Orca Security raises $210M Series C at a unicorn valuation

Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.

If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.

Orca Security co-founders Gil Geron (left) and Avi Shua (right). Image Credits: Orca Security

As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.

“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”

Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.

“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”

It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”

Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.

“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”

As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.

“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

ServiceNow takes RPA plunge by acquiring India-based startup Intellibot

ServiceNow became the latest company to take the robotic process automation (RPA) plunge when it announced it was acquiring Intellibot, an RPA startup based in Hyderabad, India. The companies did not reveal the purchase price.

The purchase comes at a time where companies are looking to automate workflows across the organization. RPA provides a way to automate a set of legacy processes, which often involve humans dealing with mundane repetitive work.

The announcement comes on the heels of the company’s no-code workflow announcements earlier this month and is part of the company’s broader workflow strategy, according to Josh Kahn, SVP of Creator Workflow Products at ServiceNow.

“RPA enhances ServiceNow’s current automation capabilities including low code tools, workflow, playbooks, integrations with over 150 out of the box connectors, machine learning, process mining and predictive analytics,” Khan explained. He says that the company can now bring RPA natively to the platform with this acquisition, yet still use RPA bots from other vendors if that’s what the customer requires.

“ServiceNow customers can build workflows that incorporate bots from the pure play RPA vendors such as Automation Anywhere, UiPath and Blue Prism, and we will continue to partner with those companies. There will be many instances where customers want to use our native RPA capabilities alongside those from our partners as they build intelligent, end-to-end automation workflows on the Now Platform,” Khan explained.

The company is making this purchase as other enterprise vendors enter the RPA market. SAP announced a new RPA tool at the end of December and acquired process automation startup Signavio in January. Meanwhile Microsoft announced a free RPA tool earlier this month, as the space is clearly getting the attention of these larger vendors.

ServiceNow has been on a buying spree over the last year or so buying five companies including Element AI, Loom Systems, Passage AI and Sweagle. Khan says the acquisitions are all in the service of helping companies create automation across the organization.

“As we bring all of these technologies into the Now Platform, we will accelerate our ability to automate more and more sophisticated use cases. Things like better handling of unstructured data from documents such as written forms, emails and PDFs, and more resilient automations such as larger data sets and non-routine tasks,” Khan said.

Intellibot was founded in 2015 and will provide the added bonus of giving ServiceNow a stronger foothold in India. The companies expect to close the deal no later than June.


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Ghana’s Redbird raises $1.5M seed to expand access to rapid medical testing in sub-Saharan Africa

For patients and healthcare professionals to properly track and manage illnesses especially chronic ones, healthcare needs to be decentralized. It also needs to be more convenient, with a patient’s health information able to follow them wherever they go.

Redbird, a Ghanaian healthtech startup that allows easy access to convenient testing and ensures that doctors and patients can view the details of those test results at any time, announced today that it has raised a $1.5 million seed investment.  

Investors who participated in the round include Johnson & Johnson Foundation, Newton Partners (via the Imperial Venture Fund), and Founders Factory Africa. This brings the company’s total amount raised to date to $2.5 million.

The healthtech company was launched in 2018 by Patrick Beattie, Andrew Quao and Edward Grandstaff. As a founding scientist at a medical diagnostics startup in Boston, Beattie’s job was to develop new rapid diagnostic tests. During his time at Accra in 2016, he met Quao, a trained pharmacist in Ghana at a hackathon whereupon talking found out that their interests in medical testing overlapped.

Beattie says to TechCrunch that while he saw many exciting new tests in development in the US, he didn’t see the same in Ghana. Quao, who is familiar with how Ghanaians use pharmacies as their primary healthcare point, felt perturbed that these pharmacies weren’t doing more than transactional purchases.

They both settled that pharmacies in Ghana needed to imbibe the world of medical testing. Although both didn’t have a tech background, they realized technology was necessary to execute this. So, they enlisted the help of Grandstaff to be CTO of Redbird while Beattie and Quao became CEO and COO, respectively.

