Frame AI raises $6.3M Series A to help understand customers across channels

Frame AI, a New York City startup that uses artificial intelligence and machine learning to help companies understand their customers better across multiple channels, announced a $6.3 million Series A investment today.

G20 Ventures and Greycroft led the round together. Bill Wiberg, co-founder and partner at G20, will join Frame’s board under the terms of the deal. The total raised with an earlier seed round is over $10 million, according to the company.

“Frame is basically an early warning system and continuous monitoring tool for your customer voice,” Frame CEO and co-founder George Davis told TechCrunch . What that means, in practice, is the tool plugs into help desk software, call center tooling, CRM systems and anywhere else in a company that communicates with a customer.

“We then use natural language understanding to pull out emerging themes and basically aggregate them to account and segment levels so that customer experience leaders can prioritize taking actions to improve their relationships,” Davis explained.

He believes that customer experience leaders are being asked to do more and more in terms of talking to customers on ever more channels and digesting that into useful information for the rest of their company to be responsive to customer needs, and he says that there isn’t a lot of tooling to help with this particular part of the customer experience problem.

“We don’t think they have the right tools to do either the listening in the first place or the analysis. We’re trying to make it possible for them to hear their customers everywhere they’re already talking to them, and then act on that information,” he said.

He says they work alongside customer data platforms (CDPs) like Segment, Salesforce Customer 360 and Adobe Real-time CDP. “We can take the customer voice information from all of these unstructured sources, all these natural language sources and turn it into moments that can be contributed back to one of these structured data platforms.”

Davis certainly recognizes that his company is getting this money in the middle of a health and economic crisis, and he hopes that a tool like his that can help take the pulse of the customer across multiple channels can help companies succeed at a time when a data-driven approach to customer experience is more important than ever.

He says that by continuing to hire through this and building his company, he can contribute to restarting the economic engine, even if in some small way.

“It’s a bleak time, but I have a lot of confidence in New York and in the country, in the customer experience community and in the world’s ability to bounce back strong from this. I think it’s actually created a lot of solidarity that we’re all going to find a lot of new opportunities, and we’re going to just keep building Frame as fast as we can.”

Pinpoint releases dashboard to bring visibility to software engineering operations

As companies look for better ways to understand how different departments work at a granular level, engineering has traditionally been a black box of siloed data. Pinpoint, an Austin-based startup, has been working on a platform to bring this information into a single view, and today it released a dashboard to help companies understand what’s happening across software engineering from an operational perspective.

Jeff Haynie, co-founder and CEO at Pinpoint says the company’s mission for the last two years has been giving greater visibility into the  engineering department, something he says is even more important in the current context with workers spread out at home.

“Companies give engineering a bunch of money, and they build a bunch of amazing things, but in the end, it is just a black box, and we really don’t know what happens,” Haynie said. He says his company has been working to take all of the data to try and contextualize it, bring it together and correlate that information.

Today, they are introducing a dashboard that takes what they’ve been building and pulls it together into a single view, which is 100% self-serve. Prior to this, you needed a bunch of hand-holding from Pinpoint personnel to get it up and running, but today you can download the product and sign into your various services such as your git repository, your CI/CD software, your IDE and so forth.

It also provides a way for engineering personnel to communicate with one another without leaving the tool.

Pinpoint software engineering dashboard. Image Credit: Pinpoint

“Obviously, we will handhold and help people as they need it, and we have an enterprise version of the product with a higher level of SLA, and we have a customer success team to do that, but we’ve really focused this new release on purely self service,” Haynie said.

What’s more, while there is a free version already for teams under 10 people that’s free forever, with the release of today’s product, the company is offering unlimited access to the dashboard for free for three months.

Haynie says they’re like any startup right now, but having experience with several other startups and having lived through 9/11, the dot-com crash, 2008 and so forth, he knows how to hunker down and preserve cash. At the same time, he says they are seeing a lot of in-bound interest in the product, and they wanted to come up with a creative way to help customers through this crisis, while putting the product out there for people to use.

