well as two offices in India. Pai says the plan is to double that number in the next 12 months. “Between the cash flow from our existing customers and the pipeline for us and the funding, we are planning to grow in a meaningful way. If everything aligns with our expectation we will double our team size in the next 12 months,” he said.

As he grows his company in this way, Pai says they are talking to their investors about how to build a diverse workforce. “We’ve thought long and hard about it, both in terms of diversity and inclusion. It is a lot harder to execute because at the end of the day, there is a finite talent pool, but we are having conversations with our investors, who have seen patterns of success in terms of implementing such plans from growth stage ventures,” he said.

He added, “And of course we are a very early-stage company, but we are extremely cognizant, and given the current circumstances are acutely aware that we need to do our very best and make a difference.”

As the company has moved to work from home across its operations, he says it has benefited from working in the cloud from the start. “As an organization we are very fortunate that we built our organization so that everything runs in the cloud and everyone has been able to remain very productive,” he said.

Ryan Easter couldn’t believe he was being asked to run a pandemic business continuity test.

It was late October, 2019 and Easter, IT Director and a principal at Johnson Investment Counsel, was being asked by regulators to ensure that their employees could work from home with the same capabilities they had in the office. In addition, the company needed to evaluate situations where up to 50% of personnel were impacted by a virus and unable to work, forcing others to pick up their internal functions and workload.

“I honestly thought that it was going to be a waste of time,” said Easter. “I never imagined that we would have had to put our pandemic plan into action. But because we had a tested strategy already in place, we didn’t miss a beat when COVID-19 struck.”

In the months leading up to the initial test, Johnson Investment Counsel developed a work anywhere blueprint with their technology partner Evolve IP. The plan covered a wide variety of integrated technologies including voice services, collaboration, virtual desktops, disaster recovery and remote office connectivity.

“Having a strategy where our work anywhere services were integrated together was one of the keys to our success,” said Easter. “We manage about $13 billion in assets for clients across the United States and provide comprehensive wealth and investment management to individual and institutional investors. We have our own line of mutual funds, a state-chartered trust company, a proprietary charitable gift fund, with research analysts and traders covering both equity and fixed income markets. Duct taping one-off solutions wasn’t going to cut it.”

Easter continued, “It was imperative that our advisors could communicate with clients, collaborate with each other and operate the business seamlessly. That included ensuring we could make real-time trades and provide all of our other client services.”

Five months later, the novel coronavirus hit the United States and Johnson Investment Counsel’s blueprint test got real.

When you think about startup hubs, Tulsa, Oklahoma is probably not the first city that comes to mind.

A coalition of business, education, government and philanthropists are working to foster a startup ecosystem in a city that’s better known for its aerospace and energy companies. These community leaders recognized that raising the standard of living for a wide cross-section of citizens required a new generation of companies and jobs — which takes commitment from a broad set of interested parties.

In Tulsa, that effort began with George Kaiser Family Foundation (GKFF), a philanthropic organization, and ended with the creation of Tulsa Innovation Labs (TIL), a partnership between GKFF, Israeli cybersecurity venture capitalists Team8 and several area colleges and local government.

Why Tulsa?

Tulsa is a city of more than 650,000 people, with a median household income of $53,902 and a median house price of $150,500. Glassdoor reports that the average salary for a software engineer in Tulsa is $66,629; in San Francisco, the median home price is over $1.1 million, household income comes in at $112,376 and Glassdoor’s average software engineer salary is $115,822.

Home to several universities and a slew of cultural attractions, the city has a lot to offer. To sweeten the deal, GKFF spun up “Tulsa Remote,” an initiative that offers $10,000 to remote workers who will relocate and make the city their home base. The goal: draw in new, high-tech workers who will help build a more vibrant economy.

Tulsa is the second-largest city in the state of Oklahoma and 47th-most populous city in the United States. Photo Credit: DenisTangneyJr/Getty Images

Local colleges are educating the next generation of workers; Tulsa Innovation Labs is working with the University of Tulsa in partnership with Team8 through the university’s Cyber Fellows program. There are also ongoing discussions with Oklahoma State University-Tulsa and the University of Oklahoma-Tulsa about building a similar relationship.

These constituencies are trying to grow a startup ecosystem from the ground up. It takes a sense of cooperation and hard work and it will probably take some luck, but they are starting with $50 million, announced just this week from GKFF, for startup investments through TIL.

Like all business leaders, chief information security officers (CISOs) have shifted their roles quickly and dramatically during the COVID-19 pandemic, but many have had to fight fires they never expected.

