Germany’s Xentral nabs $20M led by Sequoia to help online-facing SMBs run back offices better

Small enterprises remain one of the most underserved segments of the business market, but the growth of cloud-based services — easier to buy, easier to provision — has helped that change in recent years. Today, one of the more promising startups out of Europe building software to help SMEs run online businesses is announcing some funding to better tap into both the opportunity to build these services, and to meet a growing demand from the SME segment.

Xentral, a German startup that develops enterprise resource planning software covering a variety of back-office functions for the average online small business, has picked up a Series A of $20 million.

The company’s platform today covers services like order and warehouse management, packaging, fulfillment, accounting and sales management, and the majority of its 1,000 customers are in Germany — they include the likes of direct-to-consumer brands like YFood, KoRo, the Nu Company and Flyeralarm.

But Benedikt Sauter, the co-founder and CEO of Xentral, said the ambition is to expand into the rest of Europe, and eventually other geographies, and to fold in more services to its ERP platform, such as a more powerful API to allow customers to integrate more services — for example in cases where a business might be selling on their own site, but also Amazon, eBay, social platforms and more — to bring their businesses to a wider market.

Mainly, he said, the startup wants “to build a better ecosystem to help our customers run their own businesses better.”

The funding is being led by Sequoia Capital, with Visionaires Club (a B2B-focused VC out of Berlin) also participating.

The deal is notable for being the prolific, high-profile VC’s first investment in Europe since officially opening for business in the region. (Sequoia has backed a number of startups in Europe before this, including Graphcore, Klarna, Tessian, Unity, UiPath, n8n and Evervault — but all of those deals were done from afar.)

Augsburg-based Xentral has been around as a startup since 2018, and “as a startup” is the operative phrase here.

Sauter and his co-founder Claudia Sauter (who is also his co-founder in life: she is his wife) built the early prototype for the service originally for themselves.

The pair were running a business of their own — a hardware company they founded in 2008, selling not nails, hammers and wood, but circuit boards they designed, along with other hardware to build computers and other connected objects. Around 2013, as the business was starting to pick up steam, they decided that they really needed better tools to manage everything at the backend so that they would have more time to build their actual products.

But Bene Sauter quickly discovered a problem in the process: smaller businesses may have Shopify and its various competitors to help manage e-commerce at the front end, but when it came to the many parts of the process at the backend, there really wasn’t a single, easy solution (remember this was eight years ago, at a time before the Shopifys of the world were yet to expand into these kinds of tools). Being of a DIY and technical persuasion — Sauter had studied hardware engineering at university — he decided that he’d try to build the tools that he wanted to use.

The Sauters used those tools for years, until without much outbound effort, they started to get some inbound interest from other online businesses to use the software, too. That led to the Sauters balancing both their own hardware business and selling the software on the side, until around 2017/2018 when they decided to wind down the hardware operation and focus on the software full time. And from then, Xentral was born. It now has, in addition to 1,000 customers, some 65 employees working on developing the platform.

The focus with Xentral is to have a platform that is easy to implement and use, regardless of what kind of SME you might be as long as you are selling online. But even so, Sauter pointed out that the other common thread is that you need at least one person at the business who champions and understands the value of ERP. “It’s really a mindset,” he said.

The challenge with Xentral in that regard will be to see how and if they can bring more businesses to the table and tap into the kinds of tools that it provides, at the same time that a number of other players also eye up the same market. (Others in the same general category of building ERP for small businesses include online payments provider Sage, NetSuite and Acumatica.) ERP overall is forecast to become a $49.5 billion market by 2025.

Sequoia and its new partner in Europe, Luciana Lixandru — who is joining Xentral’s board along with Visionaries’ Robert Lacher — believe however that there remains a golden opportunity to build a new kind of provider from the ground up and out of Europe specifically to target the opportunity in that region.

