Dropbox shifts business product focus to remote work with Spaces update

In a September interview at TechCrunch Disrupt, Dropbox co-founder and CEO Drew Houston talked about how the pandemic had forced the company to rethink what work means, and how his company is shifting with the new requirements of a work-from-home world. Today, the company announced broad changes to Dropbox Spaces, the product introduced last year, to make it a collaboration and project management tool designed with these new requirements in mind.

Dropbox president Timothy Young says that the company has always been about making it easy to access files wherever you happen to be and whatever device you happen to be on, whether that was in a consumer or business context. As the company has built out its business products over the last several years, that involved sharing content internally or externally. Today’s announcement is about helping teams plan and execute around the content you create with a strong project focus.

“Now what we’re basically trying to do is really help distributed teams stay organized, collaborate together and keep moving along, but also do so in a really secure way and support IT, administrators and companies with some features around that as well, while staying true to Dropbox principles,” Young said.

This involves updating Spaces to be a full-fledged project management tool designed with a distributed workforce in mind. Spaces connects to other tools like your calendar, people directory, project management software — and of course files. You can create a project, add people and files, then set up a timeline and assign and track tasks, In addition, you can access meetings directly from Spaces and communicate with team members, who can be inside or outside the company.

Houston suggested a product like this could be coming in his September interview when he said:

“Back in March we started thinking about this, and how [the rapid shift to distributed work] just kind of happened. It wasn’t really designed. What if you did design it? How would you design this experience to be really great? And so starting in March we reoriented our whole product road map around distributed work,” he said.

Along these same lines, Young says the company itself plans to continue to be a remote first company even after the pandemic ends, and will continue to build tools to make it easier to collaborate and share information with that personal experience in mind.

Today’s announcement is a step in that direction. Dropbox Spaces has been in private beta and should be available at the beginning of next year.

Marketing automation platform Klaviyo scores $200M Series C on $4.15B valuation

Boston-based marketing automation firm Klaviyo wants to change the way marketers interact with data, giving them direct access to their data and their customers. It believes that makes it easier to customize the messages and produce better results. Investors apparently agree, awarding the company a $200 million Series C on a hefty $4.15 billion valuation today.

The round was led by Accel with help from Summit Partners. It comes on the heels of last year’s $150 million Series B, and brings the total raised to $385.5 million, according the company. Accel’s Ping Li will also be joining the company board under the terms of today’s announcement.

Marketing automation and communication takes on a special significance as we find ourselves in the midst of this pandemic and companies need to find ways to communicate in meaningful ways with customers who can’t come into brick and mortar establishments. Company CEO and co-founder Andrew Bialecki says that his company’s unique use of data helps in this regard.

“I think our success is because we are a hybrid customer data and marketing platform. We think about what it takes to create these owned experiences. They’re very contextual and you need all of that customer data, not some of it, all of it, and you need that to be tightly coupled with how you’re building customer experiences,” Bialecki explained.

Andrew Bialecki, CEO and co-founder at Klaviyo

Andrew Bialecki, CEO and co-founder at Klaviyo Image Credits: Klaviyo

He believes that by providing a platform of this scope that combines the data, the ability to customize messages and the use of machine learning to keep improving that, it will help them compete with the largest platforms. In fact his goal is to help companies understand that they don’t have to give up their customer data to Amazon, Google and Facebook.

“The flip side of that is growing through Amazon where you give up all your customer data, or Facebook or Google where you kind of are delegated to wherever their algorithms decide where you get to show up,” he said. With Klaviyo, the company retains its own data, and Ping Li, who is leading the investment at Accel says that it where the e-commerce market is going.

“So the question is, is there a tool that allows you to do that as easily as going on Facebook and Google, and I think that’s the vision and the promise that Klaviyo is delivering on,” Li said.  He believes that this will allow their customers to actually build that kind of fidelity with their customers by going directly to them, instead of through a third-party intermediary.

The company has seen some significant success with 50,000 customers in 125 countries along with that lofty valuation. The customer number has doubled year over year, even during the economic malaise brought on by the pandemic.

