Personal blog of Yzmir Ramirez

The security sector is ever frothy and acquisitive. Just last week Palo Alto Networks grabbed Expanse for $800 million. Today it was FireEye’s turn, snagging Respond Software, a company that helps customers investigate and understand security incidents, while reducing the need for highly trained (and scarce) security analysts. The deal has closed, according to the company.

FireEye had its eye on Respond’s Analyst product, which it plans to fold into its Mandiant Solutions platform. Like many companies today, FireEye is focused on using machine learning to help bolster its solutions and bring a level of automation to sorting through the data, finding real issues and weeding out false positives. The acquisition gives them a quick influx of machine learning-fueled software.

FireEye sees a product that can help add speed to its existing tooling. “With Mandiant’s position on the front lines, we know what to look for in an attack, and Respond’s cloud-based machine learning productizes our expertise to deliver faster outcomes and protect more customers,” Kevin Mandia, FireEye CEO said in a statement announcing the deal.

Mike Armistead, CEO at Respond, wrote in a company blog post that today’s acquisition marks the end of a four-year journey for the startup, but it believes it has landed in a good home with FireEye. “We are proud to announce that after many months of discussion, we are becoming part of the Mandiant Solutions portfolio, a solution organization inside FireEye,” Armistead wrote.

While FireEye was at it, it also announced a $400 million investment from Blackstone Tactical Opportunities fund and ClearSky (an investor in Respond), giving the public company a new influx of cash to make additional moves like the acquisition it made today.

It didn’t come cheap. “Under the terms of its investment, Blackstone and ClearSky will purchase $400 million in shares of a newly designated 4.5% Series A Convertible Preferred Stock of FireEye (the ‘Series A Preferred’), with a purchase price of $1,000 per share. The Series A Preferred will be convertible into shares of FireEye’s common stock at a conversion price of $18.00 per share,” the company explained in a statement. The stock closed at $14.24 today.

Respond, which was founded in 2016, raised $32 million, including a $12 million Series A in 2017 led by CRV and Foundation Capital and a $20 million Series B led by ClearSky last year, according to Crunchbase data.

Menlo Security, a malware and phishing prevention startup, announced a $100 million Series E today on an $800 million valuation. The round was led by Vista Equity Partners with help from Neuberger Berman, General Catalyst, JP Morgan and other unnamed existing investors. The company has now raised approximately $250 million.

CEO and co-founder Amir Ben-Efraim says that while the platform has expanded over the years, the company stays mostly focused on web and email as major attack vectors for customers. “We really focused on a better kind of security outcome relative to the major threat factors of web and email. So web and email is really how most of the world or the enterprise world at least does its work, and these channels remain forever vulnerable to the latest attack,” Ben-Efraim explained.

He says that to protect those attack surfaces, the company pioneered a technology called web isolation to disconnect the user from the content and send only safe visuals. “When they click a link or engage with a website, the safe visuals are guaranteed to be malware-free, no matter where you go or you end up,” Ben-Efraim said.

With a valuation of $800 million, he’s proud having built his company from the ground up to this point. He’s not quite ready to discuss an IPO yet, but he expects to take this large influx of cash and continue to grow an independent company with an IPO perhaps three years out.

With an increase in business and the new capital, the company, which has 270 employees of which around 70 came on board this year, hopes to continue to grow at that pace in 2021. He says that as that happens the security startup has been paying close attention to the social justice movements.

“As a management team and for myself as a CEO, it’s an important topic. So we were paying close attention to our own diversification goals. We want Menlo to become a more diversified company,” Ben-Efraim said. He believes the way to get there is to prioritize recruiting channels where they can tap into a wider variety of potential recruits for the company.

While he wouldn’t discuss revenue, he did say in spite of the pandemic, the business is growing rapidly and sales are up 155% in terms of net new sales over last year. “The momentum for that being customers specifically in critical infrastructure, financial services, government and the like are seeing an uptick in attacks associated with COVID, and are looking at security as essential in an area that they need to double down on. So despite the financial difficulties, that’s created a bit of a tailwind for us strangely in 2020, even though the world economy as a whole is clearly being challenged by this epidemic,” he said.