“I see Xentral becoming the de facto platform for any SMEs to run their businesses online,” she said in an interview. “ERP sounds a bit scary especially because it makes one think of companies like SAP, long implementation cycles, and so on. But here it’s the opposite.” She describes Xentral as “very lean and easy to use because you an start with one module and then add more. For SMEs it has to be super simple. I see this becoming like the Shopify for ERP.”

Harness snags $85M Series C on $1.7B valuation as revenue grows 3x

Harness, the startup that wants to create a suite of engineering tools to give every company the kind of technological reach that the biggest companies have, announced an $85 million Series C today on a $1.7 billion valuation.

Today’s round comes after 2019’s $60 million Series B, which had a $500 million valuation, showing a company rapidly increasing in value. For a company that launched just three years ago, this is a fairly remarkable trajectory.

Alkeon Capital led the round with help from new investors Battery Ventures, Citi Ventures, Norwest Venture Partners, Sorenson Capital and Thomvest Ventures. The startup also revealed a previously unannounced $30 million B-1 round raised after the $60 million round, bringing the total raised to date to $195 million.

Company founder and CEO Jyoti Bansal previously founded AppDynamics, which he sold to Cisco in 2017 for $3.7 billion. With his track record, investors came looking for him this round. It didn’t hurt that revenue grew almost 3x last year.

“The business is doing very well, so the investor community has been proactively reaching out and trying to invest in us. We were not actually planning to raise a round until later this year. We had enough capital to get through that, but there were a lot of people wanting to invest,” Bansal told me.

In fact, he said there is so much investor interest that he could have raised twice as much, but didn’t feel a need to take on that much capital at this time. “Overall, the investor community sees the value in developer tools and the DevOps market. There are so many big public companies now in that space that have gone out in the last three to five years and that has definitely created even more validation of this space,” he said.

Bansal says that he started the company with the goal of making every company as good as Google or Facebook when it comes to engineering efficiency. Since most companies lack the engineering resources of these large companies, that’s a tall task, but one he thinks he can solve through software.

The company started by building a continuous delivery module. A cloud cost-efficiency module followed. Last year the company bought open-source continuous integration company Drone.io and they are working on building that into the platform now, with it currently in beta. There are additional modules on the product roadmap coming this year, according to Bansal.

As the company continued to grow revenue and build out the platform in 2020, it also added a slew of new employees, growing from 200 to 300 during the pandemic. Bansal says that he has plans to add another 200 by the end of this year. Harness has a reputation of being a good place to work, recently landing on Glassdoor’s best companies list.

As an experienced entrepreneur, Bansal takes building a diverse company with a welcoming culture very seriously. “Yes, you have to provide equal opportunity and make sure that you are open to hiring people from diverse backgrounds, but you have to be more proactive about it in the sense that you have to make sure that your company environment and company culture feels very welcoming to everyone,” he said.

It’s been a difficult time building a company during the pandemic, adding so many new employees, and finding a way to make everyone feel welcome and included. Bansal says he has actually seen productivity increase during the pandemic, but now has to guard against employee burnout.

He says that people didn’t know how to draw boundaries when working at home. One thing he did was introduce a program to give everyone one Friday a month off to recharge. The company also recently announced it would be a “work from anywhere” company post-COVID, but Bansal still plans on having regional offices where people can meet when needed.

Stacklet raises $18M for its cloud governance platform

Stacklet, a startup that is commercializing the Cloud Custodian open-source cloud governance project, today announced that it has raised an $18 million Series A funding round. The round was led by Addition, with participation from Foundation Capital and new individual investor Liam Randall, who is joining the company as VP of business development. Addition and Foundation Capital also invested in Stacklet’s seed round, which the company announced last August. This new round brings the company’s total funding to $22 million.