Today, the company has 500 employees with plans to double that in the next year. As he grows his company, Bialecki believes diversity is not just the right thing to do, it’s also smart business. “I think the competitive advantages that tech companies are going to have going forward, especially for the tech companies that are not the leaders today, but [could be] leaders in the coming decades, it’s because they have the most diverse teams and inclusive culture and those are both big focuses for us,” he said.

As they move forward flush with this cash, the company wants to continue to build out the platform, giving customers access to a set of tools that allow them to know their own customers on an increasingly granular level, while delivering more meaningful interactions. “It’s all about accelerating product development and getting into new markets,” Bialecki said. They certainly have plenty of runway to do that now.

Be Very Sparing in Allowing Site Notifications

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Notification prompts in Firefox (left) and Google Chrome.

When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.

But many users may not fully grasp what they are consenting to when they approve notifications, or how to tell the difference between a notification sent by a website and one made to appear like an alert from the operating system or another program that’s already installed on the device.

This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome, which advertises the ability for site owners to monetize traffic from their visitors. The company’s site currently is ranked by Alexa.com as among the top 2,000 sites in terms of Internet traffic globally.

Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests designed to distinguish automated bot traffic from real visitors.

An ad from PushWelcome touting the money that websites can make for embedding their dodgy push notifications scripts.

Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities.

That’s according to a deep analysis of the PushWelcome network compiled by Indelible LLC, a cybersecurity firm based in Portland, Ore. Frank Angiolelli, vice president of security at Indelible, said rogue notifications can be abused for credential phishing, as well as foisting malware and other unwanted applications on users.

“This method is currently being used to deliver something akin to adware or click fraud type activity,” Angiolelli said. “The concerning aspect of this is that it is so very undetected by endpoint security programs, and there is a real risk this activity can be used for much more nefarious purposes.”

Sites affiliated with PushWelcome often use misleading messaging to trick people into approving notifications.

Angiolelli said the external Internet addresses, browser user agents and other telemetry tied to people who’ve accepted notifications is known to PushWelcome, which could give them the ability to target individual organizations and users with any number of fake system prompts.

Indelible also found browser modifications enabled by PushWelcome are poorly detected by antivirus and security products, although he noted Malwarebytes reliably flags as dangerous publisher sites that are associated with the notifications.

Indeed, Malwarebytes’ Pieter Arntz warned about malicious browser push notifications in a January 2019 blog post. That post includes detailed instructions on how to tell which sites you’ve allowed to send notifications, and how to remove them.

KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.

Clicking on the PushWelcome notification in the bottom right corner of the screen opened a Web site claiming my brand new test system was infected with 5 viruses.

It seems likely that PushWelcome and/or some of its advertisers are trying to generate commissions for referring customers to purchase antivirus products at these companies. McAfee has not yet responded to requests for comment. Norton issued the following statement:

“We do not believe this actor to be an affiliate of NortonLifeLock. We are continuing to investigate this matter. NortonLifeLock takes affiliate fraud and abuse seriously and monitors ongoing compliance. When an affiliate partner abuses its responsibilities and violates our agreements, we take necessary action to remove these affiliate partners from the program and swiftly terminate our relationships. Additionally, any potential commissions earned as a result of abuse are not paid. Furthermore, NortonLifeLock sends notification to all of our affiliate partner networks about the affiliate’s abuse to ensure the affiliate is not eligible to participate in any NortonLifeLock programs in the future.”

Requests for comment sent to PushWelcome via email were returned as undeliverable. Requests submitted through the contact form on the company’s website also failed to send.

While scammy notifications may not be the most urgent threat facing Internet users today, most people are probably unaware of how this communications pathway can be abused.

What’s more, dodgy notification networks could be used for less conspicuous and sneakier purposes, including spreading fake news and malware masquerading as update notices from the user’s operating system. I hope it’s clear that regardless of which browser, device or operating system you use, it’s a good idea to be judicious about which sites you allow to serve notifications.

If you’d like to prevent sites from ever presenting notification requests, check out this guide, which has instructions for disabling notification prompts in Chrome, Firefox and Safari. Doing this for any devices you manage on behalf of friends, colleagues or family members might end up saving everyone a lot of headache down the road.