Last week was a busy week, what with an election in Myanmar and all (well, and the United States, I guess). So perhaps you were glued to your TV or smartphone, and missed out on our conversation with Asheem Chandna, a long-time partner at Greylock who has invested in enterprise and cybersecurity startups for nearly two decades now, backing such notable companies as Palo Alto Networks, AppDynamics and Sumo Logic. We have more Extra Crunch Live shows coming up.

Enterprise software is changing faster this year than it has in a decade. Coronavirus, remote work, collaboration and new cybersecurity threats have combined to force companies to rethink their IT strategies, and that means more opportunities — and challenges — for enterprise founders than ever before. In some cases, we are seeing an acceleration of existing trends, and in others, we are seeing all new trends come to the forefront.

All that is to say that there was so much on the docket to talk about last week. Chandna and I discussed what’s happening in early-stage enterprise startups, whether vertical SaaS is the future of enterprise investing, data and no-code platforms, and then this rise of “shift left” security.

The following interview has been edited and condensed from our original Extra Crunch Live conversation.

What’s happening today in the early-stage startup world?

Chandna has been a long-time backer of startups at their earliest stages, with some of his investments being literally birthed in Greylock’s offices. So I was curious how he saw the landscape today given all that prior experience.

TechCrunch: What sort of companies are exciting for you today? Are there particular markets you’re particularly attuned to?

Asheem Chandna: One is digital transformation. Every company is trying to figure out how to become more digital, and this has been accelerated by COVID-19. Second is information technology today and its journey to the cloud. I would say we might be about 10% or 15% of the way there. Some of the trends are clear, but the journey is actually still relatively early, and so there’s just a ton of opportunity ahead.

The third one is leveraging data for better predictability along with analytics. Every CEO is looking to make better decisions. And you know, most leaders make decisions based on gut instinct and a combination of data. If the data can tell a story, if the data can help you better predict, there’s a lot of potential here.

I view these as three macro trends, and then if one was to add to that, I would say cybersecurity has never been more important than it is today. I’ve been around cyber for over two decades, and just the prominence and importance and priority has never been more important than today. So that’s kind of another key area.

I want to dive into your first category, digital transformation. This is a phrase that I feel like I’ve heard for a decade now, with “Data is the new oil” and all these sorts of buzzwords and marketing phrases. Where are we in that process? Are we at the beginning? Are we at the end? What’s next from a startup perspective?

Due to COVID-19 and because of the way people are working today, digital’s become the primary medium. I would still say we’re early, and you can literally look sector by sector to see how much more work there is to do here.

Take enterprise sales itself, which is early in what I consider digitalization. It’s even more important today than it was a year ago. I’m using video to basically communicate, and then the next piece would basically be trialing of software. Can I allow even complex software to be self trials and can I measure the customer journey through that trial? Then there’s the contracting of the software, and we go to the sale process, can all that be done digitally?

So even when you take something as very mundane as enterprise sales, it’s being transformed. Winning teams, winning software entrepreneurs, they understand this well, and they’d be wise to examine every step of this process, and instrument it and digitize it.

Vertical versus horizontal plays in enterprise

Palo Alto Networks has been on a buying binge for the last couple of years, and today it added to its haul, announcing a deal to acquire Expanse for $800 million in cash and equity awards. The deal breaks down to $670 million in cash and stock and another $130 million in equity awards to Expanse employees.

Expanse provides a service to help companies understand and protect their attack surface, where they could be most vulnerable to attack. It works by giving the security team a view of how the company’s security profile could look to an attacker trying to gain access.

The plan is to fold Expanse into Palo Alto’s Cortex Suite, an AI-driven set of tools designed to detect and prevent attacks in an automated way. Expanse should provide Palo Alto with a highly valuable set of data to help feed the AI models.

“By integrating Expanse’s attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organization’s attack surface with an inside view to proactively address all security threats,” Palo Alto Networks chairman and CEO Nikesh Arora said in a statement.

