That dreadful VPN might finally be dead thanks to Twingate, a new startup built by Dropbox alums

VPNs, or virtual private networks, are a mainstay of corporate network security (and also consumers trying to stream Netflix while pretending to be from other countries). VPNs create an encrypted channel between your device (a laptop or a smartphone) and a company’s servers. All of your internet traffic gets routed through the company’s IT infrastructure, and it’s almost as if you are physically located inside your company’s offices.

Despite its ubiquity though, there are significant flaws with VPN’s architecture. Corporate networks and VPN were designed assuming that most workers would be physically located in an office most of the time, and the exceptional device would use VPN. As the pandemic has made abundantly clear, fewer and fewer people work in a physical office with a desktop computer attached to ethernet. That means the vast majority of devices are now outside the corporate perimeter.

Worse, VPN can have massive performance problems. By routing all traffic through one destination, VPNs not only add latency to your internet experience, they also transmit all of your non-work traffic through your corporate servers as well. From a security perspective, VPNs also assume that once a device joins, it’s reasonably safe and secure. VPNs don’t actively check network requests to make sure that every device is only accessing the resources that it should.

Twingate is fighting directly to defeat VPN in the workplace with an entirely new architecture that assumes zero trust, works as a mesh, and can segregate work and non-work internet traffic to protect both companies and employees. In short, it may dramatically improve the way hundreds of millions of people work globally.

It’s a bold vision from an ambitious trio of founders. CEO Tony Huie spent five years at Dropbox, heading up international and new market expansion in his final role at the file-sharing juggernaut. He’s most recently been a partner at venture capital firm SignalFire . Chief Product Office Alex Marshall was a product manager at Dropbox before leading product at lab management program Quartzy. Finally, CTO Lior Rozner was most recently at Rakuten and before that Microsoft.

Twingate founders Alex Marshall, Tony Huie, and Lior Rozner. Photo via Twingate.

The startup was founded in 2019, and is announcing today the public launch of its product as well as its Series A funding of $17 million from WndrCo, 8VC, SignalFire and Green Bay Ventures. Dropbox’s two founders, Drew Houston and Arash Ferdowsi, also invested.

The idea for Twingate came from Huie’s experience at Dropbox, where he watched its adoption in the enterprise and saw first-hand how collaboration was changing with the rise of the cloud. “While I was there, I was still just fascinated by this notion of the changing nature of work and how organizations are going to get effectively re-architected for this new reality,” Huie said. He iterated on a variety of projects at SignalFire, eventually settling on improving corporate networks.

So what does Twingate ultimately do? For corporate IT professionals, it allows them to connect an employee’s device into the corporate network much more flexibly than VPN. For instance, individual services or applications on a device could be setup to securely connect with different servers or data centers. So your Slack application can connect directly to Slack, your JIRA site can connect directly to JIRA’s servers, all without the typical round-trip to a central hub that VPN requires.

That flexibility offers two main benefits. First, internet performance should be faster, since traffic is going directly where it needs to rather than bouncing through several relays between an end-user device and the server. Twingate also says that it offers “congestion” technology that can adapt its routing to changing internet conditions to actively increase performance.

More importantly, Twingate allows corporate IT staff to carefully calibrate security policies at the network layer to ensure that individual network requests make sense in context. For instance, if you are salesperson in the field and suddenly start trying to access your company’s code server, Twingate can identify that request as highly unusual and outright block it.

“It takes this notion of edge computing and distributed computing [and] we’ve basically taken those concepts and we’ve built that into the software we run on our users’ devices,” Huie explained.

All of that customization and flexibility should be a huge win for IT staff, who get more granular controls to increase performance and safety, while also making the experience better for employees, particularly in a remote world where people in, say, Montana might be very far from an East Coast VPN server.

Twingate is designed to be easy to onboard new customers according to Huie, although that is almost certainly dependent on the diversity of end users within the corporate network and the number of services that each user has access to. Twingate integrates with popular single sign-on providers.

“Our fundamental thesis is that you have to balance usability, both for end users and admins, with bulletproof technology and security,” Huie said. With $17 million in the bank and a newly debuted product, the future is bright (and not for VPNs).

