More chip industry action as Marvell is acquiring Inphi for $10B

It’s been quite a time for chip industry consolidation, and today Marvell joined the acquisition parade when it announced it is acquiring Inphi in a combination of stock and cash valued at approximately $10 billion, according to the company.

Marvell CEO Matt Murphy believes that by adding Inphi, a chip maker that helps connect internal servers in cloud data centers, and then between data centers, using fibre cabling, it will complement Marvell’s copper-based chip portfolio and give it an edge in developing more future-looking use cases where Inphi shines.

“Our acquisition of Inphi will fuel Marvell’s leadership in the cloud and extend our 5G position over the next decade,” Murphy said in a statement.

In the classic buy versus build calculus, this acquisition uses the company’s cash to push it in new directions without having to build all this new technology. “This highly complementary transaction expands Marvell’s addressable market, strengthens customer base and accelerates Marvell’s leadership in hyperscale cloud data centers and 5G wireless infrastructure,” the company said in a statement.

It’s been a busy time for the chip industry as multiple players are combining hoping for a similar kind of lift that Marvell sees with this deal. In fact, today’s announcement comes in the same week AMD announced it was acquiring Xilinx for $35 billion and follows Nvidia acquiring ARM for $40 billion last month. The three deals combined come to a whopping $85 billion.

There appears to be prevailing wisdom in the industry that by combining forces and using the power of the checkbook, these companies can do more together than they can by themselves.

Certainly Marvell and Inphi are suggesting that. As they highlighted, their combined enterprise value will be more than $40 billion with hundreds of millions of dollars in market potential. All of this of course depends on how well these combined entities work together and we won’t know that for some time.

For what it’s worth, the stock market appears unimpressed with the deal with Marvell’s stock down over 7% in early trading, but Inphi stock is being bolstered in a big way by the announcement, up almost 23% this morning so far.

The deal, which has been approved by both companies’ boards, is expected to close by the second half of 2021 subject to shareholder and regulatory approval.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems.

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Acting on a tip from Milwaukee, Wis.-based cyber intelligence firm Hold Security, KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. That transaction included credentials to a Remote Desktop Protocol (RDP) account apparently set up by a Gunnebo Group employee who wished to access the company’s internal network remotely.

Five months later, Gunnebo disclosed it had suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers. Nevertheless, the company said its quick reaction prevented the intruders from spreading the ransomware throughout its systems, and that the overall lasting impact from the incident was minimal.

Earlier this week, Swedish news agency Dagens Nyheter confirmed that hackers recently published online at least 38,000 documents stolen from Gunnebo’s network. Linus Larsson, the journalist who broke the story, says the hacked material was uploaded to a public server during the second half of September, and it is not known how many people may have gained access to it.

Larsson quotes Gunnebo CEO Stefan Syrén saying the company never considered paying the ransom the attackers demanded in exchange for not publishing its internal documents. What’s more, Syrén seemed to downplay the severity of the exposure.

“I understand that you can see drawings as sensitive, but we do not consider them as sensitive automatically,” the CEO reportedly said. “When it comes to cameras in a public environment, for example, half the point is that they should be visible, therefore a drawing with camera placements in itself is not very sensitive.”

It remains unclear whether the stolen RDP credentials were a factor in this incident. But the password to the Gunnebo RDP account — “password01” — suggests the security of its IT systems may have been lacking in other areas as well.

After this author posted a request for contact from Gunnebo on Twitter, KrebsOnSecurity heard from Rasmus Jansson, an account manager at Gunnebo who specializes in protecting client systems from electromagnetic pulse (EMP) attacks or disruption, short bursts of energy that can damage electrical equipment.

Jansson said he relayed the stolen credentials to the company’s IT specialists, but that he does not know what actions the company took in response. Reached by phone today, Jansson said he quit the company in August, right around the time Gunnebo disclosed the thwarted ransomware attack. He declined to comment on the particulars of the extortion incident.

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met.

That’s because gaining the initial foothold is rarely the difficult part of the attack. In fact, many ransomware groups now have such an embarrassment of riches in this regard that they’ve taken to hiring external penetration testers to carry out the grunt work of escalating that initial foothold into complete control over the victim’s network and any data backup systems  — a process that can be hugely time consuming.

