BabbleLabs uses advanced AI (Artificial Intelligence) techniques to distinguish human speech from unwanted noise, enhancing the quality of communications and conferencing applications.Read full Article
JFrog Ltd. on Monday filed plans to raise $100 million in an IPO, joining five other Bay Area companies who made similar filings since Friday.Read full Article
CloudKnox Security, a cybersecurity startup that helps companies protect their private and public clouds from insider threats and poor security hygiene, has raised $12 million in a round of funding led by Sorenson Ventures, with participation from Dell Technologies Capital, ClearSky Security, and Foundation Capital.
The threats posed by external adversaries are well documented, thanks to countless high-profile cyberattacks, but risks from insiders — including employees and temporary contractors — are also thought to be on the rise. According to a 2018 report from the Ponemon Institute, the number of security incidents relating to careless workers grew from 10.5% to 13.4% between 2016 and 2018. Similarly, Verizon’s 2019 Data Breach Investigations report noted that 34% of all breaches in 2018 were caused by insiders — up from 28% the previous year.
A number of high-profile “insider” breaches have been revealed in recent years, including at Tesla, which has sued former employees for stealing the carmaker’s confidential information and passing it on to third parties. Uber and Alphabet’s Waymo have also locked horns over stolen trade secrets. As these incidents highlight, insider threats aren’t just about employees inadvertently opening systems to exploits from third parties, they can also be the result of deliberate and malicious data leaks or intellectual property (IP) theft.
Founded in 2015, Sunnyvale, California-based CloudKnox sets about protecting companies by monitoring and enforcing “least privilege” policies in cloud environments. The principles behind least privilege stipulate that users only be allowed to access the information and systems they need to perform their job. Someone whose role is to enter data into a database doesn’t receive root access to a company’s systems, for example, so if their account is compromised by a malicious third party, damage is limited.
CloudKnox adopts a recently patented “activity-based access control” approach that makes it easier for enterprises to fine-tune permissions across their hybrid or cloud infrastructure. This effectively enforces restrictions for who can and can’t delete data, for example, and allows companies to introduce a “privilege-on-demand” system that grants access to certain powers for a predetermined period of time. This averts the classic security slip of granting someone system access to carry out a single task and then forgetting to revoke that access afterward.
CloudKnox also enables auto-remediation for machine-based identities (e.g. service accounts that carry out repetitive tasks automatically) so that all unused privileges can be automatically revoked on a regular basis. In the event that such accounts are compromised, damage is limited to whatever smaller subset of privileges the accounts had been granted.
Keeping tabs on who has access to which systems can be difficult, particularly in complex cloud environments spanning different platforms, with personnel coming and going and new services and machines being added to the mix. CloudKnox promises to help address insider threats (malicious or otherwise) by continuously monitoring for “over-privileged” machine and human users.
CloudKnox had previously raised around $11 million, and with another $12 million in the bank it plans to “accelerate” its product development and and go-to-market (GTM) strategy.
“We’ve seen exceptional growth from customers and prospects looking to address the No. 1 risk in their cloud infrastructure,” said CloudKnox CEO and cofounder Balaji Parimi. “This positioned us to preemptively secure another round of funding to leverage strong market adoption and accelerate our customer expansion.”
Other companies are setting out to help clients safeguard their systems from breaches caused by insiders. French startup GitGuardian recently closed a $12 million funding round to help companies find sensitive data accidentally included in GitHub code repositories. This includes database login credentials, API keys, cryptographic keys, or anything that could be used by unauthorized third parties to access a system (e.g. a cloud or database).
More broadly, the global cloud security software market will reportedly hit nearly $36 billion by 2024, up from $28 billion in 2018. The trend of companies migrating to the cloud is creating a more fertile landscape for large-scale data breaches.
“CloudKnox’s vision is compelling: Enable security teams to proactively measure and mitigate the greatest risk from operating in the cloud,” said Home Depot’s chief information security office, Stephen Ward, who joins CloudKnox’s board. “It does so by delivering continuous detection and remediation of over-privileged identities while helping to understand and report on their cloud risk posture.”
Equinix has a set of data centers and co-location facilities around the world. Companies that may want to have more control over their hardware could use their services, including space, power and cooling systems, instead of running their own data centers.
Equinix is getting a unique cloud infrastructure vendor in Packet, one that can provide more customized kinds of hardware configurations than you can get from the mainstream infrastructure vendors like AWS and Azure. Company COO George Karidis described what separated his company from the pack in a September, 2018 TechCrunch article:
“We offer the most diverse hardware options,” he said. That means they could get servers equipped with Intel, ARM, AMD or with specific nVidia GPUs in whatever configurations they want. By contrast public cloud providers tend to offer a more off-the-shelf approach. It’s cheap and abundant, but you have to take what they offer, and that doesn’t always work for every customer.
In a blog post announcing the deal, company co-founder and CEO Zachary Smith had a message for his customers, who may be worried about the change in ownership. “When the transaction closes later this quarter, Packet will continue operating as before: same team, same platform, same vision,” he wrote.