SAP shares fall sharply after COVID-19 cuts revenue, profit forecast at software giant

SAP announced its Q3 earnings yesterday, with its aggregate results down across the board. And after missing earnings expectations, the company also revised its 2021 outlook down. The combined bad news spooked investors, crashing its shares by more than 20% in pre-market trading, and the stock wasn’t showing any signs of improving in early trading.

The German software giant has lost tens of billions of dollars in market cap as a result.

The overall report was gloomy, with total revenues falling 4% to €6.54 billion, cloud and software revenue down 2% and operating profit down 12%. The only bright spot was its pure-cloud category, which grew 11%, to €1.98 billion.

SAP’s revenue result was around €310 million under expectations, though its per-share profit beat both adjusted and non-adjusted expectations.

While SAP’s big revenue miss might have been enough to send investors racing for the exits, its revised forecast doubled concerns. Even though the company said that its customers are accelerating their move to the cloud during the pandemic — something that TechCrunch has been tracking for some time now — SAP also said the pandemic is slowing sales and large projects.

Constellation Research analyst Holger Mueller says this is resulting in an unexpected revenue slow-down.

“What has happened at SAP is a cloud revenue delay as customers know that SAP is only investing into cloud products, and they have to migrate to those in the future. The news is that SAP customers are not migrating to the cloud during a pandemic,” Mueller told TechCrunch.

In a sign of the times, SAP spent a portion of its earnings results talking about 2025 results, a maneuver that failed to allay investor concerns that the pandemic was dramatically impacting SAP’s business today and in the coming year.

For 2020, SAP made the following cuts to its forecasts:

  • €8.0 – 8.2 billion non-IFRS cloud revenue at constant currencies (previously €8.3 – 8.7 billion)
  • €23.1 – 23.6 billion non-IFRS cloud and software revenue at constant currencies (previously €23.4 – 24.0 billion)
  • €27.2 – 27.8 billion non-IFRS total revenue at constant currencies (previously €27.8 – 28.5 billion)
  • €8.1 – 8.5 billion non-IFRS operating profit at constant currencies (previously €8.1 – 8.7 billion)

So, €300 million to €500 million in cloud revenue is now gone, along with €300 million to €400 million in cloud and software revenue, and €600 to €700 million in total revenue. That cut profit expectations by up to €200 million.

The company, however, is trying to put a happy face on the future projections, believing that as the impact of COVID begins to diminish, existing customers will eventually shift to the cloud and that will drive significant new revenues over the longer term. The trade-off is short-term pain for the next year or two.

“Over the next two years, we expect to see muted growth of revenue accompanied by a flat to slightly lower operating profit. After 2022 momentum will pick up considerably though. Initial headwinds of the accelerated cloud transition will start to turn into tailwinds for revenue and profit. […] That translates to accelerated revenue growth and double digit operating profit growth from 2023 onwards,” SAP CFO Luka Mucic said in a call with analysts this morning.

The question now becomes can they meet these projections, and if the longer-term approach during a pandemic will placate investors. As of this morning, they weren’t looking happy about it.

The No-Code Generation is arriving

In the distant past, there was a proverbial “digital divide” that bifurcated workers into those who knew how to use computers and those who didn’t.[1] Young Gen Xers and their later millennial companions grew up with Power Macs and Wintel boxes, and that experience made them native users on how to make these technologies do productive work. Older generations were going to be wiped out by younger workers who were more adaptable to the needs of the modern digital economy, upending our routine notion that professional experience equals value.

Of course, that was just a narrative. Facility with using computers was determined by the ability to turn it on and log in, a bar so low that it can be shocking to the modern reader to think that a “divide” existed at all. Software engineering, computer science and statistics remained quite unpopular compared to other academic programs, even in universities, let alone in primary through secondary schools. Most Gen Xers and millennials never learned to code, or frankly, even to make a pivot table or calculate basic statistical averages.

There’s a sociological change underway though, and it’s going to make the first divide look quaint in hindsight.

Over the past two or so years, we have seen the rise of a whole class of software that has been broadly (and quite inaccurately) dubbed “no-code platforms.” These tools are designed to make it much easier for users to harness the power of computing in their daily work. That could be everything from calculating the most successful digital ad campaigns given some sort of objective function, or perhaps integrating a computer vision library into a workflow that calculates the number of people entering or exiting a building.