What Happened to My Mac? Apple’s OCSP Apocalypse

Last week, just after we covered the release of Big Sur, many macOS users around the world experienced something unprecedented on the platform: a widespread outage of an obscure Apple service caused users worldwide to be unable to launch 3rd party applications. Already being dubbed the “Apple Apocalypse” or “OCSP Apocalypse”, the cause was down to a little-known but essential service called “Online Certificate Status Protocol”. In this post, we look at what OCSP is, explain why it affected Macs so severely, and discuss some of the implications that have arisen in light of this unusual event.

Why Your Mac Couldn’t Launch 3rd Party Applications

On Thursday, users on Twitter and other social media platforms began complaining that their Mac computers were becoming unresponsive, hanging and unable to launch or install many 3rd party applications.

Some quick detective work soon pinned the blame on a system daemon called trustd.

As the somewhat sparse man page tells us, trustd is a service that evaluates trust in certificates for all processes on the system.

As it goes about its business, trustd makes a network call to a service called “ocsp” – Online Certificate Status Protocol.

The purpose of the OCSP call is to check whether a piece of software being launched has had its developer certificate revoked. Revoking developer certificates is one way that Apple deals with known malware. By using an OCSP responder service, Apple hope to prevent any software whose certificate has been revoked from launching on pretty much all Macs anywhere within minutes.

As was well-documented over the weekend, trustd employs a “fail-soft” call to Apple’s OCSP service: If the service is unavailable or the device itself is offline, trustd (to put it simply) goes ahead and “trusts” the app. After all, people aren’t always connected to the internet, and – as we find out from time to time when there’s a service outage – neither is Apple!

However, in this particular case, ocsp.apple.com wasn’t in fact offline. The trustd service was able to reach the server, but the server was experiencing a slowdown. And now, rather than failing softly, trustd just kept hanging around for an answer…and users’ Macs just kept, well, hanging.

Reactions to Apple’s OCSP Apocalypse

While the problem persisted for only a few hours before Apple got on top of the server slowdown, the fallout has been going on throughout the weekend. For many users, it came as quite a shock that their usually reliable Macs appeared to have a single point of failure. Ironically but understandably, the failure of trustd – a service designed to improve security – led some to believe that their Macs had been infected with malware, which must have been an unpleasant experience, to say the least.

In the immediate aftermath, some commentators began to draw more sinister conclusions: if macOS sends data about every app you launch to Apple, then presumably Apple can track exactly what users are doing, when and where. As one writer pointed out, OCSP uses the insecure, plain-text HTTP protocol. That appears to suggest that not only Apple but also “anyone with a traffic analyzer on your network could eavesdrop every app you open and when you open it.”

That very idea was taken to its logical, but not entirely accurate, extreme in a blog post that dramatically claimed “your computer isn’t yours”:

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

The author went on to worry about just how many others might have this same data, from your ISP to the NSA to a MITM on your local network.

Such dramatic conclusions led some to suggest that users should block OCSP either in their firewall software or by editing their /etc/hosts file. (Spoiler: SentinelOne do not recommend doing either. Read on to find out why).

Why You Should Not Block Calls to OCSP Responder Services

So on top of the OCSP apocalypse, we seem to now have a privacy apocalypse…except there’s a few important rebuttals to bear in mind.

First, OCSP doesn’t in fact send hashes of applications over the wire; it sends some obfuscated information about developer certificates belonging to those apps.

Even more precisely, in the case where a developer has more than one Apple app signed with that certificate (most developers sign all their apps with the same certificate), it doesn’t even expose which app from that developer was launched. For anyone familiar with Apple’s developer IDs, this would be immediately obvious. Apple’s certificate revocation, when deployed, doesn’t work on a per-app basis, it works on a per-developer basis.

A second point to bear in mind here was ably explained by Phil Vachon. If you want to be confident that software you’re running has been securely signed and is trusted by the certificate issuer, there’s only a few options available, and each has trade offs.