He also offered the standard value story for a deal like this, saying the company could scale much faster under Equinix than it could on its own, with access to its new company’s massive resources, including 200+ data centers in 55 markets and 1,800 networks.
Sara Baack, chief product officer at Equinix, says bringing the two companies together will provide a diverse set of bare metal options for customers moving forward. “Our combined strengths will further empower companies to be everywhere they need to be, to interconnect everyone and integrate everything that matters to their business,” she said in a statement.
While the companies did not share the purchase price, they did hint that they would have more details on the transaction after it closes, which is expected in the first quarter this year.
Mastercard announced today that it is acquiring RiskRecon, a Salt Lake City startup that uses publicly available data to build security assessments of organizations. The companies did not share the purchase price.
It has become increasingly important for financial services companies like Mastercard to help customers navigate cybersecurity, and RiskRecon will give customers an objective score of a company’s risk profile.
“Through a powerful combination of AI and data-driven advanced technology, RiskRecon offers an exciting opportunity to complement our existing strategy and technology to secure the cyber space,” Ajay Bhalla, president of cyber and intelligence for Mastercard, said in a statement.
RiskRecon CEO Kelly White told TechCrunch in a 2016 interview after the company’s $3 million seed round that the company looks at information that is readily available on the internet and puts it together to measure a company’s overall security risk:
RiskRecon leverages information that is available on the web from companies operating there as part of the act of doing business. “If you stand up web servers and DNS servers, these are intentionally discoverable because they are providing services on the internet. Systems reveal the software being run and version information from which you can determine security performance.”
White sees joining Mastercard as an opportunity to be a part of a larger organization and all that that entails. “By becoming part of their team, we have an opportunity to scale our solution and help companies in new industries and geographies take steps to better manage their cybersecurity risk,” he said in a statement.
RiskRecon launched in 2015 and has raised $40 million, according to Crunchbase data. Investors included Accel, Dell Technologies Capital, General Catalyst and F-Prime Capital.
It’s worth noting that the company was not alone in the space, competing with New York City-based SecurityScoreCard, which launched in 2013 and has raised over $112 million, according to Crunchbase. The last investment came in June for $50 million.
Today’s deal is subject to standard regulatory approval, but is expected to close in the first quarter in 2020.
Sumo Logic, a mature security event management startup with a valuation over $1 billion, announced today that it has acquired JASK, a security operations startup that raised almost $40 million. The companies did not share the terms of the deal.
Sumo’s CEO Ramin Sayar says the combined companies give customers a complete security solution. Sumo offers what’s known in industry parlance as a security information and event management (SIEM) tool, while JASK provides a security operations center or SOC (pronounced “sock“). Both are focused on securing workloads in a cloud native environment and can work in tandem.
Sayar says that as companies shift workloads to the cloud they need to reevaluate their security tools. “The interesting thing about the market today is that the traditional enterprises are much more aggressively taking a security-first posture as they start to plan for new workloads in the cloud, let alone workloads that they are migrating. Part of that requires them to evaluate their tools, teams and, more importantly, a lot of their processes that they’ve built in and around their legacy systems as well as their SOC,” he said.
He says that combining the two organizations helps customers moving to the cloud automate a lot of their security requirements, something that’s increasingly important due to the lack of highly skilled security personnel. That means the more that software can do, the better.
“We see a lot of dysfunction in the marketplace and the whole movement towards automation really complements and supplements the gap that we have in the workforce, particularly in terms of security folks. This is what JASK has been trying to do for four-plus years, and it’s what Sumo has been trying to do for nearly 10 years in terms of using various algorithms and machine learning techniques to suppress a lot of false alerts, triage the process and help drive efficiency and more automation,” he said.
JASK CEO and co-founder Greg Martin says the shift to the cloud has also precipitated two major changes in the security space that have driven this growing need for security automation. “The perimeter is disappearing and that fundamentally changes how we have to perform cybersecurity. The second is that the footprint of threats and data are so large now that security operations is no longer a human scalable problem,” he said. Echoing Sayar, he says that requires a much higher level of automation.
JASK was founded in 2015, raising $39 million, according to Crunchbase data. Investors included Battery Ventures, Dell Technologies Capital, TenEleven Ventures and Kleiner Perkins. Its last round was a $25 million Series B led by Kleiner in June 2018.
Deepak Jeevankumar, managing director at Dell Technologies Capital, whose company was part of JASK’s Series A investment and who invests frequently in security startups, sees the two companies joining forces as a strong combination.
“Sumo Logic and JASK have the same mission to disrupt today’s security industry, which suffers from legacy security tools, siloed teams and alert fatigue. Both companies are pioneers in cloud-native security and share the same maniacal customer focus. Sumo Logic is therefore a great culture and product fit for JASK to continue its journey,” Jeevankumer told TechCrunch.
Sumo has raised $345 million, according to the company. It was valued at over $1 billion in its most recent funding round last May, when it raised $110 million.
CRN first reported this deal was in the works in an article on October 22.