Stacklet helps enterprises manage their data governance stance across different clouds, accounts, policies and regions, with a focus on security, cost optimization and regulatory compliance. The service offers its users a set of pre-defined policy packs that encode best practices for access to cloud resources, though users can obviously also specify their own rules. In addition, Stacklet offers a number of analytics functions around policy health and resource auditing, as well as a real-time inventory and change management logs for a company’s cloud assets.

The company was co-founded by Travis Stanfield (CEO) and Kapil Thangavelu (CTO). Both bring a lot of industry expertise to the table. Stanfield spent time as an engineer at Microsoft and leading DealerTrack Technologies, while Thangavelu worked at Canonical and most recently in Amazon’s AWSOpen team. Thangavelu is also one of the co-creators of the Cloud Custodian project, which was first incubated at Capital One, where the two co-founders met during their time there, and is now a sandbox project under the Cloud Native Computing Foundation’s umbrella.

“When I joined Capital One, they had made the executive decision to go all-in on cloud and close their data centers,” Thangavelu told me. “I got to join on the ground floor of that movement and Custodian was born as a side project, looking at some of the governance and security needs that large regulated enterprises have as they move into the cloud.”

As companies have sped up their move to the cloud during the pandemic, the need for products like Stacklets has also increased. The company isn’t naming most of its customers, but it has disclosed FICO a design partner. Stacklet isn’t purely focused on the enterprise, though. “Once the cloud infrastructure becomes — for a particular organization — large enough that it’s not knowable in a single person’s head, we can deliver value for you at that time and certainly, whether it’s through the open source or through Stacklet, we will have a story there.” The Cloud Custodian open-source project is already seeing serious use among large enterprises, though, and Stacklet obviously benefits from that as well.

“In just 8 months, Travis and Kapil have gone from an idea to a functioning team with 15 employees, signed early Fortune 2000 design partners and are well on their way to building the Stacklet commercial platform,” Foundation Capital’s Sid Trivedi said. “They’ve done all this while sheltered in place at home during a once-in-a-lifetime global pandemic. This is the type of velocity that investors look for from an early-stage company.”

Looking ahead, the team plans to use the new funding to continue to developed the product, which should be generally available later this year, expand both its engineering and its go-to-market teams and continue to grow the open-source community around Cloud Custodian.

Vdoo raises $25M more to develop its AI-based security for IoT and connected devices

It’s estimated that there were some 50 billion connected devices globally in 2020, and while that really says a lot about how far we’ve come in tech, for many it also speaks to a big issue: security vulnerabilities, with the devices themselves, plus all the components and services running on them, all potential targets for anything from malicious hackers to not-so-intentional data leaks.

Today, Israeli startup Vdoo — which has been developing AI-based services to detect and fix those kinds of vulnerabilities in IoT devices — is announcing $25 million in funding, money that it plans to use to help it better address the wider issue as it applies to all connected objects. With its initial focus on large industrial deployments, medical systems, communications infrastructure and automotive, Vdoo also is looking more deeply now at the wider network of devices that use communications chips, providing quick (as in minutes) assessments to identify and remediate or directly fix various issues: it cites zero-day vulnerabilities, CVEs, configuration and hardening issues, and standard incompliances among them.

The funding — an extension to the $32 million round that Vdoo announced in April 2019 — is coming from two investors, Israel’s Qumra Capital and Verizon Ventures (the investing arm of Verizon, which — by way of its acquisition of Aol many years ago — also owns TechCrunch).

Verizon’s interest in Vdoo is strategic and speaks to the opportunity in the market. As CEO Netanel Davidi (who co-founded the company with Uri Alter and Asaf Karas) describes it, operators like Verizon are interested because of their role as a distributer and reseller of hardware as part of their wider services play, be it for broadband access, or a telematics service or something for the connected home or connected office.

“They sell connected devices to enterprises and home users that are not made by them, yet the carriers are responsible for the security,” he said, “so the solution is to bake that into devices” to make it work more seamlessly, he said.