On the one hand, Apple could periodically dump a list of all revoked app certificates to every user’s Mac. Vachon points out two problems with certificate revocation lists (CRLs): storage (they can be large) and update frequency. Revoked apps could easily fall through the cracks. Another option is a variant of the OCSP model Apple use called OCSP stapling, which has the benefit of ensuring anonymity, but actual implementations to date have been somewhat unreliable. The path Apple have chosen, real-time OCSP checking, does have both known privacy (yes, there’s some data leakage) and security (e.g., the fail-soft design is vulnerable to an attacker blocking the device’s connection to the OCSP server) implications.

However, the privacy implications are neither peculiar to Apple (we are all in the same boat with every online service we use) nor more severe than we face with other providers. Unlike many online services we use, Apple have no business trading user data to 3rd parties or advertisers, and privacy – even if not always well implemented – is a core part of their business model.

Third, and most importantly, from a threat model perspective, users that follow the misguided advice to block calls to OCSP increase the risk to their devices and network. Malware is a far more prevalent and immediate threat than the weak data leakage represented by OCSP responder services. Although SentinelOne protects user devices from macOS malware without relying on certificate revocation services, removing any layer of defence is never a good idea unless that layer poses more risk than it offers security. There is absolutely no evidence that this is the case with Apple’s OCSP service.

Apple’s Response to the OCSP Apocalypse

As we said above, using an OCSP responder service for checking certification status allows Apple to prevent unwanted software from launching on a Mac within minutes, notwithstanding either malicious or accidental network outages.

How many minutes? It’s been suggested that typically OCSP checks are cached on a device for as little as 5 minutes, meaning that if you launch an application a few times rapidly, your Mac doesn’t waste time re-checking that software’s status until at least five minutes since the last launch. If correct, that’s a pretty aggressive timeout, and Apple may have made changes server-side to cache responses for up to 12 hours instead in light of last week’s problems (note: I could not reproduce the same findings on my devices).

Moreover, Apple made a rare implicit acknowledgement of the problem, stating that in the near future they intend to introduce stronger protections against server failure, a possible opt-out of security checks for users, and a new encrypted protocol for Developer ID certificate revocation checks.

Did Apple’s Outage Affect SentinelOne’s Agent?

For SentinelOne customers already running Agents on their devices, the problems with Apple’s servers would not have caused any loss of protection as the service is constantly running and not subject to certification status checks after initial launch.

Customers may have been temporarily affected by the failure of ocsp.apple.com if they tried to launch the SentinelOne Installer to deploy the agent to a new device during Thursday 12th or early hours of Friday 13th (depending on location).

In the unlikely event that Apple have a repeat of the problem with their ocsp.apple.com service, Mac users are advised to temporarily disconnect from the internet to launch any stalled or unresponsive applications, and re-connect once the application has finished launching.

macOS Big Sur is Here
We’re ready to bring our capabilities to this new world!

Conclusion

Apple’s OCSP problem caused some major disruption for many of their customers and provided a perhaps unwelcome introduction to network security plumbing for some. Safely and reliably querying certificates for revocation status is a known hard nut to crack, and the privacy and reliability issues with OCSP were well-known to network security engineers long before last week’s meltdown. It’s not as if Apple have been caught doing something that nobody was aware of, even if it’s true that many non-security folk, and some popular bloggers, had never heard of the problem of establishing online revoked certificate status before Thursday’s unwelcome outage. Despite the acknowledged privacy and security drawbacks with OCSP responder services in general, their benefits far outweigh their drawbacks.

If you’d like to learn more about SentinelOne’s protection for macOS, contact us today or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Harbr raises $38.5M to help enterprises exchange and share big data troves securely

Organizations today are sitting on mountains of data that they amass and use in their own businesses, but many are also looking to share those troves with other parties to expand their prospects — a model that comes with challenges (privacy and data protection being two key ones); and, these days (due to COVID-19 and the push to more digital transformation), with urgency; but also big rewards if you can pull it off well.

Today, a new London startup called Harbr, which has built a secure platform to enable big data exchange, is announcing a big round of funding to tap into that demand.

The company has raised $38.5 million in a Series A round of funding, just six months since emerging from stealth mode. It plans to use the money to hire more people to meet the demand of serving more enterprise customers, and for R&D.

