Security Roundup: Funding Frenzy, Barracuda, Fake Email Barrage

Along with mergers and acquisitions, cybersecurity investment is part of the industry's consolidation.

Edward Gately, Senior News Editor

June 14, 2019

9 Min Read
Security Roundup
Shutterstock

Investment firms are pouring tens of millions of dollars into cybersecurity companies, including both well-established businesses and startups.

Just this week, Vade Secure, KnowBe4, Critical Start, Cyber Observer, Edgewise Networks and Orca Security all reported getting millions in funding from investment firms. And all of the companies said the money will be used to fuel growth and beef up their technology to get a jump on their competitors.

So what’s behind this upswing in cybersecurity investment? We asked Mike Sapien, Ovum’s vice president and chief analyst of enterprise services, who covers security services.

Sapien-Mike_Ovum-author-150x150.jpg

Ovum’s Mike Sapien

“Clearly the demand for security technology and services is very high with every firm wanting to know and secure their best security posture,” he said. “But there is also some concern now of overfunding firms or having too many firms offering the similar technology. I think investment firms/venture funds are being more careful as they know that many will not last or may not be first to gain adoption.”

If you assume there is some overfunding and that some firms might not make it or get stalled, then private equity firms might have some opportunity to “pick up assets on the cheap to assemble a variety of security assets into one stronger company,” Sapien said.

“And if there is slowdown in the initial public offerings (IPOs), then the environment gets ideal for private equity to take some firms over when the IPO option becomes unviable,” he said.

A few of these new firms might change the cybersecurity landscape, but it’s more likely that the established players take over many of the new technologies and/or buy up the smaller firms, Sapien said.

“Customers/CISOs/CIOs are in the state of ‘security tool fatigue’ now,” he said. “They are done with buying new tools to solve a security problem and are more likely to go to the established players and ask for the same technology. This will lead to more consolidation and integration … than the few breakout winners in the vendor and provider landscape. Most customers do not want to spend the time and staff to vet new security tools or technologies, and [are] looking to their current vendors/providers to vet the new shiny objects in security.”

Along with M&A, this cybersecurity investment is part of the “needed consolidation” now, with pressure from the skilled talent shortage and customers wanting integrated security offers, Sapien said.

“The M&A is a byproduct of these trends,” he added. “I expect this consolidation to occur for the next few years.”

KnowBe4 is set to receive a $300 million investment led by global investment firm KKR, with significant participation from existing investors Elephant and TenEleven Ventures. This new infusion of funds, valuing the company at $1 billion, is expected to be used for global growth initiatives and platform development, and builds upon KKR and TenEleven Venture’s initial investment in early 2019.

Tony Jennings, KnowBe4’s vice president of global partners and channel, tells us the funding will help his company increase its …

… joint marketing initiatives internally.

“It will also help us build our partner resources and expand the capabilities of partners to work with their customers to build that human layer,” he said. “We are currently working with partners to create better tools for them, upgrading our partner program to make it easier for them to assist their customer base in securing their organizations and improving their security posture. Security threats like phishing and ransomware continue to grow. Partners have to manage these issues, and the more successful their customers are in fending off these threads, the better the partner does. We are adding assessments of security culture, which will help partners zero in on the most effective ways to help their customers.”

The funding allows KnowBe4 to add tools and reduce partner overhead or investment even more when setting up programs for their customers, Jennings said.

“2019 is on track to be another record year for KnowBe4, which is experiencing accelerating growth at significant scale,” said Stephen Shanley, director at KKR. “We see KnowBe4 as a category-defining asset driving significant impact within a critical vertical of cybersecurity and are very excited to extend our support in this new round of financing.”

Critical Start, which provides managed detection and response (MDR) services, has raised a $40 million minority investment from Sagemount, a growth equity firm. This first-ever outside investment for the company will be used to expand its MDR services nationally – including new field offices in Los Angeles and New York City – to serve enterprise customers and its network of channel and cybersecurity tech partners.

Rob Davis, Critical Start’s CEO, tells us the funding will allow his company to invest in expanded marketing, training and support programs for its partners, which will help them in selling MDR service to end users.

Davis-Rob_Critical-Start.jpg

Critical Start’s Rob Davis

“We will also continue to add technology partners, and double the size of our research and development team, which will give our partners a broader range of security capabilities to offer to their customers,” he said. “For example, we recently announced a collaboration with Microsoft, and partnerships with Chronicle and Palo Alto Networks. We also have invested in a graphical user interface (GUI) redesign for our Zero-Trust Analytics Platform (ZTAP) and launched new versions of our MobileSOC app on iOS and Android.”

Critical Start will be able to research new technologies and offer expanded functionality faster to keep up with market demands, Davis said.

“It will also help expedite our expansion into the East and West Coast markets,” he said. “In the event a strategic acquisition or partnership aligns with our strategy and market needs, we are positioned to add new technology or capabilities to our MDR service, which is a key competitive differentiator for us.”