The success and notoriety of these tools comes from the feeling that they grant superpowers to their users. Projects that once took a team of engineers some hours to build can now be stitched together in a couple of clicks through a user interface. That’s why young startups like Retool can raise at nearly a $1 billion valuation and Airtable at $2.6 billion, while others like Bildr, Shogun, Bubble, Stacker and dozens more are getting traction among users.

Of course, no-code tools often require code, or at least, the sort of deductive logic that is intrinsic to coding. You have to know how to design a pivot table, or understand what machine learning capability is and what it might be useful for. You have to think in terms of data, and about inputs, transformations and outputs.

The key here is that no-code tools aren’t successful just because they are easier to use — they are successful because they are connecting with a new generation that understands precisely the sort of logic required by these platforms to function. Today’s students don’t just see their computers and mobile devices as consumption screens and have the ability to turn them on. They are widely using them as tools of self-expression, research and analysis.

Take the popularity of platforms like Roblox and Minecraft. Easily derided as just a generation’s obsession with gaming, both platforms teach kids how to build entire worlds using their devices. Even better, as kids push the frontiers of the toolsets offered by these games, they are inspired to build their own tools. There has been a proliferation of guides and online communities to teach kids how to build their own games and plugins for these platforms (Lua has never been so popular).

These aren’t tiny changes; 150 million play Roblox games across 40 million user-created experiences, and the platform has nearly 350,000 developers. Minecraft for its part has more than 130 million active users. These are generation-defining experiences for young people today.

That excitement to harness computers is also showing up in educational data. Advanced Placement tests for computer science have grown from around 20,000 in 2010 to more than 70,000 this year according to the College Board, which administers the high school proficiency exams. That’s the largest increase among all of the organization’s dozens of tests. Meanwhile at top universities, computer science has emerged as the top or among the top majors, pulling in hundreds of new students per campus per year.

The specialized, almost arcane knowledge of data analysis and engineering is being widely democratized for this new generation, and that’s precisely where a new digital divide is emerging.

In business today, it’s not enough to just open a spreadsheet and make some casual observations anymore. Today’s new workers know how to dive into systems, pipe different programs together using no-code platforms and answer problems with much more comprehensive — and real-time — answers.

It’s honestly striking to see the difference. Whereas just a few years ago, a store manager might (and strong emphasis on might) put their sales data into Excel and then let it linger there for the occasional perusal, this new generation is prepared to connect multiple online tools to build an online storefront (through no-code tools like Shopify or Squarespace), calculate basic LTV scores using a no-code data platform and prioritize their best customers with marketing outreach through basic email delivery services. And it’s all reproducible, as it is in technology and code and not produced by hand.

There are two important points here. First is to note the degree of fluency these new workers have for these technologies, and just how many members of this generation seem prepared to use them. They just don’t have the fear to try new programs, and they know they can always use search engines to find answers to problems they are having.

Second, the productivity difference between basic computer literacy and a bit more advanced expertise is profound. Even basic but accurate data analysis on a business can raise performance substantially compared to gut instinct and expired spreadsheets.

This second digital divide is only going to get more intense. Consider students today in school, who are forced by circumstance to use digital technologies in order to get their education. How many more students are going to become even more capable of using these technologies? How much more adept are they going to be at remote work? While the current educational environment is a travesty and deeply unequal, the upshot is that ever more students are going to be forced to become deeply fluent in computers.[2]

Progress in many ways is about raising the bar. This generation is raising the bar on how data is used in the workplace, in business and in entrepreneurship. They are better than ever at bringing together various individual services and cohering them into effective experiences for their customers, readers and users. The No-Code Generation has the potential to finally fill that missing productivity gap in the global economy, making our lives better, while saving time for everyone.

[1] Probably worth pointing out that the other “digital divide” at the time was describing households that had internet access and households that did not. That’s a divide that unfortunately still plagues America and many other rich, industrialized countries.

[2] Important to note that access to computing is still an issue for many students and represents one of the most easily fixable inequalities today in America. Providing equal access to computing should be an absolute imperative.

DataFleets keeps private data useful and useful data private with federated learning and $4.5M seed

As you may already know, there’s a lot of data out there, and some of it could actually be pretty useful. But privacy and security considerations often put strict limitations on how it can be used or analyzed. DataFleets promises a new approach by which databases can be safely accessed and analyzed without the possibility of privacy breaches or abuse — and has raised a $4.5 million seed round to scale it up.

