IT  Articles -  H  2020  1  2  3  4  5  6  7   IT  List -  H  2021  2020  2019  2018  1 


CompuCom Cyber-Attack Costs Could Reach $28M
30.3.2021 
IT  Securityweek

The financial impact from a March 1 cyber-attack on CompuCom, a wholly-owned subsidiary of ODP Corporation, is expected to reach the $28 million range, the company said.

Following the incident, which resulted in some of the managed services provider’s systems being infected with malware, customer services and internal operations were suspended, but ODP now says that significant progress was made in restoring services.

Although no technical details on the incident were revealed, ODP claims that “the down time experienced and related impact due to the malware incident” will impact the revenue for March, with the financial results for the first fiscal quarter of 2021 likely impacted.

Thus, ODP estimates the loss of revenue to be between $5.0 million and $8.0 million, mainly the result of temporarily suspending services to certain customers.

Furthermore, the company expects expenses of up to $20 million associated with the incident, with approximately $10 million to be accrued during the first quarter of 2021.

These expenses, ODP says, are related to service restoration efforts and to addressing “certain other matters resulting from the incident.” Some of these expects might be covered by insurance, the company adds.

While delivery capabilities were substantially restored by March 17, the service delivery for all customers is only expected to be restored by the end of March 2021. CompuCom also took steps to harden the security of its systems.

ODP will provide further information on its first quarter financial performance during its first quarter earnings call, currently scheduled for May 5, 2021.


Endpoint Security Provider Morphisec Bags $31 Million Investment
27.3.2021 
IT  Securityweek

Endpoint security provider Morphisec on Thursday announced that it has raised $31 million in a new funding round led by JVP, with participation from existing investors, such as Orange and Deutsche Telekom Capital Partners.

Founded in 2014, the Israeli cyber-security company claims to have its solutions deployed on more than 7 million endpoints, leveraging automation to keep them safe from a wide range of attacks.

The new investment, the company says, will support aggressive hiring of talent, meant to significantly increase the company’s teams in both the United States and Israel.

Morphisec also announced that Steve Bennett, former Symantec and Intuit CEO, is joining its board of directors, effective immediately.

The cyber-security company claims to be able to help organizations defend against sophisticated attacks without the need of dedicated security teams, by protecting workstations, servers, VDIs, virtual machines, and cloud assets.

Morphisec’s suite of security solutions use moving target defense technology and adopt a prevention-first zero trust approach to defending assets, automatically stopping attacks, instead of reacting to them, the company claims.

“With this new investment, we will further our commitment to bring organizations of all sizes threat prevention that stops advanced attacks in their tracks before the breach and costly damage,” Morphisec CEO Ronen Yehoshua commented.


Feedzai Lands $200M in Series C Funding
26.3.2021
IT  Securityweek

Feedzai, a late-stage fintech startup, is the latest entrant into cybersecurity’s unicorn club after snagging a new $200 million funding round that values the company at more than $1 billion.

The San Mateo, Calif.- based Feedzai said the latest Series D round was led by KKR, one of the most prominent global investment firms. Existing investors Sapphire Ventures and Citi Ventures also participated.

KKR said the Feedzai investment was made through its Next Generation Technology Growth Fund II, a fund dedicated to growth equity investment opportunities in the technology space.

Feedzai sells a cloud-based financial risk management platform that combines AI/ML-based tools to help banks and other financial services firm to fight against online fraud.

The company said new money comes amidst rising demand for anti-fraud tools and capabilities. Feedzai says it monitors companies with more than 800 million customers in 190 countries, as well as four of the five largest banks in North America.

Feedzai joins a growing list of cybersecurity companies boasting billion-dollar valuations after banking new funding. The list includes ID.me, Orca Security, Aqua, Axonius, BigID, Coalition, Forter, Lacework, OwnBackup, Socure, Venafi and Wiz.


ID.me Snags $100M in Series C Funding
24.3.2021
IT  Securityweek

Digital identity network play ID.me, Inc. has joined the growing list of cybersecurity unicorns after banking a new $100 million funding round that values the company at $1.5 billion.

The Series C round was led by Viking Global Investors and included Counterpoint Global (Morgan Stanley), PSP Growth, Lead Edge Capital, CapitalG, WndrCo, Willoughby Capital, BoxGroup and Moonshots Capital.

ID.me, based in McLean, Va., said it will use the new money to build out its secure digital identity network by hiring top talent and expanding the number of businesses and government agencies it serves.

The company claims it has more than 39 million members with more than 70,000 new users signing-up every day to its secure digital identity network. ID.me’s service is free to consumers while business customers pay ID.me for trust and to streamline workflows.

ID.me provides tech that simplifies how individuals prove and share their identity online, including tools to handle identity proofing, authentication and group affiliation verification for organizations across sectors.

ID.me is the 12th cybersecurity company to achieve unicorn status in the past four months. The list also includes Orca Security, Aqua, Axonius, BigID, Coalition, Forter, Lacework, OwnBackup, Socure, Venafi and Wiz.


Identity Verification Provider Jumio Snags $150M Investment
24.3.2021
IT  Securityweek

Identity verification provider Jumio today announced a new $150 million investment round from private equity firm Great Hill Partners.

Founded in 2016 and based in Palo Alto, Calif. Jumio is a global company that also has offices in Asia, Europe, and Latin America. The company provides services to organizations in sectors such as financial services, digital currency, online gaming, retail, sharing economy, and travel.

Through its end-to-end identity verification and eKYC platform Jumio KYX Platform, the company delivers identity proofing services that help organizations protect their ecosystems. Jumio claims to have verified over 300 million identities in more than 200 countries and territories.

The new infusion of cash, the company says, will help it accelerate market presence through investing in automating identity verification solutions and expanding the KYX Platform and adding more AML compliance services to it.

Jumio also notes that in 2020 it achieved record revenues, in the context of launching the KYX Platform and acquiring the AML platform from Beam Solutions (both events happened in September).

In addition to the investment round, Jumio announced that Nick Cayer and Matt Vettel from Great Hill Partners are joining its Board of Directors, which includes members from Centana Growth Partners and Millennium Technology Value Partners.

“Jumio’s innovations helped establish the identity verification market, and the need to establish someone’s digital identity remotely has never been greater. Nick, Matt and the Great Hill team bring tremendous expertise and a strong track record of innovation and strategic leadership, so we are excited to partner with them as we continue to scale,” Jumio CEO Robert Prigge commented.


Cloud Security Company Orca Raises $210 Million at $1.2 Billion Valuation
24.3.2021
IT  Securityweek

Cloud security firm Orca has achieved “unicorn” status after raising $210 million in a Series C funding round that values the company at $1.2 billion.

The latest funding, which brings the total raised by Orca to nearly $300 million, was led by CapitalG, the independent growth fund of Google’s parent company Alphabet, and Redpoint Ventures. GGV Capital, ICONIQ Growth and Silicon Valley CISO Investments (SVCI) also participated.

Orca Security becomes unicorn

Orca says it plans on using the money to fuel its growth. By the end of the year, the company wants to expand with offices in Europe and Australia, and to significantly increase its sales and R&D teams. Orcla claims that last year it recorded year-over-year growth of more than 1,000 percent.

The company has developed a cloud security platform designed to help organizations identify security and compliance issues. Its agentless SideScanning technology reads cloud configuration metadata and workload runtime block storage in an effort to identify potential vulnerabilities, misconfigurations, malware, password-related issues, weaknesses that can be exploited for lateral movement, and unprotected personal information.

At least a dozen cybersecurity companies achieved unicorn status in the past four months. The list includes Aqua, Axonius, BigID, Coalition, Forter, ID.me, Lacework, OwnBackup, Socure, Venafi and Wiz.


Identity Verification Company Socure Raises $100 Million at $1.3 Billion Valuation
19.3.2021
IT  Securityweek

Digital identity verification firm Socure this week announced raising $100 million in a Series D funding round.

The round, which brings the total invested into the company to $196 million, was led by Accel, with participation from Commerce Ventures, Scale Venture Partners, Flint Capital, Citi Ventures, Wells Fargo Strategic Capital, Synchrony, Sorenson, and Two Sigma Ventures, among others.

Socure says it will use the money to support its expansion and accelerate product development.

“The COVID-19 year accelerated our global shift to a digital-first economy and with that came security challenges,” said Amit Jhawar, Partner at Accel. “The Socure team accurately predicted the immediate need for identity verification solutions in industries like banking and fintech, and we’re excited by the tremendous opportunity as Socure expands to support new industries.”

Following this funding round, the company has been valued at $1.3 billion, which technically makes it a so-called “unicorn.”

The term “unicorn” was originally assigned to companies that had a valuation of over $1 billion because they were so rare. However, in the past four months alone, at least nine security companies (Aqua, Axonius, BigID, Coalition, Forter, Lacework, OwnBackup, Venafi, Wiz) announced valuations exceeding $1 billion, which means unicorns are not that rare anymore.

Socure provides a predictive analytics platform that leverages AI, machine learning and data intelligence to verify identities in real time. The solution is designed to help organizations detect identity fraud risk, eliminate synthetic identity fraud, meet compliance requirements, and perform risk-based document verification.

The company claims to have more than 350 customers in the financial services, telecom, gaming and e-commerce sectors.


Vulnerability Management Firm Vulcan Cyber Raises $21 Million
18.3.2021
IT  Securityweek

Vulnerability remediation orchestration provider Vulcan Cyber today announced that it has raised $21 million in Series B funding. To date, the company has raised $35 million.

Led by Dawn Capital, the founding round also received participation from Wipro Ventures and existing investors YL Ventures and Ten Eleven Ventures.

The new funding, Vulcan Cyber says, will help it expand its platform with new vulnerability remediation solutions for both cloud and applications, as well as meet demand for its SaaS solution.

Furthermore, the company will use the new injection of cash to deliver Vulcan Free, a risk-based vulnerability management (RBVM) platform that allows organizations to prioritize vulnerability and cyber risks for free.

The funding round will also allow Vulcan Cyber to invest in Remedy Cloud, a free database of vulnerability intelligence, as well as to enhance direct sales.

Founded in 2018 and headquartered in Tel Aviv, Israel, Vulcan Cyber provides enterprises with means to identify and manage vulnerabilities in their code and software stack.