L-R: Patrick Beattie (CEO), Andrew Quao (COO), and Edward Grandstaff (CTO)

Redbird enables pharmacies in Ghana to add rapid diagnostic testing for 10 different health conditions to their pharmacy services. These tests include anaemia, blood sugar, blood pressure, BMI, cholesterol, Hepatitis B, malaria, typhoid, prostate cancer screening, and pregnancy.  

Also, Redbird provides pharmacies with the necessary equipment, supplies and software to make this possible. The software —  Redbird Health Monitoring — is networked across all partner pharmacies and enables patients to build medical testing records after going through 5-minute medical tests offered through these pharmacies.

Rather than employing a SaaS model that Beattie says is not well appreciated by its customers, Redbird’s revenue model is based on the supply of disposable test strips.

“Pharmacies who partner with Redbird gain access to the software and all the ways Redbird supports our partners for free as long as they purchase the consumables through us. This aligns our revenue with their success, which is aligned with patient usage,” said the CEO.

This model is being used with over over 360 pharmacies in Ghana, mainly in Accra and Kumasi. It was half this number in 2019 which Redbird has since doubled despite the pandemic. These pharmacies have recorded over 125,000 tests in the past three years from more than 35,000 patients registered on the platform.

Redbird will use the seed investment to grow its operations within Ghana and expand to new markets that remain undisclosed.

In 2018, Redbird participated in the Alchemist Accelerator just a few months before launch. It was the second African startup after fellow Ghanaian healthtech startup mPharma to take part in the six-month-long program. The company also got into Founders Factory Africa last year April.

According to Beattie, most of the disease burden Africans might experience in the future will be chronic diseases. For instance, diabetes is projected to grow by 156% over the next 25 years. This is why he sees decentralized, digitized healthcare as the next leapfrog opportunity for sub-Saharan Africa.

“Chronic disease is exploding and with it, patients require much more frequent interaction with the healthcare system. The burden of chronic disease will make a health system that is highly centralized impossible,” he said.Like previous leapfrog events, this momentum is happening all over the world, not just in Africa. Still, the state of the current infrastructure means that healthcare systems here will be forced to innovate and adapt before health systems elsewhere are forced to, and therein lies the opportunity,” he said.

But while the promise of technology and data is exciting, it’s important to realize that healthtech only provides value if it matches patient behaviors and preferences. It doesn’t really matter what amazing improvements you can realize with data if you can’t build the data asset and offer a service that patients actually value.

Beattie knows this all too well and says Redbird respects these preferences. For him, the next course of action will be to play a larger role in the world’s developing ecosystem where healthcare systems build decentralised networks and move closer to the average patient.

This decentralised approach is what attracted U.S. and South African early-stage VC firm Newtown Partners to cut a check. Speaking on behalf of the firm, Llew Claasen, the managing partner, had this to say.

“We’re excited about Redbird’s decentralised business model that enables rapid diagnostic testing at the point of primary care in local community pharmacies. Redbird’s digital health record platform has the potential to drive significant value to the broader healthcare value chain and is a vital step toward improving healthcare outcomes in Africa. We look forward to supporting the team as they prove out their  business model and scale across the African continent.”


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Dataminr raises $475M on a $4.1B valuation for real-time insights based on 100k sources of public data

Significant funding news today for one of the startups making a business out of tapping huge, noisy troves of publicly available data across social media, news sites, undisclosed filings and more. Dataminr, which ingests information from a mix of 100,000 public data sources, and then based on that provides customers real-time insights into ongoing events and new developments, has closed on $475 million in new funding. Dataminr has confirmed that this Series F values the company at $4.1 billion as it gears up for an IPO in 2023.

This Series F is coming from a mix of investors including Eldridge (a firm that owns the LA Dodgers but also makes a bunch of other sports, media, tech and other investments), Valor Equity Partners (the firm behind Tesla and many tech startups), MSD Capital (Michael Dell’s fund), Reinvent Capital (Mark Pincus and Reid Hoffman’s firm), ArrowMark Partners, IVP, Eden Global and investment funds managed by Morgan Stanley Tactical Value, among others.

To put its valuation into some context, the New York-based company last raised money in 2018 at a $1.6 billion valuation. And with this latest round, it has now raised over $1 billion in outside funding, based on PitchBook data. This latest round has been in the works for a while and was rumored last week at a lower valuation than what Dataminr ultimately got.