Expanse sees the acquisition as a way to accelerate the company road map using the resources of a larger company like Palo Alto, a typical argument from companies being acquired. “Joining forces with Palo Alto Networks will let us achieve our most important business goals years ahead of schedule. During the course of conversations with Palo Alto Networks leadership, we shared optimism that the right combination of technology and people can solve many cybersecurity challenges that to date have seemed intractable,” the startup’s founders wrote in a blog post announcing the deal.

The two co-founders, Dr. Tim Junio and Dr. Matt Kraning, will be joining Palo Alto under the terms of the deal, which is expected to close in Palo Alto’s fiscal second quarter, assuming it passes regulatory muster.

Expanse was founded in 2012 and has raised $136 million, according to Crunchbase data. Its most recent raise was a $70 million Series C last year, which was led by TPG.

Today’s acquisition is Palo Alto’s third in 2020 and the 10th since 2018. Palo Alto stock was up 2.15% in early trading.

This year, more than ever before because of the COVID-19 pandemic, huge droves of workers and consumers have been turning to the internet to communicate, get things done and entertain themselves. That has created a huge bonanza for cybercriminals, but also companies that are building tools to combat them.

In the latest development, an Israel-hatched, Mountain View-based enterprise startup called SentinelOne — which has built a machine learning-based solution that it sells under the brand Singularity that works across the entire edge of the network to monitor and secure laptops, phones, containerised applications and the many other devices and services connected to a network — has closed $267 million in funding to continue expanding its business to meet demand, which has seen business boom this year. Its valuation is now over $3 billion.

Given the large sums the company has now raised — $430 million to date — the funding will likely be used for acquisitions (cyber is a very crowded market and will likely see some strong consolidation in the coming years), as well as more in-house development and sales and marketing. Earlier this year, CEO and founder Tomer Weingarten told me that an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he said at the time. “We have one to two years of growth left as a private company.”

SentinelOne contacted TechCrunch with the above details but said that an official press release was due only to be released at 3 p.m. U.K. time. We’ll update with more details if they’re available when they are published. In the meantime, other outlets such as Calcalist in Israel (in Hebrew) have also published these details. And it should be noted that the round was rumored for almost a month ahead of this, although the sums raised were off by quite a bit: the reports had said $150-200 million.

(Side note: Why the pointless games with timings and exclusives? Who knows — I certainly don’t. )

This round included Tiger Global, Sequoia, Insight Partners, Third Point Ventures and Qualcomm Ventures . It looks like Sequoia — which is currently building up a new European operation to look more closely at opportunities on this side of the globe — is the only new name in that list. The others have all backed SentinelOne in previous rounds.

It was only in February of this year that SentinelOne had raised $200 million at a $1.1 billion valuation.

The rapid fundraising, from a top-shelf list of firms, is a notable aspect of this story.

In the world of startups, we are firmly living in a time when investors are looking for strong opportunities to back companies that are shining in a market that is particularly challenging. COVID-19 has all but decimated the travel industry and live in-person event industry, among others.

But services that are helping people continue to live their lives, and those that are helping find a cure or at least solutions to minimise the impact, are very much in demand.

The cybersecurity market — in particular companies that are providing solutions that can immediately prove to be effective in what is an increasingly sophisticated threat landscape — is incredibly active right now, even more than it already was.

“Around 450 cybersecurity companies are operating in Israel, constituting 5% of the global cybersecurity market, in some cyber segments the two world leaders are by Israeli founders like CheckPoint and Palo Alto,” noted Avihai Michaeli, an advisor who scouts startups for corporate VCs.

Within that, endpoint security, the area where SentinelOne concentrates its efforts, is particularly strong. Last year, endpoint security solutions was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

While SentinelOne has a lot of competitors — they include Microsoft, CrowdStrike, Kaspersky, McAfee and Symantec — it is also a strong player in the market. Relying on the advances of AI and with roots in the Israeli cyberintelligence community, its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said to me this year. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

As of February, it had 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. Those numbers will have likely grown significantly since then. (We’ll update as and when we learn more.)

Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreessen Horowitz and Google. In addition, the company today officially launched its Cilium Enterprise platform (which was in stealth until now) to help enterprises connect, observe and secure their applications.