“We’re like any other startup or any other business frankly at this point: we’re nervous and scared. How do you survive this [and how long will it last]? The other side of it is that we’re rushing to take advantage of this inbound interest that we’re getting and trying to sort of seize the opportunity and try to be creative about how we help them.”

The startup hopes that, if companies find the product useful, after three months they won’t mind paying for the full version. For now, it’s just putting it out there for free and seeing what happens with it — just another startup trying to find a way through this crisis.

DoD Inspector General report finds everything was basically hunky-dory with JEDI cloud contract bid

While controversy has dogged the $10 billion, decade-long JEDI contract since its earliest days, a report by the DoD’s Inspector General’s Office concluded today that, while there were some funky bits and potential conflicts, overall the contract procurement process was fair and legal and  the president did not unduly influence the process in spite of public comments.

There were a number of issues along the way about whether the single contractor award was fair or reasonable, about whether there were was White House influence on the decision, and whether the president wanted to prevent Amazon founder Jeff Bezos, who also owns the Washington Post, from getting the contract.

There were questions about whether certain personnel, who had been or were about to be Amazon employees, had undue influence on the contents of the RFP or if former Secretary of Defense showed favor to Amazon, which ultimately did not even win the contract, and that one of Mattis’ under secretaries, in fact, owned stock in Microsoft .

It’s worth noting that the report states clearly that it is not looking at the merits of this contract award or whether the correct company won on technical acumen. It was looking at all of these controversial parts that came up throughout the process. As the report stated:

“In this report, we do not draw a conclusion regarding whether the DoD appropriately awarded the JEDI Cloud contract to Microsoft rather than Amazon Web Services. We did not assess the merits of the contractors’ proposals or DoD’s technical or price evaluations; rather we reviewed the source selection process and determined that it was in compliance with applicable statutes, policies, and the evaluation process described in the Request for Proposals.”

Although the report indicates that the White House would not cooperate with the investigation into potential bias, the investigators claim they had enough discussions with parties involved with the decision to conclude that there was no undue influence on the White House’s part:

“However, we believe the evidence we received showed that the DoD personnel who evaluated the contract proposals and awarded Microsoft the JEDI Cloud contract were not pressured regarding their decision on the award of the contract by any DoD leaders more senior to them, who may have communicated with the White House,” the report stated.

The report chose to blame the media instead, at least for partly giving the impression that the White House had influenced the process, stating:

“Yet, these media reports, and the reports of President Trump’s statements about Amazon, ongoing bid protests and “lobbying” by JEDI Cloud competitors, as well as inaccurate media reports about the JEDI Cloud procurement process, may have created the appearance or perception that the contract award process was not fair or unbiased.”

It’s worth noting that we reported that AWS president Andy Jassy made it clear in a press conference at AWS re:Invent in December that the company believed the president’s words had influenced the process.

“I think that we ended up with a situation where there was political interference. When you have a sitting president, who has shared openly his disdain for a company, and the leader of that company, it makes it really difficult for government agencies, including the DoD, to make objective decisions without fear of reprisal.”

As for other points of controversy, such as those previously referenced biases, all were found lacking by the Inspector General. While the earliest complaints from Oracle and others were that Deap Ubhi and Victor Gavin, two individuals involved in drafting the RFP, failed to disclose they were offered jobs by Amazon during that time.

The report concluded that while Ubhi violated ethics rules, his involvement wasn’t substantial enough to influence the RFP (which again, Amazon didn’t win). “However, we concluded that Mr. Ubhi’s brief early involvement in the JEDI Cloud Initiative was not substantial and did not provide any advantage to his prospective employer, Amazon…,” the report stated.

The report found Gavin did not violate any ethics rules in spite of taking a job with Amazon because he had disqualified himself from the process, nor did the report find that former Secretary Mattis had any ethical violations in its investigation.

One final note: Stacy Cummings, Principal Deputy Assistant Secretary of Defense for Acquisition and Deputy Assistant Secretary of Defense for Acquisition Enablers, who worked for Mattis, owned some stock in Microsoft and did not disclose this. While the report found that was a violation of ethics guidelines, it ultimately concluded this did not unduly influence the award to Microsoft.