Verizon is not the startup’s only strategic backer. Others in the first tranche of this round included another carrier, Japan’s NTT Docomo, MS&AD Ventures (the venture arm of the global cyber insurance firm) and Dell Technology Capital, the VC arm of Dell.

The company has now raised around $70 million, and while it’s not disclosing valuation, Davidi confirmed that it has more than doubled this year.

(In April 2019, PitchBook estimated that it was just under $100 million, which would make it now at over $200 million if that figure is accurate.)

Davidi said that the decision to raise this money as an extension to the previous round rather than a new round was strategic: it gave the company the chance to raise funding more quickly, and to take more time to prepare for a bigger funding round in the near future.

And the reason for raising quickly was to address what was a quickly moving target: One of the by-products of the COVID-19 pandemic has been a dramatic shift to people working from home, buying new devices to enable that and in general using their communications networks much more heavily than before.

Connected-device security typically focuses on monitoring activity on the hardware, how data is moving in and out of it. Vdoo’s approach has been to build a platform that monitors the behavior of the devices themselves, using AI to compare that behavior to identify when something is not working as it should. 

“For any kind of vulnerability, using deep binary analysis capabilities, we try to understand the broader idea, to figure out how a similar vulnerability can emerge,” is how Davidi described the process when we talked about the first part of this round back in 2019.

Vdoo generates specific “tailor-made on-device micro-agents” to continue the detection and repair process, which Davidi likens to a modern approach to some cancer care: preventive measures such as periodic monitoring checks, followed by a “tailored immunotherapy” based on prior analysis of DNA.

Vdoo is a play on the Hebrew word that sounds like “vee-doo” and means “making sure”, and points to the basic idea of how it approaches the verification around its device monitoring. It also feels somewhat like the next step in endpoint security, which was the focus of Davidi and Alter’s previous startup, Cyvera, which was eventually acquired by Palo Alto Networks.

The focus on devices, in some ways, is a significantly more complex approach, given that it’s not just about the device, but the many components that go into them. As we have seen with Meltdown and Spectre, vulnerabilities might exist at the processor level.

And as Davidi pointed out to me this week, at times those issues aren’t even intentional but still mean data can leak out, and at worst that can be exploitable by bad actors.

“Backdoors are being built into many devices, and some are not even intentional,” he said. “It may be that the developer wanted to create a shortcut to make something else easier in the future. Some will see that as a back door, and some will not.”

The fractal-like nature of the issue is what Vdoo is digging into with its widening approach.

“Initially we wanted to serve the ecosystem of manufacturers, since they are the cause of the problem and the origin of the security issues,” he said. “We started there with Fortune 500 customers in areas like automotive and industrial and medical and telco and aviation. The idea was to make a platform that could serve and protect security stakeholders. But then we saw that this was a big unserved market.”

Indeed, Vdoo quotes figures from research firm MarketsandMarkets that forecast that the global device security market will grow to $36.6 billion by 2025 from $12.5 billion in 2020.

“The number of connected IoT devices is rapidly growing, creating greater opportunities for security breaches,” said Boaz Dinte, managing partner of Qumra Capital, in a statement. “Vdoo’s unique device-centric, deep technology automated approach has already brought immediate value to vendors in a very short period of time. We believe the market opportunity is huge, and with newly infused growth capital, Vdoo is well-positioned to become the leading global player for securing connected devices.”

“With the expansion of 5G networks and mobile edge compute, there’s a need for an end-to-end, device-centric security approach to IoT,” added Verizon Ventures MD Tammy Mahn in a statement. “As the venture arm of a leading telco, Verizon Ventures is proud to invest in Vdoo and its world-class team on their journey to solve this global need, while ushering in a new era of security by design in our increasingly connected world.”

Pat Gelsinger stepping down as VMware CEO to replace Bob Swan at Intel

In a move that could have wide ramifications across the tech landscape, Intel announced that VMware CEO Pat Gelsinger would be replacing interim CEO Bob Swan at Intel on February 15th. The question is why would he leave his job to run a struggling chip giant.