To work with data, you need to have access to it. If you’re a bank, that means transactions and accounts; if you’re a retailer, that means inventories and supply chains, and so on. There are lots of insights and actionable patterns buried in all that data, and it’s the job of data scientists and their ilk to draw them out.

But what if you can’t access the data? After all, there are many industries where it is not advised or even illegal to do so, such as in healthcare. You can’t exactly take a whole hospital’s medical records, give them to a data analysis firm, and say “sift through that and tell me if there’s anything good.” These, like many other data sets, are too private or sensitive to allow anyone unfettered access. The slightest mistake — let alone abuse — could have serious repercussions.

In recent years a few technologies have emerged that allow for something better, though: analyzing data without ever actually exposing it. It sounds impossible, but there are computational techniques for allowing data to be manipulated without the user ever actually having access to any of it. The most widely used one is called homomorphic encryption, which unfortunately produces an enormous, orders-of-magnitude reduction in efficiency — and big data is all about efficiency.

This is where DataFleets steps in. It hasn’t reinvented homomorphic encryption, but has sort of sidestepped it. It uses an approach called federated learning, where instead of bringing the data to the model, they bring the model to the data.

DataFleets integrates with both sides of a secure gap between a private database and people who want to access that data, acting as a trusted agent to shuttle information between them without ever disclosing a single byte of actual raw data.

Illustration showing how a model can be created without exposing data.

Image Credits: DataFleets

Here’s an example. Say a pharmaceutical company wants to develop a machine-learning model that looks at a patient’s history and predicts whether they’ll have side effects with a new drug. A medical research facility’s private database of patient data is the perfect thing to train it. But access is highly restricted.

The pharma company’s analyst creates a machine-learning training program and drops it into DataFleets, which contracts with both them and the facility. DataFleets translates the model to its own proprietary runtime and distributes it to the servers where the medical data resides; within that sandboxed environment, it grows into a strapping young ML agent, which when finished is translated back into the analyst’s preferred format or platform. The analyst never sees the actual data, but has all the benefits of it.

Screenshot of the DataFleets interface. Look, it’s the applications that are meant to be exciting. Image Credits: DataFleets

It’s simple enough, right? DataFleets acts as a sort of trusted messenger between the platforms, undertaking the analysis on behalf of others and never retaining or transferring any sensitive data.

Plenty of folks are looking into federated learning; the hard part is building out the infrastructure for a wide-ranging enterprise-level service. You need to cover a huge amount of use cases and accept an enormous variety of languages, platforms and techniques, and of course do it all totally securely.

“We pride ourselves on enterprise readiness, with policy management, identity-access management, and our pending SOC 2 certification,” said DataFleets COO and co-founder Nick Elledge. “You can build anything on top of DataFleets and plug in your own tools, which banks and hospitals will tell you was not true of prior privacy software.”

But once federated learning is set up, all of a sudden the benefits are enormous. For instance, one of the big issues today in combating COVID-19 is that hospitals, health authorities, and other organizations around the world are having difficulty, despite their willingness, in securely sharing data relating to the virus.

Everyone wants to share, but who sends whom what, where is it kept, and under whose authority and liability? With old methods, it’s a confusing mess. With homomorphic encryption it’s useful but slow. With federated learning, theoretically, it’s as easy as toggling someone’s access.

Because the data never leaves its “home,” this approach is essentially anonymous and thus highly compliant with regulations like HIPAA and GDPR, another big advantage. Elledge notes: “We’re being used by leading healthcare institutions who recognize that HIPAA doesn’t give them enough protection when they are making a data set available for third parties.”

Of course there are less noble, but no less viable, examples in other industries: Wireless carriers could make subscriber metadata available without selling out individuals; banks could sell consumer data without violating anyone in particular’s privacy; bulky datasets like video can sit where they are instead of being duplicated and maintained at great expense.

The company’s $4.5 million seed round is seemingly evidence of confidence from a variety of investors (as summarized by Elledge): AME Cloud Ventures (Jerry Yang of Yahoo) and Morado Ventures, Lightspeed Venture Partners, Peterson Ventures, Mark Cuban, LG, Marty Chavez (president of the board of overseers of Harvard), Stanford-StartX fund, and three unicorn founders (Rappi, Quora and Lucid).