Most importantly, they’ve had to ensure corporate networks remain secure even with 100% of employees suddenly working from home. Controllers are moving millions between corporate accounts from their living rooms, HR managers are sharing employees’ personal information from their kitchen tables and tens of millions of workers are accessing company data using personal laptops and phones.

This unprecedented situation reveals once and for all that security is not only about preventing breaches, but also about ensuring fundamental business continuity.

While it might take time, everyone agrees the pandemic will end. But how will the cybersecurity sector look in a post-COVID-19 world? What type of software will CISOs want to buy in the near future, and two years down the road?

To find out, I asked six of the world’s leading CISOs to share their experiences during the pandemic and their plans for the future, providing insights on how cybersecurity companies should develop and market their solutions to emerge stronger:

• Ian Amit, Cimpress
• Colin Anderson, Levi Strauss & Co.
• Al Ghous, ServiceMax
• Adrian Ludwig, Atlassian
• Rinki Sethi, Rubrik
• Elwin Wong, Ross Stores

The security sector will experience challenges, but also opportunities

The good news is, many CISOs believe that cybersecurity will weather the economic storm better than other enterprise software sectors. That’s because security has become even more top of mind during the pandemic; with the vast majority of corporate employees now working remotely, a secure network has never been more paramount, said Rinki Sethi, CISO at Rubrik. “Many security teams are now focused on ensuring they have controls in place for a completely remote workforce, so endpoint and network security, as well as identity and access management, are more important than ever,” said Sethi. “Additionally, business continuity and disaster recovery planning are critical right now — the ability to respond to a security incident and have a robust plan to recover from it is top priority for most security teams, and will continue to be for a long time.”

That’s not to say all security companies will necessarily thrive during this current economic crisis. Adrian Ludwig, CISO at Atlassian, notes that an overall decline in IT budgets will impact security spending. But the silver lining is that some companies will be acquired. “I expect we will see consolidation in the cybersecurity markets, and that most new investments by IT departments will be in basic infrastructure to facilitate work-from-home,” said Ludwig. “Less well-capitalized cybersecurity companies may want to begin thinking about potential exit opportunities sooner rather than later.”

Google dropped out of the Pentagon’s JEDI cloud contract battle fairly early in the game, citing it was in conflict with its “AI principals.” However, today the company announced a new seven-figure contract with DoD’s Defense Innovation Unit (DIU), a big win for the cloud unit and CEO Thomas Kurian.

While the company would not get specific about the number, the new contract involves using Anthos, the tool the company announced last year to secure DIU’s multi-cloud environment. In spite of the JEDI contract involving a single vendor, the DoD has always used solutions from all three major cloud vendors — Amazon, Microsoft and Google — and this solution will provide a way to monitor security across all three environments, according to the company.

“Multi-cloud is the future. The majority of commercial businesses run multi-cloud environments securely and seamlessly, and this is now coming to the federal government as well,” Mike Daniels, VP of Global Public Sector at Google Cloud told TechCrunch.

The idea is to manage security across three environments with help from cloud security vendor Netskope, which is also part of the deal. “The multi-cloud solution will be built on Anthos, allowing DIU to run web services and applications across Google Cloud, Amazon Web Services, and Microsoft Azure — while being centrally managed from the Google Cloud Console,” the company wrote in a statement.

Daniels says that while this is a deal with DIU, he could see it expanding to other parts of DoD. “This is a contract with the DIU, but our expectation is that the DoD will look at the project as a model for how to implement their own security posture.”

Google Cloud Platform remains way back in the cloud infrastructure pack, in third place with around 8% market share. For context, AWS has around 33% market share and Microsoft has around 18%.

While JEDI, a $10 billion, winner-take-all prize remains mired in controversy and an on-going battle between The Pentagon, Amazon and Microsoft, this deal shows that the defense department is looking at advanced technology like Anthos to help it manage a multi-cloud world regardless of what happens with JEDI.

Even in these trying economic times, there are some services that companies can’t do without. Having good security tools is one of them. Expel, a 4-year old startup that offers security operations as a service, announced a $50 million Series D financing today.

CapitalG led the round with participation from existing investors Battery Ventures, Greycroft, Index Ventures, Paladin Capital Group and Scale Venture Partners. The company has now raised almost $117 million, according to Pitchbook data.

It’s never easy finding quality security talent to help protect a large organization. The idea behind Expel is to give customers a set of tools to help use automation to reduce the number of people required to keep an organization safe.