The bottom line is he has a long history with Intel, working with some of the biggest names in chip industry lore before he joined VMware in 2009. It has to be a thrill for him to go back to his roots and try to jump start the company.

“I was 18 years old when I joined Intel, fresh out of the Lincoln Technical Institute. Over the next 30 years of my tenure at Intel, I had the honor to be mentored at the feet of Grove, Noyce and Moore,” Gelsinger wrote in a blog post announcing his new position.

Certainly Intel recognized that the history and that Gelsinger’s deep executive experience should help as the company attempts to compete in an increasingly aggressive chip industry landscape. “Pat is a proven technology leader with a distinguished track record of innovation, talent development, and a deep knowledge of Intel. He will continue a values-based cultural leadership approach with a hyper focus on operational execution,” Omar Ishrak, independent chairman of the Intel board, said in a statement.

But Gelsinger is walking into a bit of a mess. As my colleague Danny Crichton wrote in his year-end review of the chip industry last month, Intel is far behind its competitors, and it’s going to be tough to play catch-up:

Intel has made numerous strategic blunders in the past two decades, most notably completely missing out on the smartphone revolution and also the custom silicon market that has come to prominence in recent years. It’s also just generally fallen behind in chip fabrication, an area it once dominated and is now behind Taiwan-based TSMC, Crichton wrote.

Patrick Moorhead, founder and principal analyst at Moor Insights & Strategy, agrees with this assertion, saying that Swan was dealt a bad hand, walking in to clean up a mess that has years long timelines. While Gelsinger faces similar issues, Moorhead thinks he can refocus the company. “I am not foreseeing any major strategic changes with Gelsinger, but I do expect him to focus on the company’s engineering culture and get it back to an execution culture,” Moorhead told me.

The announcement comes against the backdrop of massive chip industry consolidation last year with over $100 billion changing hands in four deals, with Nvidia nabbing ARM for $40 billion, the $35 billion AMD-Xilink deal, Analog snagging Maxim for $21 billion and Marvell grabbing Inphi for a mere $10 billion, not to mention Intel dumping its memory unit to SK Hynix for $9 billion.

As for VMware, it has to find a new CEO now. As Moorhead says, the obvious choice would be current COO Sanjay Poonen, but for the time being, it will be CFO Zane Rowe serving as interim CEO, rather than Poonen. In fact, it appears that the company will be casting a wider net than internal options. The official announcement states, “VMware’s Board of Directors is initiating a global executive search process to name a permanent CEO…”

Holger Mueller, an analyst at Constellation Research, says it will be up to Michael Dell to decide who to hand the reins to, but he believes Gelsinger was stuck at Dell and would not get a broader role, so he left.

“VMware has a deep bench, but it will be up to Michael Dell to get a CEO who can innovate on the software side and keep the unique DNA of VMware inside the Dell portfolio going strong, Dell needs the deeper profits of this business for its turnaround,” he said.

The stock market seems to like the move for Intel, with the company stock up 7.26%, but not so much for VMware, whose stock was down close to the same amount at 7.72% as we went to publication.

Cockroach Labs scores $160M Series E on $2B valuation

Cockroach Labs, makers of CockroachDB, have been on a fundraising roll for the last couple of years. Today the company announced a $160 million Series E on a fat $2 billion valuation. The round comes just eight months after the startup raised an $86.6 million Series D.

The latest investment was led by Altimeter Capital, with participation from new investors Greenoaks and Lone Pine, along with existing investors Benchmark, Bond, FirstMark, GV, Index Ventures and Tiger Global. The round doubled the company’s previous valuation and increased the amount raised to $355 million.

Co-founder and CEO Spencer Kimball says the company’s revenue more than doubled in 2020 in spite of COVID, and that caught the attention of investors. He attributed this paradoxical rise to the rapid shift to the cloud brought on by the pandemic that many people in the industry have seen.