The funding is coming at a critical moment, both for the company and for the world at large.

In terms of the company, Dataminr has been seeing a huge surge of business.

Ted Bailey, the founder and CEO, said in an interview that it will be using the money to continue growing its business in existing areas: adding more corporate customers, expanding in international sales and expanding its AI platform as it gears up for an IPO, most likely in 2023. In addition to being used journalists and newsrooms, NGOs and other public organizations, its corporate business today, Bailey said, includes half of the Fortune 50 and a number of large public sector organizations. Over the last year that large enterprise segment of its customers doubled in revenue growth.

“Whether it’s for physical safety, reputation risk or crisis management, or business intelligence or cybersecurity, we’re providing critical insights on a daily basis,” he said. “All of the events of the recent year have created a sense of urgency, and demand has really surged.”

Activity on the many platforms that Dataminr taps to ingest information has been on the rise for years, but it has grown exponentially in the last year especially as more people spend more time at home and online and away from physically interacting with each other: that means more data for Dataminr to crawl, but also, quite possibly, more at stake for all of us as a result: there is so much more out there than before, and as a result so much more to be gleaned out of that information.

That also means that the wider context of Dataminr’s growth is not quite so clear cut.

The company’s data tools have indeed usefully helped first responders react in crisis situations, feeding them data faster than even their own channels might do; and it provides a number of useful, market-impacting insights to businesses.

But Dataminr’s role in helping its customers — which include policing forces — connect the dots on certain issues has not always been seen as a positive. One controversial accusation made last year was that Dataminr data was being used by police for racial profiling. In years past, it has been barred by specific partners like Twitter from sharing data with intelligence agencies. Twitter used to be a 5% shareholder in the company. Bailey confirmed to me that it no longer is but remains a key partner for data. I’ve contacted Twitter to see if I can get more detail on this and will update the story if and when I learn more. Twitter made $509 million in revenues from services like data licensing in 2020, up by about $45 million on the year before.

In defense of Dataminr, Bailey that the negative spins on what it does result from “misperceptions,” since it can’t track people or do anything proactive. “We deliver alerts on events and it’s [about] a time advantage,” he said, likening it to the Associated Press, but “just earlier.”

“The product can’t be used for surveillance,” Bailey added. “It is prohibited.”

Of course, in the ongoing debate about surveillance, it’s more about how Dataminr’s customers might ultimately use the data that they get through Dataminr’s tools, so the criticism is more about what it might enable rather than what it does directly.

Despite some of those persistent questions about the ethics of AI and other tools and how they are implemented by end users, backers are bullish on the opportunities for Dataminr to continue growing.

Eden Global Partners served as strategic partner for the Series F capital round.


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Customer data platform ActionIQ extends its latest funding round to $100M

ActionIQ, which helps companies use their customer data to deliver personalized experiences, is announcing that it has extended its Series C funding, bringing the round to a total size of $100 million.

That number includes the $32 million that ActionIQ announced in January of last year. Founder and CEO Tasso Argyros said the company is framing this as an extension rather than a separate round because it comes from existing investors — including March Capital — and because ActionIQ still has most of that $32 million in the bank.

Argyros told me that there were two connected reasons to raise additional money now. For one thing, ActionIQ has seen 100% year-over-year revenue growth, allowing it to increase its valuation by more than 250%. (The company isn’t not disclosing the actual valuation.) That growth has also meant that ActionIQ is getting “a lot more ambitious” in its plans for product development and customer growth.

“We raised more money because we can, and because we need to,” Argyros said.

The company continues to develop the core platform, for example by introducing more support for real-time data and analysis. But Argyros suggested that the biggest change has been in the broader market for customer data platforms, with companies like Morgan Stanley, The Hartford, Albertsons, JCPenney and GoPro signing on with ActionIQ in the past year.

Some of these enterprises, he said, “normally would not work with a cutting-edge technology company like us, but because of the pandemic, they’re willing to take some risk and really invest in their customer base and their customer experience.”