Vulcan Cyber’s risk-based platform has been designed with support for cloud, IT, and application security. The platform helps security teams with every step of the vulnerability management process, from scan to patching, at scale.

“The launch of Vulcan Free underscores the Vulcan Cyber philosophy that vulnerability prioritization is not an end goal, but simply one element in proper remediation. Vulcan Free changes decades-old market dynamics that traditionally focus on vulnerability identification only instead of focusing on driving remediation outcomes,” Vulcan Cyber CEO and co-founder Yaniv Bar-Dayan commented.


Cyber Insurance Company Coalition Raises $175 Million at $1.75 Billion Valuation
18.3.2021
IT  Securityweek

San Francisco-based cyber insurance and security company Coalition has achieved unicorn status after raising $175 million at a $1.75 billion valuation.

The funding round, announced on Wednesday, was led by Index Ventures, with participation from General Atlantic and all previous investors. The company said it plans on using the money to expand its product offering and for its international expansion.

The latest funding round brings the total raised by Coalition to more than $300 million. In the previous round, announced in May 2020, the company secured $90 million at a valuation of nearly $900 million.

Coalition claims to have grown significantly and it now serves more than 42,000 customers.

In addition to insurance, the company offers customers a wide range of cybersecurity products and services, including credential monitoring, security awareness training, endpoint detection and response, patch management, threat monitoring, DDoS mitigation, and risk assessment.

Coalition is not the only cyber insurance firm to announce raising a significant amount of money this month. Cowbell raised $20 million in Series A funding and Corvus raised $100 million in Series C funding.


HD Moore Banks $5M Funding for Rumble Asset Management Startup
17.3.2021
IT  Securityweek

Network and asset discovery provider Rumble this week announced that it has raised $5 million in VC funding. The round was led by Jon Sakoda and Dan Nguyen-Huu at Cisco-backed Decibel Partners.

The round also saw participation from Duo Security co-founder and CTO Jon Oberheide, Demisto (acquired by Palo Alto Networks) founders Slavik Markovich and Rishi Bhargava, Phantom Cyber (acquired by Splunk) founder and CEO Oliver Friedrichs, Thinkst Canary founder Haroon Meer, and StoneMill Ventures founder Michael Sutton.

Founded by H.D. Moore, who is best known for creating Metasploit and who also started Rapid7’s Project Sonar, Rumble officially launched in October 2019, after a six-month beta period. At the end of 2020, the company had over 100 paying customers.

The Rumble platform has been designed to inventory IT and OT environments to help with attack surface reduction and incident response.

Rumble’s Explorer scanner was designed to identify outdated and orphaned devices and rogue RDP ports, as well as for the discovery of public-private network bridges, thus increasing security teams’ visibility into enterprise environments.

The new funds, Rumble says, will help it expand the enterprise capabilities of its platform and also accelerate its go-to-market engine.

The funding round was accompanied by Rumble’s 2.0 release, which features ServiceNow ITOM CMDB integration, new discovery modes to identify active subnets and hosts, automated monitoring, expanded API capabilities, and more.

“Most security teams have been trying to get asset inventory data from solutions that weren’t designed for it, such as vulnerability scanners and EDR agents. These solutions weren’t created with that goal in mind, so the data is often spotty, either because it doesn’t properly identify the device or misses it altogether,” HD Moore commented.


Recorded Future Buys Fraud Analytics Startup Gemini Advisory
17.3.2021
IT  Securityweek

Threat Intelligence Firm Recorded Future Buys Company Started by Former Employee in $52 Million Deal

Threat intelligence data broker Recorded Future has acquired fraud analytics startup Gemini Advisory as part of a strategic push to expand into the financial services and payment processing markets.

The cash and stock deal is valued at $52 million and comes less than a year after Recorded Future was itself acquired in a $780 million transaction.

Recorded Future expects the Gemini Advisory deal to provide tools and expertise to sell the “most comprehensive intelligence platform” with “the visibility to act at the speed of the adversary to mitigate cyber risk and fraud.”

Upon acquisition, Gemini Advisory will operate as an independent business unit inside of Recorded Future.

Gemini Advisory is the brainchild of former FBI consultant Andrei Barysevi, who left Recorded Future three years ago to create the new company.

"In a short time, Gemini Advisory has become a leader in the fraud space with unique offerings in both payment card intelligence and merchant fraud intelligence," said Recorded Future CEO Christopher Ahlberg.

"As we continue to execute on our mission to deliver a modular intelligence platform, joining forces with Gemini Advisory expands the value we deliver for customers across enterprise security and fraud,” he added.

Recorded Future itself was acquired by private equity firm Insight Partners for $780 million in a cash deal announced in May 2019.


Authentication Provider LoginID Raises $6 Million in Seed Funding
17.3.2021
IT  Securityweek

FIDO-certified multi-factor authentication provider LoginID this week announced that it raised $6 million in seed funding.

Founded in 2019 and based in San Mateo, California, LoginID provides identity protection and control over personal information, helping companies add FIDO-certified biometrics to websites and applications, including ecommerce and banking sites.

According to LoginID, its APIs and SDKs enable enterprises to integrate FIDO-certified authentication within minutes. LoginID recently received FIDO UAF 1.1 server certification, and is also iOS and Android certified.

LoginID says it plans to use the infusion of cash to accelerate adoption of passwordless authentication.

The seed funding round was led by fintech entrepreneurs Damien Balsan (LoopPay and Mobeewave), Fabrice Grinda from FJ Labs (Zingy), George Wallner (Hypercom, LoopPay), Will Wang Graylin (Roam, LoopPay, OVLoop, Indigo), and also saw participation from Asli RI, one of the largest KYC providers in Indonesia, and Leonis Investment.

“FJ Labs invests in powerful, big ideas that scale,” said FJ Labs’ Grinda. “I was struck by the simplicity of LoginIDs integration capability, for what can typically be a complex, laborious process. The market potential for deploying a fully certified FIDO API in the financial industry and its potential to disrupt current non-compliant authentication is significant.”


Software Development Security Firm Argon Emerges From Stealth Mode
17.3.2021
IT  Securityweek

Argon, an Israel-based company that provides solutions for securing the software development process, on Tuesday announced emerging from stealth mode.

The company has developed a solution that provides visibility, security and integrity capabilities to help DevOps and security teams ensure that their development environment has not been compromised.

Argon says its product enables organizations to secure their continuous integration/continuous delivery (CI/CD) pipeline by mapping tools, assets and user activity to provide visibility into their entire DevOps process and ensure that code has not been tampered with. The solution can be integrated with many popular software development tools.

The platform continuously monitors the customer’s environment to identify security risks, anomalies and misconfigurations. Identified issues are prioritized and remediation is automated in accordance with compliance rules and best practices.

The startup has raised more than $4 million in seed funding from Hyperwise Ventures and several cybersecurity angel investors.

“The way companies release software has evolved from a manual, controlled and timed process to one that is fully automated, distributed and complex,” said Eylam Milner, CTO of Argon. “Vendors deploy new code on a daily basis, and it’s irrational for them to expect their DevOps and security teams to protect their release pipelines without a dedicated solution.”


Pathlock Raises $20 Million to Grow Data Access Control Platform
15.3.2021
IT  Securityweek

Application data security provider Pathlock this week announced that it has raised $20 million in strategic funding led by Vertica Capital Partners.

The funding round was announced in conjunction with a rebranding from Greenlight Technologies to Pathlock.

Founded in 2004, Flemington, NJ-based Pathlock plans to use the new injection of cash to accelerate development of its automated application governance solution and enhance its insider threat prevention capabilities.

Pathlock LogPathlock’s orchestration platform can provide real-time data protection to more than 140 on-premise and cloud applications, including SAP, Oracle, Salesforce, NetSuite, Workday, and others. Security and privacy controls include conditional access, including user provisioning and temporary elevation, ongoing User Access Reviews, internal control testing, transaction monitoring, and audit preparation.

“Unlike traditional risk, audit, and security systems, Pathlock continuously monitors and synthesizes transactions across all enterprise applications where sensitive activities and data are concentrated,” the company explains. “It surfaces actual violations, not theoretical possibilities. With Pathlock as the hub, all lines of defense work together to make informed decisions.”


Cyber Insurance Firm Cowbell Raises $20 Million
13.3.2021
IT  Securityweek

California-based cyber insurance firm Cowbell Cyber this week announced raising $20 million in a Series A funding round.

The company previously raised $3.3 million in seed funding, which it announced in September 2019 when it emerged from stealth mode.

The Series A round was led by Brewer Lane Ventures, with participation from Pivot Investment Partners, Avanta Ventures, Markel Corporation, ManchesterStory, Tri-Valley Ventures, and Holmes Murphy. The money will be used to increase Cowbell’s footprint and to boost product development, risk engineering, sales, and marketing.

Cowbell did not disclose a valuation for the latest funding round. However, sources close to the company put the valuation close to $100 million.

Cowbell, which offers its services to businesses with a revenue of up to $1 billion, describes itself as the first cyber insurance provider to use AI for risk selection and pricing.

The company claims to have a network of over 4,500 agents and brokers, and a risk pool of 10 million monitored organizations.

“Cybersecurity is now a risk management issue that is critical to the future of the insurance industry and is evolving at a pace that insurers have rarely seen,” said Jack Kudale, founder and CEO of Cowbell Cyber. “Cowbell Cyber has capitalized on businesses’ accelerated digitization and an ever-changing threat landscape. Cowbell embraces AI and machine learning to gain efficiency and accuracy when assessing and underwriting cyber risk while focusing on the fundamental needs of our policyholders: keeping their businesses protected from evolving cyber threats.”

Also this week, cyber insurance provider Corvus announced raising $100 million in a Series C funding round, bringing the total investment obtained by the firm to $147 million.


Data Privacy Management Firm DataGrail Raises $30 Million
12.3.2021
IT  Securityweek

California-based data privacy management company DataGrail this week announced that it raised $30 million in a Series B funding round.

The company previously raised $5.2 million in a Series A round in 2019. The latest funding round was led by Felicis Ventures, with participation from HubSpot, Okta, Next47 (venture firm backed by Siemens), Basis Set Ventures, Operator Collective, and previous investors.