“People became more aggressive with what was already underway, a real move to embrace the cloud to build the next generation of applications and services, and that’s really fundamentally where we are,” Kimball told me.

As that happened, the company began a shift in thinking. While it has embraced an open-source version of CockroachDB along with a 30-day free trial on the company’s cloud service as ways to attract new customers to the top of the funnel, it wants to try a new approach.

In fact, it plans to replace the 30-day trial with a newer version later this year without any time limits. It believes this will attract more developers to the platform and enable them to see the full set of features without having to enter credit card information. What’s more, by taking this approach, it should end up costing the company less money to support the free tier.

“What we expect is that you can do all kinds of things on that free tier. You can do a hackathon, any kind of hobby project […] or even a startup that has ambitions to be the next DoorDash or Airbnb,” he said. As he points out, there’s a point where early-stage companies don’t have many users, and can remain in the free tier until they achieve product-market fit.

“That’s when they put a credit card down, and they can extend beyond the free tier threshold and pay for what they use,” he said. The newer free tier is still in the beta testing phase, but will be rolled out during this year.

Kimball says the company wasn’t necessarily looking to raise, although he knew that it would continue to need more cash on the balance sheet to run with giant competitors like Oracle, AWS and the other big cloud vendors, along with a slew of other database startups. As the company’s revenue grows, he certainly sees an IPO in its future, but he doesn’t see it happening this year.

The startup ended the year with 200 employees and Kimball expects to double that by the end of this year. He says growing a diverse group of employees takes good internal data and building a welcoming and inclusive culture.

“I think the starting point for anything you want to optimize in a business is to make sure that you have the metrics in front of you, and that you’re constantly looking at them […] in order to measure how you’re doing,” he explained.

He added, “The thing that we’re most focused on in terms of action is really building the culture of the company appropriately and that’s something we’ve been doing for all six years we’ve been around. To the extent that you have an inclusive environment where people actually really view the value of respect, that helps with diversity.”

Kimball says he sees a different approach to running the business when the pandemic ends, with some small percentage going into the office regularly and others coming for quarterly visits, but he doesn’t see a full return to the office post-pandemic.

Slim.ai announces $6.6M seed to build container DevOps platform

We are more than seven years into the notion of modern containerization, and it still requires a complex set of tools and a high level of knowledge on how containers work. The DockerSlim open-source project developed several years ago from a desire to remove some of that complexity for developers.

Slim.ai, a new startup that wants to build a commercial product on top of the open-source project, announced a $6.6 million seed round today from Boldstart Ventures, Decibel Partners, FXP Ventures and TechAviv Founder Partners.

Company co-founder and CEO John Amaral says he and fellow co-founder and CTO Kyle Quest have worked together for years, but it was Quest who started and nurtured DockerSlim. “We started coming together around a project that Kyle built called DockerSlim. He’s the primary author, inventor and up until we started doing this company, the sole proprietor of that community,” Amaral explained.

At the time Quest built DockerSlim in 2015, he was working with Docker containers and he wanted a way to automate some of the lower-level tasks involved in dealing with them. “I wanted to solve my own pain points and problems that I had to deal with, and my team had to deal with dealing with containers. Containers were an exciting new technology, but there was a lot of domain knowledge you needed to build production-grade applications and not everybody had that kind of domain expertise on the team, which is pretty common in almost every team,” he said.

He originally built the tool to optimize container images, but he began looking at other aspects of the DevOps lifecycle. including the author, build, deploy and run phases. He found as he looked at that, he saw the possibility of building a commercial company on top of the open-source project.

Quest says that while the open-source project is a starting point, he and Amaral see a lot of areas to expand. “You need to integrate it into your developer workflow and then you have different systems you deal with, different container registries, different cloud environments and all of that. […] You need a solution that can address those needs and doing that through an open source tool is challenging, and that’s where there’s a lot of opportunity to provide premium value and have a commercial product offering,” Quest explained.