While the report is a substantial, 313 pages, it basically concludes that as far as the purview of the Inspector General is concerned, the process was basically conducted in a fair way. The court case, however involving Amazon’s protest of the award to Microsoft continues. And the project remains on hold until that is concluded.

Note: Microsoft and Amazon did not respond to requests from TechCrunch for comments before we published this article. If that changes, we will update accordingly.

Report on the Joint Enterprise Defense Infrastructure (Jedi) Cloud Procurement Dodig-2020-079 by TechCrunch on Scribd

Pileus helps businesses cut their cloud spend

Israel-based Pileus, which is officially launching today, aims to help businesses keep their cloud spend under control. The company also today announced that it has raised a $1 million seed round from a private angel investor.

Using machine learning, the company’s platform continuously learns about how a user typically uses a given cloud and then provides forecasts and daily personalized recommendations to help them stay within a budget.

Pileus currently supports AWS, with support for Google Cloud and Microsoft Azure coming soon.

With all of the information it gathers about your cloud usage, the service can also monitor usage for any anomalies. Because, at its core, Pileus keeps a detailed log of all your cloud spend, it also can provide detailed reports and dashboards of what a user is spending on each project and resource.

If you’ve ever worked on a project like this, you know that these reports are only as good as the tags you use to identify each project and resource, so Pileus makes that a priority on its platform, with a tagging tool that helps enforce tagging policies.

“My team and I spent many sleepless nights working on this solution,” says Pileus CEO Roni Karp. “We’re thrilled to finally be able to unleash Pileus to the masses and help everyone gain more efficiency of their cloud experience while helping them understand their usage and costs better than ever before.”

Pileus currently offers a free 30-day trial. After that, the service shows you a $180/month or $800 per year price, but once you connect your accounts, it’ll charge 1% of your savings, not the default pricing you’ll see at first.

The company isn’t just focused on individual businesses, though. It’s also targeting managed service providers that can use the platform to create reports and manage their own customer billing. Karp believes this will become a significant source of revenue for Pileus because “there are not many good tools in the field today, especially for Azure.”

It’s no secret that Pileus is launching into a crowded market, where well-known incumbents like Cloudability already share mindshare with a growing number of startups. Karp, however, believes that Pileus can stand out, largely because of its machine learning platform and its ability to provide users with immediate value, whereas, he argues, it often takes several weeks for other platforms to deliver results.

 

ServiceNow pledges no layoffs in 2020

You don’t need your PhD in economics to know the economy is in rough shape right now due to the impact of COVID-19, but ServiceNow today pledged that it would not lay off a single employee in 2020 — and in fact, it’s hiring.

While Salesforce’s Marc Benioff pledged no significant layoffs for 90 days last month, and asked other company leaders to do the same, ServiceNow did them one better by promising to keep every employee for at least the rest of the year.

Bill McDermott, who came on as CEO at the end of last year after nine years as CEO at SAP, said that he wanted to keep his employees concentrating on the job at hand without being concerned about a potential layoff should things get a little tighter for the company.

“We want our employees focused on supporting our customers, not worried about their own jobs,” he said in a statement.

In addition, the company plans to fill 1,000 jobs worldwide, as well as hire 360 college students as interns this summer, as they continue to expand their workforce, when many industries and fellow tech companies are laying off or furloughing employees.

The company also announced that it is taking part in a program called People+Work Connect, with Accenture, Lincoln Financial Group and Verizon (the owner of this publication). This program acts as an online employer to employer clearing house for these companies to hire employees laid off or furloughed by other companies. The company plans to post 800 jobs through this channel.

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives. But can this unprecedented level of collaboration survive the pandemic?

At least three major industry groups are working to counter the latest cyber threats and scams. Among the largest in terms of contributors is the COVID-19 Cyber Threat Coalition (CTC), which comprises rough 3,000 security professionals who are collecting, vetting and sharing new intelligence about new cyber threats.