DataGrail provides a platform designed to help organizations simplify, automate and scale their privacy programs. The platform, which automates data subject requests, is powered by a live data map that enables customers to know exactly where data lives on their systems, with any changes being automatically reflected.

DataGrail provides integration with more than 900 apps and infrastructure, and integrations are maintained by the company itself.

The company says its services are used by millions of consumers through firms such as Overstock, RH, Databricks and Outreach.

“Privacy laws, like CCPA and GDPR, give people the right to have their data deleted, or refuse its sale, but modern organizations are ill-prepared for the Privacy Era,” said Daniel Barber, CEO and co-founder of DataGrail. “To combat the massive privacy challenges businesses face today, we've built a platform that makes it remarkably easy to untangle what's become a spider web of data across the entire tech stack. DataGrail elegantly solves this near-impossible task for organizations that want to do right by their customers.”


Data Security and Governance Provider Privacera Raises $50 Million
12.3.2021
IT  Securityweek

Cloud data governance and security solutions provider Privacera this week announced that it has closed a $50 million Series B funding round, roughly half a year after raising $13.5 million in a Series A round.

Founded in 2016 by the creators of Apache Ranger, Privacera plans to use the new funds to accelerate its go-to-market strategy and extend its portfolio to support multiple cloud services.

The funding round was led by Insight Partners, but also saw participation from Battery Ventures, Sapphire Ventures, Accel, Cervin, and Point 72.

The new infusion of cash, the company says, will be used to extend investment in Privacera’s unified system for data governance and privacy across cloud services, such as Databricks and Snowflake.

The company says it registered a 2.5X ARR growth last year, which it claims was accompanied by an “explosive” increase in customer base.

Privacera provides a SaaS-based data security and governance platform that can automatically identify sensitive data, and offers unified access control and encryption across cloud services such as AWS, Azure, Google Cloud, Databricks, and Snowflake.

“Having pioneered the industry's first SaaS-based data governance and security solution capable of integrating privacy and compliance across multiple cloud services, we help organizations use data effectively and responsibly, so they remain compliant with an ever-growing number of regulations,” Privacera CEO Balaji Ganesan commented.


XDR Firm Cynet Raises $40 Million Series C Funding
12.3.2021
IT  Securityweek

Venture funding continues to flow this week, with extended detection and response (XDR) firm Cynet adding $40 million to its coffers via a Series C funding round led by Greenfield Partners.

Cynet

Founded in 2015, Cynet offers an autonomous XDR platform designed to help organizations of all sizes detect threats and respond to incidents by automating monitoring, attack prevention and detection, and response orchestration capabilities. Dubbed Cynet 360, the platform leverages sensors that continuously collect and analyze endpoint, file, user, and network activity across the customer’s entire environment.

According to the company, the added funding will be used to support growth and maintain its expansion in the North American and European markets.

Cynet previously raised $13 million in a Series B funding round in June 2018, and $18 million in a Series B+ round in June 2020.

Cynet’s platform is backed by a 24/7 Managed Detection and Response (MDR) service that is included for all clients at no extra cost, an attractive proposition for smaller security teams.

The Series C funding round also had participation from existing investors Norwest Venture Partners, Vintage Investment Partners, BlueRed Partners and Deutsche Telekom.


Tausight Raises $20M to Protect Healthcare Data
12.3.2021
IT  Securityweek

Patient data protection provider Tausight this week announced that it has raised $20 million in Series A funding.

The new funding, Tausight says, will help expand the go-to-market team and invest in a healthcare-specific solution designed to identify security flaws in clinical workflows.

The new funding round was co-led by existing investors Polaris Partners and Flare Capital Partners. New investor .406 Ventures also participated.

Founded in 2018 and based in Boston, Mass., Tausight aims to help organizations ensure the confidentiality, integrity, and availability of patients’ protected health information (PHI).

Tausight's offerings help healthcare provider CIOs, CISOs, and IT organizations understand the risk associated with the manner in which PHI is used, and help them secure access to clinical workflows and PHI.

“Existing cybersecurity solutions address critical aspects of securing the healthcare IT system but are not adequately addressing hidden vulnerabilities found in clinical workflows – Tausight was created to close this gap and solve this vital problem,” Tausight CEO Dave Dickinson said.


Developer Security Firm Snyk Raises $300 Million at $4.7 Billion Valuation
11.3.2021
IT  Securityweek

Boston-based developer security firm Snyk on Wednesday announced that it has raised $300 million in a Series E funding round that values the company at $4.7 billion.

The funding round includes primary and secondary offerings — $175 million represents new capital for the business. The money will be used to meet the growing global demand for its cloud native application security platform, the company said.

The latest funding round was co-led by Tiger Global and Accel, with participation from Addition, Boldstart Ventures, Canaan Partners, Coatue, GV (formerly Google Ventures), Salesforce Ventures, Stripes, Alkeon, Atlassian Ventures, Franklin Templeton, Geodesic Capital, Sands Capital Ventures and Temasek.

Snyk became a cybersecurity unicorn in January 2020, when it announced raising $150 million in Series C financing. Later, in September, it announced raising another $200 million in a Series D funding round.

The total amount Snyk has raised to date from its venture capital and investment partners is $470 million. The company told SecurityWeek that previously announced amounts included both primary and secondary investment, but in the latest round it decided to be more clear about new investment into the business. In the Series D round, for instance, $155 million represented secondary investment.

Snyk provides solutions that help organizations find and fix security issues in open source software, container images, Kubernetes applications, and infrastructure. It claims that its solutions have been used by more than 2.2 million developers.

The company on Wednesday also announced expanding its executive team and naming two new members to its board of directors.

“Our relentless focus on the experience of the 2.2 million developers building applications of all kinds securely with Snyk has resulted in our success to date, and we believe there is an exponential, generational opportunity still in front of us,” said Peter McKay, CEO of Snyk. “This latest investment allows us to accelerate our growth at every level - doubling down on our successful product led growth strategy, adding to our customer roster, recruiting talent to our team worldwide and expanding geographically.”


Cyber Insurance Provider Corvus Raises $100 Million
11.3.2021
IT  Securityweek

Cyber insurance provider Corvus on Wednesday announced that it has raised $100 million in a Series C funding round. To date, the company has raised a total of $147 million.

Founded in 2017 and headquartered in Boston, MA, Corvus relies on artificial intelligence for data analysis and for loss prediction and prevention.

The company has a broker-focused approach to cyber-insurance and claims to be able to fully meet the needs of brokers, policyholders, underwriters and reinsurers.

Following a $33 million Series B round closed in January 2020, Corvus says it has tripled the number of employees and reached a $120 million annual premium run rate at the end of January 2021.

Led by private equity firm Insight Partners, the new funding round brings Corvus’s valuation up to $750 million.

The new funding, the company says, will help it accelerate product development, underwriting, and go-to-market strategies, while allowing it to expand its Crowbar digital platform. Corvus also plans to focus on the delivery of advanced broker-focused solutions and on further expanding its team.

“During these times of unprecedented cyber-attacks, we are arming brokers and their policyholders with the most intuitive tools and capabilities to mitigate risks for companies of all sizes. With the biggest fundraising round of a cyber-insurance company to date, we will continue to realize our vision in making our world a safer place,” Phil Edmundson, founder and CEO of Corvus, commented.


Aqua Security Achieves Unicorn Status After $135 Million Funding Round
11.3.2021
IT  Securityweek

Container security firm Aqua Security on Wednesday announced that it has raised $135 million in a Series E funding round at a valuation that exceeds $1 billion, which makes the company a “unicorn.”

Since it was founded in 2015, Aqua Security has raised a total of $265 million. It previously raised $25 million in 2017, $62 million in 2019, and $30 million in 2020.

The latest funding round was led by ION Crossover Partners, with participation from existing investors such as M12 Ventures, Lightspeed Venture Partners, Insight Partners, TLV Partners, Greenspring Associates, and Acrew Capital.Aqua Security becomes cybersecurity unicorn

Aqua says the money will help it “broaden and deepen its solution portfolio, as well as expand its presence geographically.”

The company describes itself as a “cloud native security company.” Its offering includes container security, Kubernetes security, serverless security, virtual machine workload protection, cloud security posture management, container vulnerability scanning, and container threat analysis products. It also provides some open source container security tools.

Aqua says it serves some of the world’s largest companies in the financial services, media, software, manufacturing and retail sectors. The company claims five of the top 10 banks in the world are using its products and that last year it doubled the number of paying customers.


McAfee Sheds Enterprise Business in $4 Billion Deal
9.3.2021
IT  Securityweek

McAfee is changing owners again as part of a $4 billion all-cash transaction that includes the sale of its enterprise business unit.

McAfee, based in San Jose, Calif., announced on Monday it was selling its enterprise operations Symphony Technology Group (STG), a private equity firm that also owns security behemoth RSA Corp.

The decision to shed the enterprise business follows a similar move by McAfee’s traditional rival Symantec, which sold off its enterprise unit and rebranded as the NortonLifeLock consumer security brand.

McAfee President and CEO Peter Leav said the enterprise company will be rebranded at a later date. “This transaction will allow McAfee to singularly focus on our consumer business and to accelerate our strategy to be a leader in personal security for consumers.”

Leav described STG as the right partner to continue strengthening McAfee’s enterprise business and said the latest sale is “testament to the business’ industry-leading solutions and most notably to the outstanding contributions of our employees.”

The transaction is expected to close by the end of 2021, subject to customary regulatory approvals and closing conditions.

McAfee said its business-facing enterprise business is popular among Fortune 100 firms around the world, pulling in about $1.3 billion in net revenue in fiscal year 2020.

Last October, McAfee set the terms for an initial public offering (IPO) while announcing it was offering roughly 31 million of its own shares.

The company revealed in an S-1 form filed with the U.S. Securities and Exchange Commission that it’s offering a total of 37 million shares, including roughly 6 million from stockholders. McAfee says it will not get any of the proceeds from the sale of stockholder shares.

McAfee was acquired by Intel in 2010 for $7.68 billion and in 2014 the chipmaker announced that McAfee would become Intel Security. In 2016, Intel decided that McAfee would again become an independent company after TPG Capital acquired a 51% stake.