Ed Sim, founder and general partner at Boldstart Ventures, one of the seed investors, sees a company bringing innovation to an area of technology where it has been lacking, while putting some more control in the hands of developers. “Slim can shift that all left and give developers the power through the Slim tools to answer all those questions, and then, boom, they can develop containers, push them into production and then DevOps can do their thing,” he said.

They are just 15 people right now including the founders, but Amaral says building a diverse and inclusive company is important to him, and that’s why one of his early hires was head of culture. “One of the first two or three people we brought into the company was our head of culture. We actually have that role in our company now, and she is a rock star and a highly competent and focused person on building a great culture. Culture and diversity to me are two sides of the same coin,” he said.

The company is still in the very early stages of developing that product. In the meantime, they continue to nurture the open-source project and to build a community around that. They hope to use that as a springboard to build interest in the commercial product, which should be available some time later this year.

Gett raises $115M for its on-demand ride-hailing platform for business users

As ride-hailing companies like Uber and Lyft continue to find their feet in a new landscape for transportation services — where unessential travel is being actively discouraged in many markets and people remain concerned about catching the coronavirus in restricted, shared spaces — a smaller player that has carved out a place for itself targeting business users is announcing more funding.

Gett, which started out as a more direct competitor to the likes of Uber and Lyft but now focuses mainly on ground transportation services for business clients in major cities around the world, said in a short statement that it has closed a round of $115 million. The company — co-headquartered in London and Israel — also said it is now “operationally profitable” and is hitting its budget targets.

The funding is being led by new backer Pelham Capital Investments Ltd. and also included participation from unnamed existing investors.

Including this round, Gett has now raised $865 million, with past investors including VW, Access and its founder Len BlavatnikKreos, MCI and more. Gett’s last confirmed valuation was $1.5 billion, pegged to a $200 million fundraise in May 2019. It’s not talking about current valuation, or any recent customer numbers, today.

Dave Waiser, Gett’s founder and CEO, described the funding earlier today in a note to me as an extension to the company’s previous round, a $100 million equity investment that it announced in July last year.

Chairman Amos Genish, said in a statement that the funding round was oversubscribed, “which shows the market’s interest in our platform and long-term vision. Gett is disrupting and transforming a fragmented market delivering ever-critical cost optimisation and client satisfaction.”

The company has been building out a focus on the B2B market for several years now — a smart way of avoiding the expensive and painful race to compete like-for-like against the Ubers of the world — and this most recent round is focused on doubling down on that.

The Gett of the past — it was originally founded in 2010 under the name GetTaxi — did indeed try to build a business around both consumers and higher-end users, but the idea behind Gett today is to focus on corporate accounts.

Gett provides those businesses’ employees with a predictable and reliable app-based platform to make it easier to order car services wherever they happen to be traveling, and those businesses — which in the past would have used a fragmented mix of local services — then have a consolidated way of managing, accounting for and analysing those travel expenses. It claims to be able to save companies some 25%-40% in costs.

The company previously said that its network covered some 1,500 cities. In certain metropolitan areas like London and Moscow, Gett provides transportation services directly. In markets where it does not have direct operations (such as anywhere in the U.S., including New York), it partners with third parties, such as Lyft.

“We are on a journey to transform corporate ground travel and I’m delighted that investors find our model attractive,” Waiser said in a statement today. “This investment will allow us to further develop our SaaS technology and deepen our proposition within the corporate ground travel market.”

Updated to correct that this is an extension of the $100 million round.

‘Brand tech’ company You & Mr. Jones adds $60M to its Series B

You & Mr. Jones announced today that it has added $60 million in new funding from Merian Chrysalis, bringing the Series B round announced in December to a total of $260 million.

The round values the company at $1.36 billion, post-money.