The open-source Cilium project is already seeing growing adoption, with Google choosing it for its new GKE dataplane, for example. Other users include Adobe, Capital One, Datadog and GitLab. Isovalent is following what is now the standard model for commercializing open-source projects by launching an enterprise version.

The founding team of CEO Dan Wendlandt and CTO Thomas Graf has deep experience in working on the Linux kernel and building networking products. Graf spent 15 years working on the Linux kernel and created the Cilium open-source project, while Wendlandt worked on Open vSwitch at Nicira (and then VMware).

“We saw that first wave of network intelligence be moved into software, but I think we both shared the view that the first wave was about replicating the traditional network devices in software,” Wendlandt told me. “You had IPs, you still had ports, you created virtual routers, and this and that. We both had that shared vision that the next step was to go beyond what the hardware did in software — and now, in software, you can do so much more. Thomas, with his deep insight in the Linux kernel, really saw this eBPF technology as something that was just obviously going to be groundbreaking technology, in terms of where we could take Linux networking and security.”

As Graf told me, when Docker, Kubernetes and containers, in general, become popular, what he saw was that networking companies at first were simply trying to reapply what they had already done for virtualization. “Let’s just treat containers as many as miniature VMs. That was incredibly wrong,” he said. “So we looked around, and we saw eBPF and said: this is just out there and it is perfect, how can we shape it forward?”

And while Isovalent’s focus is on cloud-native networking, the added benefit of how it uses the eBPF Linux kernel technology is that it also gains deep insights into how data flows between services and hence allows it to add advanced security features as well.

As the team noted, though, users definitely don’t need to understand or program eBPF, which is essentially the next generation of Linux kernel modules, themselves.

“I have spent my entire career in this space, and the North Star has always been to go beyond IPs + ports and build networking visibility and security at a layer that is aligned with how developers, operations and security think about their applications and data,” said Martin Casado, partner at Andreesen Horowitz (and the founder of Nicira). “Until just recently, the technology did not exist. All of that changed with Kubernetes and eBPF.  Dan and Thomas have put together the best team in the industry and given the traction around Cilium, they are well on their way to upending the world of networking yet again.”

As more companies adopt Kubernetes, they are now reaching a stage where they have the basics down but are now facing the next set of problems that come with this transition. Those, almost by default, include figuring out how to isolate workloads and get visibility into their networks — all areas where Isovalent/Cilium can help.

The team tells me its focus, now that the product is out of stealth, is about building out its go-to-market efforts and, of course, continue to build out its platform.

JumpCloud, the cloud directory service that debuted at TechCrunch Disrupt Battlefield in 2013, announced a $75 million Series E today. The round was led by BlackRock with participation from existing investor General Atlantic.

The company wasn’t willing to discuss the current valuation, but has now raised more than $166 million, according to Crunchbase data.

Changes in the way that IT works have been evolving since the company launched. Back then, most companies used Microsoft Active Directory in a Windows-centric environment. Since then, things have gotten more heterogeneous with multiple operating systems, web applications, the cloud and mobile, and that has required a different way of thinking about directory structures.

JumpCloud co-founder and CEO Rajat Bhargava says that the pandemic has only accelerated the need for his company’s kind of service as more companies move to the cloud. “Obviously now with COVID, all these changes made it much more difficult for IT to connect their users to all the resources that they needed, and to us that’s one of the most critical tasks that an IT organization has is making their team productive,” he said.

He said their idea was to build an “independent cloud directory platform that would connect people to really whatever it is they need and do that in a secure way while giving IT complete control over that access.”

The product, which includes a free tier for 10 users on 10 systems for an unlimited amount of time, has 100,000 users. Of those, Bhargava says that about 3,000 are paying.

The company has 300 employees, with plans to add 200-250 in the next year with a goal of adding 500 in the next couple of years. As he does that, Bhargava, who is South Asian, sees diversity and inclusion as an important component of the hiring process. In fact, the company tries to make sure it always has diverse candidates in the hiring pool.

“Some of the things that we’ve tried to do is make sure that every role has some diversity candidates involved in the hiring process. That’s something that our recruiting team is working on and making sure that we’re having that conversation with every single hire,” he said. He acknowledges that it’s a work in progress, and a problem across the entire tech industry that he and his company continue to try to address.