With only 11 full-time employees DataFleets appears to be doing a lot with very little, and the seed round should enable rapid scaling and maturation of its flagship product. “We’ve had to turn away or postpone new customer demand to focus on our work with our lighthouse customers,” Elledge said. They’ll be hiring engineers in the U.S. and Europe to help launch the planned self-service product next year.

“We’re moving from a data ownership to a data access economy, where information can be useful without transferring ownership,” said Elledge. If his company’s bet is on target, federated learning is likely to be a big part of that going forward.

Freshworks (re-)launches its CRM service

Freshworks, the customer and employee engagement company that offers a range of products, from call center and customer support software to HR tools and marketing automation services, today announced the launch of its newest product: Freshworks CRM. The new service, which the company built on top of its new Freshworks Neo platform, is meant to give sales and marketing teams all of the tools they need to get a better view of their customers — with a bit of machine learning thrown in for better predictions.

Freshworks CRM is essentially a rebrand of the company’s Freshsales service, combined with the company’s capabilities of its Freshmarketer marketing automation tool.

“Freshworks CRM unites Freshsales and Freshmarketer capabilities into one solution, which leverages an embedded customer data platform for an unprecedented and 360-degree view of the customer throughout their entire journey,” a company spokesperson told me.

The promise here is that this improved CRM solution is able to provide teams with a more complete view of their (potential) customers thanks to the unified view — and aggregated data — that the company’s Neo platform provides.

The company argues that the majority of CRM users quickly become disillusioned with their CRM service of choice — and the reason for that is because the data is poor. That’s where Freshworks thinks it can make a difference.

Freshworks CRM delivers upon the original promise of CRM: a single solution that combines AI-driven data, insights and intelligence and puts the customer front and center of business goals,” said Prakash Ramamurthy, the company’s chief product officer. “We built Freshworks CRM to harness the power of data and create immediate value, challenging legacy CRM solutions that have failed sales teams with clunky interfaces and incomplete data.”

The idea here is to provide teams with all of their marketing and sales data in a single dashboard and provide AI-assisted insights to them to help drive their decision making, which in turn should lead to a better customer experience — and more sales. The service offers predictive lead scoring and qualification, based on a host of signals users can customize to their needs, as well as Slack and Teams integrations, built-in telephony with call recording to reach out to prospects and more. A lot of these features were already available in Freshsales, too.

“The challenge for online education is the ‘completion rate’. To increase this, we need to understand the ‘Why’ aspect for a student to attend a course and design ‘What’ & ‘How’ to meet the personalized needs of our students so they can achieve their individual goals,” said Mamnoon Hadi Khan, the chief analytics officer at Shaw Academy. “With Freshworks CRM, Shaw Academy can track the entire student customer journey to better engage with them through our dedicated Student Success Managers and leverage AI to personalize their learning experience — meeting their objectives.”

Pricing for Freshworks CRM starts at $29 per user/month and goes up to $125 per user/month for the full enterprise plan with more advanced features.

AMD grabs Xilinx for $35 billion as chip industry consolidation continues

The chip industry consolidation dance continued this morning as AMD has entered into an agreement to buy Xilinx for $35 billion, giving the company access to a broad set of specialized workloads.

AMD sees this deal as combining two companies that complement each other’s strengths without cannibalizing its own markets. CEO Lisa Su believes the acquisition will help make her company the high performance chip leader.

“By combining our world-class engineering teams and deep domain expertise, we will create an industry leader with the vision, talent and scale to define the future of high performance computing,” Su said in a statement.

In an article earlier this year, TechCrunch’s Darrell Etherington described Xilinx new satellite focused chips as offering a couple of industry firsts:

It’s the first 20nm process that’s rated for use in space, offering power and efficiency benefits, and it’s the first to offer specific support for high performance machine learning through neural network-based inference acceleration.

What’s more, the chips are designed to handle radiation and the rigors of launch, using a thick ceramic packaging.

In a call with analysts this morning, Su pointed to these kinds of specialized workloads as one of Xilinx’s strengths. “Xilinx has also built deep strategic partnerships across a diverse set of growing markets in 5G communications, data center, automotive, industrial, aerospace and defense. Xilinx is establishing themselves as a strategic technology partner to a broad set of industry leaders,” she said.

The success of these kinds of mega deals tend to hinge on whether the combined companies can work well together. Su pointed out that the two companies have been partnering for a number of years and already have a relationship, and the two company leaders share a common vision.