Cyber Observer has secured $8 million in Series B funding from Merlin International and has launched its expansion into the North American cybersecurity market with an internal cyber hygiene platform.

Cyber Observer provides continuous monitoring and insights that allow an organization to ensure cyber hygiene, compliance to frameworks, and optimized tool configuration across an organization’s security ecosystem with a single solution.

Edgewise Networks, a microsegmentation platform based on software identity, announced …

… $11 million in new funding led by existing investors .406 Ventures and Accomplice, with additional participation from Pillar. Edgewise will use the funds to meet growing customer demand for its approach to deploying zero trust using automated, one-click microsegmentation. Edgewise has raised $18 million to date.

Maria Cirino, .406 Ventures co-founder and managing partner, said Edgewise has managed to “take an extremely complex problem and solve it in a simple, yet extraordinarily powerful way. Edgewise is highly differentiated, incredibly simple and one of the most effective and innovative approaches to advanced network security I’ve seen in a long time.”

And Israeli startup Orca Security, founded by former Check Point Software Technologies execs Avi Shua and Gil Geron, announced $6.5 million in seed funding led by YL Ventures, to provide organizations with full stack visibility into their cloud infrastructure footprint.

“When Avi and Gil introduced us to Orca’s unique approach and innovative solution, we knew it did something new and exceptional that traditional vulnerability managers and existing cloud security posture managers simply can’t: deliver true, deep and near instantaneous full-stack visibility at a forensic level of detail,” said Yoav Leitersdorf, YL Ventures managing partner.

Barracuda Unleashes Firewall Insights

Barracuda has unveiled its new Firewall Insights, an advanced security analytics platform that ingests, aggregates, and analyzes data automatically from any Barracuda CloudGen Firewall deployed in an organization’s network, including public cloud deployments.

Firewall Insights can be added to any CloudGen Firewall deployment option, including hardware appliances, virtual appliances and cloud firewalls for Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform.

Goldgof-Mike_Barracuda.jpg

Barracuda’s Mike Goldgof

Mike Goldgof, Barracuda’s senior director of product marketing, tells us Firewall Insights will give partners the opportunity to provide their Barracuda CloudGen Firewall customers with a “high-value analytics offering while generating additional upsell revenue.

“It will attract additional Barracuda CloudGen Firewall prospects that are looking for comprehensive analytics capabilities,” he said. “This solution is especially attractive to midsize-to-large enterprises that are implementing SD-WAN capabilities and/or moving more of their infrastructure to the cloud.

Firewall Insights gives Barracuda and its partners a competitive advantage because it is a “high-performance, low-cost analytics solution designed to provide actionable insights on security, connectivity and application performance of secure SD-WAN networks,” Goldgof said.

They Really Are Out to Get You

At least 3.4 billion fake emails are sent globally every day, with most industries remaining vulnerable to spear-phishing and spoofing cyberattacks because they’re not …

… implementing industry-standard authentication protocols.

That’s according to Valimail’s Spring 2019 Email Fraud Landscape. The report also found that the vast majority of suspicious emails emanate from U.S.-based sources.

Garcia-Tober-Alexander_Valimail.jpg

Valimail’s Alexander Garcia-Tobar

“It remains clear that fake emails from hackers, phishers and other cybercriminals constitute the major source of cyberattacks,” said Alexander García-Tobar, Valimail’s CEO and co-founder. “As more companies recognize and respond to email vulnerabilities, we expect to see organizations continue to deploy authentication technologies to protect against untrusted and fraudulent senders. The fact is that too many attackers are using impersonation to get through existing email defenses. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all.“

It’s not all bad news, however. Ongoing research by Valimail also shows many industries are making progress in the fight against impersonation, some more quickly than others.

To compile this data, Valimail used proprietary data from an internal analysis of billions of email authentication requests and nearly 20 million publicly accessible records. The report confirms that email impersonation – accounting for 1.2% of all email sent in the first quarter of 2019 – is a phisher’s primary weapon to gain access into an organization’s network, systems, intellectual property and other sensitive assets.

Valimail notes that the fake email problem – which is not easily blocked by traditional cybersecurity defenses – can be better addressed by implementing widely accepted email authentication standards. These include domain-based message authentication, reporting and conformance (DMARC), sender policy framework (SPF) and domainkeys identified mail (DKIM), as well as newer standards such as authenticated received chain (ARC) and brand indicators for message identification (BIMI).

DMARC in particular has proven to be especially effective in preventing fake emails from reaching inboxes. The study shows that nearly four in five inboxes (80%) – that’s 5.34 billion globally – perform DMARC checks on inbound email, and nearly 740,000 domains now use DMARC.

However, enforcement rates with DMARC continue to hover around 20% in most industries, mostly because the solution is difficult to configure and maintain for large enterprises. For that reason, many domain owners have turned to third-party DMARC vendors to implement the solution for them, according to Valimail.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like