Since the pandemic, the company, which is based in Colorado, has made the decision to be remote first, and they will be hiring from across the country and across the world as they make these new hires, which could help contribute to a more diverse workforce over time.

With a $75 million investment, and having reached Series E, it’s fair to ask if the company is thinking ahead to an IPO, but Bhargava didn’t want to discuss that. “We just raised this $75 million round. There’s so much work to be done, so we’re just looking forward to that right now,” he said.

Kata containers are containers that use hardware virtualization technologies for workload isolation almost without performance penalties. Top use cases are untrusted workloads and tenant isolation (for example in a shared Kubernetes cluster). This blog post describes how to run Percona Kubernetes Operator for Percona XtraDB Cluster (PXC Operator) using Kata containers.

Prepare Your Kubernetes Cluster

Setting up Kata containers and Kubernetes is well documented in the official github repo (cri-o, containerd, Kubernetes DaemonSet). We will just cover the most important steps and pitfalls.

Virtualization Support

First of all, remember that Kata containers require hardware virtualization support from the CPU on the nodes. To check if your linux system supports it run on the node:

$ egrep ‘(vmx|svm)’ /proc/cpuinfo

VMX (Virtual Machine Extension) and SVM (Secure Virtual Machine) are Intel and AMD features that add various instructions to allow running a guest OS with full privileges, but still keeping host OS protected.

For example, on AWS only i3.metal and r5.metal instances provide VMX capability.

Containerd

Kata containers are OCI (Open Container Interface) compliant, which means that they work pretty well with CRI (Container Runtime Interface) and hence well supported by Kubernetes. To use Kata containers please make sure your Kubernetes nodes run using CRI-O or containerd runtimes.

The image below describes pretty well how Kubernetes works with Kata.

Hint: GKE or kops allows you to start your cluster with containerd out of the box and skip manual steps.

Setting Up Nodes

To run Kata containers, k8s nodes need to have kata-runtime installed and runtime configured properly. The easiest way is to use DaemonSet which installs required packages on every node and reconfigures containerd. As a first step apply the following yamls to create the DaemonSet:

$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-rbac/base/kata-rbac.yaml
$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-deploy/base/kata-deploy.yaml

DaemonSet reconfigures containerd to support multiple runtimes. It does that by changing /etc/containerd/config.toml. Please note that some tools (ex. kops) keep containerd in a separate configuration file config-kops.toml. You need to copy the configuration created by DaemonSet to the corresponding file and restart containerd.

Create runtimeClasses for Kata. RuntimeClass is a feature that allows you to pick runtime for the container during its creation. It has been available since Kubernetes 1.14 as Beta.

$ kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/k8s-1.14/kata-qemu-runtimeClass.yaml

Everything is set. Deploy test nginx pod and set the runtime:

$ cat nginx-kata.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-kata
spec:
  runtimeClassName: kata-qemu
  containers:
    - name: nginx
      image: nginx

$ kubectl apply -f nginx-kata.yaml
$ kubectl describe pod nginx-kata | grep “Container ID”
    Container ID:   containerd://3ba8d62be5ee8cd57a35081359a0c08059cf08d8a53bedef3384d18699d13111

On the node verify if Kata is used for this container through ctr tool:

# ctr --namespace k8s.io containers list | grep 3ba8d62be5ee8cd57a35081359a0c08059cf08d8a53bedef3384d18699d13111
3ba8d62be5ee8cd57a35081359a0c08059cf08d8a53bedef3384d18699d13111    sha256:f35646e83998b844c3f067e5a2cff84cdf0967627031aeda3042d78996b68d35 io.containerd.kata-qemu.v2cat 

Runtime is showing kata-qemu.v2 as requested.

The current latest stable PXC Operator version (1.6) does not support runtimeClassName. It is still possible to run Kata containers by specifying

io.kubernetes.cri.untrusted-workload

annotation. To ensure containerd supports this annotation add the following into the configuration toml file on the node:

# cat <<EOF >> /etc/containerd/config.toml
[plugins.cri.containerd.untrusted_workload_runtime]
  runtime_type = "io.containerd.kata-qemu.v2"
EOF

# systemctl restart containerd

Install the Operator

We will install the operator with regular runtime but will put the PXC cluster into Kata containers.