Argyros also argued that as regulators and large platforms restrict the ways that businesses can buy and sell third-party data, platforms like ActionIQ, focusing on the first-party data that companies collect for their own use, will become increasingly important. And he said that ActionIQ’s growth comes as the big marketing clouds have “failed” — either announcing products that have yet to launch or launching products that don’t match ActionIQ’s capabilities.

Companies that were already using ActionIQ include The New York Times. In fact, the funding announcement includes a statement from The Times’ senior vices president of data and insights Shane Murray declaring that the newspaper is using ActionIQ to deliver “hundreds of billions of personalized customer experiences” across “mail, in-app, site, and paid media.”

ActionIQ has now raised around $145 million total, according to Crunchbase.


Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

RedTorch Formed from Ashes of Norse Corp.

Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

A snapshot of Norse’s semi-live attack map, circa Jan. 2016.

Norse’s attack map was everywhere for several years, and even became a common sight in the “brains” of corporate security operations centers worldwide. Even if the data that fueled the maps was not particularly useful, the images never failed to enthrall visitors viewing them on room-sized screens.

“In the tech-heavy, geek-speak world of cybersecurity, these sorts of infographics and maps are popular because they promise to make complicated and boring subjects accessible and sexy,” I wrote in a January 2016 story about Norse’s implosion. “And Norse’s much-vaunted interactive attack map was indeed some serious eye candy: It purported to track the source and destination of countless Internet attacks in near real-time, and showed what appeared to be multicolored fireballs continuously arcing across the globe.”

That story showed the core Norse team had a history of ambitious but ultimately failed or re-branded companies. One company proclaimed it was poised to spawn a network of cyber-related firms, but instead ended up selling cigarettes online. That company, which later came under investigation by state regulators concerned about underage smokers, later rebranded to another start-up that tried to be an online copyright cop.

Flushed with venture capital funding in 2012, Norse’s founders started hiring dozens of talented cybersecurity professionals. By 2014 it was throwing lavish parties at top  Internet security conferences. It spent quite a bit of money on marketing gimmicks and costly advertising stunts, burning through millions in investment funding. In 2016, financial reality once again would catch up with the company’s leadership when Norse abruptly ceased operations and was forced to lay off most of its staff.

Now the top executives behind Norse Corp. are working on a new venture: A corporate security and investigations company called RedTorch that’s based in Woodland Hills, Calif, the home of many Hollywood celebrities.

RedTorch’s website currently displays a “We’re coming soon” placeholder page. But a version of the site that ran for two years beginning in 2018 explained what clients can expect from the company’s services:

  • “Frigg Mobile Intelligence,” for helping celebrities and other wealthy clients do background checks on the people in their lives;
  • “Cheetah Counter Surveillance” tools/services to help deter others from being able to spy on clients electronically;
  • A “Centurion Research” tool for documenting said snooping on others.

An ad for RedTorch’s “Cheetah” counter-surveillance tech. The Guy Fawkes mask/Anonymous threat featured prominently and often on RedTorch’s website.

The closest thing to eye candy for RedTorch is its Cheetah Counter Surveillance product line, a suite of hardware and software meant to be integrated into other security products which — according to RedTorch — constantly sweeps the client’s network and physical office space with proprietary technology designed to detect remote listening bugs and other spying devices.

Frigg, another core RedTorch offering, is…well, friggin’ spooky:

“Frigg is the easiest way to do a full background check and behavioral analysis on people,” the product pitch reads. “Frigg not only shows background checks, but social profiles and a person’s entire internet footprint, too. This allows one to evaluate a person’s moral fiber and ethics. Frigg employs machine learning and analytics on all known data from a subject’s footprint, delivering instant insight so you can make safer decisions, instantly.”

The background checking service from RedTorch, called Frigg, says it’s building “one of the world’s largest facial recognition databases and a very accurate facial recognition match standard.”

Frigg promises to include “elements that stems [sic] from major data hacks of known systems like Ashley Madison, LinkedIn, Dropbox, Fling.com, AdultFriendFinder and hundreds more. Victims of those breaches lost a lot of private data including passwords, and Frigg will help them secure their private data in the future. The matching that is shown will use email, phone and full name correlation.”