McAfee claims its products protect over 600 million devices and its solutions are used by many Fortune 100 companies. The company says its net revenue increased from $1.9 billion in 2011 to $2.6 billion in 2019. For the first half of 2020, it reported a net revenue of $1.4 billion and a net income of $31 million.


Okta to Acquire Rival Auth0 in $6.5 Billion Deal
4.3.2021
IT  Securityweek

Identity and access management giant Okta (NASDAQ: OKTA) late Wednesday announced plans buy rival Auth0 in an all-stock transaction valued at roughly $6.5 billion.

Okta, based in San Francisco, Calif., expects the transaction to speed up its growth in an identity management market estimated to be in the range of $55 billion.

Okta Logo

The company said Auth0 will continue to operate as an independent business unit inside of Okta with plans to become an integrated offering over time.

Auth0 Logo

Auth0 offers what it calls a “highly customizable, developer-centric identity management platform” used by thousands of customers around the world. The company has raised more than $330 million in funding, including a $120 million Series F funding at a valuation of $1.92 billion in July 2020.

Bellevue, Wash-based Auth0 was founded in 2013 by Eugenio Pace (CEO) and Matias Woloski (CTO). In March 2020, the company launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.

“Okta’s and Auth0’s shared vision for the identity market, rooted in customer success, will accelerate our innovation, opening up new ways for our customers to leverage identity to meet their business needs,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta. “We are thrilled to join forces with the Auth0 team, as they are ideal allies in building identity for the internet and establishing identity as a primary cloud.”

The deal is expected to close during Okta’s second quarter of fiscal year 2022, the quarter ending July 31, 2021.

Shares of Okta dropped more than 10% in after hours trading Wednesday, after closing down nearly 7% during reguar trading hours.

Earlier this week, Auth0 announced that Jameeka Green Aaron has taken the role of Chief Information Security Officer (CISO).


New CISO Hires at Uber, Square, SailPoint
4.3.2021
IT  Securityweek

Ride-sharing giant Uber has quietly snapped up veteran security leader Latha Maripuri to be its Chief Information Security Officer (CISO).

A formal announcement has not yet been made but Maripuri, a security leader with stints at IBM and NewsCorp, has shared the news on her LinkedIn profile.

Maripuri joins Uber from News Corp, where she spent the last six years holding the dual Global CISO and Deputy CTO titles.

Uber has been without a formal security chief since the departure of John ‘Four’ Flynn in July 2020. Flynn is now CISO at Amazon.

The CISO seat at Uber has seen its share of security-related controversies recently, including a data breach that eventually led to the ouster -- and legal issues -- surrounding former CISO Joe Sullivan.

Square Hires Google Veteran as New CISO
Separately, payment processor Square has tapped Google security veteran Jim Higgins to manage its security program.

Higgins, who spent the last 10 years managing security engineering, product security, and infrastructure protection teams at Google, will be tasked with securing Square’s financial transactions across mobile devices and in-store hardware terminals.

Square, which is owned and run by Twitter CEO Jack Dorsey, operates in the financial services space. The company sells products -- both software and hardware -- to manage payments and transactions for third-party merchants.

Heather Gantt-Evans is New SailPoint CISO

Identity management and governance company SailPoint has given the keys to the CISO office to Home Depot security leader Heather Gantt-Evans.

The company said Gantt-Evans will design SailPoint’s cybersecurity strategy to decrease risk and exposure points across the business and increase collaboration between teams.

Gantt-Evans joins SailPoint from HomeDepot, where she acted as the company’s senior director of security operations and resilience. She was responsible for Home Depot’s security operations centers, network security operations, security engineering, application security and vulnerability management.

Prior to Home Depot, Gantt-Evans held strategic security roles at Ernst & Young, Booz Allen Hamilton supporting Air Force Cyber Command, and served in the U.S. Army Reserves for six years.

Jameeka Green Aaron Joins Auth0 as CISO

Auth0, a company that sells an identity platform for application teams, has tapped Jameeka Green Aaron to be its Chief Information Security Officer (CISO).

Aaron, who has held security leadership roles at Nike and Lockheed Martin, will be responsible for the holistic security and compliance of Auth0’s platform, products, and corporate environment, the company said in a statement.


Universal Health Services Takes $67 Million Hit From Cyberattack
3.3.2021 IT  Securityweek

Healthcare services provider Universal Health Services (UHS) last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million.

With more than 400 facilities in the United States, Puerto Rico, and the United Kingdom, UHS has roughly 90,000 employees and has reported close to $11.6 billion in net revenue for last year.

On September 29, the company announced that its operations in the United States were targeted in a cyberattack, which forced it to shut down its IT networks at multiple hospitals in the country.

Within one month after the incident, hospitals were able to resume normal operations, with technology applications restored at acute care and behavioral health hospitals, and re-established connections to all major systems, including electronic medical records, laboratory, and pharmacy systems.

The company insists that “no evidence of unauthorized access, copying or misuse of any patient or employee data has been identified,” but hasn’t provided specific information on the nature of the attack to date. Initial reports, however, suggested the Ryuk ransomware was involved.

In its 2020 fourth quarter and full year financial results report last week, the company revealed that the attack “had a pre-tax unfavorable impact of approximately $67 million during the twelve-month period ended December 31, 2020.”

“We estimate that approximately $12 million of the unfavorable pre-tax impact was experienced during the third quarter of 2020, and approximately $55 million was experienced during the fourth quarter of 2020,” the company said.

UHS also explains that the financial losses mainly consisted of diminished operating income due to lower patient activity and the associated billing delays. Labor expenses were also included, along with “professional fees and other operating expenses.”

The company also had to divert patients to competitor facilities and says it incurred expenses related to restoring information technology operations as fast as possible. It was also forced to delay certain administrative functions into December, which negatively affected operating cash flows.

“Although we can provide no assurance or estimation related to the receipt timing, or amount, of the proceeds that we may receive pursuant to commercial insurance coverage we have in connection with this incident, we believe we are entitled to recovery of the majority of the ultimate financial impact resulting from the cyberattack,” the healthcare services provider said.


Auth0 Names Jameeka Green Aaron as Chief Information Security Officer
2.3.2021 
IT  Securityweek

Identity-as-a-Service (IDaaS) company Auth0 announced on Monday that Jameeka Green Aaron has joined the company as Chief Information Security Officer (CISO).

Auth0 offers what it calls a “highly customizable, developer-centric identity management platform” used by thousands of customers around the world. The company has raised more than $330 million in funding, including a $120 million Series F funding at a valuation of $1.92 billion in July 2020.

Aaron brings more than 20 years of industry experience and will be responsible for the security and compliance of Auth0’s platform, products, and corporate environment.

Aaron has spent two decades managing and improving information security systems at each of her previous positions, including Nike, Hurley, Lockheed Martin, and the U.S. Navy.

“Jameeka is an incredible addition to our executive team, not only for her deep experience and leadership, but for her leadership outside of the security industry as well,” said Eugenio Pace, CEO and co-founder of Auth0. “As a company with a mission of inclusivity and access to technology, we were taken by Jameeka's stewardship to her causes and look forward to driving lasting positive change together. Her unmatched security expertise and dedication is an inspiration and invaluable asset to Auth0."

Bellevue, Wash-based Auth0 was founded in 2013 by Eugenio Pace (CEO) and Matias Woloski (CTO).

In March 2020, the company launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.


Data Privacy Startup TripleBlind Raises $8.2 Million in Seed Funding
2.3.2021 
IT  Securityweek

TripleBlind, a Kansas City, Missouri-based startup that provides data privacy solutions, on Monday announced raising $8.2 million in seed funding.

The oversubscribed funding round was led by Dolby Family Ventures, with participation from several companies and angel investors. Investors include Okta Ventures, NextGen Venture Partners, Operator Partners, Wavemaker Three-Sixty Health, AVG Basecamp Fund, Anorak Ventures, Quiet Capital, Clocktower Technology Ventures, Parity Responsible Technology Fund, Manresa Ventures, Accenture Ventures, Flyover Capital and KCRise Fund.

TripleBlind told SecurityWeek that it emerged from stealth mode in November 2020, when Accenture announced a strategic investment in the company.

Founded in 2019, TripleBlind has developed a de-identification and data privacy solution that enables organizations to share, use and monetize sensitive information — including personal, financial and health data — without the fear of violating privacy requirements and government regulations.

The company’s data privacy and API-driven virtual exchange solution encrypts data and allows users to perform approved operations, but without the need to actually decrypt the data.

“The return of all previous investors, the breadth of new investors and the oversubscription of the round demonstrate to us that data privacy experts support our new, breakthrough approach for enforcing data privacy while enabling organizations to leverage and gain insights from data,” said Riddhiman Das, co-founder and CEO of TripleBlind.

He added, “Thanks to our forward-looking investors, TripleBlind can accelerate our mission to free trapped data so enterprises can collaborate while concurrently enforcing data privacy and regulatory standards.”


IT Asset Management Firm Axonius Raises $100 Million
1.3.2021 
IT  Securityweek

IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation.

Axonius emerged from stealth mode in March 2018 with a platform that helps organizations identify and secure the devices on their network by leveraging existing security and management tools.

Axonius logoThe platform currently integrates with more than 300 security and management solutions and can be deployed in minutes to provide customers with asset inventory, find security gaps, and automatically validate and enforce security policies.

Axonius says the funds will be used to scale company growth globally and expand its flagship cybersecurity asset management platform.

The company says it doubled its staff during the Covid-19 pandemic and achieving triple-digit annual recurring revenue growth in 2020.

"At BVP, we always look to quantify and measure how quickly the world's most innovative companies go from founding to $100 million in annual recurring revenue and eventual IPO," said Amit Karp, partner at BVP and Axonius board member. "Axonius is among the fastest growing companies in BVP history, as it took the company less than 15 months to grow from $1 million ARR to $10 million ARR."

“Despite a turbulent 2020, I am incredibly proud of what the Axonius team has been able to accomplish,” said Dean Sysman, CEO and co-founder at Axonius. “This new round of funding with the most successful investors in our industry highlights the incredible work our team has done so far, as well as our commitment to our customers. I often say that time is the enemy of cybersecurity, and the rate and pace of change mean that IT and security teams can no longer afford to spend time manually compiling data about devices, users, and cloud instances for things like incident response, audits, and compliance. We’re committed to solving a real problem to let our customers focus on what’s important.”

