Atlassian is acquiring Chartio to bring data visualization to the platform

The Atlassian platform is chock full of data about how a company operates and communicates. Atlassian launched a machine learning layer, which relies on data on the platform with the addition of Atlassian Smarts last fall. Today the company announced it was acquiring Chartio to add a new data analysis and visualization component to the Atlassian family of products. The companies did not share a purchase price.

The company plans to incorporate Chartio technology across the platform, starting with Jira. Before being acquired, Chartio has generated its share of data, reporting that 280,000 users have created 10.5 million charts for 540,000 dashboards pulled from over 100,000 data sources.

Atlassian sees Chartio as way to bring that data visualization component to the platform and really take advantage of the data locked inside its products. “Atlassian products are home to a treasure trove of data, and our goal is to unleash the power of this data so our customers can go beyond out-of-the-box reports and truly customize analytics to meet the needs of their organization,” Zoe Ghani, head of product experience at platform at Atlassian wrote in a blog post announcing the deal.

Chartio co-founder and CEO Dave Fowler wrote in a blog post on his company website that the two companies started discussing a deal late last year, which culminated in today’s announcement. As is often the case in these deals, he is arguing that his company will be better off as part of large organization like Atlassian with its vast resources than it would have been by remaining stand-alone.

“While we’ve been proudly independent for years, the opportunity to team up our technology with Atlassian’s platform and massive reach was incredibly compelling. Their product-led go to market, customer focus and educational marketing have always been aspirational for us,” Fowler wrote.

As for Chartio customers unfortunately, according to a notice on the company website, the product is going to be going away next year, but customers will have plenty of time to export the data to another tool. The notice includes a link to instructions on how to do this.

Chartio was founded in 2010, and participated in the Y Combinator Summer 2010 cohort. It raised a modest $8.03 million along the way, according to Pitchbook data.

Storm Ventures promotes Pascale Diaine and Frederik Groce to partners

Storm Ventures, a venture firm that focuses on early stage B2B enterprise startups, announced this week that it has promoted Pascale Diaine and Frederik Groce to partners at the firm.

The two new partners have worked their way up over the last several years. Groce joined Storm in 2016 and has invested in enterprise SaaS startups like Workato, Splashtop, NextRequest and Camino. Diaine joined a year later and has invested in firms like Sendoso, German Bionic, InEvent and Talkdesk.

Groce, who is also a founder at BLCK VC and helped organize the Black Venture Institute to create a network of Black investors, says that these promotions show that venture needs to be more diverse, and Storm recognizes this.  “If you think about the way our team works, that’s the way I think venture teams will need to work to be able to be successful in the next 40 years. And so the hope is that over time everyone does this and we’re just early to it,” Groce told me.

Unfortunately, right now that’s not the case, not even close. According to research by Crunchbase, just 12% of venture capitalists are women and two-thirds of firms don’t have any female investors. Meanwhile, only about 4% of ventures investors are Black.

Those numbers have an impact on the number of Black and female founders because as Groce points out the lack of founders in underrepresented groups is in part a networking problem. “In a business that’s predicated on networks if you don’t have diversity in the network, or the teams that are driving those networks, you just can’t make sure you’re seeing great talent across all ecosystems,” he said.

Diaine, who is French and started her career by founding Orange Fab, the corporate accelerator of the European Telco Orange, has brought her international business background to Storm where they helped her tune that experience to an investor focus and supported her as she learned the nuances of the investment side of the business.

“I don’t come from the VC world. I come from the innovative corporate world. So they had to train me and spend time getting me up to date. And they did spend so much time making sure I understood everything to make sure I got to this level,” she said.

Both partners bring their own unique views looking beyond Silicon Valley for investment opportunities. Diaine’s investment include a German, Brazilian and Portuguese company, while Groce’s investments include companies in Chicago, Atlanta and Seattle.

The two partners have also developed an algorithm to help find investments based on a number of online signals, something that has become more important during the pandemic when they couldn’t network in person.

“Frederik and I have been working on [an algorithm to find] what are the signals that you can identify online that will tell you this company’s doing well, this company growing.You have to have a nice set of startup search tracking [signals], but what do you track if you can’t just get the revenue in real time, which is impossible. So we’ve developed an algorithm that helps us identify some of these signals and create alerts on which startups we should pay attention to,” Diaine explained.

She says this data-driven approach should be helpful and augment their in-person efforts even after the pandemic is over and increase their overall efficiency in finding and tracking companies in their portfolios.

 

The Good, the Bad and the Ugly in Cybersecurity – Week 9

The Good

Good news for privacy enthusiasts arrived from Mozilla this week. With the release of Firefox 86 for Mac, Windows, and Linux comes a feature called “Total Cookie Protection”. TCP (not the greatest choice of acronym, there) creates separate cookie jars for every website you visit to prevent cross-site tracking. While users have become familiar with granting permissions for cookies to track user behavior on given sites, most web browsers also allow cookies to be shared between websites, enabling the tagging and tracking of users as they browse from site to site. Total Cookie Protection is designed to stop this kind cross-site tracking.

This type of cookie-based tracking has long been the most prevalent method for gathering intelligence on users. It’s what allows advertising companies to quietly build a detailed personal profile of every web user. With Firefox’s new feature, any time a website or third-party content embedded in a website deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website and can’t be shared with or accessed by any other website.

In other good news this week, Google and the Linux Foundation have announced that they will be funding two full-time maintainers for Linux kernel security development. Gustavo Silva and Nathan Chancellor will maintain and improve kernel security and associated initiatives in order to ensure the ongoing security of Linux.

“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva. “Through these efforts, we hope people, maintainers in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”

The Bad

Cyber attacks, presumably of Russian origin, have been hitting several Ukrainian sites over the past two weeks. But what started as larger than usual DDoS attacks on February 18th could have been a cover for a deeper, more sinister operation.

According to The National Coordination Center for Cybersecurity under the National Security and Defense Council of Ukraine, another attack has been discovered targeting a web-based portal used by Ukrainian government agencies to circulate documents between each other and public authorities. The System of Electronic Interaction of Executive Bodies (SEI EB) was compromised by someone who uploaded documents containing macros. If users downloaded these documents and allowed the scripts to execute, the macros would secretly download malware that would allow the hackers to take control of a victim’s computer.

The published IOCs link this malware to the Russian Gamaredon group, a proxy for Russian intelligence and pro-Russian groups with a remit to conduct attacks such as espionage and intelligence gathering on Ukrainian military forces.

The Ugly

The medical data of around 500,000 people, taken from 30 medical laboratories in northern France, has been published online after a computer hack. French newspaper Libération reported that the details of 491,840 patients were found in online hacking forums.

The leaked data included personal information (addresses, phone numbers, email addresses and social security numbers), and some confidential medical information (including blood type, personal doctor or insurance company, and even notes on their health condition and medical treatments). The data was collected over a period of 5 years, from 2015 to 2020, by about 30 laboratories in northern France that were all using the same software platform to collect and store patient information. The French Data Privacy regulator, CNIL (The Commission Nationale de l’Informatique et des Libertés) has announced that it is investigating the case.

This incident comes after several high profile ransomware and subsequent data leaks have hit French hospitals and after the French government has pledged to invest 1 Billion Euros in improving healthcare cybersecurity.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

EC roundup: BNPL startups, growth marketing tips, solid state battery market map, more

When I needed a new sofa several months ago, I was pleased to find a buy now, pay later (BNPL) option during the checkout process. I had prepared myself to make a major financial outlay, but the service fees were well worth the convenience of deferring the entire payment.

Coincidentally, I was siting on said sofa this morning and considering that transaction when Alex Wilhelm submitted a column that compared recent earnings for three BNPL providers: Afterpay, Affirm and Klarna.

I asked him why he decided to dig into the sector with such gusto.


Full Extra Crunch articles are only available to members.
Use discount code ECFriday to save 20% off a one- or two-year subscription.


“What struck me about the concept was that we had just seen earnings from Affirm,” he said. “So we had three BNPL players with known earnings, and I had just covered a startup funding round in the space.”

“Toss in some obvious audience interest, and it was an easy choice to write the piece. Now the question is whether I did a good job and people find value in it.”

Thanks very much for reading Extra Crunch this week! Have a great weekend.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

As BNPL startups raise, a look at Klarna, Affirm and Afterpay earnings

Pilot CEO Waseem Daher tears down his company’s $60M Series C pitch deck

Smashing brick work with hammer

Image Credits: Colin Hawkins (opens in a new window) / Getty Images

I avoid running Extra Crunch stories that focus on best practices; you can find those anywhere. Instead, we look for “here’s what worked for me” articles that give readers actionable insights.

That’s a much better use of your time and ours.

With that ethos in mind, Lucas Matney interviewed Pilot CEO Waseem Daher to deconstruct the pitch deck that helped his company land a $60M Series C round.

“If the Series A was about, ‘Do you have the right ingredients to make this work?’ then the Series B is about, ‘Is this actually working?’” Daher tells TechCrunch.

“And then the Series C is more, ‘Well, show me that the core business is really working and that you have unlocked real drivers to allow the business to continue growing.’”

Can solid state batteries power up for the next generation of EVs?

market-maps-battery-alt

Image Credits: Bryce Durbin

A global survey of automobile owners found three hurdles to overcome before consumers will widely embrace electric vehicles:

  • 30-minute charging time
  • 300-mile range
  • $36,000 maximum cost

“Theoretically, solid state batteries (SSB) could deliver all three,” but for now, lithium-ion batteries are the go-to for most EVs (along with laptops and phones).

In our latest market map, we’ve plotted the new and established players in the SSB sector and listed many of the investors who are backing them.

Although SSBs are years away from mass production, “we are on the cusp of some pretty incredible discoveries using major improvements in computational science and machine learning algorithms to accelerate that process,” says SSB startup founder Amy Prieto.

 

Dear Sophie: Which immigration options are the fastest?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin/TechCrunch

Dear Sophie:

Help! Our startup needs to hire 50 engineers in artificial intelligence and related fields ASAP. Which visa and green card options are the quickest to get for top immigrant engineers?

And will Biden’s new immigration bill help us?

— Mesmerized in Menlo Park

 

Why F5 spent $2.2B on 3 companies to focus on cloud native applications

Dark servers data center room with computers and storage systems

Image Credits: Jasmin Merdan / Getty Images

Founded in 1996, F5 has repositioned itself in the networking market several times in its history. In the last two years, however, it spent $2.2 billion to acquire Shape Security, Volterra and NGINX.

“As large organizations age, they often need to pivot to stay relevant, and I wanted to explore one of these transformational shifts,” said enterprise reporter Ron Miller.

“I spoke to the CEO of F5 to find out the strategy behind his company’s pivot and how he leveraged three acquisitions to push his organization in a new direction.”

 

DigitalOcean’s IPO filing shows a two-class cloud market

Cloud online storage technology concept. Big data data information exchange available. Magnifying glass with analytics data

Image Credits: Who_I_am (opens in a new window) / Getty Images

Cloud hosting company DigitalOcean filed to go public this week, so Ron Miller and Alex Wilhelm unpacked its financials.

“AWS and Microsoft Azure will not be losing too much sleep worrying about DigitalOcean, but it is not trying to compete head-on with them across the full spectrum of cloud infrastructure services,” said John Dinsdale, chief analyst and research director at Synergy Research.

 

Oscar Health’s initial IPO price is so high, it makes me want to swear

I asked Alex Wilhelm to dial back the profanity he used to describe Oscar Health’s proposed valuation, but perhaps I was too conservative.

In March 2018, the insurtech unicorn was valued at around $3.2 billion. Today, with the company aiming to debut at $32 to $34 per share, its fully diluted valuation is closer to $7.7 billion.

“The clear takeaway from the first Oscar Health IPO pricing interval is that public investors have lost their minds,” says Alex.

His advice for companies considering an IPO? “Go public now.”

 

If Coinbase is worth $100 billion, what’s a fair valuation for Stripe?

Last week, Alex wrote about how cryptocurrency trading platform Coinbase was being valued at $77 billion in the private markets.

As of Monday, “it’s now $100 billion, per Axios’ reporting.”

He reviewed Coinbase’s performance from 2019 through the end of Q3 2020 “to decide whether Coinbase at $100 billion makes no sense, a little sense or perfect sense.”

 

Winning enterprise sales teams know how to persuade the Chief Objection Officer

woman hand stop sign on brick wall background

Image Credits: Alla Aramyan (opens in a new window) / Getty Images

A skilled software sales team devotes a lot of resources to pinpointing potential customers.

Poring through LinkedIn and reviewing past speaker lists at industry conferences are good places to find decision-makers, for example.

Despite this detective work, GGV Capital investor Oren Yunger says sales teams still need to identify the deal-blockers who can spike a deal with a single email.

“I call this person the Chief Objection Officer.

 

3 strategies for elevating brand authority in 2021

Young woman standing on top of tall green bar graph against white background

Image Credits: Klaus Vedfelt / Getty Images

Every startup wants to raise its profile, but for many early-stage companies, marketing budgets are too small to make a meaningful difference.

Providing real value through content is an excellent way to build authority in the short and long term,” says Amanda Milligan, marketing director at growth agency Fractl.

 

RIBS: The messaging framework for every company and product

Grilled pork ribs with barbecue sauce on wooden background

Image Credits: luchezar (opens in a new window) / Getty Images

The most effective marketing uses good storytelling, not persuasion.

According to Caryn Marooney, general partner at Coatue Management, every compelling story is relevant, inevitable, believable and simple.

“Behind most successful companies is a story that checks every one of those boxes,” says Marooney, but “this is a central challenge for every startup.”

 

Ironclad’s Jason Boehmig: The objective of pricing is to become less wrong over time

On a recent episode of Extra Crunch Live, Ironclad founder and CEO Jason Boehmig and Accel partner Steve Loughlin discussed the pitch that brought them together almost four years ago.

Since that $8 million Series A, Loughlin joined Ironclad’s board. “Both agree that the work they put in up front had paid off” when it comes to how well they work together, says Jordan Crook.

“We’ve always been up front about the fact that we consider the board a part of the company,” said Boehmig.


TC Early Stage: The premiere how-to event for startup entrepreneurs and investors

From April 1-2, some of the most successful founders and VCs will explain how they build their businesses, raise money and manage their portfolios.

At TC Early Stage, we’ll cover topics like recruiting, sales, legal, PR, marketing and brand building. Each session includes ample time for audience questions and discussion.

Use discount code ECNEWSLETTER to take 20% off the cost of your TC Early Stage ticket!

Salesforce delivers, Wall Street doubts as stock falls 6.3% post-earnings

Wall Street investors can be fickle beasts. Take Salesforce as an example. The CRM giant announced a $5.82 billion quarter when it reported earnings yesterday. Revenue was up 20% year over year. The company also reported $21.25 billion in total revenue for the just-closed FY2021, up 24% YoY. If that wasn’t enough, it raised its FY2022 guidance (its upcoming fiscal year) to over $25 billion. What’s not to like?

You want higher quarterly revenue, Salesforce gave you higher revenue. You want high growth and solid projected revenue — check and check. In fact, it’s hard to find anything to complain about in the report. The company is performing and growing at a rate that is remarkable for an organization of its size and maturity — and it is expected to continue to perform and grow.

How did Wall Street react to this stellar report? It punished the stock with the price down over 6%, a pretty dismal day considering the company brought home such a promising report card.

2/6/21 Salesforce stock report with stock down 6.31%

Image Credits: Google

So what is going on here? It could be that investors simply don’t believe the growth is sustainable or that the company overpaid when it bought Slack at the end of last year for over $27 billion. It could be it’s just people overreacting to a cooling market this week. But if investors are looking for a high-growth company, Salesforce is delivering that.

While Slack was expensive, it reported revenue over $250 million yesterday, pushing it over the $1 billion run rate with more than 100 customers paying over $1 million in ARR. Those numbers will eventually get added to Salesforce’s bottom line.

Canaccord Genuity analyst David Hynes Jr. wrote that he was baffled by investors’ reaction to this report. Like me, he saw a lot of positives. Yet Wall Street decided to focus on the negative, and see “the glass half empty,” as he put it in his note to investors.

“The stock is clearly in the show-me camp, which means it’s likely to take another couple of quarters for investors to buy into the idea that fundamentals are actually quite solid here, and that Slack was opportunistic (and yes, pricey), but not an attempt to mask suddenly deteriorating growth,” Hynes wrote.

During the call with analysts yesterday, Brad Zelnick from Credit Suisse asked how well the company could accelerate out of the pandemic-induced economic malaise, and Gavin Patterson, Salesforce’s president and chief revenue officer, says the company is ready whenever the world moves past the pandemic.

“And let me reassure you, we are building the capability in terms of the sales force. You’d be delighted to hear that we’re investing significantly in terms of our direct sales force to take advantage of that demand. And I’m very confident we’ll be able to meet it. So I think you’re hearing today a message from us all that the business is strong, the pipeline is strong and we’ve got confidence going into the year,” Patterson said.

While Salesforce execs were clearly pumped up yesterday with good reason, there’s still doubt out in investor land that manifested itself in the stock starting down and staying down all day. It will be, as Hynes suggested, up to Salesforce to keep proving them wrong. As long as they keep producing quarters like the one they had this week, they should be just fine, regardless of what the naysayers on Wall Street may be thinking today.

Introducing Singularity Marketplace | Unlock the Power of XDR With Vendor Integration

SentinelOne has announced the global rollout of Singularity Marketplace. Singularity Marketplace is a one-stop-shop for SentinelOne customers to browse and deploy joint technology solutions and unlock new use cases on our Singularity platform. Available through the SentinelOne console, the Singularity Marketplace is a first-of-its-kind application ecosystem that unifies prevention, detection, and response data and actions across enterprise attack surfaces with a few simple clicks.

Singularity Marketplace

Singularity Marketplace is an API-driven ecosystem to help customers extend the SentinelOne Singularity XDR platform with bite-sized, one-click applications. Singularity Marketplace is a key component of Singularity XDR that brings the power of SentinelOne’s AI-powered security platform to the entire security and IT stack. The result? An effective threat defense posture with layered security, collaborative processes, and integrated products.

Driven by years of acquiring multiple best-of-breed solutions, complexity is the number one factor in increasing data breach costs. With Singularity Marketplace, customers can reduce the complexity of managing multiple solutions with one-click integrations that eliminate the need for massive time investments in logic, coding, and configuration.

Singularity apps run on Nexus, our scalable function-as-a-service cloud which allows customers to deploy new integrations with no additional overhead. By connecting insights from across the stack, teams can converge on a single pane of glass for XDR workflows to minimize context switching and distractions during triage and incident response.

Auto-Ingest From Any Data Source

Teams struggle to make sense of an exponentially growing set of valuable information that lives in disparate security tooling and infrastructure. Marketplace data apps ingest and correlate telemetry from across a wide range of security and IT sources to help customers turn streams of security data into actionable insights.

Data can be consumed from any source – like CMDB, SIEM, IAM, network, SASE, or email security – and is stored in a unified cloud data lake for machine-speed detection analytics and threat hunting. Singularity Marketplace uses a single agent for all data collection, eliminating the need for different security applications to gather and store the same telemetry multiple times. With Marketplace data apps, customers get the visibility and context to detect threats that may otherwise slip through the cracks of siloed tools.

Featured Marketplace Partners: Netskope, IBM Security QRadar, Splunk

Auto-Triage Threats

Incident triage is a manual and time-consuming activity, requiring analysts to consult multiple sources of external intelligence to understand the threat. Marketplace intelligence apps streamline triage and investigation workflows by providing contextualized threat insights and sandbox verdicts within the Singularity platform. Indicators of compromise (IOCs) and suspicious files in Singularity are automatically submitted to partner solutions for dynamic analysis. The threat information and analysis results are displayed in the Singularity platform in real-time, saving valuable time when performing root cause analysis.

Featured Marketplace Partners: Recorded Future, Reversing Labs, VMRay, ThreatConnect, Joe Security

Automated, Real-time Response

Incident response necessitates speed and accuracy to quickly stop the bleeding before an attack progresses, however, IR often requires manual intervention or reliance on script-heavy SOAR solutions. Singularity Marketplace automation apps unlock SOAR-like functionality to orchestrate and automate response in SentinelOne and partner solutions.

Customers can take advantage of real-time response actions such as suspending a user, banning a device from a network, blocking a sending domain on an email gateway. Apps can also automate response workflows, like triggering incident escalation and notification in Slack. Teams can easily navigate the best course of action to remediate and defeat high-velocity threats by driving a unified, orchestrated response among security tools in different domains.

Featured Marketplace Partners: ServiceNow, Netskope, Attivo Networks, Vectra, Slack

“In the face of ever-evolving attacks, time is critical in remediating them. Singularity XDR Marketplace creates a powerful ecosystem that helps us quickly navigate the best course of action to remediate and defeat these threats by driving a unified, orchestrated response among security tools in different domains.” – Alex Burinskiy, Manager of Security Engineering, Cengage.

Learn More About Singularity Marketplace

The launch of Singularity Marketplace is an exciting advancement of the Singularity XDR platform, which will continue to grow as the ecosystem expands with new partnerships and use cases.

For the complete announcement, please read our press release. To learn more about Singularity Marketplace and how to get started, visit s1.ai/marketplace.

Singularity Marketplace
Extend the power of the Singularity XDR platform
with 1-click applications for unified prevention,
detection, and response.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

DataJoy raises $6M seed to help SaaS companies track key business metrics

Every business needs to track fundamental financial information, but the data typically lives in a variety of silos, making it a constant challenge to understand a company’s overall financial health. DataJoy, an early-stage startup, wants to solve that issue. The company announced a $6 million seed round today led by Foundation Capital with help from Quarry VC, Partech Partners, IGSB, Bow Capital and SVB.

Like many startup founders, CEO Jon Lee has experienced the frustration firsthand of trying to gather this financial data, and he decided to start a company to deal with it once and for all. “The reason why I started this company was that I was really frustrated at Copper, my last company, because it was really hard just to find the answers to simple business questions in my data,” he told me.

These include basic questions like how the business is doing this quarter, if there are any surprises that could throw the company off track and where are the best places to invest in the business to accelerate more quickly.

The company has decided to concentrate its efforts for starters on SaaS companies and their requirements. “We basically focus on taking the work out of revenue intelligence, and just give you the insights that successful companies in the SaaS vertical depend on to be the largest and fastest growing in the market,” Lee explained.

The idea is to build a product with a way to connect to key business systems, pull the data and answer a very specific set of business questions, while using machine learning to provide more proactive advice.

While the company is still in the process of building the product and is pre-revenue, it has begun developing the pieces to ultimately help companies answer these questions. Eventually it will have a set of connectors to various key systems like Salesforce for CRM, HubSpot and Marketo for marketing, NetSuite for ERP, Gainsight for customer experience and Amplitude for product intelligence.

Lee says the set of connectors will be as specific as the questions themselves and based on their research with potential customers and what they are using to track this information. Ashu Garg, general partner at lead investor Foundation Capital, says that he was attracted to the founding team’s experience, but also to the fact they were solving a problem he sees all the time sitting on the boards of various SaaS startups.

“I spend my life in the board meetings. It’s what I do, and every CEO, every board is looking for straight answers for what should be obvious questions, but they require this intersection of data,” Garg said. He says to an extent, it’s only possible now due to the evolution of technology to pull this all together in a way that simplifies this process.

The company currently has 11 employees, with plans to double that by the middle of this year. As a longtime entrepreneur, Lee says that he has found that building a diverse workforce is essential to building a successful company. “People have found diversity usually [results in a company that is] more productive, more creative and works faster,” Lee said. He said that that’s why it’s important to focus on diversity from the earliest days of the company, while being proactive to make that happen. For example, ensuring you have a diverse set of candidates to choose from when you are reviewing resumes.

For now, the company is 100% remote. In fact, Lee and his co-founder, Chief Product Officer Ken Wong, who previously ran AI and machine learning at Tableau, have yet to meet in person, but they are hoping that changes soon. The company will eventually have a presence in Vancouver and San Mateo whenever offices start to open.

Why F5 spent $2.2B on 3 companies to focus on cloud native applications

It’s essential for older companies to recognize changes in the marketplace or face the brutal reality of being left in the dust. F5 is an old-school company that launched back in the 90s, yet has been able to transform a number of times in its history to avoid major disruption. Over the last two years, the company has continued that process of redefining itself, this time using a trio of acquisitions — NGINX, Shape Security and Volterra — totaling $2.2 billion to push in a new direction.

While F5 has been associated with applications management for some time, it recognized that the way companies developed and managed applications was changing in a big way with the shift to Kubernetes, microservices and containerization. At the same time, applications have been increasingly moving to the edge, closer to the user. The company understood that it needed to up its game in these areas if it was going to keep up with customers.

Taken separately, it would be easy to miss that there was a game plan behind the three acquisitions, but together they show a company with a clear opinion of where they want to go next. We spoke to F5 president and CEO François Locoh-Donou to learn why he bought these companies and to figure out the method in his company’s acquisition spree madness.

Looking back, looking forward

F5, which was founded in 1996, has found itself at a number of crossroads in its long history, times where it needed to reassess its position in the market. A few years ago it found itself at one such juncture. The company had successfully navigated the shift from physical appliance to virtual, and from data center to cloud. But it also saw the shift to cloud native on the horizon and it knew it had to be there to survive and thrive long term.

“We moved from just keeping applications performing to actually keeping them performing and secure. Over the years, we have become an application delivery and security company. And that’s really how F5 grew over the last 15 years,” said Locoh-Donou.

Today the company has over 18,000 customers centered in enterprise verticals like financial services, healthcare, government, technology and telecom. He says that the focus of the company has always been on applications and how to deliver and secure them, but as they looked ahead, they wanted to be able to do that in a modern context, and that’s where the acquisitions came into play.

As F5 saw it, applications were becoming central to their customers’ success and their IT departments were expending too many resources connecting applications to the cloud and keeping them secure. So part of the goal for these three acquisitions was to bring a level of automation to this whole process of managing modern applications.

“Our view is you fast forward five or 10 years, we are going to move to a world where applications will become adaptive, which essentially means that we are going to bring automation to the security and delivery and performance of applications, so that a lot of that stuff gets done in a more native and automated way,” Locoh-Donou said.

As part of this shift, the company saw customers increasingly using microservices architecture in their applications. This means instead of delivering a large monolithic application, developers were delivering them in smaller pieces inside containers, making it easier to manage, deploy and update.

At the same time, it saw companies needing a new way to secure these applications as they shifted from data center to cloud to the edge. And finally, that shift to the edge would require a new way to manage applications.

DigitalOcean’s IPO filing shows a two-class cloud market

This morning DigitalOcean, a provider of cloud computing services to SMBs, filed to go public. The company intends to list on the New York Stock Exchange (NYSE) under the ticker symbol “DOCN.”

DigitalOcean’s offering comes amidst a hot streak for tech IPOs, and valuations that are stretched by historical norms. The cloud hosting company was joined by Coinbase in filing its numbers publicly today.

DigitalOcean’s offering comes amidst a hot streak for tech IPOs.

However, unlike the cryptocurrency exchange, DigitalOcean intends to raise capital through its offering. Its S-1 filing lists a $100 million placeholder number, a figure that will update when the company announces an IPO price range target.

This morning let’s explore the company’s financials briefly, and then ask ourselves what its results can tell us about the cloud market as a whole.

DigitalOcean’s financial results

TechCrunch has covered DigitalOcean with some frequency in recent years, including its early-2020 layoffs, its early-2020 $100 million debt raise and its $50 million investment from May of the same year that prior investors Access Industries and Andreessen Horowitz participated in.

From those pieces we knew that the company had reportedly reached $200 million in revenue during 2018, $250 million in 2019 and that DigitalOcean had expected to reach an annualized run rate of $300 million in 2020.

Those numbers held up well. Per its S-1 filing, DigitalOcean generated $203.1 million in 2018 revenue, $254.8 million in 2019 and $318.4 million in 2020. The company closed 2020 out with a self-calculated $357 million in annual run rate.

During its recent years of growth, DigitalOcean has managed to lose modestly increasing amounts of money, calculated using generally accepted accounting principles (GAAP), and non-GAAP profit (adjusted EBITDA) in rising quantities. Observe the rising disconnect:

How $100M in Jobless Claims Went to Inmates

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud.

These prisoners tried to apply for jobless benefits. Personal information from the inmate IDs has been redacted. Image: ID.me

A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5 billion in fraudulent jobless benefits — nearly two-thirds of the phony claims it reviewed — was paid out to individuals with Social Security numbers filed in multiple states. Almost $100 million went to more than 13,000 ineligible people who are currently in prison.

The OIG acknowledges that the total losses from all states is likely to be tens of billions of dollars. Indeed, just one state — California — disclosed last month that hackers, identity thieves and overseas criminal rings stole more than $11 billion in jobless benefits from the state last year. That’s roughly 10 percent of all claims.

Bloomberg Law reports that in response to a flood of jobless claims that exploit the lack of information sharing among states, the Labor Dept. urged the states to use a federally funded hub designed to share applicant data and detect fraudulent claims filed in more than one state. But as the OIG report notes, participation in the hub is voluntary, and so far only 32 of 54 state or territory workforce agencies in the U.S. are using it.

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts.

To make matters worse, as the Coronavirus pandemic took hold a number of states dramatically pared back the amount of information required to successfully request a jobless benefits claim.

77,000 NEW (AB)USERS EACH DAY

In response, 15 states have now allied with McLean, Va.-based ID.me to shore up their authentication efforts, with six more states under contract to use the service in the coming months. That’s a minor coup for a company launched in 2010 with the goal of helping e-commerce sites validate the identities of customers for the purposes of granting discounts for veterans, teachers, students, nurses and first responders.

ID.me says it now has more than 36 million people signed up for accounts, with roughly 77,000 new users signing up each day. Naturally, a big part of that growth has come from unemployed people seeking jobless benefits.

To screen out fraudsters, ID.me requires applicants to supply a great deal more information than previously requested by the states, such as images of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.

When an applicant doesn’t have one or more of the above — or if something about their application triggers potential fraud flags — ID.me may require a recorded, live video chat with the person applying for benefits.

This has led to some fairly amusing attempts to circumvent their verification processes, said ID.me founder and CEO Blake Hall. For example, it’s not uncommon for applicants appearing in the company’s video chat to don disguises. The Halloween mask worn by the applicant pictured below is just one example.

Image: ID.me

Hall said the company’s service is blocking a significant amount of “first party” fraud — someone using their own identity to file in multiple states where they aren’t eligible — as well as “third-party” fraud, where people are tricked into giving away identity data that thieves then use to apply for benefits.

“There’s literally every form of attack, from nation states and organized crime to prisoners,” Hall said. “It’s like the D-Day of fraud, this is Omaha Beach we’re on right now. The amount of fraud we are fighting is truly staggering.”

According to ID.me, a major driver of phony jobless claims comes from social engineering, where people have given away personal data in response to romance or sweepstakes scams, or after applying for what they thought was a legitimate work-from-home job.

“A lot of this is targeting the elderly,” Hall said. “We’ve seen [videos] of people in nursing homes, where folks off camera are speaking for them and holding up documents.”

“We had one video where the person applying said, ‘I’m here for the prize money,’” Hall continued. “Another elderly victim started weeping when they realized they weren’t getting a job and were the victim of a job scam. In general though, the job scam stuff hits younger people harder and the romance and prize money stuff hits elderly people harder.”

Many other phony claims are filed by people who’ve been approached by fraudsters promising them a cut of any unemployment claims granted in their names.

“That person is told to just claim that they had their identity stolen when and if law enforcement ever shows up,” Hall said.

REACTIONS FROM THE UNDERGROUND

Fraudsters involved in filing jobless benefit claims have definitely taken notice of ID.me’s efforts. Shortly after the company began working with California in December 2020, ID.me came under a series of denial-of-service (DDoS) attacks aimed at knocking the service offline.

“We have blocked at least five sustained, large-scale DDoS attacks originating from Nigeria trying to take our service down because we are blocking their fraud,” Hall said.

In May 2020, KrebsOnSecurity examined postings to several Telegram chat channels dedicated to selling services that help people fraudulently apply for jobless benefits. These days, some of the most frequent posts on those channels advertise the sale of various “methods” or tips about how to bypass ID.me protections.

Mentions of id.me in cybercrime forums, Telegram channels throughout 2020. Source: Flashpoint-intel.com

Asked about the efficacy of those methods, Hall said while his service can’t stop all phony jobless claims, it can ensure that a single scammer can only file one fraudulent application.

“I’d say in this space it’s not about being perfect, but about being better,” he said.

That’s something of an understatement in an era when being able to limit each scammer to a single fraudulent claim can be considered progress. But Hall says one of the reasons we’re in this mess is that the states have for too long relied on data broker firms that sell authentication services based on static data that is far too easy for fraudsters to steal, buy or trick people into giving away.

“There’s been a real shift in the market from data-centric identity verification to verifying through something you have and something you are, like a phone or face or ID,” he said. “And those aren’t in the provenance of the incumbents, the data-centric brokers. When there have been so many data breaches that the toothpaste is basically out of the tube, you need a full orchestration platform.”

A BETTER MOUSETRAP?

Collecting and storing so much personal data on tens of millions of Americans can make one an attractive target for hackers and ID thieves. Hall says ID.me is certified against the NIST 800-63-3 digital identity guidelines, employs multiple layers of security, and fully segregates static consumer data tied to a validated identity from a token used to represent that identity.

“We take a defense-in-depth approach, with partitioned networks, and use very sophisticated encryption scheme so that when and if there is a breach, this stuff is firewalled,” he said. “You’d have to compromise the tokens at scale and not just the database. We encrypt all that stuff down to the file level with keys that rotate and expire every 24 hours. And once we’ve verified you we don’t need that data about you on an ongoing basis.”

With such a high percentage of jobless claims now being filed by identity thieves, many states have instituted new fraud filters that ended up rejecting or delaying millions of legitimate claims.

Jim Patterson, a Republican assemblyman from California, held a news conference in December charging that ID.me’s system “continually glitches and rejects legitimate forms of identification, forcing applicants to go through the manual verification process which takes months.”

ID.me says roughly eight users will pass through its automated self-serve flow for every one user who needs to use the video chat method to verify their identity.

“The majority of legitimate claimants pass our automated, self-serve identity verification process in less than five minutes,” Hall said. “For individuals who fail this process, we are the only company in the United States that offers a secure, video chat based method of identity verification to ensure that all users are able to prove their identity online.”

Hall says his company also exceeds the industry standard in terms of validating the identities of people with little or no credit history.

“If you just rely on credit bureaus or data brokers for this, it means anyone who doesn’t have a credit history doesn’t get through,” he said. “And that tends to have a disproportionate affect on those more likely to be less affluent, such as minority communities.”