From the rest of Frigg:

Frigg references sanction lists such as OFAC, INTERPOL wanted persons, and many more international and domestic lists. Known locations results are based on social media profiles and metadata where, for example, there was an image posted that showed GPS location, or the profile mentions locations among its comments.

Frigg provides the option of continuous monitoring on searched background reports. Notification will be sent or shown once an important update or change has been detected

The flagship version of Frigg will allow a user to upload a picture of a face and get a full background check instantly. RedTorch is working to develop one of the world’s largest facial recognition databases and a very accurate facial recognition match standard.

WHO IS REDTORCH?

The co-founders of Norse Networks, “Mr. White” (left) Norse Corp. co-founder and RedTorch CEO Henry Marx;, and “Mr. Grey,” CTO and Norse Corp. co-founder Tommy Stiansen.

RedTorch claims it is building a huge facial recognition database, so it’s perhaps no surprise that its founders prefer to obscure theirs. The contact email on RedTorch says henry @redtorch dot com. That address belongs to RedTorch Inc. CEO Henry Marx, a former music industry executive and co-founder of Norse Networks.

Marx did not respond to requests for comment. Nor did any of the other former Norse Corp. executives mentioned throughout this story. So I should emphasize that it’s not even clear whether the above-mentioned products and services from RedTorch actually exist.

One executive at Red Torch told this author privately that the company had plenty of high-paying clients, although that person declined to be more specific about what RedTorch might do for those clients or why the company’s site was currently in transition.

Now a cadre of former Norse Corp. employees who have been tracking the company’s past executives say they’ve peered through the playful subterfuge in the anonymous corporate identities on the archived RedTorch website.

Marx appears to be the “Mr. White” referenced in the screenshot above, taken from an archived Aug. 2020 version of RedTorch.com. He is wearing a Guy Fawkes mask, a symbol favored by the Anonymous hacker collective, the doomed man behind the failed Gunpowder plot of 1604 in England, and by possibly the most annoying costumes that darken your front door each Halloween.

Mr. White says he has “over 30 years in the entertainment industry; built numerous brands and controlled several areas of the entertainment business side,” and that he’s “accomplished over 200 million sold artist performances.”

Pictured beside Mr. White is RedTorch’s co-founder, “Mr. Grey.” Norse watchers say that would be Tommy Stiansen, the Norwegian former co-founder of Norse Corp. whose LinkedIn profile says is now chief technology officer at RedTorch. One of his earliest companies provided “operational billing solutions for telecom networks.”

“Extensive experience from Telecom industry as executive and engineer,” reads Mr. Grey’s profile at RedTorch. “Decades of Cyber security experience, entrepreneurship and growing companies; from single employee to hundreds of employees. Been active on computers since 7 years old, back in mid-80’s and have pioneered many facets of the internet and cyber security market we know today. Extensive government work experience from working with federal governments.”

Stiansen’s leadership at Norse coincided with the company’s release of a report in 2014 on Iran’s cyber prowess that was widely trounced as deeply flawed and headline-grabbing. Norse’s critics said the company’s founders had gone from selling smokes to selling smoke and mirrors.

In its report, Norse said it saw a half-million attacks on industrial control systems by Iran in the previous 24 months — a 115 percent increase in attacks! But there was just one problem: The spike in attacks Norse cited weren’t real attacks against actual industrial targets. Rather, they were against “honeypot” systems set up by Norse to mimic a broad range of devices online.

Translation: The threats Norse warned about weren’t actionable, and weren’t anything that people could use to learn about actual attack events hitting sensitive control system networks.

In a scathing analysis of Norse’s findings, critical infrastructure security expert Robert M. Lee said Norse’s claim of industrial control systems being attacked and implying it was definitively the Iranian government was disingenuous at best. Lee had obtained an advanced copy of a draft version of the Norse report that was shared with unclassified government and private industry channels, and said the data in the report simply did not support its conclusions.

Around the same time, Stiansen was reportedly telling counterparts at competing security firms that Norse had data showing that the Sony Pictures hack in November 2014 — in which Sony’s internal files and emails were published online — was in fact the work of a disgruntled insider at Sony.