The Series D round also had participation from existing investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex.


HYAS Raises $16 Million to Hunt Adversary Infrastructure
27.2.2021 
IT  Securityweek

HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures.

HYAS logo

HYAS says it has created a massive data lake of attacker infrastructure, including domain-based intelligence that can be connected to other security tools using an API, and also offers its own cloud-based DNS security solution.

Enterprise security teams can use HYAS to hunt, detect, and identify adversary infrastructure to proactively block both known and not-yet-launched phishing and ransomware attacks at the network layer.

[Related: Inside the Battle to Control Enterprise Security Data Lakes]

“HYAS turns the table on attackers by exposing and blocking their infrastructure, and communication channels,” explains Dave Ratner, CEO of HYAS.

According to the company, the additional funds will be used to accelerate product development and support market expansion for its offerings.

The round was also supported by Uncorrelated Ventures, Tightline Holdings, Cyber Mentor Fund, Dcode Capital and continued participation from previous investors M12, Startup Capital Ventures, and 205 Capital.

As part of the financing, Charlie Plauche, Partner at S3 Ventures, will join the HYAS board of directors.


PerimeterX Banks $57 Million for Bot Protection Expansion
25.2.2021
IT  Securityweek

Looking to take advantage of a growing global market for its bot protection technologies, PerimeterX has banked a new $57 million round of venture capital funding.

The San Mateo, Calif,-based company said the new money would drive its push into new geographies and verticals.

The six-year-old startup has raised a total of $144 million from a range of venture capital investors.

PerimeterX said AllianceBernstein led the new capital raise, and was joined by new investors Stereo Capital, JS Capital and Golden Arc Capital. Adams Street Partners, Canaan Partners, DTCP, Scale Venture Partners and Vertex Ventures US also participated.

PerimeterX sells behavior-based threat protection technology to help e-commerce giants deal with the pesky problem of bots ruining the online shopping experience. Big-name companies like Nike, Walmart, Target and others routinely struggle to manage bots during shopping seasons and companies like PerimeterX have helped to fill that gap.

"Our investors deeply believe in our vision of protecting the modern web apps that fuel today’s digital businesses with a single platform that works across hybrid edge-based infrastructure," said PerimeterX CEO Omri Iluz.

He said PerimeterX grew its customer base by 50 logos, including some of the top brands in retail e-commerce and financial services.

The company claims it protected more than $100 billion in e-commerce revenue in 2020 and processed over 2 billion login requests per day. During the holiday shopping period from Thanksgiving to Cyber Monday, PerimeterX said it protected over $12 billion in e-commerce revenue and processed a record 93 billion requests.


GitHub Hires Mike Hanley as Chief Security Officer
25.2.2021
IT  Securityweek

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).

Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO) for less than a year. He arrived at Cisco via its $2.3 billion acquisition of Duo Security in 2018.

“As the largest global network of developers, GitHub is also crucial to supply chain security, giving developers the tools and knowledge to secure software following major breaches like SolarWinds,” a company spokesperson told SecurityWeek.

“As a security practitioner, this is also an exciting transition for me as much of the security community, and many of my favorite security projects, live on GitHub, like CloudMapper, stethoscope, GoPhish, and osquery,” Hanley wrote in a blog post. “I couldn’t be more excited to help secure the platform that’s made these influential projects possible and expanded their reach in incredible ways.”

GitHub, which Microsoft acquired for $7.5 billion in 2018, said last year that it had paid out a total of more than $1 million through its bug bounty program on HackerOne, where it has no maximum reward limit for critical vulnerabilities.

News of Hanley’s hire is one of several prominent industry moves announced this week, as Reddit announced that former Bank of America security executive Allison Miller would be its new CISO, and stock trading firm Robinhood has hired veteran cybersecurity practitioner Caleb Sima as Chief Security Officer.


Reddit Names Allison Miller as CISO, VP of Trust
23.2.2021
IT  Securityweek

Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust.

Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank’s information security organization. She previously held technical and leadership roles at Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa.

According to a blog post announcing Miller’s hire, she will be tasked expanding trust & safety operations and data security, and redesigning Reddit’s trust frameworks and transparency efforts.

Miller has already started in the role and reports directly to Reddit CTO Chris Slowe.

She has a B.S. in Economics from the University of Pennsylvania and a Master of Business Administration from the University of California at Berkeley.

Reddit has been operating for more than 16 years, and announced a $250 million Series E funding round earlier this month.

The company says more than 50 million users visit the site daily.


1Kosmos Emerges from Stealth Mode With $15 Million in Funding
20.2.2021
IT  Securityweek

Platform Leverages Biometric and Blockchain Technology to Verify Identities

Cybersecurity startup 1Kosmos emerged from stealth mode this week armed with $15 million in Series A funding from ForgePoint Capital to gain traction with its digital identity and authentic solutions.

The Somerset, NJ-based company has developed a platform that leverages biometrics and private a blockchain to enable passwordless authentication.

The company explains that its “ID-proofing process” leverages user-uploaded identity credentials, backed by the use of biometrics to ensure the identity of the user accessing systems, while storing user data encrypted in a private, permissioned blockchain.

While the company name may sound a bit quirky, 1Kosmos is tackling a serious issue, and has recruited several former high-profile government officials to serve on its advisory board, including former NSA Director Mike McConnell; former DHS Secretary Kirstjen Nielsen; Kemp Ensor, former Director of Security and Counterintelligence at the NSA, and several others.

The company is headquartered in Somerset, New Jersey, and has development offices in Mumbai, India.

ForgePoint's investment in 1Kosmos is one of several deals announced by the cybersecurity investment giant over the past week, which also included investments in SPHERE, WireWheel, and Strata Identity.


Access Governance Company SPHERE Raises $10 Million
19.2.2021
IT  Securityweek

New Jersey-based access governance company SPHERE on Thursday announced that it raised $10 million in a Series A funding round.

The investment was led by ForgePoint Capital, with participation from private investors Omkhar Arasaratnam (formerly at JPMorgan Chase), Joel Caminer (formerly at TD Securities), Adnane Charchour (formerly at Scivantage), and Sounil Yu (formerly at Bank of America).

The money will be used to expand the company’s scope and capabilities, particularly on cloud platforms such as Office 365, and to expand managed services operations. Don Dixon and Will Lin, managing directors at ForgePoint, will join SPHERE's board of directors following the investment.

Founded in 2010, SPHERE describes itself as a woman-owned cybersecurity business that provides access governance software and services for data, applications and platforms.

The company’s SPHEREboard automation platform can provide insights into an organization’s most sensitive data, prioritize and remediate privileged access violations, identify and remediate problematic Active Directory groups, and provide identity access management capabilities.

“As large organizations are honing in on the need to improve access controls, and they look to migrate data into the cloud, proper visibility with a plan to remediate and maintain an evergreen process, will be critical to how well the organization functions, and the level of security they achieve,” said Rita Gurevich, CEO and founder of SPHERE.

“We are excited to partner with ForgePoint Capital to scale our offering to meet the growing demand for automation, supported by a team of experts, by helping organizations simplify reporting and remediation to eliminate risk,” Gurevich added.


Red Canary Raises $81 Million to Grow Security Operations Business
18.2.2021 IT  Securityweek

Red Canary, a Denver, Colo.-based managed detection and response (MDR) firm, has raised $81 million through a Series C founding round led by Summit Partners.

The provider of SaaS-based security operations solutions has now raised more than $125 million to-date, with the new funding being used to support product and personnel expansion.

Red Canary offers SaaS threat detection and 24/7 outsourced security operations services.

MDR aims to increase the speed of detection and response, consequently reducing the dwell time and the opportunity for bad actors to complete their purpose.

Founded in 2014 by Brian Beyer, Chris Rothe, and Keith McCammon, Red Canary serves hundreds of customers ranging from Fortune 100 to small businesses, and said it has experience 270% revenue growth over the past two years.

“With a cyber-attack occurring every 11 seconds, even the most well-staffed and experienced security teams are actively looking for an ally to help them stay ahead of threats,” said Beyer, who serves as CEO of Red Canary.

Existing investors Noro-Moseley Partners and Access Venture Partners also participated in the Series C round.


DevSecOps Firm Spectral Emerges From Stealth With $6.2 Million in Funding
18.2.2021 IT  Securityweek

DevSecOps company Spectral on Wednesday emerged from stealth mode with $6.2 million in seed funding from Israeli venture capital firms Amiti and MizMaa.

Spectral is based in Tel Aviv, Israel, and it was founded in mid-2020 by Dotan Nahum, who will serve as the company’s CEO, Lior Reuven, Uri Shamay and Idan Didi.

SpectralSpectral says it has developed a solution that is designed to help organizations quickly and easily find potentially costly security-related issues — such as unintentional exposure of internal API keys and passwords — in code, configurations and other developer assets, without disrupting workflows.

The solution uses a set of detectors that is continuously expanded, being able to scan any programming language. Customers can also build their own detectors using a purpose-built query language named SPEQL.

Spectral

Spectral works with many developer systems and it can be integrated with tools such as Jenkins, Travis and CircleCI, as well as plugins for products and frameworks such as Netlify, Webpack and Gatsby. The company says the customer’s code and other assets are never sent outside their perimeter.

“Scanning tools today take long minutes or even hours to run in a given pipeline,” Nahum said. “Developers just don’t have that kind of time, or the funds (many CI providers meter by the minute). Some developers are so overwhelmed by slow, irrelevant, and non-intuitive results that they stop using scanners altogether. There’s an obvious need for a robust yet simple, fast yet extensive product that’s developer-first and won’t slow down DevSecOps and CI/CD pipelines.”

Spectral claims its platform is already used by some major organizations.


Strata Raises $11 Million to Tackle Multi-Cloud Identity Management
17.2.2021
IT  Securityweek

Strata Identity, a Boulder, Colo.-based startup that is on a mission to help unify on-premises and cloud-based authentication and access systems for multi-cloud environments, today announced that it has raised $11 million through a Series A funding round led by Menlo Ventures with support from ForgePoint Capital.

