ScyllaDB takes on Amazon with new DynamoDB migration tool

There are a lot of open source databases out there, and ScyllaDB, a NoSQL variety, is looking to differentiate itself by attracting none other than Amazon users. Today, it announced a DynamoDB migration tool to help Amazon customers move to its product.

It’s a bold move, but Scylla, which has a free open source product along with paid versions, has always had a penchant for going after bigger players. It has had a tool to help move Cassandra users to ScyllaDB for some time.

CEO Dor Laor says DynamoDB customers can now also migrate existing code with little modification. “If you’re using DynamoDB today, you will still be using the same drivers and the same client code. In fact, you don’t need to modify your client code one bit. You just need to redirect access to a different IP address running Scylla,” Laor told TechCrunch.

He says that the reason customers would want to switch to Scylla is because it offers a faster and cheaper experience by utilizing the hardware more efficiently. That means companies can run the same workloads on fewer machines, and do it faster, which ultimately should translate to lower costs.

The company also announced a $25 million Series C extension led by Eight Roads Ventures. Existing investors Bessemer Venture Partners, Magma Venture Partners, Qualcomm Ventures and TLV Partners also participated. Scylla has raised a total of $60 million, according to the company.

The startup has been around for 6 years and customers include Comcast, GE, IBM and Samsung. Laor says that Comcast went from running Cassandra on 400 machines to running the same workloads with Scylla on just 60.

Laor is playing the long game in the database market, and it’s not about taking on Cassandra, DynamoDB or any other individual product. “Our main goal is to be the default NoSQL database where if someone has big data, real-time workloads, they’ll think about us first, and we will become the default.”

Explorium reveals $19.1M in total funding for machine learning data discovery platform

Explorium, a data discovery platform for machine learning models, received a couple of unannounced funding rounds over the last year — a $3.6 million seed round last September and a $15.5 million Series A round in March. Today, it made both of these rounds public.

The seed round was led by Emerge with participation of F2 Capital. The Series A was led by Zeev Ventures with participation from the seed investors. The total raised is $19.1 million.

The company founders, who have a data science background, found that it was problematic to find the right data to build a machine learning model. Like most good startup founders confronted with a problem, they decided to solve it themselves by building a data discovery platform for data scientists.

CEO and co-founder, Maor Shlomo says that the company wanted to focus on the quality of the data because not much work has been done there. “A lot of work has been invested on the algorithmic part of machine learning, but the algorithms themselves have very much become commodities. The challenge now is really finding the right data to feed into those algorithms,” Sholmo told TechCrunch.

It’s a hard problem to solve, so they built a kind of search engine that can go out and find the best data wherever it happens to live, whether it’s internally or in an open data set, public data or premium databases. The company has partnered with thousands of data sources, according to Schlomo, to help data scientist customers find the best data for their particular model.

“We developed a new type of search engine that’s capable of looking at the customers data, connecting and enriching it with literally thousands of data sources, while automatically selecting what are the best pieces of data, and what are the best variables or features, which could actually generate the best performing machine learning model,” he explained.

Shlomo sees a big role for partnerships, whether that involves data sources or consulting firms, who can help push Explorium into more companies.

Explorium has 63 employees spread across offices in Tel Aviv, Kiev and San Francisco. It’s still early days, but Sholmo reports “tens of customers.” As more customers try to bring data science to their companies, especially with a shortage of data scientists, having a tool like Explorium could help fill that gap.

Kubernetes co-founder Craig McLuckie is as tired of talking about Kubernetes as you are

“I’m so tired of talking about Kubernetes . I want to talk about something else,” joked Kubernetes co-founder and VP of R&D at VMware Craig McLuckie during a keynote interview at this week’s Cloud Foundry Summit in The Hague. “I feel like that 80s band that had like one hit song — Cherry Pie.”

He doesn’t quite mean it that way, of course (though it makes for a good headline, see above), but the underlying theme of the conversation he had with Cloud Foundry executive director Abby Kearns was that infrastructure should be boring and fade into the background, while enabling developers to do their best work.

“We still have a lot of work to do as an industry to make the infrastructure technology fade into the background and bring forwards the technologies that developers interface with, that enable them to develop the code that drives the business, etc. […] Let’s make that infrastructure technology really, really boring.”