Led jointly by new backers Dawn Capital and Tiger Global Management, the round also had participation from past investors Mike Chalfen, Boldstart Ventures, Crane Venture Partners, Backed and Seedcamp, alongside UiPath’s founder and CEO Daniel Dines and head of strategy Brandon Deer. Harbr has now raised over $50 million, and it’s not disclosing its valuation.

Harbr has been around since 2017, but it only came out of stealth mode earlier this year, in May. Its approach has mirrored that of a lot of other enterprise startups that spend a long time building their product under wraps. Identifying the market opportunity when it was still nascent, Harbr then worked directly (and quietly) with enterprises to figure out what they needed and built it, before launching it as a commercial product (with customers already in hand).

“Back in 2017 no one was talking about enterprise data exchanges,” Harbr’s CSO Anthony Cosgrove (who co-founded the company with Gary Butler, the CEO) told me in an interview. “So we worked with big companies to understand their needs and built Harbr based on that.”

Customers include those in financial and enterprise services such as Moody’s Analytics and WinterCorp, as well as governments. Cosgrove noted that nearly 100% of Harbr’s clients are in the U.S., where the startup’s chairman Leo Spiegel is based. Spiegel is also an investor, with an extensive enterprise data services resume to his name.

“This is a team that has worked together for a long time,” Spiegel said in an interview. “Gary [the CEO] and I have worked together for 20 years before Harbr. I have been in data a very long time, and we have a lot of relationships with U.S. companies.” (That is one sign of why this enterprise startup has raised a substantial amount of funding so early in its public life.)

Cosgrove, an MBE, himself has a background in banking and before that U.K. government.

The platform today provides enterprises with a way to tap into data that an organization may already have in data lakes and warehouses, which it already uses for analytics and business intelligence. The idea is to make that data ready and secure for enterprise data exchange, either with other parts of your own large organization, or with third parties. That involves creating a “clean room”, providing tools for making it accessible by third parties, and potentially turning it into a data marketplace, if that is your goal.

Image Credits: Harbr

The challenges that Harbr addresses come from a couple of different angles. The first of these is technical: putting data troves from disparate sources into a format that can be usable by others. The second of these is commercial: creating something that you can then provide to others, but also making that marketplace findable and usable. The third of these is security.

Cosgrove said that he doesn’t think of Harbr as a security company first, but he points out that these days this has become as much of a concern (if not more) than simply making a data product usable. Being able to protect your data as valuable IP is important, but on top of that, you have the roles of privacy and data protection.

These have moved from being fringe concerns to a priority for many users, and, in an increasing number of cases, a legal requirement. So, as companies look for ways to tap into the big data opportunity while keeping those principles in mind, they are looking for companies built with privacy and data protection from the ground up.

“We’re really focused on helping people to treat data as a product. They bring assets into a platform and turn them into data products that are easy to consume, use and merge,” said Cosgrove. “We see security as a by-product of that: you have to consider security as part of it.” Harbr the name is a play on Harbor, which itself is a reference to safe harbor principles and regulations.

Harbr is not the only company looking at this opportunity. InfoSum, also out of the U.K., is also tackling the concept of a privacy-first approach to federated data, providing a way to share data across organizations without compromising data protection in any way. DataFleets out of the Bay Area is another startup also building a platform and tools to help enterprises with this challenge and opportunity.

“For data to become truly powerful, we need more automation and collaboration. Today, human efforts are consumed by finding and preparing data, rather than focused on high-value activities that drive real productivity gains,” said Evgenia Plotnikova, partner at Dawn Capital, in a statement. “Harbr is in the vanguard of companies changing this reality, and we are incredibly excited to be partnering with them. Customers we’ve spoken to find Harbr’s enterprise data exchange transformative, and their engagement across Fortune 1000 companies substantiates this.”

Computer vision startup Chooch.ai scores $20M Series A

Chooch.ai, a startup that hopes to bring computer vision more broadly to companies to help them identify and tag elements at high speed, announced a $20 million Series A today.

Vickers Venture Partners led the round with participation from 212, Streamlined Ventures, Alumni Ventures Group, Waterman Ventures and several other unnamed investors. Today’s investment brings the total raised to $25.8 million, according to the company.