With businesses increasingly using multiple cloud providers, managing identity and security policies across various cloud platforms can be challenging.

“The cloud has created an identity management crisis, with companies being forced to simultaneously manage on-premises and several different cloud provider systems to enforce security policies,” said Eric Olden, CEO of Strata.

Strata Identity Logo

Strata touts that it has “cracked the code” by allowing multiple cloud identity systems and older data center systems to be managed as one, and providing companies with the ability to centrally manage identity and security policies across different cloud platforms.

The company has built what it describes as a distributed identity orchestration platform that supports multi-cloud distributed apps, and enforces consistent policies across multiple cloud platforms.

Strata’s technology also helps move legacy applications to the cloud with little or no code rewrites through a catalog of “Zero Code Connectors” that simplify the process of connecting identity systems into orchestration workflows. It also allows customers to easily move apps across clouds and identity providers.

“Rather than rip and replace different identity systems, identity orchestration creates an abstraction layer that enables customers to mix and match identity technologies on different clouds easily, without rewriting apps, compromising security or user experience,” Olden explained.

“Strata is addressing a massive pain point for enterprises, which only gets worse as they migrate more applications to the cloud,” said Venky Ganesan, Partner at Menlo Ventures, and now a member of Strata’s board of directors. “The last time I got this excited about a security company was when I met the founders of Palo Alto Networks.”

Strata says the funding will be used scale R&D and support sales, marketing and customer support efforts.


Apax Partners Buys Majority Stake in Herjavec Group
13.2.2021 
IT  Securityweek

Famed “Shark Tank” investor and cybersecurity entrepreneur Robert Herjavec found himself on the other side of the negotiating table recently, and has agreed to sell a majority stake in the security firm he founded in 2003 to investment group Apex Partners.

Apax and Herjavec this week said a definitive agreement has been signed for Apax Funds to acquire a majority stake of Managed Security Services Provider (MSSP), the Herjavec Group (HG).

Terms of the deal were not disclosed, and Mr. Herjavec will remain as a significant stakeholder and the firm's Chief Executive Officer.

Apax plans to continue company growth and accelerate international expansion efforts, along with expanding the company's team with additional threat & identity resources.

With more than 300 employees, Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom, Canada and India.


Data Privacy Management Firm WireWheel Raises $20 Million
11.2.2021 
IT  Securityweek

Arlington, Va.-based data privacy management company WireWheel on Wednesday announced that it raised $20 million in a Series B funding round.

The latest round, which brings the total raised by WireWheel to $45 million, was led by ForgePoint Capital, with participation from existing investors New Enterprise Associates, Revolution's Rise of the Rest Fund, PSP Growth, Grotech and Sands Capital Ventures.

WireWheel logoThe company said it will use the money to accelerate go-to-market initiatives and improve its platform.

WireWheel has developed a SaaS privacy platform that can be used by organizations of all sizes. The company’s Privacy Operations Manager product is designed to automate tasks such as data discovery, inventories, incident management, privacy assessment, and compliance.

WireWheel’s Trust Access and Consent product enables organizations to put their customers in control of their data.

The company claims its solutions can help enterprises better manage personal data and comply with international privacy regulations, such as the EU’s GDPR and California’s CCPA.

“WireWheel's best-in-class software orchestrates trust for privacy teams who don't just want to check a box,” said Andrew McClure, principal at ForgePoint Capital. “That's why some of the most privacy-mature organizations look to the team at WireWheel not only for domain expertise, but also for unmatched product sophistication. Customers leverage WireWheel's core privacy platform to get in compliance fast, and build privacy protection directly into their DevOps pipelines, their products, and their data use and governance programs.”


Autonomous Vehicle Security Firm AUTOCRYPT Raises $15 Million
11.2.2021 
IT  Securityweek

Autonomous vehicle security solutions provider AUTOCRYPT this week announced that it raised another $13 million in its Series A funding round, which brings the total secured in this round to roughly $15 million.

The Seoul, South Korea-based firm aims to improve the safety of transportation through securing all of the connections a vehicle makes. The company provides security solutions to both governments and automakers.

Offering end-to-end vehicle security technologies for both autonomous and connected vehicles, the company claims to have secured more than 5,000 kilometers of smart roads and highways in South Korea.

The new funds, AUTOCRYPT says, will help it enhance its V2X security technology and expand its market presence to the United States and Europe.

The new funding round included investors such as KB Investment, Korea Asset, Hyundai Venture Investment Corp., IBK, Pathfinder H, and Ulmus Investment.


CYE Raises $100 Million to Help Minimize Attack Surfaces
11.2.2021  IT  Securityweek

CYE, a Tel Aviv, Israel-based company on a mission to help companies identify “real-life” cyber risks by leveraging humans and machines, announced today that it has raised $100 million in growth funding through a financing round led by private equity firm EQT.

By assessing possible attack routes to valuable assets, CYE helps companies allocate resources and focus on remediation efforts more effectively, and can battle-test how security strategies evolve over time.

CYE FundingThe company explains that by leveraging ethical hackers, combined with its technology, it conducts “non-simulated attacks” to provide deep organizational assessments, present real business risks and offer cost-effective remediation plans to optimize security investments.

Hyver, the company’s flagship product, conducts cybersecurity assessments that cover both internal assets as well as third-party vendors. Then, CYE explains, red teams perform "real" attacks to predict possible attack routes and give customers an opportunity to prevent such attacks before they occur at the hands of malicious actors.

Founded in 2012, the company was originally self-funded and profitable since inception, Sharon Argov, CMO at CYE, told SecurityWeek. “CYE’s funding path is unique and it’s hard to look at it through the classic venture capital model. We raised an undisclosed seed round several years ago and our current raise from private equity firm, EQT, is a growth round.”

Headquartered in Israel, CYE currently has 80 employees and has offices in the US and UK.

Venture Capital firm 83North also participated in the financing round.


SentinelOne Snaps up Scalyr in $155M Deal
10.2.2021 
IT  Securityweek

High-flying endpoint security vendor SentinelOne plans to spend $155 million to acquire log management startup Scalyr, beefing up a crucial technology piece to drive its ambitions in the enterprise cybersecurity market.

SentinelOne, a late-stage startup jostling for a share of the expanding anti-malware market, expects the Scalyr deal to speed up its push into the lucrative XDR (Extended Detection and Response) category.

SentinelOne Logo

"With this acquisition, SentinelOne will be able to ingest, correlate, search, and action data from any source, delivering the industry’s most advanced integrated XDR platform for realtime threat mitigation across the enterprise and cloud," the company said in a statement.

For Scalyr, which launched in 2011 and raised about $27 million in venture capital funding, the $155 million price tag provides a successful exit for a range of investors, including Shasta Ventures, Susa Ventures and Bloomberg Beta.

Based in San Meteo, Calif., Scalyr was founded by Writely/Google Docs creator Steve Newman. The company sells what it calls "blazing-fast" log management for engineering and operations teams, the kinds of tools that fit perfectly in the EDR/XDR category.

As Microsoft has proven with the success of building out Windows Defender into a full-fledged enterprise security tool with capabilities beyond just malware-detection, competitors and startups are moving fast to add SIEM-like capabilities to traditional endpoint anti-malware tools.

SentinelOne said its data services team will continue selling log management, observability, and event data cloud solutions in conjunction with the upcoming Scalyr integration.

SentinelOne founder Tomer Weingarten says the Scalyr transaction provides tools for his company to solve one of the industry's biggest data challenges for delivering fully integrated XDR capabilities.

"Scalyr’s big data technology is perfect for the use cases of XDR, ingesting terabytes of data across multiple systems and correlating it at machine speed so security professionals have actionable intelligence to autonomously detect, respond, and mitigate threats,” Weingarten said.

He said Scalyr's cloud-first tech can ingest massive amounts of machine and application data in real time, providing operational tools for defenders to analyze, query, and action data with speed and operational efficiency.

Once the integration is done, SentinelOne plans to position itself as a platform providing autonomous, realtime, and index-free threat analysis and mitigation beyond the endpoint – across the entire enterprise and cloud attack surface. In late 2020, SentinelOne announced raising $267 million in an oversubscribed Series F funding round that brought the total raised by the company to $696.5 million.

Scalyr acts as a realtime data lake for ingesting structured and unstructured data from any technology product or platform – including Microsoft, AWS, Google, CrowdStrike, as well as internal enterprise data sources.

The company says it ingests and stores petabytes of structured and unstructured machine data and is optimized for searching and storing data at low-costs and high speeds. Scalyr counts NBC Universal, CareerBuilder, TomTom, Lacework, Zalando, Tokopedia, and Asana among its customer base.


OwnBackup Achieves 'Unicorn' Status With $167.5 Million Funding Round
2.2.2021 
IT  Securityweek

Cloud data protection provider OwnBackup has completed a $167.5 million Series D funding round, which helped it reach “unicorn” status, at a valuation close to $1.4 billion. To date, the company has raised a total of more than $267.5 million in funding.

Founded in 2015 and headquartered in Englewood Cliffs, New Jersey, the company provides customers with a cloud-to-cloud backup and restore platform to automatically backup their SaaS and PaaS data.

The new funds, the company says, will help it continue to invest in global expansion and in extending its platform.

OwnBackup has approximately 3,000 customers, with more than 400 added over the past quarter alone. The company serves organizations such as Aston Martin, Guidewire Software, Medtronic, Navy Federal Credit Union, the University of Miami, and Zoom.

The new financing round was co-led by Insight Partners, Salesforce Ventures, and Sapphire Ventures, but also saw participation from existing investors Innovation Endeavors, Oryzn Capital, and Vertex Ventures.

“At OwnBackup, our belief more than ever is that no company operating in the cloud should ever lose data, especially during tumultuous times like these. We look forward to advancing this mission even further with new product developments in the months to come,” Sam Gutmann, CEO of OwnBackup, said.


OT Cybersecurity Firm Mission Secure Raises $5.6 Million in Series B Funding
1.2.2021 
IT  Securityweek

Mission Secure, a provider of visibility and cybersecurity solutions for industrial environments, announced this week that it has closed a Series B financing round in the amount of $5.6 million.