IMG 20190911 115940

What McLuckie wants to talk about is developer experience and with VMware’s intent to acquire Pivotal, it’s placing a strong bet on Cloud Foundry as one of the premiere development platforms for cloud native applications. For the longest time, the Cloud Foundry and Kubernetes ecosystem, which both share an organizational parent in the Linux Foundation, have been getting closer, but that move has accelerated in recent months as the Cloud Foundry ecosystem has finished work on some of its Kubernetes integrations.

McLuckie argues that the Cloud Native Computing Foundation, the home of Kubernetes and other cloud-native, open-source projects, was always meant to be a kind of open-ended organization that focuses on driving innovation. And that created a large set of technologies that vendors can choose from.

“But when you start to assemble that, I tend to think about you building up this cake which is your development stack, you discover that some of those layers of the cake, like Kubernetes, have a really good bake. They are done to perfection,” said McLuckie, who is clearly a fan of the Great British Baking show. “And other layers, you look at it and you think, wow, that could use a little more bake, it’s not quite ready yet. […] And we haven’t done a great job of pulling it all together and providing a recipe that delivers an entirely consumable experience for everyday developers.”

EEK3PG1W4AAaasp

He argues that Cloud Foundry, on the other hand, has always focused on building that highly opinionated, consistent developer experience. “Bringing those two communities together, I think, is going to have incredibly powerful results for both communities as we start to bring these technologies together,” he said.

With the Pivotal acquisition still in the works, McLuckie didn’t really comment on what exactly this means for the path forward for Cloud Foundry and Kubernetes (which he still talked about with a lot of energy, despite being tired of it). But it’s clear that he’s looking to Cloud Foundry to enable that developer experience on top of Kubernetes that abstracts all of the infrastructure away for developers and makes deploying an application a matter of a single CLI command.

Bonus: Cherry Pie.

Patch Tuesday, September 2019 Edition

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Two of the bugs quashed in this month’s patch batch (CVE-2019-1214 and CVE-2019-1215) involve vulnerabilities in all supported versions of Windows that have already been exploited in the wild. Both are known as “privilege escalation” flaws in that they allow an attacker to assume the all-powerful administrator status on a targeted system. Exploits for these types of weaknesses are often deployed along with other attacks that don’t require administrative rights.

September also marks the fourth time this year Microsoft has fixed critical bugs in its Remote Desktop Protocol (RDP) feature, with four critical flaws being patched in the service. According to security vendor Qualys, these Remote Desktop flaws were discovered in a code review by Microsoft, and in order to exploit them an attacker would have to trick a user into connecting to a malicious or hacked RDP server.

Microsoft also fixed another critical vulnerability in the way Windows handles link files ending in “.lnk” that could be used to launch malware on a vulnerable system if a user were to open a removable drive or access a shared folder with a booby-trapped .lnk file on it.

Shortcut files — or those ending in the “.lnk” extension — are Windows files that link easy-to-recognize icons to specific executable programs, and are typically placed on the user’s Desktop or Start Menu. It’s perhaps worth noting that poisoned .lnk files were one of the four known exploits bundled with Stuxnet, a multi-million dollar cyber weapon that American and Israeli intelligence services used to derail Iran’s nuclear enrichment plans roughly a decade ago.

In last month’s Microsoft patch dispatch, I ruefully lamented the utter hose job inflicted on my Windows 10 system by the July round of security updates from Redmond. Many readers responded by saying one or another updates released by Microsoft in August similarly caused reboot loops or issues with Windows repeatedly crashing.

As there do not appear to be any patch-now-or-be-compromised-tomorrow flaws in the September patch rollup, it’s probably safe to say most Windows end-users would benefit from waiting a few days to apply these fixes. 

Very often fixes released on Patch Tuesday have glitches that cause problems for an indeterminate number of Windows systems. When this happens, Microsoft then patches their patches to minimize the same problems for users who haven’t yet applied the updates, but it sometimes takes a few days for Redmond to iron out the kinks.

The trouble is, Windows 10 by default will install patches and reboot your computer whenever it likes. Here’s a tutorial on how to undo that. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

Most importantly, please have some kind of system for backing up your files before applying any updates. You can use third-party software to do this, or just rely on the options built into Windows 10. At some level, it doesn’t matter. Just make sure you’re backing up your files, preferably following the 3-2-1 backup rule.