Norse’s crack team of intelligence analysts had concluded that the FBI and other intelligence sources were wrong in publicly blaming the massive breach on North Korean hackers. But Norse never published that report, nor did it produce any data that might support their insider claim in the Sony hack.

Last month, the U.S. Justice Department unsealed indictments against three North Korean hackers accused of plundering and pillaging Sony Pictures, launching the WannaCry ransomware contagion of 2017, and stealing more than $200 million from banks and other victims worldwide.

Norse’s conclusions on Iran and Sony were supported by Tyson Yee, a former Army intelligence analyst who worked at Norse from 2012 to Jan. 2016. Yee is listed on LinkedIn as director of intelligence at RedTorch, and his LinkedIn profile says his work prior to RedTorch in Nov. 2018 was for two years as a “senior skunk works analyst” at an unnamed employer.

Camunda snares $98M Series B as process automation continues to flourish

It’s clear that automated workflow tooling has become increasingly important for companies. Perhaps that explains why Camunda, a Berlin startup that makes open source process automation software, announced an €82 million Series B today. That translates into approximately $98 million U.S.

Insight Partners led the round with help from A round investor Highland Europe. When combined with the $28 million A investment from December 2018, it brings the total raised to approximately $126 million.

What’s attracting this level of investment says Jakob Freund, co-founder and CEO at Camunda is the company is solving a problem that goes beyond pure automation. “There’s a bigger thing going on which you could call end-to-end automation or end-to-end orchestration of endpoints, which can be RPA bots, for example, but also micro services and manual work [by humans],” he said.

He added, “Camunda has become this endpoint agnostic orchestration layer that sits on top of everything else.” That means that it provides the ability to orchestrate how the automation pieces work in conjunction with one another to create this full workflow across a company.

The company has 270 employees and approximately 400 customers at this point including Goldman Sachs, Lufthansa, Universal Music Group, and Orange. Matt Gatto, managing director at Insight Partners sees a tremendous market opportunity for the company and that’s why his firm came in with such a big investment.

“Camunda’s success demonstrates how an open, standards-based, developer-friendly platform for end-to-end process automation can increase business agility and improve customer experiences, helping organizations truly transform to a digital enterprise,” Gatto said in a statement.

Camunda is not your typical startup. Its history actually dates back to 2008 as a business process management (BPM) consulting firm. It began the Camunda open source project in 2013, and that was the start of pivoting to become an open source software company with a commercial component built on top of that.

It took the funding at the end of 2018 because the market was beginning to catch up with the idea, and they wanted to build on that. It’s going so well that company reports it’s cash-flow positive, and will use the additional funding to continue accelerating the business.

No-code business intelligence service y42 raises $2.9M seed round

Berlin-based y42 (formerly known as Datos Intelligence), a data warehouse-centric business intelligence service that promises to give businesses access to an enterprise-level data stack that’s as simple to use as a spreadsheet, today announced that it has raised a $2.9 million seed funding round led by La Famiglia VC. Additional investors include the co-founders of Foodspring, Personio and Petlab.

The service, which was founded in 2020, integrates with over 100 data sources, covering all the standard B2B SaaS tools from Airtable to Shopify and Zendesk, as well as database services like Google’s BigQuery. Users can then transform and visualize this data, orchestrate their data pipelines and trigger automated workflows based on this data (think sending Slack notifications when revenue drops or emailing customers based on your own custom criteria).

Like similar startups, y42 extends the idea data warehouse, which was traditionally used for analytics, and helps businesses operationalize this data. At the core of the service is a lot of open source and the company, for example, contributes to GitLabs’ Meltano platform for building data pipelines.

y42 founder and CEO Hung Dang

y42 founder and CEO Hung Dang.

“We’re taking the best of breed open-source software. What we really want to accomplish is to create a tool that is so easy to understand and that enables everyone to work with their data effectively,” Y42 founder and CEO Hung Dang told me. “We’re extremely UX obsessed and I would describe us as no-code/low-code BI tool — but with the power of an enterprise-level data stack and the simplicity of Google Sheets.”