The company raised its first outside funding through a seed round in late 2014, and has consistently added funding over the years, with the total amount raised by the company now at $22.5 million.

Mission Secure LogoMission Secure will use the new funding to advance its product offerings and hire more talent to support its managed services group.

The company’s flagship cyber-protection platform includes visibility, segmentation, and other protections for operational technology (OT) environments, and provides signal-integrity monitoring—an approach that goes beyond looking at network traffic alone and monitors physical process signals (Level 0 on the Purdue Model) to detect threats and protect equipment.

"The cybersecurity concerns associated with OT have never been higher which is driving extraordinary levels of customer interest and demand," said David Drescher, Chief Executive Officer and Co-Founder of Mission Secure. "Our Series B funding is an investment by industry leaders helping us bring even greater OT technology innovations to market with our Mission Secure Platform and recruit the best and brightest OT cybersecurity experts for our Managed Services team to support our mission of protecting our global customers' OT networks and safeguarding their operations."

The Series B funding round was co-led by IREON Ventures, the corporate venture innovation arm of Motor Oil Hellas; Energy Innovation Capital, and Blue Bear Capital Partners.

Other Series B investors include Chevron Technology Ventures and the University of Virginia LVG Seed Fund.


Tanium Announces $150 Million Funding Investment From Ontario Teachers'
30.1.2021 
IT  Securityweek

Endpoint management and security solutions provider Tanium this week announced the sale of $150 million in common stock to Ontario Teachers’ Pension Plan Board.

Ontario Teachers’ made the funding investment through its Teachers’ Innovation Platform (TIP), which is involved in late-stage venture and growth equity investments in validated technologies.

Founded in 2007, Tanium has seen tremendous growth over the past several years, with approximately $800 million raised by 2018, and a valuation at $9 billion last year, following a strategic partnership with Salesforce.

The company’s solutions provide customers with endpoint management, security, and visibility capabilities, for increased control across the enterprise environment.

Last year, the security solutions provider launched Tanium as a Service (TaaS), a zero infrastructure endpoint management and security solution, and partnered with Google Cloud and IBM Cloud to help detect advanced persistent threats and deliver security and compliance monitoring for hybrid cloud.

Tanium now aims to tackle the middle market, which it says faces not only complex IT landscapes and increasingly sophisticated cyber-attacks, but also the lack of security talent and the challenge of strained budgets.

“The recent escalation in the sophistication of cyber-attacks is a stark reminder that all organizations are vulnerable. From the most complex government agency to regional employers, business leaders need a platform that provides visibility and control of endpoints paired with rich data to make informed, timely business decisions,” Orion Hindawi, co-founder and CEO of Tanium, commented.


TPG Capital Acquires Majority Stake in PAM Solutions Provider Centrify
29.1.2021 
IT  Securityweek

Private equity firm TPG Capital on Thursday announced that it has agreed to acquire a majority stake in privileged access management (PAM) solutions provider Centrify.

Founded in 2004, Santa Clara, Calif.-based Centrify provides a platform designed to enforce least privilege access at scale, across enterprise networks.

TPG will acquire the stake from Thoma Bravo, the private equity investment firm that bought a majority interest in Centrify in 2018. Terms of the agreement were not disclosed.

In connection to the transaction, Art Gilliland will become Centrify’s CEO, replacing Flint Brenton.

Centrify’s PAM solutions leverage Zero Trust principles to allow users to access the applications they need without sharing accounts. The platform helps organizations automate and integrate privileged access controls, reduce risks, and ensure compliance.

The PAM solutions provider serves thousands of customers from the banking, defense, energy, healthcare, manufacturing, and retail sectors.

TPG has been involved in the evolving cybersecurity space for years, with investments in organizations such as Digital.ai, Expanse, McAfee, MX Technologies, Planview, Tanium, and Zscaler.

“Every organization today is investing in its own digital armor, and its ability to secure privileged access to critical systems and infrastructure is essential to that defense. Many of the largest and most security-conscious organizations in the world trust Centrify’s industry-leading PAM technology to guard their most important accounts,” Gilliland said.


Passwordless Authentication Provider Axiad Raises $20 Million
26.1.2021  IT  Securityweek

Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm Invictus Growth Partners.

As its first outside financing, the proceeds will be used to support sales, marketing and development of its multi-factor authentication platform.

According to Yves Audebert, co-founder and co-CEO of Santa Clara, Calif.-based Axiad, the company has been bootstrapped and cash flow positive for more than ten years, with the company saying it protects more than 2.5 million enterprise credentials for hundreds of customers.

Axiad helps customers enable the passwordless experience for popular enterprise authentication methods, including biometrics, PKI, Mobile MFA, YubiKeys, TPM, smart cards, and others.

“Axiad’s cloud platform manages every credential’s lifecycle holistically in one place, providing a cohesive experience for the business and its users, including privileged and non-privileged users,” the company explains. “Axiad secures all digital interactions for both users and machines no matter where they are.”

The decision to raise outside capital was a big decision, Audebert said, but doing so will help it compete in a market of well-funded security companies offering similar solutions. Just last month, Beyond Identity, who is also on a quest to eliminate passwords, announced a $75 million Series B funding round, bringing the total investment in the company to $105 million.

According to Jim Ducharme, Vice President of Identity Products at RSA, the future is passwordless. “That’s the inevitable conclusion I think more and more people are reaching as we watch passwordless standards become more firmly established and passwordless authentication methods grow in number and sophistication,” he wrote in a late 2019 SecurityWeek column.

Ducharme also reminds us of the challenges to consider with going passwordless. "For example, how do you prove identity for credentials enrollment in a world that doesn’t use passwords? And how do you recover lost credentials? Perhaps one of the most important considerations is how to address these challenges without recreating some of the very issues that doomed passwords in the first place – like the user inconvenience, help desk burden and costs associated with password resets. We must be vigilant not to simply end up replacing password resets with different, but equally onerous, methods. It’s still too early in the game to know precisely how we’ll address all these issues in a meaningful way. But it’s not too early to start exploring."


Multi-Cloud Network Security Provider Valtix Raises $12.5 Million
22.1.2021  IT  Securityweek

Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding.

Founded in 2018 and launched in 2019 with $14 million in funding, the Santa Clara, California-based company provides enterprise customers with a cloud-native network security service that can help protect both applications and services.

Available on a pay-as-you-go pricing model, Valtix’s platform provides automated cloud application discovery, security deployment, and application defense capabilities.

Last year, the company made its platform generally available on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), and it now serves customers on all three clouds. Valtix has customers in the financial services, government, healthcare, and retail sectors.

Valtix says it plans to use the new capital to accelerate its go-to-market strategy, aiming to scale operations in 2021.

The new funding round saw participation from Cisco Investments, Northgate Capital, and The Syndicate Group. Previous investors are Trinity Ventures, Vertex Ventures, and Wing Venture Capital.

The funding news comes after Valtix expanded its leadership team by adding Douglas Murray as CEO, Joe Palazola as VP of Worldwide Operations, and Anthony Narducci as VP of Worldwide Sales. Vishal Jain, co-founder and founding CEO, will be the company’s chief technology officer.


SaaS Application Backup Firm Rewind Raises $15 Million
20.1.2021  IT  Securityweek

Backup-as-a-service (BaaS) provider Rewind on Tuesday announced it has raised $15 million in Series A funding.

Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service (SaaS) application and cloud data, and claims more than 80,000 organizations in over 100 countries rely on its solutions.

Rewind says it provides businesses of all sizes with backup solutions that can help them recover from various types of incidents, while ensuring no data is lost.

The backup services provider plans to use the funds to continue expansion, accelerate product development, and deliver new data protection solutions faster. Furthermore, the company plans to hire across all core business functions: R&D, marketing, sales, and customer services.

“We are committed to giving all businesses a reliable way to protect and control the cloud data that fuels their business success. With the support of our investors, our goal is to develop advanced backup-as-a-service solutions for all top cloud apps,” Mike Potter, co-founder and CEO of Rewind, said.

The funding round was led by Inovia Capital and saw participation from Ridge Ventures and Bessemer Venture Partners.


Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show

16.1.2021  IT  Threatpost

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.

This year’s Consumer Electronics Show was hampered by the pandemic, but that didn’t stop an expert panel from convening to award this year’s dubious CES 2021 Worst in Show honors.

Overall trends from the week included ever-connected devices constantly monitoring users for the sake of security, something panelist Cindy Cohn from EFF dubbed the “explosion of the surveillance economy.”

The awards were sponsored by the Repair Association and named the worst products from CES 2021 in the categories of privacy, security, repairability, environmental impact, popular choice and overall worst of the show.

Privacy: Linksys Aware
Cindy Cohn of the Electronic Frontier Foundation named the Linksys Aware mesh Wi-Fi home motion sensor as the least private gadget of the show. The Linksys device works by recruiting every other connected device in the home to monitor movement.

“I’m not sure why you need access to every single movement in your own house,” Cohn said. “The example they give is being able to tell when grandma falls, but it seems like a whole lot of tech for one use case.”

She added, “There’s lots of creepy here but Linksys wins for converting all your OTHER devices into its spying scheme…It also wins because while it says that all data and alerts will be stored locally.”

Security: TCL Smart TV
Paul Roberts from securerepairs, an advocacy group for the right to repair electronics, dubbed the Chinese-made TCL Smart TV as the least secure product he saw at CES 2021. He explained that TCL doesn’t have a mechanism to report vulnerabilities and that researchers have already documented several in its smart TVs in general, which haven’t been addressed.

“This is a company that has spent much of the past three months batting away reports about serious security vulnerabilities in its Android smart television sets, including vulnerabilities and security configuration flaws that left some TCL TVs—and the data they contained—browsable from the public internet,” he said. “It is a company that was forced to make painful, public acknowledgments not just that their products were vulnerable, but that it had no established, internal security team or process to respond to vulnerability reports from independent security researchers and to expedite fixes for its tens of millions of customers.”

As he reviewed the reams of promotional material TCL released on its new TV sets, its smart glasses and foldable smartphones, there was no mention of cybersecurity as a feature of their products or of the company’s purported new emphasis on product security, he noted.

“A feature comparison chart of TCL smart TV models lists 15 feature categories to compare them by – cybersecurity is not one of them.”