Finally, Adobe fixed two critical bugs in its Flash Player browser plugin, which is bundled in Microsoft’s IE/Edge and Chrome (although now hobbled by default in Chrome). Firefox forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Unlike many stories here about cloud service providers being extorted by hackers for ransomware payouts, this snafu appears to have been something of an inside job. Nevertheless, it is a story worth telling, in part because much of the media coverage of this incident so far has been somewhat disjointed, but also because it should serve as a warning to other payroll providers about how quickly and massively things can go wrong when a trusted partner unexpectedly turns rogue.

Clifton Park, NY-based MyPayrollHR — a subsidiary of ValueWise Corp. — disclosed last week in a rather unceremonious message to some 4,000 clients that it would be shutting its virtual doors and that companies which relied upon it to process payroll payments should kindly look elsewhere for such services going forward.

This communique came after employees at companies that depend on MyPayrollHR to receive direct deposits of their bi-weekly payroll payments discovered their bank accounts were instead debited for the amounts they would normally expect to accrue in a given pay period.

To make matters worse, many of those employees found their accounts had been dinged for two payroll periods — a month’s worth of wages — leaving their bank accounts dangerously in the red.

The remainder of this post is a deep-dive into what we know so far about what transpired, and how such an occurrence might be prevented in the future for other payroll processing firms.

A $26 MILLION TEXT FILE

To understand what’s at stake here requires a basic primer on how most of us get paid, which is a surprisingly convoluted process. In a typical scenario, our employer works with at least one third party company to make sure that on every other Friday what we’re owed gets deposited into our bank account.

The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.

According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.

From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.

But according to Cachet, something odd happened with the instructions file MyPayrollHR submitted on the afternoon of Wednesday, Sept. 4 that had never before transpired: MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR.

The total amount of this mass payroll deposit was approximately $26 million. Wendy Slavkin, general counsel for Cachet, told KrebsOnSecurity that her client then inquired with Pioneer Savings about the wayward deposit and was told MyPayrollHR’s bank account had been frozen.

Nevertheless, the payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made.

REVERSING THE REVERSAL

In response, Cachet submitted a request to reverse that transaction. But according to Slavkin, that initial reversal request was improperly formatted, and so Cachet soon after submitted a correctly coded reversal request.

Financial institutions are supposed to ignore or reject payment instructions that don’t comport with precise formatting required by the National Automated Clearinghouse Association (NACHA), the not-for-profit organization that provides the backbone for the electronic movement of money in the United States. But Slavkin said a number of financial institutions ended up processing both reversal requests, meaning a fair number of employees at companies that use MyPayrollHR suddenly saw a month’s worth of payroll payments withdrawn from their bank accounts.

Dan L’Abbe, CEO of the San Francisco-based consultancy Granite Solutions Groupe, said the mix-up has been massively disruptive for his 250 employees.

“This caused a lot of chaos for employers, but employees were the ones really affected,” L’Abbe said. “This is all very unusual because we don’t even have the ability to take money out of our employee accounts.”

Slavkin said Cachet managed to reach the CEO of MyPayrollHR — Michael T. Mann — via phone on the evening of Sept. 4, and that Mann said he would would call back in a few minutes. According to Slavkin, Mann never returned the call. Not long after that, MyPayrollHR told clients that it was going out of business and that they should find someone else to handle their payroll.

In short order, many people hit by one or both payroll reversals took to Twitter and Facebook to vent their anger and bewilderment at Cachet and at MyPayrollHR. But Slavkin said Cachet ultimately decided to cancel the previous payment reversals, leaving Cachet on the hook for $26 million.

“What we have since done is reached out to 100+ receiving banks to have them reject both reversals,” Slavkin said. “So most — if not all — employees affected by this will in the next day or two have all their money back.”

THE VANISHING MANN

Cachet has since been in touch with the FBI and with federal prosecutors in New York, and Slavkin said both are now investigating MyPayrollHR and its CEO. On Monday, New York Governor Andrew Cuomo called on the state’s Department of Financial Services to investigate the company’s “sudden and disturbing shutdown.”

A tweet sent Sept. 11 by the FBI’s Albany field office.

The $26 million hit against Cachet wasn’t the only fraud apparently perpetrated by MyPayrollHR and/or its parent firm: According to Slavkin, the now defunct New York company also stiffed National Payment Corporation (NatPay) — the Florida-based firm which handles tax withholdings for MyPayrollHR clients — to the tune of more than $9 million.