Most companies struggle to find experienced security employees, so it’s using automation to solve a real pain point for them. While co-founder and CEO Dave Merkel says you still need to staff the security operations center, you can do it with fewer people with his platform.

“You may have a 24×7 Security Operations Center, but you don’t need the number of people everybody else does to protect your customers because Workbench does all of the heavy lifting for you. So instead of a SOC with 100 people, maybe you’ve got one with 15 people, and that gives tremendous leverage through this platform, and the platform ensures that you can provide high quality security without having to continually grow headcount,” Merkel explained.

Merkel sees the same economy everyone else does, but he believes that companies will continue to invest in security because they have to.

“Security tends to be a need as opposed to a want in many organizations, and so we still do see business happening. We will be using some of the money to continue to invest smartly in sales and marketing, but we’ll just need to be deliberate to make sure that we’re picking the right things that are still effective right now,” he said.

One thing that’s remarkable about this round is that Expel didn’t go looking for this new money. In fact, CapitalG came knocking, according to CapitalG general partner Gene Frantz.

“We sought out Expel, first and foremost. It wasn’t that Expel sought out to raise money and they called a bunch of people. We called them, and that was in response to a bunch of thematic work that we continually do in the security space,” Frantz told TechCrunch.

That work involved three main areas, where Expel happened to check all the boxes. The first was the threat landscape becoming ever more treacherous. The second was information overload from a variety of security products, and finally the dearth of experienced security personnel to deal with the first two problems.

“And so our bet is that this is the company in the space that actually will take on and address these challenges,” Frantz said.

Merkel describes having a company like CapitalG come to him as a humbling experience for him and his co-founders, especially under the current circumstances.

“It’s tremendous validation, but it is also humbling. We’re pretty thankful to be in that position, and we want to make sure that we do the right things to continue to honor the opportunity that we see in front of us.”

When Zoom started having security issues in March, they turned to former Facebook and Yahoo! Security executive Alex Stamos, who signed on as a consultant to work directly with CEO Eric Yuan.

The goal was to build a more cohesive security strategy for the fast-growing company. One of the recommendations that came out of those meetings was building end-to-end encryption into the paid tier of the product. Those discussions led to the company buying Keybase this morning.

Stamos says in the big build versus buy debate that companies tend to go through when they are evaluating options, this fell somewhere in the middle. While they bought a company with a lot of expertise, it will still require Keybase engineers working with counterparts from Zoom and consultants like Stamos to build a final encrypted product.

“The truth is that what Zoom wants to do with end-to-end encryption, nobody’s really done, so there’s no product that you could just slap onto Zoom to turn it into key encryption. That’s going to have to be thought out from the beginning for the specific needs of an enterprise,” Stamos told TechCrunch.

But what they liked about Keybase in particular is that they have already thought through similar problems with file encryption and encrypted chat, and they want to turn the Keybase engineers loose on this problem.

“The design is going to be something that’s totally new. The great thing about Keybase is that they have already been through this process of thinking through and then crafting a design that is usable by normal people and that provides functionality while being somewhat invisible,” he said.

Because it’s a work in progress, it’s not possible to say when that final integration will happen, but Stamos did say that the company intends to publish a paper on May 22nd outlining its cryptographic plan moving forward, and then will have a period of public discussion before finalizing the design and moving into the integration phase.

He says that the first goal is to come up with a more highly secure version of Zoom meetings with end-to-end encryption enabled. At least initially, this will only be available for people using the Zoom client or Zoom-enabled hardware. You won’t be able to encrypt someone calling in, for instance.

As for folks who may be worried about Keybase being owned by Zoom, Stamos says, “The whole point of the Keybase design is that you don’t have to trust who owns their servers.”

Zoom announced this morning that it has acquired Keybase, a startup with encryption expertise. It did not reveal the purchase price.

Keybase, which has been building encryption products for several years including secure file sharing and collaboration tools, should give Zoom some security credibility as it goes through pandemic demand growing pains.

The company has faced a number of security issues in the last couple of months as demand as soared and exposed some security weaknesses in the platform. As the company has moved to address these issues, having a team of encryption experts on staff should help the company build a more secure product.

In a blog post announcing the deal, CEO Eric Yuan said they acquired Keybase to give customers a higher level of security, something that’s increasingly important to enterprise customers as more operations are relying on the platform, working from home during the pandemic.

“This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses,” Yuan wrote.

He added that that tools will be available for all paying customers as soon as it is incorporated into the product. “Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” he wrote.

Under the terms of the deal, the Keybase will become a subsidiary of Zoom and co-founder and Max Krohn will lead the Zoom security engineering team, reporting directly to Yuan to help build the security product. The other almost two dozen employees will become Zoom employees. The vast majority are security engineers.