Nick Espinosa, a self-described “security fanatic,” author and public speaker who’s handling communications for the CTC, said the group does most of its work remotely via a dedicated Slack channel, where many infosec professionals seem eager to counter the gusto with which the cybercriminal community has sought to profit by exacerbating an already difficult situation.

“A nurse or doctor can’t do what we do, and we can’t do what they do,” Espinosa said. “We’ve seen a massive rise in threats and attacks against healthcare systems, but it’s worse if someone dies due to a malicious cyberattack when we have the ability to prevent that. A lot of people are involved because they’re emotionally attached to the idea of helping this critical infrastructure stay safe and online.”

Using threat intelligence feeds donated by dozens of cybersecurity companies, the CTC is poring over more than 100 million pieces of data about potential threats each day, running those indicators through security products from roughly 70 different vendors. If at least 10 of those flag a specific data point — such as a domain name — as malicious or bad, it gets added to the CTC’s blocklist, which is designed to be used by organizations worldwide for blocking malicious traffic.

“For possible threats, meaning between five and nine vendors detect an indicator as bad, our volunteers manually verify that the indicator is malicious before including it in our blocklist,” Espinosa said.

Another Slack-based upstart coalition called the COVID-19 CTI League spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp and Amazon.com Inc.

Mark Rogers, one of several people helping to manage the CTI League’s efforts, told Reuters the top priority of the group is working to combat hacks against medical facilities and other frontline responders to the pandemic, as well as helping defend communication networks and services that have become essential as more people work from home.

“The group is also using its web of contacts in internet infrastructure providers to squash garden-variety phishing attacks and another financial crime that is using the fear of COVID-19 or the desire for information on it to trick regular internet users,” wrote Reuters’ Joe Menn.

“I’ve never seen this volume of phishing,” Rogers told Reuters. “I am literally seeing phishing messages in every language known to man.”

Among the more mature organizations working to counter the threat from COVID-19 scammers is the Cyber Threat Alliance, a industry group founded in 2017 that counts among its members more than two dozen major cybersecurity firms that are all required to regularly share threat intelligence with other members.

“One thing we’re paying attention to in addition to phishing and malware attacks is anything targeting stuff involved in the pandemic response, such as the manufacturers of protective gear, testing kits, or hospitals,” CTA President Michael Daniel told KrebsOnSecurity. “One of those organizations getting hit with ransomware now would be really bad, and we want to make sure if we see that we’re alerting and working with law enforcement.”

Earlier this month, the international police network INTERPOL issued a warning to law enforcement in nearly 200 member countries, saying it had detected “a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”

The alert came after several top ransomware gangs pledged a moratorium on attacking hospitals and other care centers for the near future. Nevertheless, these group have continued to target companies on the periphery of the pandemic response, including virus testing labs, N95 mask production facilities, and companies engaged in vaccine research.

The CTC’s Espinoza said it would be a potentially fatal mistake to assume all cybercriminal groups might observe such a cease-fire.

“We might have independent criminal groups saying they won’t hit hospitals but they’ll hit everyone else, but that doesn’t prevent them from sending phishing emails and masquerading as the World Health Organization or the Centers for Disease Control,” he said. “These are people who have no problems locking out little old ladies out of their computers for 800 bucks, and of course there are state-sponsored hackers who love any opportunity to sow discord and disrupt things.”

SURVIVING THE PANDEMIC

The CTA’s Daniel said while it’s great to see so much voluntary collaboration between the cybersecurity industry, governments and law enforcement, he’s been thinking a lot lately about how to sustain these relationships and networks once the urgency of the pandemic subsides.

Formerly special assistant to President Obama and cybersecurity coordinator on the National Security Council, Daniel said he sees preserving and enhancing this information sharing effort post-COVID as one of the biggest policy issues facing the federal government over the next few years.

“Information sharing is easy to talk about, and hard to do in practice,” Daniel said. “I don’t use the term ‘public-private partnership’ because it’s been bandied about so much over the years that I don’t know what it means anymore. It’s probably best described as ‘working together on an operation.’”