In a statement provided to KrebsOnSecurity, NatPay said it was alerted late last week that the bank accounts of MyPayrollHR and one of its affiliated companies were frozen, and that the notification came after payment files were processed.

“NatPay was provided information that MyPayrollHR and Cloud Payroll may have been the victims of fraud committed by their holding company ValueWise, whose CEO and owner is Michael Mann,” NatPay said. “NatPay immediately put in place steps to manage the orderly process of recovering funds [and] has more than sufficient insurance to cover actions of attempted or real fraud.”

Requests for comment from different executives at both MyPayrollHR and its parent firm ValueWise Corp. went unanswered, and the latter’s Web site is now offline. Several erstwhile MyPayrollHR employees reached via LinkedIn said none of them had seen or heard from Mr. Mann in days.

Meanwhile, Granite Solutions Groupe CEO L’Abbe said some of his employees have seen their bank accounts credited back the money that was taken, while others are still waiting for those reversals to come through.

“It varies widely,” L’Abbe said. “Every bank processes differently, and everyone’s relationship with the bank is different. Others have absolutely no money right now and are having a helluva time with their bank believing this is all the result of fraud. Things are starting to settle down now, but a lot of employees are still in limbo with their bank.”

For its part, Cachet Financial says it will be looking at solutions to better detect when and if instructions from clients for funding its settlement accounts suddenly change.

“Our system is excellent at protecting against outside hackers,” Slavkin said. “But when it comes to something like this it takes everyone by complete surprise.”

With its Kubernetes bet paying off, Cloud Foundry doubles down on developer experience

More than 50% of the Fortune 500 companies are now using the open-source Cloud Foundry Platform-as-a-Service project — either directly or through vendors like Pivotal — to build, test and deploy their applications. Like so many other projects, including the likes of OpenStack, Cloud Foundry went through a bit of a transition in recent years as more and more developers started looking to containers — and especially the Kubernetes project — as a platform on which to develop. Now, however, the project is ready to focus on what always differentiated it from its closed- and open-source competitors: the developer experience.

Long before Docker popularized containers for application deployment, though, Cloud Foundry had already bet on containers and written its own orchestration service, for example. With all of the momentum behind Kubernetes, though, it’s no surprise that many in the Cloud Foundry started to look at this new project to replace the existing container technology.

Latest Adobe tool helps marketers work directly with customer journey data

Adobe has a lot going on with Analytics and the Customer Experience Platform, a place to gather data to understand customers better. Today, it announced a new analytics tool that enables employees to work directly with customer journey data to help deliver a better customer experience.

The customer journey involves a lot of different systems, from a company data lake to CRM to point of sale. This tool pulls all of that data together from across multiple systems and various channels and brings it into the data analysis workspace, announced in July.

Nate Smith, group manager for product marketing for Adobe Analytics, says the idea is to give access to this data in a standard way across the organization, whether it’s a data scientist, an analyst with SQL skills or a marketing pro simply looking for insight.

“When you think about organizations that are trying to do omni-channel analysis or trying to get that next channel of data in, they now have the platform to do that, where the data can come in and we standardize it on an academic model,” he said. They then layer this ability to continuously query the data in a visual way to get additional insight they might not have seen.

Adobe screenshot 1

Screenshot: Adobe

Adobe is trying to be as flexible as possible in every step of the process, and openness was a guiding principle here, Smith said. That means that data can come from any source, and users can visualize it using Adobe tools or an external tool like Tableau or Looker. What’s more, they can get data in or out as needed, or even use your their own models, Smith said.

“We recognize that as much as we’d love to have everyone go all in on the Adobe stack, we understand that there is existing significant investment in other tech and that integration and interoperability really needs to happen, as well,” he said.

Ultimately this is about giving marketers access to a full picture of the customer data to deliver the best experience possible based on what you know about them. “Being able to have insight and engagement points to help with the moments that matter and provide great experience is really what we’re aiming to do with this,” he said.

This product will be generally available next month.

Q-CTRL raises $15M for software that reduces error and noise in quantum computing hardware

As hardware makers continue to work on ways of making wide-scale quantum computing a reality, a startup out of Australia that is building software to help reduce noise and errors on quantum computing machines has raised a round of funding to fuel its U.S. expansion.

Q-CTRL is designing firmware for computers and other machines (such as quantum sensors) that perform quantum calculations, firmware to identify the potential for errors to make the machines more resistant and able to stay working for longer (the Q in its name is a reference to qubits, the basic building block of quantum computing).