Before y42, Vietnam-born Dang co-founded a major events company that operated in over 10 countries and made millions in revenue (but with very thin margins), all while finishing up his studies with a focus on business analytics. And that in turn led him to also found a second company that focused on B2B data analytics.

Image Credits: y42

Even while building his events company, he noted, he was always very product- and data-driven. “I was implementing data pipelines to collect customer feedback and merge it with operational data — and it was really a big pain at that time,” he said. “I was using tools like Tableau and Alteryx, and it was really hard to glue them together — and they were quite expensive. So out of that frustration, I decided to develop an internal tool that was actually quite usable and in 2016, I decided to turn it into an actual company. ”

He then sold this company to a major publicly listed German company. An NDA prevents him from talking about the details of this transaction, but maybe you can draw some conclusions from the fact that he spent time at Eventim before founding y42.

Given his background, it’s maybe no surprise that y42’s focus is on making life easier for data engineers and, at the same time, putting the power of these platforms in the hands of business analysts. Dang noted that y42 typically provides some consulting work when it onboards new clients, but that’s mostly to give them a head start. Given the no-code/low-code nature of the product, most analysts are able to get started pretty quickly  — and for more complex queries, customers can opt to drop down from the graphical interface to y42’s low-code level and write queries in the service’s SQL dialect.

The service itself runs on Google Cloud and the 25-people team manages about 50,000 jobs per day for its clients. the company’s customers include the likes of LifeMD, Petlab and Everdrop.

Until raising this round, Dang self-funded the company and had also raised some money from angel investors. But La Famiglia felt like the right fit for y42, especially due to its focus on connecting startups with more traditional enterprise companies.

“When we first saw the product demo, it struck us how on top of analytical excellence, a lot of product development has gone into the y42 platform,” said Judith Dada, General Partner at LaFamiglia VC. “More and more work with data today means that data silos within organizations multiply, resulting in chaos or incorrect data. y42 is a powerful single source of truth for data experts and non-data experts alike. As former data scientists and analysts, we wish that we had y42 capabilities back then.”

Dang tells me he could have raised more but decided that he didn’t want to dilute the team’s stake too much at this point. “It’s a small round, but this round forces us to set up the right structure. For the series, A, which we plan to be towards the end of this year, we’re talking about a dimension which is 10x,” he told me.

The Good, the Bad and the Ugly in Cybersecurity – Week 12

The Good

This week’s good news is a string of convictions displaying law enforcement and the legal system’s determination to fight cybercrime. A Cypriot national who hacked major websites as a teenager and threatened to release the stolen user information unless the websites paid a ransom has been sentenced to federal prison. Joshua Polloso Epifaniou hacked several sites of US companies between October 2014 and November 2016 while living with his mother in Cyprus.

In another case, a Nebraska Man was sentenced to 21 months in prison for stealing and selling data from his employer. Timothy Young, 50, of Moorefield, Nebraska, worked at a data analytics and risk assessment firm based in New Jersey. He obtained confidential, non-public information such as names, login names, passwords, email addresses, and telephone numbers belonging to some of the company’s clients. Young was sentenced to three years of supervised release and was ordered to pay restitution of $296,370.

Graham Ivan Clark was behind a headline-hitting hack on Twitter last summer. He has taken a plea deal with prosecutors that will see him serve three years in prison, followed by three years probation.

Graham, who orchestrated the hack of famous Twitter accounts including President Joe Biden, former President Barack Obama, Elon Musk, Kanye West, Bill Gates, Jeff Bezos and others, was only 17 at the time of the offense. Consequently, he was sentenced as a “youthful offender” and avoided the minimum 10-year sentence that would have applied if he’d been convicted as an adult.

The Bad

Cyber criminals have been targeting healthcare facilities again this past week, and with fury. Australia’s Eastern Health, the operator of four hospitals in Melbourne, was the victim of a cyber attack that took some of its IT systems offline and forced it to postpone all elective surgeries. The nature of the attack is unclear, but actors targeting healthcare facilities are typically looking to extort victims via ransomware.

Eastern Health stated that “Patient safety has not been compromised”.