But prior to launching their ransomware, it has become common practice for these extortionists to offload as much sensitive and proprietary data as possible. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job. In other instances, victims are asked to pay two extortion demands: One for a digital key to unlock encrypted systems, and another in exchange for a promise not to publish, auction or otherwise trade any stolen data.

While it may seem ironic when a physical security firm ends up having all of its secrets published online, the reality is that some of the biggest targets of ransomware groups continue to be companies which may not consider cybersecurity or information systems as their primary concern or business — regardless of how much may be riding on that technology.

Indeed, companies that persist in viewing cyber and physical security as somehow separate seem to be among the favorite targets of ransomware actors. Last week, a Russian journalist published a video on Youtube claiming to be an interview with the cybercriminals behind the REvil/Sodinokibi ransomware strain, which is the handiwork of a particularly aggressive criminal group that’s been behind some of the biggest and most costly ransom attacks in recent years.

In the video, the REvil representative stated that the most desirable targets for the group were agriculture companies, manufacturers, insurance firms, and law firms. The REvil actor claimed that on average roughly one in three of its victims agrees to pay an extortion fee.

Mark Arena, CEO of cybersecurity threat intelligence firm Intel 471, said while it might be tempting to believe that firms which specialize in information security typically have better cybersecurity practices than physical security firms, few organizations have a deep understanding of their adversaries. Intel 471 has published an analysis of the video here.

Arena said this is a particularly acute shortcoming with many managed service providers (MSPs), companies that provide outsourced security services to hundreds or thousands of clients who might not otherwise be able to afford to hire cybersecurity professionals.

“The harsh and unfortunate reality is the security of a number of security companies is shit,” Arena said. “Most companies tend to have a lack of ongoing and up to date understanding of the threat actors they face.”

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The agencies on the conference call, which included the U.S. Department of Health and Human Services (HHS), warned participants about “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”

The agencies said they were sharing the information “to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

The warning came less than two days after this author received a tip from Alex Holden, founder of Milwaukee-based cyber intelligence firm Hold Security. Holden said he saw online communications this week between cybercriminals affiliated with a Russian-speaking ransomware group known as Ryuk in which group members discussed plans to deploy ransomware at more than 400 healthcare facilities in the U.S.

One participant on the government conference call today said the agencies offered few concrete details of how healthcare organizations might better protect themselves against this threat actor or purported malware campaign.

“They didn’t share any IoCs [indicators of compromise], so it’s just been ‘patch your systems and report anything suspicious’,” said a healthcare industry veteran who sat in on the discussion.

However, others on the call said IoCs may be of little help for hospitals that have already been infiltrated by Ryuk. That’s because the malware infrastructure used by the Ryuk gang is often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called “command and control” servers used to transmit data between and among compromised systems.

Nevertheless, cybersecurity incident response firm Mandiant today released a list of domains and Internet addresses used by Ryuk in previous attacks throughout 2020 and up to the present day. Mandiant refers to the group by the threat actor classification “UNC1878,” and aired a webcast today detailing some of Ryuk’s latest exploitation tactics.

Charles Carmakal, senior vice president for Mandiant, told Reuters that UNC1878 is one of most brazen, heartless, and disruptive threat actors he’s observed over the course of his career.

“Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline,” Carmakal said.

One health industry veteran who participated in the call today and who spoke with KrebsOnSecurity on condition of anonymity said if there truly are hundreds of medical facilities at imminent risk here, that would seem to go beyond the scope of any one hospital group and may implicate some kind of electronic health record provider that integrates with many care facilities.

So far, however, nothing like hundreds of facilities have publicly reported ransomware incidents. But there have been a handful of hospitals dealing with ransomware attacks in the past few days.

Becker’s Hospital Review reported today that a ransomware attack hit Klamath Falls, Ore.-based Sky Lakes Medical Center’s computer systems.

WWNY’s Channel 7 News in New York reported yesterday that a Ryuk ransomware attack on St. Lawrence Health System led to computer infections at Caton-Potsdam, Messena and Gouverneur hospitals.

SWNewsMedia.com on Monday reported on “unidentified network activity” that caused disruption to certain operations at Ridgeview Medical Center in Waconia, Minn. SWNews says Ridgeview’s system includes Chaska’s Two Twelve Medical Center, three hospitals, clinics and other emergency and long-term care sites around the metro area.