“Both AMD and Xilinx share common culture, focused on innovation, execution and collaborating deeply with customers. From a leadership standpoint, Victor and I have a shared vision of where we can take high performance and adaptive computing in the future,” Su said.

In a nod to shareholders of both companies, she said, “This is truly a compelling combination that will create significant value for all stakeholders, including AMD and Xilinx shareholders who will benefit from the future growth and upside potential of the combined company.”

So far stockholders aren’t impressed with AMD stock down over 4% in pre-trading, while Xilinx stock is up over 11% in pre-trading.  Xilinx has a market cap over $28 billion compared with AMD’s $96.5 billion, creating a massive combined company.

This deal comes on the heels of last month’s ARM acquisition by Nvidia for $40 billion. With two deals in less than two months totaling $75 million, the industry is looking at the bigger is better theory. Meanwhile Intel took a hit earlier this month after its earnings report showed weakness in its data center business.

While the deal has been approved by both company’s boards of directors, it still has to pass muster with shareholders and regulators, and is not expected to close until the end of next year.

When that happens Su will be chairman of the combined company, while Xilinx president and CEO, Victor Peng will join AMD as president, where he will be in charge of the Xilinx business and strategic growth initiatives.

It’s worth noting that the Wall Street Journal first reported that a deal between these two companies could be coming together earlier this month.

SimilarWeb raises $120M for its AI-based market intelligence platform for sites and apps

Israeli startup SimilarWeb has made a name for itself with an AI-based platform that lets sites and apps track and understand traffic not just on their own sites, but those of its competitors. Now, it’s taking the next step in its growth. The startup has raised $120 million, funding it will use to continue expanding its platform both through acquisitions and investing in its own R&D, with a focus on providing more analytics services to larger enterprises alongside its current base of individuals and companies of all sizes that do business on the web.

But not, it seems, necessarily an IPO at the moment.

“We will pursue whatever we feel is necessary to grow, so that decision will come from delivering value, not chasing an IPO,” Or Offer, SimilarWeb’s founder and CEO, said in an interview.

Co-led by ION Crossover Partners and Viola Growth, the round doubles the total amount that the startup has raised to date to $240 million. Offer said that it was not disclosing its valuation this time around except to say that his company is now “playing in the big pool.” It counts more than half of the Fortune 100 as customers, with Walmart, P&G, Adidas and Google, among them.

For some context, it hit an $800 million valuation in its last equity round, in 2017.

SimilarWeb’s technology competes with other analytics and market intelligence providers ranging from the likes of Nielsen and ComScore through to the Apptopias of the world in that, at its most basic level, it provides a dashboard to users that provides insights into where people are going on desktop and mobile. Where it differs, Offer said, is in how it gets to its information, and what else it’s doing in the process.

For starters, it focuses not just how many people are visiting, but also a look into what is triggering the activity — the “why”, as it were — behind the activity. Using a host of AI tech such as machine learning algorithms and deep learning — like a lot of tech out of Israel, it’s being built by people with deep expertise in this area — Offer says that SimilarWeb is crunching data from a number of different sources to extrapolate its insights.

He declined to give much detail on those sources but told me that he cheered the arrival of privacy gates and cookie lists for helping ferret out, expose and sometimes eradicate some of the more nefarious “analytics” services out there, and said that SimilarWeb has not been affected at all by that swing to more data protection, since it’s not an analytics service, strictly speaking, and doesn’t sniff data on sights in the same way. It’s also exploring widening its data pool, he added:

“We are always thinking about what new signals we could use,” he said. “Maybe they will include CDNs. But it’s like Google with its rankings in search. It’s a never ending story to try to get the highest accuracy in the world.”

The global health pandemic has driven a huge amount of activity on the web this year, with people turning to sites and apps not just for leisure — something to do while staying indoors, to offset all the usual activities that have been cancelled — but for business, whether it be consumers using e-commerce services for shopping, or workers taking everything online and to the cloud to continue operating.

That has also seen a boost of business for all the various companies that help the wheels turn on that machine, SimilarWeb included.

“Consumer behavior is changing dramatically, and all companies need better visibility,” said Offer. “It started with toilet paper and hand sanitizer, then moved to desks and office chairs, but now it’s not just e-commerce but everything. Think about big banks, whose business was 70% offline and is now 70-80% online. Companies are building and undergoing a digital transformation.”