You & Mr. Jones takes its name from CEO David Jones, who founded the company in 2015. After having served as the CEO of ad giant Havas, Jones told me that his goal in starting what he called “a brand tech group” was to provide marketers with something that neither traditional agencies nor technology companies could give them.

“At that moment, the choices were to go work with an agency group, which is great at brand and marketing, but they don’t understand tech, or with a tech company, which will only ever recommend their platform and don’t have the same [brand and marketing] expertise,” he said.

So You & Mr. Jones has built its own technology platform to help marketers with their digital, mobile and e-commerce needs, while also investing in companies like Pinterest and Niantic. And it makes acquisitions — last year, for example, it bought influencer marketing company Collectively.

You & Mr. Jones has grown to 3,000 employees, and its clients include Unilever, Accenture, Google, Adidas, Marriott and Microsoft. In fact, Jones said that as of the third quarter of 2020, its net revenue had grown 27% year over year.

That’s particularly impressive given the impact of the pandemic on ad spending, but Jones said that’s one of the key distinctions between digital advertising and the broader brand tech category, which he said has grown steadily, even during the pandemic, and which also sets the company apart from agencies that are “digital and tech in press release only.”

“We’re not an ad agency, we’ll never acquire agencies,” he said. “We have the technology platform, process and people to deliver all of your end-to-end, always-on content — social, digital, e-commerce and community management.”

In addition to the funding, the company is announcing that it has hired Paulette Forte, who was previously senior director of human services at the NBA, as its first chief people officer.

“The brand tech category didn’t even exist before You & Mr Jones was established,” Forte said in a statement. “The company became a true industry disruptor in short order, and growth has been swift. In order to keep up with the momentum, it’s critical to have systems in place that help talent develop their skills, encourage diversity and creativity, and find pathways to improving workflow. I am excited to join the leadership team to drive this crucial work forward.”

SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.

In a blog post published Jan. 11, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. Soon after, the attackers began testing code designed to surreptitiously inject backdoors into Orion, a suite of tools used by many Fortune 500 firms and a broad swath of the federal government to manage their internal networks.

Image: SolarWinds.

According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their “Sunspot” malware — designed specifically for use in undermining SolarWinds’ software development process — could successfully insert their malicious “Sunburst” backdoor into Orion products without tripping any alarms or alerting Orion developers.

In October 2019, SolarWinds pushed an update to their Orion customers that contained the modified test code. By February 2020, the intruders had used Sunspot to inject the Sunburst backdoor into the Orion source code, which was then digitally signed by the company and propagated to customers via SolarWinds’ software update process.

Crowdstrike said Sunspot was written to be able to detect when it was installed on a SolarWinds developer system, and to lie in wait until specific Orion source code files were accessed by developers. This allowed the intruders to “replace source code files during the build process, before compilation,” Crowdstrike wrote.

The attackers also included safeguards to prevent the backdoor code lines from appearing in Orion software build logs, and checks to ensure that such tampering wouldn’t cause build errors.

“The design of SUNSPOT suggests [the malware] developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers,” CrowdStrike wrote.

A third malware strain — dubbed “Teardrop” by FireEye, the company that first disclosed the SolarWinds attack in December — was installed via the backdoored Orion updates on networks that the SolarWinds attackers wanted to plunder more deeply.

So far, the Teardrop malware has been found on several government networks, including the Commerce, Energy and Treasury departments, the Department of Justice and the Administrative Office of the U.S. Courts.

SolarWinds emphasized that while the Sunspot code was specifically designed to compromise the integrity of its software development process, that same process is likely common across the software industry.

“Our concern is that right now similar processes may exist in software development environments at other companies throughout the world,” said SolarWinds CEO Sudhakar Ramakrishna. “The severity and complexity of this attack has taught us that more effectively combatting similar attacks in the future will require an industry-wide approach as well as public-private partnerships that leverage the skills, insight, knowledge, and resources of all constituents.”