The startup is today announcing that it has raised $15 million, money that it plans to use to double its team (currently numbering 25) and set up shop on the West Coast, specifically Los Angeles.

This Series A is coming from a list of backers that speaks to the startup’s success to date in courting quantum hardware companies as customers. Led by Square Peg Capital — a prolific Australian VC that has backed homegrown startups like Bugcrowd and Canva, but also those further afield such as Stripe — it also includes new investor Sierra Ventures as well as Sequoia Capital, Main Sequence Ventures and Horizons Ventures.

Q-CTRL’s customers are some of the bigger names in quantum computing and IT, such as Rigetti, Bleximo and Accenture, among others. IBM — which earlier this year unveiled its first commercial quantum computer — singled it out last year for its work in advancing quantum technology.

The problem that Q-CTRL is aiming to address is basic but arguably critical to solving if quantum computing ever hopes to make the leap out of the lab and into wider use in the real world.

Quantum computers and other machines like quantum sensors, which are built on quantum physics architecture, are able to perform computations that go well beyond what can be done by normal computers today, with the applications for such technology including cryptography, biosciences, advanced geological exploration and much more. But quantum computing machines are known to be unstable, in part because of the fragility of the quantum state, which introduces a lot of noise and subsequent errors, which results in crashes.

As Frederic pointed out recently, scientists are confident that this is ultimately a solvable issue. Q-CTRL is one of the hopefuls working on that, by providing a set of tools that runs on quantum machines, visualises noise and decoherence and then deploys controls to “defeat” those errors.

Q-CTRL currently has four products it offers to the market: Black Opal, Boulder Opal, Open Controls and Devkit — aimed respectively at students/those exploring quantum computing, hardware makers, the research community and end users/algorithm developers.

Q-CTRL was founded in 2017 by Michael Biercuk, a professor of Quantum Physics & Quantum Technology at the University of Sydney and a chief investigator in the Australian Research Council Centre of Excellence for Engineered Quantum Systems, who studied in the U.S., with a PhD in physics from Harvard.

“Being at the vanguard of the birth of a new industry is extraordinary,” he said in a statement. “We’re also thrilled to be assembling one of the most impressive investor syndicates in quantum technology. Finding investors who understand and embrace both the promise and the challenge of building quantum computers is almost magical.”

Why choose Los Angeles for building out a U.S. presence, you might ask? Southern California, it turns out, has shaped up to be a key area for quantum research and development, with several of the universities in the region building out labs dedicated to the area, and companies like Lockheed Martin and Google also contributing to the ecosystem. This means a strong pipeline of talent and conversation in what is still a nascent area.

Given that it is still early days for quantum computing technology, that gives a lot of potential options to a company like Q-CTRL longer-term: The company might continue to build a business as it does today, selling its technology to a plethora of hardware makers and researchers in the field; or it might get snapped up by a specific hardware company to integrate Q-CTRL’s solutions more closely onto its machines (and keep them away from competitors).

Or, it could make like a quantum particle and follow both of those paths at the same time.

“Q-CTRL impressed us with their strategy; by providing infrastructure software to improve quantum computers for R&D teams and end-users, they’re able to be a central player in bringing this technology to reality,” said Tushar Roy, a partner at Square Peg. “Their technology also has applications beyond quantum computing, including in quantum-based sensing, which is a rapidly-growing market. In Q-CTRL we found a rare combination of world-leading technical expertise with an understanding of customers, products and what it takes to build an impactful business.”

Snyk grabs $70M more to detect security vulnerabilities in open-source code and containers

A growing number of IT breaches has led to security becoming a critical and central aspect of how computing systems are run and maintained. Today, a startup that focuses on one specific area — developing security tools aimed at developers and the work they do — has closed a major funding round that underscores the growth of that area.

Snyk — a London and Boston-based company that got its start identifying and developing security solutions for developers working on open-source code — is today announcing that it has raised $70 million, funding that it will be using to continue expanding its capabilities and overall business. For example, the company has more recently expanded to building security solutions to help developers identify and fix vulnerabilities around containers, an increasingly standard unit of software used to package up and run code across different computing environments.

Open source — Snyk works as an integration into existing developer workflows, compatible with the likes of GitHub, Bitbucket and GitLab, as well as CI/CD pipelines — was an easy target to hit. It’s used in 95% of all enterprises, with up to 77% of open-source components liable to have vulnerabilities, by Snyk’s estimates. Containers are a different issue.