Create the namespace and switch the context:

$ kubectl create namespace pxc-operator
$ kubectl config set-context $(kubectl config current-context) --namespace=pxc-operator

Get the operator from github:

$ git clone -b v1.6.0 https://github.com/percona/percona-xtradb-cluster-operator

Deploy the operator into your Kubernetes cluster:

$ cd percona-xtradb-cluster-operator
$ kubectl apply -f deploy/bundle.yaml

Now let’s deploy the cluster, but before that, we need to explicitly add an annotation to PXC pods and mark them untrusted to enforce Kubernetes to use Kata containers runtime. Edit

deploy/cr.yaml

 :

pxc:
  size: 3
  image: percona/percona-xtradb-cluster:8.0.20-11.1
  …
  annotations:

      io.kubernetes.cri.untrusted-workload: "true"

Now, let’s deploy the PXC cluster:

$ kubectl apply -f deploy/cr.yaml

The cluster is up and running (using 1 node for the sake of experiment):

$ kubectl get pods
NAME                                               READY   STATUS    RESTARTS   AGE
pxc-kata-haproxy-0                                 2/2     Running   0          5m32s
pxc-kata-pxc-0                                     1/1     Running   0          8m16s
percona-xtradb-cluster-operator-749b86b678-zcnsp   1/1     Running   0          44m

In crt output you should see percona-xtradb cluster running using Kata runtime:

# ctr --namespace k8s.io containers list | grep percona-xtradb-cluster | grep kata
448a985c82ae45effd678515f6cf8e11a6dfca159c9abf05a906c7090d297cba    docker.io/percona/percona-xtradb-cluster:8.0.20-11.2 io.containerd.kata-qemu.v2

We are working on adding the support for runtimeClassName option for our operators. The support of this feature enables users to freely choose any container runtime.

Conclusions

Running databases in containers is an ongoing trend and keeping data safe is always the top priority for a business. Kata containers provide security isolation through mature and extensively tested qemu virtualization with little-to-none changes to the existing environment.

Deploy Percona XtraDB Cluster with ease in your Kubernetes cluster with our Operator and Kata containers for better isolation without performance penalties.

 

VPNs, or virtual private networks, are a mainstay of corporate network security (and also consumers trying to stream Netflix while pretending to be from other countries). VPNs create an encrypted channel between your device (a laptop or a smartphone) and a company’s servers. All of your internet traffic gets routed through the company’s IT infrastructure, and it’s almost as if you are physically located inside your company’s offices.

Despite its ubiquity though, there are significant flaws with a VPN’s architecture. Corporate networks and VPNs were designed assuming that most workers would be physically located in an office most of the time, and the exceptional device would use a VPN. As the pandemic has made abundantly clear, fewer and fewer people work in a physical office with a desktop computer attached to ethernet. That means the vast majority of devices are now outside the corporate perimeter.

Worse, VPNs can have massive performance problems. By routing all traffic through one destination, VPNs not only add latency to your internet experience, they also transmit all of your non-work traffic through your corporate servers as well. From a security perspective, VPNs also assume that once a device joins, it’s reasonably safe and secure. VPNs don’t actively check network requests to make sure that every device is only accessing the resources that it should.

Twingate is fighting directly to defeat VPNs in the workplace with an entirely new architecture that assumes zero trust, works as a mesh and can segregate work and non-work internet traffic to protect both companies and employees. In short, it may dramatically improve the way hundreds of millions of people work globally.

It’s a bold vision from an ambitious trio of founders. CEO Tony Huie spent five years at Dropbox, heading up international and new market expansion in his final role at the file-sharing juggernaut. He’s most recently been a partner at venture capital firm SignalFire . Chief Product Office Alex Marshall was a product manager at Dropbox before leading product at lab management program Quartzy. Finally, CTO Lior Rozner was most recently at Rakuten, and before that Microsoft.