It’s not clear what will happen to Keybase’s products, but the company did say Zoom is working with Keybase to figure that out.

Keybase was founded in 2014 and has raised almost $11 million according to Crunchbase data.

A lot of enterprise cybersecurity efforts focus on malicious hackers that work on behalf of larger organizations, be they criminal groups or state actors — and for good reason, since the majority of incidents these days come from phishing and other malicious techniques that originate outside the enterprise itself.

But there has also been a persistent, and now growing, focus also on “insider threats” — that is, breaches that start from within organizations themselves. And today a startup that specialises in this area is announcing a round of growth funding to expand its reach.

Dtex, which uses machine learning to monitor network activity within the perimeter and around all endpoints to detect unusual patterns or behaviour around passwords, data movement and other network activities, is today announcing that it has raised $17.5 million in funding.

The round is being led by new investor Northgate Capital with Norwest Venture Partners and Four Rivers Group, both previous investors, also participating. Prior to this, the San Jose-based startup had raised $57.5 million, according to data from PitchBook, while CrunchBase puts the total raised at $40 million.

CEO Bahman Mahbod said the startup is not disclosing valuation except to say that it’s “very excited” about it.

For some context, the company works with hundreds of large enterprises, primarily in the financial, critical infrastructure, government and defence sectors. The plan is to now extend further into newer verticals where it’s started to see more activity more recently: pharmaceuticals, life sciences and manufacturing. Dtex says that over the past 12 months, 80% of its top customers have been increasing their level of engagement with the startup.

Dtex’s focus on “insider” threats sounds slightly sinister at first. Is the implication here that people are more dishonest and nefarious these days and thus need to be policed and monitored much more closely for wrongdoing? The answer is no. There are no more dishonest people today than there ever have been, but there are a lot more opportunities to make mistakes that result in security breaches.

The working world has been on a long-term trend of becoming increasingly digitised in all of its interactions, and bringing on a lot more devices onto those networks. Across both “knowledge” and front-line workers, we now have a vastly larger number of devices being used to help workers do their jobs or just keep in touch with the company as they work, with many of them being brought by the workers themselves rather than being provisioned by the companies. There has also been a huge increase in cloud services,

And in the realm of “knowledge” workers, we’re seeing a lot more remote or peripatetic working, where people don’t have fixed desks and often work outside the office altogether — something that has skyrocketed in recent times with stay-at-home orders put in place to mitigate the spread of COVID-19 cases.

All of this translates into a much wider threat “horizon” within organizations themselves, before even considering the sophistication of external malicious hackers.

And the current state of business has exacerbated that. Mahbod tells us that Dtex is currently seeing spikes in unusual activity from the rise in home workers, who sometimes circumvent VPNs and other security controls, thus committing policy violations; as well as more problems arising from the fact that home networks have been compromised and that is leaving work networks, accessed from home, more vulnerable. These started, he said, with COVID-19 phishing attacks but have progressed to undetected malware from drive-by downloads.

And, inevitably, he added that there has been a rise in intentional data theft and accidental loss arising in cases where organizations have had to lay people off or run a round of furloughs, but might still result from negligence rather than intentional actions.

There are a number of other cybersecurity companies that provide ways to detect insider threats — they include CloudKnox and Obsidian Security, along with a number of larger and established vendors. But Mabhod says that Dtex “is the only company with ‘next-generation’ capabilities that are cloud-first, AI/ML baked-in, and enterprise scalable to millions of users and devices, which it sells as DMAP+.

“Effectively, Next-Gen Insider Threat solutions must replace legacy Insider Threat point solutions which were borne out of the UAM, DLP and UEBA spaces,” he said.

Those providing legacy approaches of that kind include Forcepoint with its SureView product and Proofpoint with its ObserveIT product. Interestingly, CyberX, which is currently in the process of getting acquired by Microsoft (according to reports and also our sources), also includes insider threats in its services.

This is one reason why investors have been interested.

“Dtex has built a highly scalable platform that utilizes a cloud-first, lightweight endpoint architecture, offering clients a number of use cases including insider threat prevention and business operations intelligence,” said Thorsten Claus, partner, Northgate Capital, in a statement. Northgate has a long list of enterprise startups in its portfolio that represent potential customers but also a track record of experience in assessing the problem at hand and building products to address it. “With Dtex, we have found a fast-growing, long-term, investible operation that is not just a band-aid collection of tools, which would be short-lived and replaced.”