NBC5 reports The University of Vermont Health Network is dealing with a “significant and ongoing system-wide network issue” that could be a malicious cyber attack.

This is a developing story. Stay tuned for further updates.

Update, 10:11 p.m. ET: The FBI, DHS and HHS just jointly issued an alert about this, available here.

Vimeo introduces free video messaging with Vimeo Record

Vimeo Record is a new product that allows teams to communicate through video messages.

Vimeo CEO Anjali Sud said that while the pandemic has prompted many offices to embrace digital communication tools like Zoom, “There’s a whole host of work communication that needs asynchronous messaging.”

Besides, sometimes a video can get your message across more effectively, rather than “scheduling another call or writing a long email or Slack thread.”

Sud said that since she became CEO of the IAC-owned video platform in 2017, Vimeo has shifted its focus from being a destination site that competed with YouTube to providing video tools for businesses: “We really want to be the single corporate video solution for the modern organization.”

Vimeo Record is an extension of that strategy. During the pandemic, Vimeo’s revenue has already been growing 40% to 50% year-over-year each month, but Sud said this product been in the works since before then, reflecting the long-term trend that “more and more teams are distributed, and they need ways to communicate.”

Collaborate better remotely with Vimeo Record from Vimeo Staff on Vimeo.

So Vimeo created a Google Chrome extension that allows users to easily record their screen or their face, share and comment on those recordings, organize them into folders with different permissions and receive notifications when someone watches.

Sud said around 400 companies have already been beta testing the feature. Teams are using it to review design and code, to work together to resolve customer support tickets, to share messages from company leadership and more.

Asked whether there’s been a learning curve for recording effective video messages, Sud said, “The biggest barrier is just making it not feel intimidating. The easiest way [to do that] is for people to receive a video message themselves. If a colleague sends you something that’s not perfect, it lowers that intimidation factor.”

She also noted that Vimeo Record fits into the company’s freemium business model. Anyone can send unlimited messages for free, but Vimeo will charge for premium features like the ability to host videos on a third-party, custom-branded video platform.

“My team is using Vimeo Record to share product demos internally and to give our customers a preview of what’s launching soon,” said Mailchimp’s director of product marketing Trevor Wolfe in a statement. “We love it! It adds a personal touch that you just can’t replicate with email or a chatroom message.”

Lightyear scores $3.7M seed to digitize networking infrastructure procurement

Lightyear, a New York City startup that wants to make it easier for large companies to procure networking infrastructure like internet and SD-WAN, announced a $3.7 million seed round today.

Amplo led the round with help from Susa Ventures, Ludlow Ventures, Mark Cuban, David Adelman and Operator Partners. While it was at it, the company announced that it was emerging from stealth and offering its solution in public beta.

Company CEO and co-founder Dennis Thankachan says that while so much technology buying has moved online, networking technology procurement still involves phone calls for price quotes that could sometimes take weeks to get. Thankachan says that when he was working at a hedge fund specializing in telecommunications he witnessed this first hand and saw an opportunity for a startup to fill the void.

“Our objective is to make the process of buying telecom infrastructure, kind of like buying socks on Amazon, providing a real consumer-like experience to the enterprise and empowering buyers with data because information asymmetry and a lack of transparent data on what things should cost, where providers are available, and even what’s existing already in your network is really at the core of the problem for why this is frustrating for enterprise buyers,” Thankachan explained.

The company offers the ability to simply select a service and find providers in your area with costs and contract terms if it’s a simple purchase, but he recognizes that not all enterprise purchases will be that simple and the startup is working to digitize the corporate buying process into the Lightyear platform.

To provide the data that he spoke of, the company has already formed relationships with over 400 networking providers worldwide. The pricing model is in flux, but could involve a monthly subscription or a percentage of the sale. That is something they are working out, but they are using the latter during beta testing to keep the product free for now.

The company already has 10 employees and flush with the new investment, it plans to double that in the next year. Thankachan says as he builds the company, particularly as a person of color himself, he takes diversity and inclusion extremely seriously and sees it as part of the company’s core values.

“Trying to enable people from non-traditional backgrounds to succeed will be really important to us, and I think providing economic opportunity to people that traditionally would not have been afforded several aspects of economic opportunity is the biggest ways to fix the opportunity gap in this country,” he said.