Beyond TCL, Roberts added he also saw a troubling number of products at CES which are applying AI and machine learning of customer data and challenged the industry for its “fetish for connected and smart devices.”

Cannot be Repaired: John Deere X9 Combines
The Worst of Show awards also focused on problems beyond privacy and security.

For instance, Kyle Wiens cofounder of ifixit said John Deere has made a turn toward robotic tractors and computerized farm equipment, which he added, can mean improved yields and efficiencies for famers. But the new John Deere X9 represents a new chapter for the company when it comes to using proprietary technology and hardware.

The John Deere X9 combine, Wiens explained, is a million-dollar piece of equipment which relies on attachments to perform various functions.

“The X9 uses a new Combine header with a proprietary interface so John Deere can monopolize attachments for combines,” Weins said, so they can bring all the accessory sales in-house — reminiscent of Apple’s walled garden approach.

Environmental Impact: YSL Rouge Sur Measure by Perso
Nathan Proctor from the public-interest advocacy group USPIRG, was not impressed by this little app-powered gadget which borrows from the K-cup pod model, to mix custom shades of lipstick. It comes with a $300 price tag and wasteful pods of lipstick which need to be replaced, Proctor said.

“We do need innovation; we do need tech,” he noted. “But we don’t need silly and new ways to create waste. Proctor added the YSL Rouge Sur Measure uses rare earth materials, the pods are expensive to replace and that it provides “… only a marginally better user experience” than regular old lipstick.

He added he thinks consumers should approach what they buy with the question, “How can we have better without having more?”

People’s Choice Award: ColdSnap
Another panned product from this week was the ColdSnap single-serve ice-cream maker that also uses pods, this time to make ice cream. It was selected by an admittedly informal Twitter poll, according to Doctorow.

“The world is sick of food in pods,” he proclaimed.

Worst Overall: John Deere X9 Combine
Doctorow said based on its sheer enormous price tag and real-world impact on farmer livelihoods, the John Deere X9 was named the worst gadget of the entire show.

The panel reminded viewers they aren’t down on electronics, but advocating for better technology is something we can all do to make better, safer, more secure products.

“Don’t slide into the ‘oh I have to just accept something that sucks’ mentality,” Cohn said. “Stand up for tools that give us all the cool stuff and just serve us. There’s a better world. We need to fix the future.”


Data Security Startup Qohash Raises $6 Million
16.1.2021 
IT  Securityweek

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.

Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments. Furthermore, it offers integrity assurance, to help protect data and business processes.

Qohash sells the Qostodian SAAS platform for organizations to keep track of data flows and identify high-risk situations in real-time. The company also offers the Qohash Recon on-premise platform, which helps finding and classifying sensitive data on network drives and servers.

The data security company says it plans to expand its operations across North America.

“Customers want data protection that can evolve to meet new challenges. Qohash's solutions are easy to deploy and cover on-premise and cloud-based sources. Working with security-conscious, industry-leading firms, Qohash has helped them achieve their goals faster and with greater flexibility,” Qohash CEO Jean Le Bouthillier said in a statement.


Watchdog Raises Concerns About Census Bureau's IT Security
13.1.2021 
IT  Securityweek

A watchdog agency for the U.S. Census Bureau says that proper information-technology security safeguards weren’t in place leading up to the start of the 2020 census last year, but the statistical agency disputes some of the findings and says no data was compromised.

There were a significant number of IT risks that remained open before the start of the head count of every U.S. resident that determines how many congressional seats and Electoral College votes each state gets, as well as the distribution of $1.5 trillion in federal funding each year, according to the report issued last week by the Office of Inspector General.

The Census Bureau was able to remedy some of the security deficiencies after they were pointed out by the Office of Inspector General, and others were corrected right before most U.S. residents began answering the 2020 census questionnaire in March, the report said.

“The integrity of census data is crucial,” the report said. “If population numbers were manipulated, representation in the House of Representatives and federal money distribution could be disproportionately distributed.”

In a response, the Census Bureau took issue with that statement, saying there had been no loss or compromise of data and that the gaps identified by the Office of Inspector General were fixed before most households began responding in March.

The 2020 census was the first once-a-decade count in which respondents were encouraged to answer the questionnaire online, though they could also respond by mail or telephone. About two-thirds of households self-responded, while the remainder required visits for interviews from census takers.


Equifax Buys Fraud Prevention Firm Kount in $640 Million Deal
9.1.2021 
IT  Securityweek

Equifax on Friday announced plans to shell out $640 million to acquire Kount, a company that sells e-commerce retail fraud protection.

The Atlanta, Ga.-based Equifax said the deal would expand its worldwide footprint in digital identity and fraud prevention solutions.

Kount, based in Boise, Idaho, operates and manages a network that uses artificial intelligence to link trust and fraud data signals from 32 billion digital interactions on 17 billion unique devices.

Equifax expects the transaction to close in the first quarter of 2021. The companies said Kount’s employees will continue to be based in Boise, Idaho, and will report to the Equifax information-solutions unit in the U.S.

"Together, Equifax and Kount will leverage a powerful set of differentiated data assets and advanced analytics to deliver a high performance, integrated view of both digitally-native transactions and signals and traditional offline identity fraud risk indicators while maintaining privacy and security at the highest levels," said Sid Singh, President of United States Information Solutions (USIS) at Equifax.

"Whether you're a bank, e-commerce provider, or a car dealer, today's environment demands that consumers have the same - if not better- experience on their digital platform as they do on a major e-commerce retailer's site. We are enabling businesses across industries to establish strong digital identity trust behind every interaction while facilitating new forms of online engagement with current and prospective customers."

Kount claims about 9,000 brands worldwide rely on its network to protect against digital fraud during e-commerce transactions.


Dragos Hires Former PepsiCo Deputy CISO Steve Applegate
7.1.2021 
IT  Securityweek

Industrial cybersecurity firm Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO).

The cybersecurity veteran took to LinkedIn this week to share the news. “I’m very excited to announce that I’ve joined the Dragos team! I’ve been watching this exciting company for many years, as well as benefiting from their cybersecurity expertise and all their contributions to the industry,” he wrote. “And just this week I joined them in their mission to safeguard civilization.”

After serving in the U.S. Air Force for more than ten years as a computer scientist, Applegate moved to the private sector and has served in senior cybersecurity roles at industrial firms including Marathon Petroleum, Saudi Aramco and Boeing, and has served as a cyber threat and vulnerability program manager at North American Electric Reliability Corporation (NERC).

Dragos Logo

News of Applegate’s hire comes on the heels of a massive $110 million Series C funding round announced by Dragos in December 2020, which brought the total raised by the company to $158 million.

"Steve is a great addition to our team as he is mission driven, which aligns with our focus at Dragos,” Robert M. Lee, CEO and Co-Founder of Dragos, told SecurityWeek. “From his start in the Air Force to his time spent in Aviation, Electric, Oil and Gas, and Manufacturing companies serving in various security leadership roles, he's consistently shown his passion and expertise on the topic of security and our industrial community. He will not only continue the work we've done on our internal security but also be customer facing to help us continue to partner with our community across the breadth of their OT/ICS cybersecurity journey."

Dragos was founded in May 2016 by former members of the U.S. intelligence community who worked on identifying, analyzing and responding to ICS-focused cyberattacks coming from nation-state attackers.


Slack Outage Causing Enterprise Security Hiccups
5.1.2021 
IT  Securityweek

Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world.

At 7:15AM PST, the San Francisco, Calif.-based Slack confirmed users were “having trouble loading channels or connecting to Slack.” No other details were provided on the cause of the outage.

Here’s the latest word from Slack:

"Customers may have trouble loading channels or connecting to Slack at this time. Our team is investigating and we will follow up with more information as soon as we have it. We apologize for any disruption caused."

The company’s status.slack.com page acknowledged an “incident” affecting Messaging and Connections within the service, but users reported problems with a variety of Slack tools, including Search, Notifications, Workspace Administration and apps integrations.

Even the company’s flagship Slack Enterprise Grid, a product that powers security alerting and other critical messaging functions at global organizations, appeared to affected by the outage.

UPDATE (11:30am EST): Slack has upgraded this from an "incident" to a cross-service "outage" affecting logings, posts, files, calls, app integrations and APIs, connections, link previews, notifications and search.

"We're continuing to investigate connection issues for customers, and have upgraded the incident on our side to reflect an outage in service. All hands are on deck on our end to further investigate," the company said.

-- This story will be updated as more information becomes available.


Ticketmaster to Pay $10 Million Fine Over Hacking Charges
1.1.2021 
IT  Securityweek

Ticketmaster agreed on Wednesday to pay a $10 million fine to escape prosecution over criminal charges accusing the company of hacking into the computer system of a startup rival.

A judge in federal court in New York City signed off on the deal in what’s been a long-running legal battle that challenged Ticketmaster’s dominance over ticket sales for concerts by major music acts. The Live Nation subsidiary had been facing multiple charges of conspiracy to commit hacking and wire fraud targeting a Brooklyn-based company called Songkick.

Ticketmaster had already paid $110 million in 2018 to settle a civil suit brought by Songkick.

Court papers accused Ticketmaster of trying to infiltrate systems created by Songkick for artists that had hired the startup to help sell up to 10% of seats for U.S. tours directly through their fan clubs. The arrangement was seen as a way to reward loyal fans while thwarting scalpers — and also something that could cut into profits for the Ticketmaster empire.

Ticketmaster employees “repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect potential business intelligence,” said Acting U.S. Attorney Seth DuCharme.

A statement from Ticketmaster on Wednesday said that the conduct involved only two employees who were fired in 2017.

“Their actions violated our corporate policies and were inconsistent with our values,” the statement said. “We are pleased that this matter is now resolved.”

Messages were left with Warner Music Group, the current owner of Songkick.

The scheme, hatched in 2014 by a former Songkick employee who joined Ticketmaster and a co-worker there, sought to hack into accounts so they could identify Songkick’s clients and dissuade them from doing business with the company, prosecutors said in court papers.

In internal communications, one of the employees boasted Ticketmaster could “cut (the victim company) off at the knees” if it could win back the pre-sale ticketing business for an unnamed major artist, the papers said.