“Basically we set out to copy human visual intelligence in machines. That’s really what this whole journey is about,” CEO and co-founder Emrah Gultekin explained. As the company describes it, “Chooch Al can rapidly ingest and process visual data from any spectrum, generating AI models in hours that can detect objects, actions, processes, coordinates, states, and more.”

Chooch is trying to differentiate itself from other AI startups by taking a broader approach that could work in any setting, rather than concentrating on specific vertical applications. Using the pandemic as an example, Gultekin says you could use his company’s software to identify everyone who is not wearing a mask in the building or everyone who is not wearing a hard hat at construction site.

 

With 22 employees spread across the U.S., India and Turkey, Chooch is building a diverse company just by virtue of its geography, but as it doubles the workforce in the coming year, it wants to continue to build on that.

“We’re immigrants. We’ve been through a lot of different things, and we recognize some of the issues and are very sensitive to them. One of our senior members is a person of color and we
are very cognizant of the fact that we need to develop that part of our company,” he said. At a recent company meeting, he said that they were discussing how to build diversity into the policies and values of the company as they move forward.

The company currently has 18 enterprise clients and hopes to use the money to add engineers, data scientists and begin to build out a worldwide sales team to continue to build the product and expand its go-to-market effort.

Gultekin says that the company’s unusual name comes from a mix of the words choose and search. He says that it is also an old Italian insult. “It means dummy or idiot, which is what artificial intelligence is today. It’s a poor reflection of humanity or human intelligence in humans,” he said. His startup aims to change that.

Undock raises $1.6M to help solve your group scheduling nightmares

Over the past decade, many startups have tried (and many have failed) to rethink the way we schedule our meetings and calls. But we seem to be in a calendrical renaissance, with incumbents like Google and Outlook getting smarter and smarter and newcomers like Calendly growing significantly.

Undock, an Entrepreneurs Roundtable Accelerator-backed startup, is looking to enter the space.

The startup recently closed a $1.6 million seed round with investors that include Lightship Capital, Bessemer Venture Partners, Lerer Hippeau, Alumni Ventures Group, Active Capital, Arlan Hamilton of Backstage Capital, Sarah Impach of Paypal/LinkedIn, and several other angel investors.

For now, Undock is a Chrome extension that allows users to seamlessly see mutual availability across a group, whether or not all users in the group have Undock, all from within their email. Founder and CEO Nash Ahmed wouldn’t go into too much detail about the technology that allows Undock to accomplish this. But, on the surface, users who don’t yet have Undock can temporarily link their calendar to the individual meeting request to automatically find times that work for everyone in the group. Otherwise, they can see the suggested times of the rest of the group and mark the ones that work for them.

This is just the beginning of the journey for Undock. The company plans to launch a full-featured calendar in Q1 of 2021, that would include collaborative editing right within calendar events, and embedded video conferencing.

According to Ahmed, the most important differentiating features of Undock are that it focuses on mutual availability (not just singular availability) and that it does so right within the email client.

Image Credits: undock

Scheduling will always be free within Undock, but the full calendar (when it’s released publicly) will have a variety of tiers starting at $10/month per user. Undock will also borrow from the Slack model and charge more for retention of information.

“The greatest challenge is definitely customer education,” said Ahmed, explaining that early on some users were confused by the product’s simplicity. “We messaged it by saying it’s like autocomplete. And early users would get into their email and then ask what to do next, or if they had to go back to Undock or to the Chrome extension. And we’d have to say ‘no, just keep typing.’”

The Undock team, which is Black- and female-founded, numbers 18 people. Twenty-eight percent of the team is female, 22 percent are Black, and 11 percent are LGBTQ, and the diversity of the leadership team is even higher.

Gretel announces $12M Series A to make it easier to anonymize data

As companies work with data, one of the big obstacles they face is making sure they are not exposing personally identifiable information (PII) or other sensitive data. It usually requires a painstaking manual effort to strip out that data. Gretel, an early stage startup, wants to change that by making it faster and easier to anonymize data sets. Today the company announced a $12 million Series A led by Greylock. The company has now raised $15.5 million.