The company, which launched a year ago has basically grown up during the pandemic. That means he has yet to meet any of his customers or investors in person, but he says he has learned to adapt to that approach. While he is based in NYC, his investors are are in the Bay Area and so that remote approach will remain in place for the time being.

As he makes his way from seed to a Series A, he says that it’s up to him to stay focused and execute with the goal of showing product-market fit across a variety of company types. He believes if the startup can do this, it will have the data to take to investors when it’s time to take the next step.

Rockset announces $40M Series B as data analytics solution gains momentum

Rockset, a cloud-native analytics company, announced a $40 million Series B investment today led by Sequoia with help from Greylock, the same two firms that financed its Series A. The startup has now raised a total of $61.5 million, according to the company.

As co-founder and CEO Venkat Venkataramani told me at the time of the Series A in 2018, there is a lot of manual work involved in getting data ready to use and it acts as a roadblock to getting to real insight. He hoped to change that with Rockset.

“We’re building out our service with innovative architecture and unique capabilities that allows full-featured fast SQL directly on raw data. And we’re offering this as a service. So developers and data scientists can go from useful data in any shape, any form to useful applications in a matter of minutes. And it would take months today,” he told me in 2018.

In fact, “Rockset automatically builds a converged index on any data — including structured, semi-structured, geographical and time series data — for high-performance search and analytics at scale,” the company explained.

It seems to be resonating with investors and customers alike as the company raised a healthy B round and business is booming. Rockset supplied a few metrics to illustrate this. For starters, revenue grew 290% in the last quarter. While they didn’t provide any foundational numbers for that percentage growth, it is obviously substantial.

In addition, the startup reports adding hundreds of new users, again not nailing down any specific numbers, and queries on the platform are up 313%. Without specifics, it’s hard to know what that means, but that seems like healthy growth for an early stage startup, especially in this economy.

Mike Vernal, a partner at Sequoia, sees a company helping to get data to work faster than other solutions, which require a lot of handling first. “Rockset, with its innovative new approach to indexing data, has quickly emerged as a true leader for real-time analytics in the cloud. I’m thrilled to partner with the company through its next phase of growth,” Vernal said in a statement.

The company was founded in 2016 by the creators of RocksDB. The startup had previously raised a $3 million seed round when they launched the company and the $18.5 million A round in 2018.

Daily Crunch: Zoom adds end-to-end encryption to free calls

Zoom adds a much-requested feature (but with a catch), TikTok partners with Shopify and Jack Dorsey lays out his argument for tomorrow’s Senate hearing. This is your Daily Crunch for October 27, 2020.

The big story: Zoom adds end-to-end encryption to free calls

Zoom was criticized earlier this year for saying it would only offer end-to-end encryption to paid users. Now it says free users will have the option as well, starting in Zoom 5.4.0 on both desktop and mobile.

There are, however, a few catches. If you use end-to-end encryption in a free meeting, features like cloud recording, live transcription and meeting reactions will not be available, nor will participants be able to join the call by phone.

In addition, you’ll need to provide a phone number and billing information. And you’ll need to use the Zoom app rather than joining a meeting via web browser.

The tech giants

TikTok partners with Shopify on social commerce — At launch, the agreement allows Shopify merchants to create, run and optimize their TikTok marketing campaigns directly from the Shopify dashboard.

How Jack Dorsey will defend Twitter in tomorrow’s Senate hearing on Section 230 — In his opening statement, the Twitter CEO calls Section 230 “the Internet’s most important law for free speech and safety” and focuses on the kind of cascading effects that could arise if tech’s key legal shield comes undone.

Microsoft stock flat despite better-than-expected earnings, strong Azure growth — In the three months ending September 30, Microsoft had revenues of $37.2 billion and per-share profit of $1.82.

Startups, funding and venture capital

Next-gen skincare, silk without spiders and pollution for lunch: Meet the biotech startups pitching at IndieBio’s Demo Day — Starting in 2015, IndieBio has provided resources to founders solving complex challenges with biotech, from fake meat to sustainability.

SpaceX launches Starlink app and provides pricing and service info to early beta testers — In terms of pricing, SpaceX says the cost for participants in this beta program will be $99 per month, plus a one-time cost of $499 for hardware.