What prevents private companies from working more closely and frequently with governments on operations to target cybercrime organizations and networks? Daniel said on the government side, there are real concerns that working with one or two particularly clueful or effective companies (versus all of them) might give the impression that the government is showing favoritism, or picking winners and losers in the market.

“But you have to do that to some extent because the truth is some companies matter in this space, and a lot don’t,” Daniel said. “The government has to accept that, determine what are the objective rules, and establish transparency so that [their efforts] aren’t seen as some secret club but as part of a normal process.”

Daniel said governments in general also need to get more comfortable sharing information about operations targeting specific crime groups in advance of those actions.

“The government has to figure out how to let the private sector in on some of the planning and preparation,” he said. “If you want [the cybersecurity industry’s] help against certain targets, you have to tell us who they are ahead of time. But this goes against how  governments operate in almost every way.”

On the private sector side are issues of how for-profit companies can closely collaborate with the government without being perceived as potentially compromising the privacy and security of their customers, or as simply an agent of the government.

“For companies, the question is how do you deal with the liability and other questions that come with that,” Daniel said. “These are very real impediments, and why I think we need to get past the endless discussions of public-private partnerships and start talking about what we can do to coordinate actions against these groups so we can have a more strategic impact on the adversary.”

Stackery releases slew of updates to simplify serverless app deployment

Stackery, a 4-year old Portland startup, wants to help development teams deliver serverless resources on AWS more easily, and today it announced several enhancements to the platform.

With serverless applications, the development team outlines a set of trigger events and the cloud infrastructure vendor — in this case AWS — provides the exact amount of required resources to run the event and no more. This frees developers from having to worry about provisioning the proper amount of resources to run the application.

Stackery is a secure serverless platform for AWS. We’re geared toward teams who are moving from laptop through production, and [we provide the tools] that they need to design, develop, and then deliver modern applications for those teams,” Stackery CEO Tim Zonca told TechCrunch.

In general, the product helps create a virtual whiteboard, where development teams can build serverless applications in a highly visual way, then it helps with testing and deployment of the app on AWS. Zonca says that the updates they are announcing today focus on building in security and governance into the platform, while offering a full set of continuous delivery tools in a modern git-driven delivery system.

“We realized that we could fill in some of the gaps [for developers] and help them take what we have developed as a set of best practices around securely delivering applications over the course of the last year, and just bake them into the product, so that those teams don’t have to think about those practices in a serverless world,” Zonca explained.

For starters, they are offering a code review for known vulnerabilities as they pop the application into their git repository, whether that’s Bitbucket, GitLab or GitHub. “We’ve introduced the ability to audit function code for known vulnerabilities, and we do this by just using common tooling out there,” he said.

The company is also helping test that code, which gets a bit tricky when ephemeral serverless infrastructure is involved. “We allow people to automate the spinning up of temporary ephemeral testing environments, and then help them plug in the automation for their system testing or integration testing or unit testing, and even provide an environment associated with this pull request for humans to go in and actually log on and do usability testing,” Zonca said.

When an application has passed all the testing, and is ready to be deployed to staging or production environments, Stackery can automatically promote that change set. Companies can then choose to do a final review before deployment or simply allow it to deploy automatically once the application passes all the contingencies the team set up.

Stackery was founded in 2016. It has raised $7.4 million, according to Crunchbase data.

Dashboards & Business Intelligence – Feature Spotlight

We are excited to announce that the SentinelOne Singularity platform now has customizable enterprise dashboards and business intelligence reporting available to all customers with the latest Jamaica release. Our new Dashboards and Business Intelligence feature enables security teams to better understand and communicate their enterprise attack surface, live threat landscape, and security posture. The release of this new feature follows listening closely to customer feedback. Now, SentinelOne customers have the ability to show precise, realtime ROI on their SentinelOne investment to all organizational stakeholders – from IT to executives to board members. 

The Need for Reporting

One of the problems CISOs face today is data fatigue. There are so many security and IT tools, many of which are not directly compatible with each other or are difficult to integrate across the security stack. Asking simple questions can take too long to answer. For example, how many endpoints are connected to my network? Are we seeing more attempts to compromise the network over time? Are specific users being targeted more than others? These are the kinds of questions we set out to address with the new Dashboard and Business Intelligence feature.

Without this information, CISOs cannot really conduct data-driven decision making about security gaps or places to improve. You already know that your networks are only as strong as your weakest link, and proper reporting will provide you with the right data to be successful.

How We’ve Evolved – From Insights to Intelligence

The existing SentinelOne console offers trends and other insights that are valued by most of our customers. However, as SentinelOne’s global deployment grew quickly, we learned about further use cases that more reporting options could solve, and the team stepped up to deliver these and more with this innovative new feature.

In developing this new, easy-to-use capability, it was crucial to us to keep in mind that different businesses have different reporting needs. This is why we decided to build a flexible solution that you can adjust for your particular business use case.

Overall, we offer over 50 dashboard widgets that highlight several aspects of SentinelOne Singularity’s XDR capabilities including security, visibility, trends, Network & IoT Devices Vulnerabilities and Applications. Let’s take a closer look.

Customizable Dashboards

New customizable dashboards allow users to easily build their own dashboards from the browser. Setting up a dashboard is easy to do in just a few seconds. Select from a set of widgets, size and place, and then add more if you wish. Data refresh windows are completely customizable to suit user preferences.

Deleting widgets, moving widgets, and adding new ones is just as simple as moving windows around on your desktop. The best part is that when you are viewing your dashboard and find something that needs attention, with one click you are able to interact with the live data in SentinelOne.

Pick from the 50-plus dashboard widgets available those that you need from the following categories, which highlight the depth and breadth of SentinelOne Singularity’s XDR capabilities:

  • MITRE ATT&CK
  • Threats, Suspicions, and Alerts
  • Enterprise & Cloud Endpoints
  • Network & IoT Devices
  • Vulnerabilities & Applications

Business Intelligence Integrations

At the same time, users need to control what they see every day to be more effective, and the modern enterprise is consolidating security insights in business intelligence platforms to share with all stakeholders including the executives and the board of directors.  This is why we partnered with Tableau and Microsoft PowerBI to produce no-code required integrations for each of the leading enterprise business intelligence platforms.

Security teams can now visualize and communicate their enterprise attack surface, live threat landscape, and security posture visually to stakeholders without needing to write code to interact with APIs or model data in Excel, Splunk, PowerBI, and Tableau.

Set Your Data Free: Break the Silos

Effective security teams need to understand not only every security event but also trends in their environment to be able to proactively address issues and communicate the bigger picture for stakeholder alignment. We’ve added customizable dashboards and business intelligence to our existing Insight Reporting to allow you to define where and how to consume your Insights – on your terms. 

Customizable dashboards, insight reporting, and business intelligence integrations are available in the latest release (Jamaica) of the SentinelOne Singularity platform.

Interested in a cybersecurity platform that not only does more, but also helps you see it? Contact us for a free demo of SentinelOne today!


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Replace non-stop Zoom with remote office avatars app Pragli

Could avatars that show what co-workers are up to save work-from-home teams from constant distraction and loneliness? That’s the idea behind Pragli, the Bitmoji for the enterprise. It’s a virtual office app that makes you actually feel like you’re in the same building.

Pragli uses avatars to signal whether co-workers are at their desk, away, in a meeting, in the zone while listening to Spotify, taking a break at a digital virtual water coooler or done for the day. From there, you’ll know whether to do a quick ad hoc audio call, cooperate via screenshare, schedule a deeper video meeting or a send a chat message they can respond to later. Essentially, it translates the real-word presence cues we use to coordinate collaboration into an online workplace for distributed teams.

“What Slack did for email, we want to do for video conferencing,” Pragli co-founder Doug Safreno tells me. “Traditional video conferencing is exclusive by design, whereas Pragli is inclusive. Just like in an office, you can see who is talking to who.” That means less time wasted planning meetings, interrupting colleagues who are in flow or waiting for critical responses. Pragli offers the focus that makes remote work productive with the togetherness that keeps everyone sane and in sync.

The idea is to solve the top three problems that Pragli’s extensive interviews and a Buffer/AngelList study discovered workers hate:

  1. Communication friction
  2. Loneliness
  3. Lack of boundaries

You never have to worry about whether you’re intruding on someone’s meeting, or if it’d be quicker to hash something out on a call instead of vague text. Avatars give remote workers a sense of identity, while the Pragli water cooler provides a temporary place to socialize rather than an endless Slack flood of GIFs. And because you clock in and out of the Pragli office just like a real one, co-workers understand when you’ll reply quickly versus when you’ll respond tomorrow unless there’s an emergency.

“In Pragli, you log into the office in the morning and there’s a clear sense of when I’m working and when I’m not working. Slack doesn’t give you a strong sense if they’re online or offline,” Safreno explains. “Everyone stays online and feels pressured to respond at any time of day.”

Pragli co-founder Doug Safreno

Safreno and his co-founder Vivek Nair know the feeling first-hand. After both graduating in computer science from Stanford, they built StacksWare to help enterprise software customers avoid overpaying by accurately measuring their usage. But when they sold StacksWare to Avi Networks, they spent two years working remotely for the acquirer. The friction and loneliness quickly crept in.

They’d message someone, not hear back for a while, then go back and forth trying to discuss the problem before eventually scheduling a call. Jumping into synchronous communicating would have been much more efficient. “The loneliness was more subtle, but it built up after the first few weeks,” Safreno recalls. “We simply didn’t socially bond while working remotely as well as in the office. Being lonely was de-motivating, and it negatively affected our productivity.”

The founders interviewed 100 remote engineers, and discovered that outside of scheduled meetings, they only had one audio or video call with co-workers per week. That convinced them to start Pragli a year ago to give work-from-home teams a visual, virtual facsimile of a real office. With no other full-time employees, the founders built and released a beta of Pragli last year. Usage grew 6X in March and is up 20X since January 1.

Today Pragli officially launches, and it’s free until June 1. Then it plans to become freemium, with the full experience reserved for companies that pay per user per month. Pragli is also announcing a small pre-seed round today led by K9 Ventures, inspired by the firm’s delight using the product itself.

To get started with Pragi, teammates download the Pragli desktop app and sign in with Google, Microsoft or GitHub. Users then customize their avatar with a wide range of face, hair, skin and clothing options. It can use your mouse and keyboard interaction to show if you’re at your desk or not, or use your webcam to translate occasional snapshots of your facial expressions to your avatar. You can also connect your Spotify and calendar to show you’re listening to music (and might be concentrating), reveal or hide details of your meeting and decide whether people can ask to interrupt you or that you’re totally unavailable.

From there, you can by audio, video or text communicate with any of your available co-workers. Guests can join conversations via the web and mobile too, though the team is working on a full-fledged app for phones and tablets. Tap on someone and you can instantly talk to them, though their mic stays muted until they respond. Alternatively, you can jump into Slack-esque channels for discussing specific topics or holding recurring meetings. And if you need some down time, you can hang out in the water cooler or trivia game channel, or set a manual “away” message.

Pragli has put a remarkable amount of consideration into how the little office social cues about when to interrupt someone translate online, like if someone’s wearing headphones, in a deep convo already or if they’re chilling in the microkitchen. It’s leagues better than having no idea what someone’s doing on the other side of Slack or what’s going on in a Zoom call. It’s a true virtual office without the clunky VR headset.

“Nothing we’ve tried has delivered the natural, water-cooler-style conversations that we get from Pragli,” says Storj Labs VP of engineering JT Olio. “The ability to switch between ‘rooms’ with screen sharing, video and voice in one app is great. It has really helped us improve transparency across teams. Plus, the avatars are quite charming as well.”

With Microsoft’s lack of social experience, Zoom consumed with its scaling challenges and Slack doubling down on text as it prioritizes Zoom integration over its own visual communication features, there’s plenty of room for Pragli to flourish. Meanwhile, COVID-19 quarantines are turning the whole world toward remote work, and it’s likely to stick afterwards as companies de-emphasize office space and hire more abroad.