The startup was founded in 2019, and is announcing today the public launch of its product, as well as its Series A funding of $17 million from WndrCo, 8VC, SignalFire and Green Bay Ventures. Dropbox’s two founders, Drew Houston and Arash Ferdowsi, also invested.

The idea for Twingate came from Huie’s experience at Dropbox, where he watched its adoption in the enterprise and saw firsthand how collaboration was changing with the rise of the cloud. “While I was there, I was still just fascinated by this notion of the changing nature of work and how organizations are going to get effectively re-architected for this new reality,” Huie said. He iterated on a variety of projects at SignalFire, eventually settling on improving corporate networks.

So what does Twingate ultimately do? For corporate IT professionals, it allows them to connect an employee’s device into the corporate network much more flexibly than a VPN. For instance, individual services or applications on a device could be set up to securely connect with different servers or data centers. So your Slack application can connect directly to Slack, your JIRA site can connect directly to JIRA’s servers, all without the typical round-trip to a central hub that a VPN requires.

That flexibility offers two main benefits. First, internet performance should be faster, since traffic is going directly where it needs to rather than bouncing through several relays between an end-user device and the server. Twingate also says that it offers “congestion” technology that can adapt its routing to changing internet conditions to actively increase performance.

More importantly, Twingate allows corporate IT staff to carefully calibrate security policies at the network layer to ensure that individual network requests make sense in context. For instance, if you are a salesperson in the field and suddenly start trying to access your company’s code server, Twingate can identify that request as highly unusual and outright block it.

“It takes this notion of edge computing and distributed computing [and] we’ve basically taken those concepts and we’ve built that into the software we run on our users’ devices,” Huie explained.

All of that customization and flexibility should be a huge win for IT staff, who get more granular controls to increase performance and safety, while also making the experience better for employees, particularly in a remote world where people in, say, Montana might be very far from an East Coast VPN server.

Twingate is designed to be easy to onboard new customers according to Huie, although that is almost certainly dependent on the diversity of end users within the corporate network and the number of services to which each user has access. Twingate integrates with popular single sign-on providers.

“Our fundamental thesis is that you have to balance usability, both for end users and admins, with bulletproof technology and security,” Huie said. With $17 million in the bank and a newly debuted product, the future is bright (and not for VPNs).

Kandji, a mobile device management (MDM) startup, launched last October. That means it was trying to build the early-stage company just as the pandemic hit earlier this year. But a company that helps manage devices remotely has been in demand in this environment, and today it announced a $21 million Series A.

Greycroft led the round, with participation from new investors Okta Ventures and B Capital Group, and existing investor First Round Capital. Today’s investment brings the total raised to $28.4 million, according to the company.

What Kandji is building is a sophisticated zero-touch device management solution to help larger companies manage their fleet of Apple devices, including keeping them in compliance with a particular set of rules. As CEO and co-founder Adam Pettit told TechCrunch at the time of his seed investment last year:

We’re the only product that has almost 200 of these one-click policy frameworks we call parameters. So an organization can go in and browse by compliance framework, or we have pre-built templates for companies that don’t necessarily have a specific compliance mandate in mind.

Monty Gray, SVP of corporate development at Okta, says Okta Ventures is investing because it sees this approach as a valuable extension of the company’s mission.

“Kandji’s device management streamlines the most common and complex tasks for Apple IT administrators and enables distributed workforces to get up and running quickly and securely,” he said in a statement.

It seems to be working. Since the company’s launch last year it reports it has gained hundreds of new paying customers and grown from 10 employees at launch to 40 today. Pettit says that he has plans to triple that number in the next 12 months. As he builds the company, he says finding and hiring a diverse pool of candidates is an important goal.

“There are ways to extend out into different candidate pools so that you’re not just looking at the same old candidates that you normally would. There are certain ways to reduce bias in the hiring process. So again, I think we look at this as absolutely critical, and we’re excited to build a really diverse company over the next several years,” he said.

He notes that the investment will not only enable him to build the employee base, but also expand the product too, and in the past year, it has already taken it from basic MDM into compliance, and there are new features coming as they continue to grow the product.

“If someone saw our product a year ago, it’s a very different product today, and it’s allowed us to move up market into the enterprise, which has been very exciting for us,” he said.