SimilarWeb raises $120M for its AI-based market intelligence platform for sites and apps — The company will expand through acquisitions and its own R&D, with a focus on providing more analytics services to larger enterprises.

Advice and analysis from Extra Crunch

Five startup theses that will transform the 2020s — Danny Crichton lays out five clusters: wellness, climate, data society, creativity and fundamentals.

Ten favorite startups from Techstars’ October 2020 class — Ten favorites culled from the Atlanta, Los Angeles and New York City cohorts, as well as its accelerator with Western Union.

(Reminder: Extra Crunch is our membership program, which aims to democratize information about startups. You can sign up here.)

Everything else

Hands-on: Sony’s DualSense PS5 controller could be a game changer — The question is whether developers will truly embrace the new haptics and audio features.

T-Mobile launches new TVision streaming bundles, pricing starts at $10 per month — The carrier is launching new skinny bundles of live TV and streaming services to compete with expensive cable subscriptions.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

MachEye raises $4.6M for its business intelligence platform

We’ve seen our fair share of business intelligence (BI) platforms that aim to make data analysis accessible to everybody in a company. Most of them are still fairly complicated, no matter what their marketing copy says. MachEye, which is launching its AI-powered BI platform today, is offering a new twist on this genre. In addition to its official launch, the company also today announced a previously unreported $4.6 seed funding round led by Canaan Partners with participation from WestWave Capital.

MachEye is not just what its founder and CEO Ramesh Panuganty calls a “low-prep, no-prep” BI platform, but it uses natural language processing to allow anybody to query data using natural language — and it can then automatically generate interactive data stories on the fly that put the answer into context. That’s quite a different approach from its more dashboard-centric competition.

“I have seen the business intelligence problems in the past,” Panuganty said. “And I saw that Traditional BI, even though it has existed for 30 or 40 years, had this paradigm of ‘what you ask is what you get.’ So the business user asks for something, either in an email, on the phone or in person, and then he gets an answer to that question back. That essentially has these challenges of being dependent on the experts and there is a time that is lost to get the answers — and then there’s a lack of exploratory capabilities for the business user. and the bigger problem is that they don’t know what they don’t know.”

Panuganty’s background includes time at Sun Microsystems and Bell Labs, working on their operating systems before becoming an entrepreneur. He build three companies over the last 12 years or so. The first was a cloud management platform, Cloud365, which was acquired by Cognizant. The second was analytics company Drastin, which got acquired by Splunk in 2017, and the third was the AI-driven educational platform SelectQ, which Thinker acquired this April. He also holds 15 patents related to machine learning, analytics and natural language processing.

Given that track record, it’s probably no surprise why VCs wanted to invest in his new startup, too. Panuganty tells me that when he met with Canaan Partners, he wasn’t really looking for an investment. He had already talked to the team while building SelectQ, but Canaan never got to make an investment because the company got acquired before it needed to raise more funding. But after an informal meeting that ended up lasting most of the day, he received an offer the next morning.

Image Credits: MachEye

MachEye’s approach is definitely unique. “Generating audio-visuals on enterprise data, we are probably the only company that does it,” Panuganty said. But it’s important to note that it also offers all of the usual trappings of a BI service. If you really want dashboards, you can build those, and developers can use the company’s APIs to use their data elsewhere, too. The service can pull in data from most of the standard databases and data warehousing services, including AWS Redshift, Azure Synapse, Google BigQuery, Snowflake and Oracle. The company promises that it only takes 30 minutes from connecting a data source to being able to ask questions about that data.

Interestingly, MachEye’s pricing plan is per seat and doesn’t limit how much data you can query. There’s a free plan, but without the natural search and query capabilities, an $18/month/user plan that adds those capabilities and additional search features, but it takes the enterprise plan to get the audio narrations and other advanced features. The team is able to use this pricing model because it is able to quickly spin up the container infrastructure to answer a query and then immediately shut it down again — all within about two minutes.

Enso Security raises $6M for its application security management platform

Enso Security, a Tel Aviv-based startup that is building a new application security platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder and CTO Alex Rice; Sounil Yu, the former chief security scientist at Bank of America; Omkhar Arasaratnam, the former head of Data Protection Technology at JPMorgan Chase and toDay Ventures.