The biggest challenge will be making comprehensible enough to onboard whole teams such a broad product encompassing every communication medium and tons of new behaviors. How do you build a product that doesn’t feel distracting like Slack but where people can still have the spontaneous conversations that are so important to companies innovating?,” Safreno asks. The Pragli founders are also debating how to encompass mobile without making people feel like the office stalks them after hours.

“Long-term, [Pragli] should be better than being in the office because you don’t actually have to walk around looking for [co-workers], and you get to decide how you’re presented,” Safreno concludes. “We won’t quit, because we want to work remotely for the rest of our lives.”

Microsoft Patch Tuesday, April 2020 Edition

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.

Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.

Near the top of the heap is CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks.

The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938 — although experts at security vendor Tenable say there is currently no confirmation that the two are related to the same set of in-the-wild attacks. Both flaws could be exploited by getting a Windows users to open a booby-trapped document or viewing one in the Windows Preview Pane.

The other zero-day flaw (CVE-2020-1027) affects Windows 7 and Windows 10 systems, and earned a slightly less dire “important” rating from Microsoft because it’s an “elevation of privilege” bug that requires the attacker to be locally authenticated.

Many security news sites are reporting that Microsoft addressed a total of four zero-day flaws this month, but it appears the advisory for a critical Internet Explorer flaw (CVE-2020-0968) has been revised to indicate Microsoft has not yet received reports of it being used in active attacks. However, the advisory says this IE bug is likely to be exploited soon.

Researchers at security firm Recorded Future zeroed in on CVE-2020-0796, a critical vulnerability dubbed “SMBGhost” that was rumored to exist in last month’s Patch Tuesday but for which an out-of-band patch wasn’t released until March 12. The problem resides in a file-sharing component of Windows, and could be exploited merely by sending the victim machine specially-crafted data packets. Proof-of-concept code showing how to exploit the bug was released April 1, but so far there are no indications this method has been incorporated into malware or active attacks.

Recorded Future’s Allan Liska notes that one reason these past few months have seen so many patches from Microsoft is the company recently hired “SandboxEscaper,” a nickname used by the security researcher responsible for releasing more than a half-dozen zero-day flaws against Microsoft products last year.

“SandboxEscaper has made several contributions to this month’s Patch Tuesday,” Liska said. “This is great news for Microsoft and the security community at large.”

Once again, Adobe has blessed us with a respite from updating its Flash Player program with security fixes. I look forward to the end of this year, when the company has promised to sunset this buggy and insecure program once and for all. Adobe did release security updates for its ColdFusion, After Effects and Digital Editions software.

Speaking of buggy software platforms, Oracle has released a quarterly patch update to fix more than 400 security flaws across multiple products, including its Java SE program. If you’ve got Java installed and you need/want to keep it installed, please make sure it’s up-to-date.

Now for my obligatory disclaimers. Just a friendly reminder that while many of the vulnerabilities fixed in today’s Microsoft patch batch affect Windows 7 operating systems — including all three of the zero-day flaws — this OS is no longer being supported with security updates (unless you’re an enterprise taking advantage of Microsoft’s paid extended security updates program, which is available to Windows 7 Professional and Windows 7 enterprise users).

If you rely on Windows 7 for day-to-day use, it’s to think about upgrading to something newer. That something might be a computer with Windows 10. Or maybe you have always wanted that shiny MacOS computer.

If cost is a primary motivator and the user you have in mind doesn’t do much with the system other than browsing the Web, perhaps a Chromebook or an older machine with a recent version of Linux is the answer (Ubuntu may be easiest for non-Linux natives). Whichever system you choose, it’s important to pick one that fits the owner’s needs and provides security updates on an ongoing basis.

Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re not losing your mind when the odd buggy patch causes problems booting the system.

So do yourself a favor and backup your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a close eye on buggy Microsoft updates each month.

Further reading:

Qualys breakdown on April 2020 Patch Tuesday

SANS Internet Storm Center on Patch Tuesday