The healthcare sector is not the only part of our public infrastructure under attack. The targeting of higher education institutions, K-12 schools and seminaries in 12 US states and the UK has prompted the FBI to issue an alert to the education sector about a ransomware variant called Pysa (also known as Mespinoza).

The variant has been tracked by the FBI since March 2020 and uses an initial penetration vector of either phishing emails or RDP endpoints hijacked via compromised credentials.

Open source Advanced Port Scanners and IP Scanners are then used for network reconnaissance, before more open source tools such as PowerShell and Mimikatz are utilized to upload additional malware, grab passwords and exfiltrate sensitive information to cloud storage site Mega.nz. Pysa also seeks to disable legacy anti-virus capabilities on the victim’s network before deploying the ransomware, the FBI warned.

The Ugly

Election fraud is something we’ve all been worried about in recent times, but this week electronic vote rigging took a highly unexpected turn. As Hollywood has taught generations of parents and kids, the high school prom is an emotional event in every American teenager’s life. One of the most important aspects of this is the homecoming queen selection ritual. The movies depict how the process of selecting “the most popular girl” can often turn into a beauty contest that gets rather ugly. Now in real life it seems that it has prompted some anxious parent or teen to go so far as committing cyber crimes. A Florida high school conducted online voting to select the winning queen last October, but later found out that 117 votes came from the same IP address within a short period of time.

The fake votes were cast by abusing a system called FOCUS, which houses a wide range of confidential student information, including grades, medical history, test scores, attendance and disciplinary records.

It appears that the winning teen’s mom was a Faculty member in the school’s district and had access to the system. Allegedly, the mother or daughter used this access to obtain over a hundred pupil credentials and use those to cast votes in favor of the daughter. The pair were arrested and charged with fraudulently accessing confidential student information, according to the Florida Department of Law Enforcement.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Fetcher raises $6.5M to automate parts of the recruiting process

Fetcher, a startup that promises to make the recruiting process easier while also diversifying the candidate pool, is announcing that it has raised $6.5 million in Series A funding.

Originally known as Scout, the New York startup was founded by CEO Andres Blank, CPO Chris Calmeyn and engineering directors Javier Castiarena and Santi Aimetta.

Blank told me that Fetcher automates parts of recruiters’ jobs, namely finding job candidates and sending the initial outreach emails. When I wondered whether that just leads to more spammy recruiting messages, he said that Fetcher emails actually result in “a very good response rate” because they’re targeted at the right candidates.

“The reality is that if you’re looking for a job, you don’t need an email to be so amazing, and if you’re a recruiter, you don’t want to spend 10 minutes thinking about what to write to each candidate,” he said.

He also described Fetcher’s approach as a “human in the loop” approach. Yes, the initial outreach is automated, but then the recruiter handles the conversations with candidates who respond.

Fetcher screenshot

Image Credits: Fetcher

“By automating both the sourcing [and] outreach sides of recruiting, Fetcher reduces the amount of time a recruiter spends in front of a computer searching for candidates, making a recruiter’s job more balanced, strategic and impactful, all while continuing to build a robust, diverse pipeline for the company,” Blank wrote in a follow-up email.

He also suggested that automated sourcing allows recruiters to reach a much more diverse candidate pool than they would through traditional methods. For example, he sent me a case study in which Fetcher helped video collaboration startup Frame.io hire 11 new employees in less than 12 months, nine of whom were women and/or underrepresented minorities.

“Fetcher has freed up time and given us the capacity to diversify our pipeline more organically,” said Anna Chalon, Frame.io’s senior director of talent and diversity, equity and inclusion, in a statement. “This has allowed us to make some incredible hires, mostly from underrepresented groups, over the last year.”

Blank added that after Fetcher has seen its revenue increase every month since July of last year, owing to shrinking recruiting teams needing to be able to do more with fewer resources, as well as a greater corporate focus on the aforementioned diversity, equity and inclusion.

Fetcher has now raised a total of $12 million. The Series A was led by G20 Ventures, with participation from KFund, Slow Ventures and Accomplice. Blank said he’s planning to double the employee count (currently 80) by the end of the year and to build out additional analytics (including diversity analytics) and CRM tools.