The company was founded by Roy Erlich (CEO), Chen Gour Arie (CPO) and Barak Tawily (CTO). As is so often the case with Israeli security startups, the founding team includes former members of the Israeli Intelligence Corps, but also a lot of hands-on commercial experience. Erlich, for example, was previously the head of application security at Wix, while Gour Arie worked as an application security consultant for numerous companies across Europe and Tawily has a background in pentesting and led a security team at Wix, too.

Image Credits: Enso Security / Getty Images

“It’s no secret that, today, the diversity of R&D allows [companies] to rapidly introduce new applications and push changes to existing ones,” Erlich explained. “But this great complexity for application security teams results in significant AppSec management challenges. These challenges include the difficulty of tracking applications across environments, measuring risks, prioritizing tasks and enforcing uniform Application Security strategies across all applications.”

But as companies push out code faster than ever, the application security teams aren’t able to keep up — and may not even know about every application being developed internally. The team argues that application security today is often a manual effort to identify owners and measure risk, for example — and the resources for application security teams are often limited, especially when compared the size of the overall development team in most companies. Indeed, the Enso team argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security.

Image Credits: Enso Security / Getty Images

“It’s a losing fight from the application security side because you have no chance to cover everything,” Erlich noted. “Having said that, […] it’s all about managing the risk. You need to make sure that you take data-driven decisions and that you have all the data that you need in one place.”

Enso Security then wants to give these teams a platform that gives them a single pane of glass to discover applications, identify owners, detect changes and capture their security posture. From there, teams can then prioritize and track their tasks and get real-time feedback on what is happening across their tools. The company’s tools currently pull in data from a wide variety of tools, including the likes of JIRA, Jenkins, GitLab, GitHub, Splunk, ServiceNow and the Envoy edge and service proxy. But as the team argues, even getting data from just a few sources already provides benefits for Enso’s users.

Looking ahead, the team plans to continue improving its product and staff up from its small group of seven employees to about 20 in the next year.

“Roy, Chen and Barak have come up with a very elegant solution to a notoriously complex problem space,” said Ofer Schreiber, partner at YL Ventures . “Because they cut straight to visibility — the true heart of this issue — cybersecurity professionals can finally see and manage all of the applications in their environments. This will have an extraordinary impact on the rate of application rollout and enterprise productivity.”

Kandji hauls in $21M Series A as Apple device management flourishes during pandemic

Kandji, a mobile device management (MDM) startup, launched last October. That means it was trying to build the early stage company just as the pandemic hit earlier this year. But a company that helps manage devices remotely has been in demand in this environment, and today it announced a $21 million Series A.

Greycroft led the round with participation from new investors Okta Ventures and B Capital Group, and existing investor First Round Capital. Today’s investment brings the total raised to $28.4 million, according to the company.

What Kandji is building is a sophisticated zero-touch device management solution to help larger companies manage their fleet of Apple devices, including keeping them in compliance with a particular set of rules. As CEO and co-founder Adam Pettit told TechCrunch at the time of his seed investment last year:

“We’re the only product that has almost 200 of these one-click policy frameworks we call parameters. So an organization can go in and browse by compliance framework, or we have pre-built templates for companies that don’t necessarily have a specific compliance mandate in mind,” he said.

Monty Gray, SVP of corporate development at Okta, says Okta Ventures is investing because it sees this approach as a valuable extension of the company’s mission.

“Kandji’s device management streamlines the most common and complex tasks for Apple IT administrators and enables distributed workforces to get up and running quickly and securely,” he said in a statement.

It seems to be working. Since the company’s launch last year it reports it has gained hundreds of new paying customers and grown from 10 employees at launch to 40 today. Pettit says that he has plans to triple that number in the next 12 months. As he builds the company, he says finding and hiring a diverse pool of candidates is an important goal.

“There are ways to extend out into different candidate pools so that you’re not just looking at the same old candidates that you normally would. There are certain ways to reduce bias in the hiring process. So again, I think we look at this as absolutely critical, and we’re excited to build a really diverse company over the next several years,” he said.

Kandji - Zero Touch Deployment

Image Credits: Kandji

He notes that the investment will not only enable him to build the employee base, but also expand the product too, and in the past year, it has already taken it from basic MDM into compliance and there are new features coming as they continue to grow the product.

“If someone saw our product a year ago, it’s a very different product today, and it’s allowed us to move up market into the enterprise, which has been very exciting for us,” he said.