“The security concerns around containers are almost more about ownership than technology,” Guy Podjarny, the president who co-founded the company with Assaf Hefetz and Danny Grander, explained in an interview. “They are in a twilight zone between infrastructure and code. They look like virtual machines and suffer many of same concerns such as being unpatched or having permissions that are too permissive.”

While containers are present in fewer than 30% of computing environments today, their growth is on the rise, according to Gartner, which forecasts that by 2022, more than 75% of global organizations will run containerized applications. Snyk estimates that a full 44% of Docker image scans (Docker being one of the major container vendors) have known vulnerabilities.

This latest round is being led by Accel with participation from existing investors GV and Boldstart Ventures. These three, along with a fourth investor (Heavybit) also put $22 million into the company as recently as September 2018. That round was made at a valuation of $100 million, and from what we understand from a source close to the startup, it’s now in the “range” of $500 million.

“Accel has a long history in the security market and we believe Snyk is bringing a truly unique, developer-first approach to security in the enterprise,” said Matt Weigand of Accel said in a statement. “The strength of Snyk’s customer base, rapidly growing free user community, leadership team and innovative product development prove the company is ready for this next exciting phase of growth and execution.”

Indeed, the company has hit some big milestones in the last year that could explain that hike. It now has some 300,000 developers using it around the globe, with its customer base growing some 200% this year and including the likes of Google, Microsoft, Salesforce and ASOS (side note: you know that if developers at developer-centric places themselves working at the vanguard of computing, like Google and Microsoft, are using your product, that is a good sign). Notably, that has largely come by word of mouth — inbound interest.

The company in July of this year took on a new CEO, Peter McKay, who replaced Podjarny. McKay was the company’s first investor and has a track record in helping to grow large enterprise security businesses, a sign of the trajectory that Snyk is hoping to follow.

“Today, every business, from manufacturing to retail and finance, is becoming a software business,” said McKay. “There is an immediate and fast growing need for software security solutions that scale at the same pace as software development. This investment helps us continue to bring Snyk’s product-led and developer-focused solutions to more companies across the globe, helping them stay secure as they embrace digital innovation – without slowing down.”

New investment firm wants to change the way we fund early stage companies — from New Hampshire

The three founders of York IE have a vision about how to change the way early stage startups get funding. They have experience shattering norms, having built a successful startup, Dyn, in Manchester, New Hampshire, which is not exactly a hot-bed of startup activity.

The founders want to take that same spirit and apply it to investing, while maintaining its headquarters in New Hampshire (and Boston). In fact, the three founders — Kyle York, Joe Raczka and Adam Coughlin — were early Dyn employees and helped built it to $30 million in ARR before taking a dime in venture funding. They went onto raise $100 million before being acquired by Oracle in 2016. They believe they can apply the lessons that they learned to other early stage startups.

“We think, especially in B2B and SaaS, there is a way to build a scalable, effective and efficient business without chasing massive fund raises, diluting your company, bringing on traditional venture investors and chasing those kind of on-paper vanity metrics,” company CEO and co-founder Kyle York told TechCrunch.

For the past five years, while working at Oracle after the acquisition, the founders have been testing their theories while advising startups and acting as angel investors. They believed it was time to take all of those learnings and apply it to their own firm.

“I started thinking about how to transition out of Oracle, and what I wanted to do from a career perspective and we wanted to build a modern investment firm less focused on how to deploy as much capital as possible for the limited partners, and more on working with the entrepreneurs to help coach them on a path to success,” York said.

The company still wants to act as investors, and to make money along the way, but they want to help build more solid, grounded companies. York says that they want the founders truly understand that they are selling a part of their company in exchange for those dollars, and that it makes sense to have a strong foundation before taking on money.

York wants to change this culture of fund raising for fund raising’s sake. He acknowledges that some companies with deep tech or deep infrastructure require that kind of substantial up-front investment to get off the ground, but SaaS companies are supposed to be able to take advantage of modern technology to build companies more easily, and he wants to see them build solid companies first and foremost.

“The goal shouldn’t be to raise more capital. The goal should be to build a healthy, successful, scalable company,” he said.

To put their money where their mouth is, the new firm will not take management fees. “We are investing like a normal investor and coming through with an equity position, but we are betting on the future. In essence, if the startup wins, then we win.”