Gretel founder and CEO Alex Watson says that his company was founded to make it simpler to anonymize data and unlock data sets that were previously out of reach because of privacy concerns.

“As a developer, you want to test an idea or build a new feature, and it can take weeks to get access to the data you need. Then essentially it boils down to getting approvals to get started, then snapshotting a database, and manually removing what looks like personal data and hoping that you got everything,”

Watson, who previously worked as a GM at AWS, believed that there needed to be a faster and more reliable way to anonymize the data, and that’s why he started Gretel. The first product is an open source, synthetic machine learning library for developers that strips out personally identifiable information.

“Developers use our open source library, which trains machine learning models on their sensitive data, then as that training is happening we are enforcing something called differential privacy, which basically ensures that the model doesn’t memorize details about secrets for individual people inside of the data,” he said. The result is a new artificial data set that is anonymized and safe to share across a business.

The company was founded last year, and they have actually used this year to develop the open source product and build an open source community around it. “So our approach and our go-to-market here is we’ve open sourced our underlying libraries, and we will also build a SaaS service that makes it really easy to generate synthetic data and anonymized data at scale,” he said.

As the founders build the company, they are looking at how to build a diverse and inclusive organization, something that they discuss at their regular founders’ meetings, especially as they look to take these investment dollars and begin to hire additional senior people.

“We make a conscious effort to have diverse candidates apply, and to really make sure we reach out to them and have a conversation, and that’s paid off, or is in the process of paying off I would say, with the candidates in our pipeline right now. So we’re excited. It’s tremendously important that we avoid group think that happens so often,” he said.

The company doesn’t have paying customers, but the plan is to build off the relationships it has with design partners and begin taking in revenue next year. Sridhar Ramaswamy, the partner at Greylock, who is leading the investment, says that his firm is placing a bet on a pre-revenue company because he sees great potential for a service like this.

“We think Gretel will democratize safe and controlled access to data for the whole world the way Github democratized source code access and control,” Ramaswamy said.

SentinelOne Guard Rails | Working Together to Secure Better

Contribution from Brad Gorka, Vice President, Information Security, CommScope

The next-generation antivirus and endpoint detection & response (EDR) capabilities in SentinelOne are extremely powerful tools for cybersecurity defense, allowing analysts to find a needle in a haystack and then take immediate action – with minimal effort.

While these tools have exceptional potential, they can be even better when coupled with the wisdom of the infosec community and security analysts making high-quality decisions. Most experts will consider there to be a significant risk when true malware is classified as a false positive, but I realized there is also great concern with benign objects being classified as malware.

In the latter case, the result is that the object is blacklisted on all endpoints in scope. If the analyst gets it wrong, they could potentially blacklist something that could cause business interruption – such as a home-grown application needed for a critical process. But if the object is pervasive throughout most of your endpoints, this error can be catastrophic on a large scale.

Recognition of this led me to come up with a concept I named Guard Rails, which was submitted to our SentinelOne account management team and ended up on their roadmap. And now, a few months later, the feature is in the product and being used!

Guard Rails uses data that is already resident in the SentinelOne platform. We can query Network history to see how many other endpoints across the scopes have seen a similar alert. In addition, SentinelOne now has a ‘hunt now’ pivot button that allows you to see the potential impact of adding something to an exclusion list (aka “blacklist”).

This is quite simple, but crucial, data. For example, if an object hash is found 15 times on three devices, we can infer that a mitigation action will have a lower operational risk than another hash which is found 1,563 times on 1,560 endpoints. In the latter scenario, the analyst will immediately know that if he excludes that object it is going to impact a large number of systems. If the object is indeed malicious then that is what we need to do, but the impact assessment offered by Guard Rails gives the analyst pause to better understand and research the object and associated events. By providing this simple calculation using existing data we can guide the analyst to make better quality decisions.

SentinelOne is also integrating another Guard Rail directly in the analyst workflow when adding a hash to the blacklist, and even on counter cases when the analyst excludes an application. Right there when the analyst is about to take action, they can pivot to either the threat list associated with that hash or to Deep Visibility to query the hash or path. This way the analyst can understand the potential impact of the action, before applying it.