That in turn is driving more people to understand how well their web presence is working, he said, with the basic big question being: “What is my marketshare, and how does that compare to my competition? Everything is about digital visibility, especially in times of change.”

Like many other companies, SimilarWeb did see an initial dip in business, Offer said, and to that end the company has taken on some debt as part of Israel’s Paycheck Protection Program, to help safeguard some jobs that needed to be furloughed. But he added that most of its customers prior to the pandemic kicking off are now back, along with customers from new categories that hadn’t been active much before, like automotive portals.

That change in customer composition is also opening some doors of opportunity for the company. Offer noted that in recent months, a lot of large enterprises — which might have previously used SimilarWeb’s technology indirectly, via a consultancy, for example — have been coming to the company direct.

“We’ve started a new advisory service [where] our own expert works with a big customer that might have more deep and complex questions about the behaviour we are observing. They are questions all big businesses have right now.” The service sounds like a partly-educational effort, teaching companies that are not necessarily digital-first be more proactive, and partly consulting.

New customer segments, and new priorities in the world of business, are two of the things that drove this round, say investors.

“SimilarWeb was always an incredible tool for any digital professional,” said Gili Iohan of ION Crossover Partners, in a statement. “But over the last few months it has become apparent that traffic intelligence — the unparalleled data and digital insight that SimilarWeb offers — is an absolute essential for any company that wants to win in the digital world.”

As for acquisitions, SimilarWeb has historically made these to accelerate its technical march. For example, in 2015 it acquired Quettra to move deeper into mobile analytics and it acquired Swayy to move into content discovery insights (key for e-commerce intelligence). Offer would not go into too much detail about what it has identified as a further target but given that there are quite a lot of companies building tech in this area currently, that there might be a case for some consolidation around bigger platforms to combine some of the features and functionality. Offer said that it was looking at “companies with great data and digital intelligence, with a good product. There are a lot of opportunities right now on the table.”

The company will also be doing some hiring, with the plan to be to add 200 more people globally by January (it has around 600 employees today).

“Since we joined the company three years ago, SimilarWeb has executed a strategic transformation from a general-purpose measurement platform to vertical-based solutions, which has significantly expanded its market opportunity and generated immense customer value,” said Harel Beit-On, Founder and General Partner at Viola Growth, in a statement. “With a stellar management team of accomplished executives, we believe this round positions the company to own the digital intelligence category, and capitalize on the acceleration of the digital era.”

Google Mending Another Crack in Widevine

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.

The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content.

“As code protection is always evolving to address new threats, we are currently working to update our Widevine software DRM with the latest advancements in code protection to address this issue,” Google said in a written statement provided to KrebsOnSecurity.

In January 2019, researcher David Buchanan tweeted about the L3 weakness he found, but didn’t release any proof-of-concept code that others could use to exploit it before Google fixed the problem.

This latest Widevine hack, however, has been made into an extension for Microsoft Windows users of the Google Chrome web browser and posted for download on the software development platform Github.

Tomer Hadad, the researcher who developed the browser extension, said his proof-of-concept code “was done to further show that code obfuscation, anti-debugging tricks, whitebox cryptography algorithms and other methods of security-by-obscurity will eventually by defeated anyway, and are, in a way, pointless.”

Google called the weakness a circumvention that would be fixed. But Hadad took issue with that characterization.

“It’s not a bug but an inevitable flaw because of the use of software, which is also why L3 does not offer the best quality,” Hadad wrote in an email. “L3 is usually used on desktops because of the lack of hardware trusted zones.”

Media companies that stream video online using Widevine can select different levels of protection for delivering their content, depending on the capabilities of the device requesting access. Most modern smartphones and mobile devices support much more robust L1 and L2 Widevine protections that do not rely on L3.

Further reading: Breaking Content Protection on Streaming Websites

Dropbox begins shift to high efficiency Western Digital Shingled Magnetic Recording disks

Last year, Dropbox talked about making a shift to Shingled Magnetic Recording or SMR disks for short because of the efficiency they can give a high volume storage platform like theirs. Today, Western Digital announced that Dropbox was one of the first companies to qualify their Ultrastar® DC HC650 20TB, host-managed SMR hard disks.

Dropbox’s modern infrastructure story goes back to 2017 when it decided to shift most of its business from being hosted on AWS to building their own infrastructure. As they moved through the process of making that transition in the following years, they were looking for new storage technology ideas to help drive down the cost of running their own massive storage system.

As principal engineer James Cowling told TechCrunch last year, one of the ideas that emerged was using SMR:

What emerged was SMR, which has high storage density and a lower price point. Moving to SMR gave Dropbox the ability to do more with less, increasing efficiency and lowering overall costs — an essential step for a company trying to do this on its own. “It required expertise obviously, but it was also exciting to bring a lot of efficiencies in terms of cost and storage efficiency, while pulling down boundaries between software and hardware,” Cowling said.

As it turns out, Dropbox VP of engineering Andrew Fong says that the company has been working with Western Digital for a number of years and the new SMR technology is the latest step in that partnership.

Western Digital says that these drives deliver this cost savings through increased storage density and lower power requirements. “When considering exabyte-scale needs, and associated capital and operating cost of the data center, the long-term value in terms of lower cost-per-TB, higher density, low power and high reliability can help benefit the bottom line,” the company said in a statement.

Time will tell if these disks deliver as promised, but they certainly show a lot of potential for a high volume user like Dropbox.

The Good, the Bad and the Ugly in Cybersecurity – Week 43

The Good

Regulators all around the world are imposing stricter data privacy and notification rules, but these can sometimes be difficult to comprehend without assistance or guidance. This is especially true regarding whether a data breach requires reporting or not. But some countries are taking the opposite approach: they first help to educate organizations, and only then will impose the laws. New Zealand’s Office of the Privacy Commissioner (OPC) has launched a new online tool enabling businesses and organisations to easily assess whether a privacy breach is notifiable.

Under the Privacy Act 2020, which comes into effect on 1 December, it will be mandatory for organizations to notify the regulator if a privacy breach has caused, or is likely to cause, serious harm. Failing to do could lead to a fine of of up to $10,000.

But how does one know if a breach is can lead to such serious consequences? There’s the good news: They can use the free tool, aptly named “NotifyUs” to evaluate if a data breach can cause “serious harm”.

The Bad

The GRU, Russia’s Main Intelligence Directorate, is officially in charge of information collection, but according to many in the security industry, it is the main body that carries out offensive cyber operations against Russia’s enemies. This week, the EU, UK and USA have all acted to sanction the GRU in response to a number of recent offensive cyber campaigns.

The Council of the European Union imposed sanctions on two Russian citizens and a “military intelligence center” (aka APT group APT28 or “Fancy Bear”) due to cyberattacks targeting Germany’s parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in 2018. The sanctions include a travel ban and asset freeze all over the EU. In addition, UK authorities reported that the GRU has conducted reconnaissance activities against the (now postponed) Tokyo 2020 Olympic games. The GRU targeted the Games’ organisers, logistics services and sponsors, as part of a long running campaign that had also targeted the 2018 Winter Olympic and Paralympic Games. The US government has also indicted six Russian military officers accused of several major cyber attacks including NotPetya and attempted sabotage of the 2018 Winter Olympics, causing at least $1 billion in global losses.

It seems these GRU officers were engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize various foreign targets, from the Ukraine and Georgia to elections in France and international efforts to hold Russia accountable for its use of the weapons-grade nerve agent, Novichok.

Sanctions or no, with the protection of the Russian state, we have no doubt these actors will continue to be wreak havoc on more international targets.

The Ugly

Installing security cameras is meant to increase the safety of your home, but ill-secured cameras can allow hackers unfettered access to your most private moments. Some of those abusing unsecured cameras are not content with the mere act of peeping into other people’s private lives, they also seek to monetize this capability. A Singaporean newspaper this week reported that a hacking group active on the messaging platform Discord is selling footage from more than 50,000 hacked IP cameras from homes in Singapore, Thailand, South Korea, Canada, Australia and some other parts of Asia like Bangladesh, India and Pakistan.

The group sells access to a hacked camera for $150, complete with tutorials on how to choose the “best” camera (meaning one that is most likely to show naked women or children) and how to record videos. Some of the recorded videos, which range from one to twenty minutes in length and show people of all ages, sans clothes, have been uploaded to porn websites. This is another reminder of the security and privacy risk of introducing smart devices, especially those with video and audio capture capabilities, into our homes without proper security measures.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security