I truly believe that Information Security is a team sport. Because of that mantra, an additional road mapped feature includes a crowdsourcing element to further enrich information for the analyst. And it does not end there; by using already-available data, SentinelOne can provide aggregate (non-identified) information from the larger SentinelOne customer base to provide information like:

  • Are other SentinelOne customers also seeing this threat?
  • How many have taken mitigation actions on the object?

This will definitely help analysts increase the confidence level in actions they take.

We are fighting a war…every day. We need good tools to help cybersecurity operators make better and faster decisions, augmented and enhanced by the artificial intelligence capabilities like you’ll find in SentinelOne. As an industry, we also need to help one another out and be allies in this war so that together we can be successful. Over the past 6-12 months, I have witnessed an increase in this type of collaboration between companies, trade groups, and law enforcement. I believe that is the right path, and it is working. I’d like to thank SentinelOne for listening to my idea, building upon it, and quickly deploying it to the product.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Which emerging technologies are enterprise companies getting serious about in 2020?

Startups need to live in the future. They create roadmaps, build products and continually upgrade them with an eye on next year — or even a few years out.

Big companies, often the target customers for startups, live in a much more near-term world. They buy technologies that can solve problems they know about today, rather than those they may face a couple bends down the road. In other words, they’re driving a Dodge, and most tech entrepreneurs are driving a DeLorean equipped with a flux-capacitor.

That situation can lead to a huge waste of time for startups that want to sell to enterprise customers: a business development black hole. Startups are talking about technology shifts and customer demands that the executives inside the large company — even if they have “innovation,” “IT,” or “emerging technology” in their titles — just don’t see as an urgent priority yet, or can’t sell to their colleagues.

How do you avoid the aforementioned black hole? Some recent research that my company, Innovation Leader, conducted in collaboration with KPMG LLP, suggests a constructive approach.

Rather than asking large companies about which technologies they were experimenting with, we created four buckets, based on what you might call “commitment level.” (Our survey had 211 respondents, 62% of them in North America and 59% at companies with greater than $1 billion in annual revenue.) We asked survey respondents to assess a list of 16 technologies, from advanced analytics to quantum computing, and put each one into one of these four buckets. We conducted the survey at the tail end of Q3 2020.

Respondents in the first group were “not exploring or investing” — in other words, “we don’t care about this right now.” The top technology there was quantum computing.

Bucket #2 was the second-lowest commitment level: “learning and exploring.” At this stage, a startup gets to educate its prospective corporate customer about an emerging technology — but nabbing a purchase commitment is still quite a few exits down the highway. It can be constructive to begin building relationships when a company is at this stage, but your sales staff shouldn’t start calculating their commissions just yet.

Here are the top five things that fell into the “learning and exploring” cohort, in ranked order:

  1. Blockchain.
  2. Augmented reality/mixed reality.
  3. Virtual reality.
  4. AI/machine learning.
  5. Wearable devices.

Technologies in the third group, “investing or piloting,” may represent the sweet spot for startups. At this stage, the corporate customer has already discovered some internal problem or use case that the technology might address. They may have shaken loose some early funding. They may have departments internally, or test sites externally, where they know they can conduct pilots. Often, they’re assessing what established tech vendors like Microsoft, Oracle and Cisco can provide — and they may find their solutions wanting.

Here’s what our survey respondents put into the “investing or piloting” bucket, in ranked order:

  1. Advanced analytics.
  2. AI/machine learning.
  3. Collaboration tools and software.
  4. Cloud infrastructure and services.
  5. Internet of things/new sensors.

By the time a technology is placed into the fourth category, which we dubbed “in-market or accelerating investment,” it may be too late for a startup to find a foothold. There’s already a clear understanding of at least some of the use cases or problems that need solving, and return-on-investment metrics have been established. But some providers have already been chosen, based on successful pilots and you may need to dislodge someone that the enterprise is already working with. It can happen, but the headwinds are strong.

Here’s what the survey respondents placed into the “in-market or accelerating investment” bucket, in ranked order: