SoundCloud adjusts revenue model for indie artists

We’ve known for a long time that music streaming royalties are fundamentally broken. As revenue has shifted away from sales of physical music, it’s become increasingly difficult for many independent artists to make a living off recorded music. But all of that has come to a head as the pandemic has stripped live music out of the equation entirely.

Some services have looked to buck the trend. The immensely popular Bandcamp Fridays are a notable example, offering all revenue to artists and labels one day a month. And now SoundCloud is looking to shake up how it pays its own independent creators — a move that could prove a nice boon for musicians on a service that’s lent its name to at least one popular musical subgenre.

The site will institute a new revenue structure at the beginning of next month. Soundcloud breaks down “Fan-powered” royalties thusly,

Fan-powered royalties are a more equitable and transparent way for independent artists who monetize directly with SoundCloud to get paid. The more fans listen on SoundCloud, and listen to your music, the more you get paid.

Under the old model, money from your dedicated fans goes into a giant pool that’s paid out to artists based on their share of total streams. That model mostly benefits mega stars.

Under fan-powered royalties, you get paid based on your fans’ actual listening habits. The more of their time your dedicated fans listen to your music, the more you get paid. This model benefits independent artists.

The service is available for independent artists who monetize their pages through select Pro accounts. There are a number of factors that go into the final payment (the first of which will arrive in May), including whether listeners have a subscription, the amount they’ve listened to one artist relative to others and ads they’ve listened to. The fine print is available here.

Musicians have become increasingly vocal about their inability to live off of streaming revenue as the pandemic has cut off major income sources over the past year. Spotify, in particular, has drawn harsh criticism as the company has spent hundreds of millions on podcast acquisitions while maintaining old revenue models for musicians.

Airbyte raises $5.2M for its open-source data integration platform

Airbyte, an open-source data integration platform, today announced that it has raised a $5.2 million seed funding round led by Accel. Other investors include Y Combinator, 8VC, Segment co-founder Calvin French-Owen, former Cloudera GM Charles Zedlewski, LiveRamp and Safegraph CEO Auren Hoffman, Datavant CEO Travis May and Alain Rossmann, the president of Machinify.

The company was co-founded by Michel Tricot, the former director of engineering and head of integrations at LiverRamp and RideOS, and John Lafleur, a serial entrepreneur who focuses on developer tools and B2B services. The last startup he co-founded was Anaxi.

Image Credits: Airbyte

In its early days, the team was actually working on a slightly different project that focused on data connectivity for marketing companies. The founders were accepted into Y Combinator and built out their application, but once the COVID pandemic hit, a lot of the companies that had placed early bets on Airbyte’s original project faced budget freezes and layoffs.

“At that point, we decided to go into deeper data integration and that’s how we started the Airbyte project and product as we know it today,” Tricot explained.

Today’s Airbyte is geared toward data engineering, without the specific industry focus of its early incarnation, but it offers both a graphical UI for building connectors, as well as APIs for developers to hook into.

As Tricot noted, a lot of companies start out by building their own data connectors — and that tends to work alright at first. But the real complexity is in maintaining them. “You have zero control over how they behave,” he noted. “So either they’re going to fail, or they’re going to change something. The cost of data integration is in the maintenance.”

Even for a company that specializes in building these connectors, the complexity will quickly outpace its ability to keep up, so the team decided on building Airbyte as an open-source company. The team also argues that while there are companies like Fivetran that focus on data integration, a lot of customers end up with use cases that aren’t supported by Airbyte’s closed-source competitors and that they had to build themselves from the ground up.

“Our mission with Airbyte is really to become the standard to replicate data,” Lafleur said. “To do that, we will open source every feature that addresses the need of the individual contributor, so all the connectors.” He also noted that Airbyte will exclusively focus on its open-source tools until it raises a Series A round — likely early next year.

To monetize its service, Airbyte plans to use an open-core model, where all of the features that address the needs of a company (think enterprise features like data quality, privacy, user management, etc.) will be licensed. The team is also looking at white-labeling its containerized connectors to others.

Currently, about 600 companies use Airbyte’s connectors — up from 250 just a month ago. Its users include the likes of Safegraph, Dribbble, Mercato, GraniteRock, Agridigital and Cart.com.

The company plans to use the new funding to double its team from about 12 people to 25 by the end of the year. Right now, the company’s focus is on establishing its user base, and then it plans to start monetizing that — and raise more funding — next year.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included in each for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Payroll/HR Giant PrismHR Hit by Ransomware?

PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.

Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees. The company processes more than $80 billion payroll payments annually on behalf of PEOs and their clients.

Countless small businesses turn to PEOs in part because they simplify compliance with various state payroll taxes, and because PEOs are the easiest way for small businesses to pool their resources and obtain more favorable health insurance rates for their employees.

PrismHR has not yet responded to requests for comment. But in a notice sent to its PEO partners, PrismHR said it detected suspicious activity within its networks on Feb. 28, and that it disabled access to its platform for all users in an effort to contain the security incident.

The company said the disruption has affected 200 PEO clients across the country, and that the most immediate concern is helping PEOs ensure their customers can process payrolls this week.

“The outage may extend throughout today and possibly later, with potential impact on payroll processing,” Prism explained in a template email it suggested PEO partners share with their customers. “We are committed to ensuring everyone receives their pay as timely and as accurately as possible. For this payroll period, we will use estimates from the last available payroll period. Once the software platform is back online, we will perform a reconciliation and correct any discrepancies as soon as possible.”

Jacob Cloran is co-founder of Decimal, a company that does accounting for small businesses, many of whom rely on PEOs affected by the PrismHR outage. Decimal itself uses a PEO that relies on PrismHR.

“We don’t have a good option to run our payroll this week, and the message we’ve received from our PEO doesn’t give me a lot of confidence we’ll be able to do that,” Cloran said.

Cloran said while there are other cloud-based companies that work with multiple PEOs, PrismHR is by far the largest.

“Prism is the only real option on the PEO software market,” he said. “Everyone I know who has tried any of the others ends up back at Prism. It’s the best of all bad available options.”

PrismHR did not specify what was responsible for the suspicious network activity, but their actions so far are straight out of the textbook recommendations for responding to a ransomware outbreak. A notice from the PEO working with some of Cloran’s clients stated that PrismHR was in the process of rebuilding its entire system from data backups in a new environment.

Also, the crooks behind ransomware attacks typically wait until the weekend to unleash their malware within victim organizations, knowing that most targets will be short-staffed or out of the office at this time. PrismHR said it detected the activity on Sunday.

Ransomware victims perhaps in the toughest spot include those providing cloud data hosting and software-as-service offerings, as these businesses are often unable to serve their customers while a ransomware infestation is active.

Ransomware renders any files it touches unreadable unless and until a victim pays for a digital key needed to unlock the encryption on them. Worse, it has become almost a best practice among ransomware criminal groups to steal as much data as possible from the victim organization prior to unleashing the ransom malware within a target environment.

Some of that data is often then published on dark web victim shaming sites in a bid to force the victim company into paying up. Some companies victimized by ransomware even face dual ransom demands: One for a digital key needed to unlock access to files, and a second payment in exchange for a promise not to publish all of the stolen data. Those that refuse to be extorted are told to expect that huge amounts of sensitive company data will be published online or sold on the dark web (or both).

PrismHR said in a statement to its PEO customers that while its investigation and response to the incident is ongoing, the company “is not aware of any sensitive data being breached or compromised.”

Given the volume and sensitive nature of the data PrismHR managed on behalf of PEO clients, it’s no doubt those clients and their customers are hoping that statement is accurate as well.

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

The software giant typically releases security updates on the second Tuesday of each month, but it occasionally deviates from that schedule when addressing active attacks that target newly identified and serious vulnerabilities in its products.

The patches released today fix security problems in Microsoft Exchange Server 2013, 2016 and 2019. Microsoft said its Exchange Online service — basically hosted email for businesses — is not impacted by these flaws.

Microsoft credited researchers at Reston, Va. based Volexity for reporting the attacks. Volexity President Steven Adair told KrebsOnSecurity it first spotted the attacks on Jan. 6, 2021.

Adair said while the exploits used by the group may have taken great skills to develop, they require little technical know-how to use and can give an attacker easy access to all of an organization’s email if their vulnerable Exchange Servers are directly exposed to the Internet.

“These flaws are very easy to exploit,” Adair said. “You don’t need any special knowledge with these exploits. You just show up and say ‘I would like to break in and read all their email.’ That’s all there is to it.”

Microsoft says the flaws are being used by a previously unknown Chinese espionage group that’s been dubbed “Hafnium,” which is known to launch its attacks using hosting companies based in the United States.

“Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs,” Microsoft said. “HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA.”

According to Microsoft, Hafnium attackers have been observed combining all four zero-day flaws to target organizations running vulnerable Exchange Server products.

CVE-2021-26855 is a “server-side request forgery” (SSRF) flaw, in which a server (in this case, an on-premises Exchange Server) can be tricked into running commands that it should never have been permitted to run, such as authenticating as the Exchange server itself.

The attackers used CVE-2021-26857 to run code of their choice under the “system” account on a targeted Exchange server. The other two zero-day flaws — CVE-2021-26858 and CVE-2021-27065 — could allow an attacker to write a file to any part of the server.

After exploiting these vulnerabilities to gain initial access, Hafnium operators deployed web shells on the compromised server, Microsoft said. Web shells are essentially software backdoors that allow attackers to steal data and perform additional malicious actions that lead to further compromise.

Neither Microsoft nor Volexity is aware of publicly available code that would allow other cybercriminals to exploit these Exchange vulnerabilities. But given that these attacks are in the wild now, it may only be a matter of days before exploit code is publicly available online.

Microsoft stressed that the exploits detailed today were in no way connected to the separate SolarWinds-related attacks. “We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” the company said.

Further reading:

Microsoft’s writeup on new Hafnium nation state cyberattacks

Microsoft technical advisory on the four Exchange Server flaws

Stopping SolarWinds Breach with Jared Phipps

Listen to SentinelOne’s senior VP of Worldwide Sales and Engineering, Jared Phipps, talk to FUTRtech’s Chris Brandt about how SentinelOne successfully defended enterprises against the SUNBURST attack and the SolarWinds breach. Jared explains how devices protected by SentinelOne agents were impervious to SUNBURST and how the SentinelOne agent could neither be bypassed nor disabled by the malware used in the attacks.

Jared also discusses SentinelOne’s acquisition of Log Data Management company Scalyr and why this is a game changer in the XDR platform space.

#34 Stopping SolarWinds Breach with Jared Phipps from SentinelOne.mp4: Video automatically transcribed by Sonix

#34 Stopping SolarWinds Breach with Jared Phipps from SentinelOne.mp4: this mp4 video file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.

Now, we have heard a lot about the solar winds breach, it was one of the largest and most sophisticated attacks in history, Microsoft President Brad Smith said. When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks? And the answer we came to was, well, certainly more than a thousand, but not everyone got hit. There were those who were able to defend against this attack. Today, we’re going to talk to a company whose security product defended against this attack.

So stay tuned.

Hey, everybody, welcome back to another future tech video podcast, the audio version of this podcast is available on Apple podcast, Spotify and most of the others, or you can find it at Futura Buzz Sprout Dotcom. Today, we’re talking with SentinelOne one. Their product fared better than most against the solar ones attack. To quote their site, SentinelOne Labs, the research division of SentinelOne has confirmed that devices with SentinelOne agents deployed were excluded from the sunburst attack from an early stage even before any communication with a malicious setu. Technical analysts have confirmed that Sunbus was unable to disable or bypass SentinelOne one in any environment. And I’ll just let that sink in for a second. Today, we have with us Jared FIPS, senior vice president of Worldwide Sales and Engineering at SentinelOne, to help us understand what it was that they did right and to tell us about their recent acquisition of Log Data Management Company Scalar and what that means for their business. Welcome, Jared.

Thank you. Pleased to be here. So so, Jared, thanks so much for coming. Tell me a little bit about SentinelOne. You know, like what’s what’s the founder’s story? What was the problem that they saw in the market and they wanted to solve?

At Tumer, Weingarten, founder is still here. He’s still the CEO. It’s one of the things I actually thought was really attractive coming here myself. But when he’s a serial entrepreneur, he’s done businesses before. But when he was looking at starting SentinelOne one, he understood that the security space was problematic. He had a bit of a security background himself and what he thought was an industry that was continually looking for new solutions, new solutions, just sort of a constant churn. He looked at models that really seemed manuell slow, really, really, you know, a lot of investigation intensive. And he was trying to figure out how can he leverage I am autonomous operations to transform an industry. And he looked at a few different things. But security is what it kept coming back to is his thought process was doing something like like you get with most entrepreneurs and founders. Right. He wanted to change the world, literally change the world. And he felt that doing so through the lens of security was was open, especially by leveraging A.I. So I started off in the early stages of the company focusing on Mac. Believe it or not, that’s generally not where people start. But we started on Mac and Linux and then move into Windows after that. But based on a couple of years, just really building, doing good R&D and building before they took a product commercial. So by the time they went commercially, had Mac, that Windows and Linux was a it was a true, I would say, evolution in terms of what it had done on endpoint security in our industry. Endpoint security has been dominated by. A V and EDR AB was there to block everything you could block, and then EDR was there to capture and investigate everything and what tomor want to create and start was a business that unified all of that security under one umbrella. And it just took A.I. on autonomous operations beyond just file inspection, but into everything that goes at runtime. And that’s, you know, that’s what he’s done with SentinelOne. So that’s that’s our genesis.

So you guys fared very well against the Solondz breach, you know. Tell me a little bit about, you know, tell me a little bit about what what what you’re seeing from the solar winds breach and what you guys saw, you know, from an attack perspective that you guys were able to address.

Well, that one’s that one’s interesting, right? It’s got all the makings of nation state, I know a lot of people have come out and done attribution and tied it to Russia. I would agree with that entirely. When you’re looking at a crime group versus a nation state, you’re looking at a very different level of sophistication. Right. And I I started off my career in the Air Force. I’ve spent time on the defensive in operation and the offensive operations side of the house here. So I would say that when you’re dealing with nation states, you go into a far more complex cycle where supply chain risk management becomes a concern, where the the ability to select targets from a desired set and then and then really focus on those targets in in a bit more granular detail.

Those are the hallmarks of it. Cybercrime is very opportunistic. When something when something happens, they’ll chase every one of them. So, you know, the solar winds is really the classic supply chain, right? If you can find software that runs on all of the different enterprises around the world and you can inject your code into that software, that’s the Holy Grail from an attack perspective. Yeah, and solar winds offers software that gives you visibility over the entire network, so makes them the perfect candidate to be a target. And all they had to do was, in this particular case, remotely access and implant code. And then just watch and determine if they were able to identify the code had then put into the solar winds, you know, hindsight is 20, 20. We can all look back at it now and say, here’s what happened. But the reality is, while that’s going on, it’s very hard to capture. Supply chain is very, very difficult to control. So I’m not going to get into the into the nuances there. What I will say is that, you know, after the solar winds breach comes out, after the artifacts are there, we can go through it. We can reverse engineer the actual malicious code, the sunburst attack. When we reverse engineer that, we can we can get a bit more of an understanding of how the attacker was working in those initial phases and what we saw was actually pretty compelling when the when the solar wind software installs on a machine, it intentionally lays dormant for approximately two weeks, a minimum of 12 days.

And then after that dormant period, it’ll make out a beacon. So it’ll do a command and control beacon out to about the cloud dot, which is a domain of being registered, and then they and affiliated with various regions. So east and west and various regions around. Now, the good news is because they’re reaching out to a registered domain, we do have DNS historical data. It gives us the ability in retrospect to go back and look for all of the initial command and control campaigns that have reached out to that domain name. So no one is we can tell every organization that had those two beacons contacting on there the way that we’ve looked at. And then two, we actually have the Paleozoic in reverse engineer it. And by going through a reverse engineering, yes, we can see what they’re doing. And what they did is they started to encode different commands on that initial that beacon out. So they’re capturing information. On the very first install beacon that they send out there, capturing information around the security products, they’re installed on the machine and they’re capturing the state of those products, whether they’re running or they’ve been able to be stopped. Right. Really, really pertinent information. If you’re thinking about this from a nation state perspective, when you do a supply chain attack and you’re expecting to have massive access, your access is going to be larger than the actual targets that you want to execute against.

Right. And so having the status of security products in those beacons back is pretty compelling. And you can see in the source code, when you look at it, that they do look for running services and processes and there’s actually some some attempted anti tamper and some attempted disabling unmowed events that they’ll do. In the case of SentinelOne one, they they look for the they were looking for systems and processes. They actually will eventually get down to looking at the driver level. And they were doing various techniques, you know, going into a registry and overriding the first values to try to decode the registry to to unload agents. In this case, what we saw is they simply wrote code inside of the sunburst malware that if they identified SentinelOne one to simply exit them, they would go back into a dormant status and then they would recheck after that randomise, again, another minimum 12 days and just come back and keep rechecking, hoping that no has been uninstalled or the admins have done something with it. Right. And just a bit more opportunistic. Well, that’s nice. That was the kind of interesting case here, is we didn’t really have to stop the attack after all of that because it just wouldn’t execute if SentinelOne was installed.

Well, that’s a nice endorsements from some Russian hackers.

Yeah, I mean, it’s. You take it for what it is in this particular campaign. That’s that’s the decisions they made.

We do have some some federal customers who have been targeted by that organization in the past. So while it’s a hypothesis on my part, I don’t think it’s rampant speculation to think that, you know, they are aware of who we are and where we’re running. You can generally go find endpoint agent code. Just go look for virus to go look for different places. I don’t think it’d be impossible to get access to SentinelOne binaries, but it would appear here that they they’ve had a little bit more recon, a little more time to try to focus on it. We have a lot of anti tamper majors in place in the product that prevent the agent from being unloaded through the registry, through the methods that they were trying. And so it would happen here, even though it’s not something I can prove, it would appear that they had awareness that they that their methods were not going to unload SentinelOne one. And it would be better to simply avoid raising alarm bells. Someone start tampering with your agent. Right. That that alone sends up an alarm bell. So they’re trying to avoid sending alarm bells. So if they see someone, they just exit and they don’t want to try to mess with the with the anti-malware capabilities. That’s my hypothesis.

Yeah, that’s really I mean, it just goes to show you the level of sophistication of this attack. I mean, you know, when Microsoft saying they they see the fingerprints of at least a thousand different, you know, hackers on this one working, you know, from a nation state, that’s a that’s a significant foe for sure.

Yeah, I mean, again, so I don’t know that I would personally agree that they’ve got a thousand people building building on the code. Like like all things, great things happen in smaller teams. Well, I think there’s I think there’s a military unit. I think there’s a lot of design behind it. I think there’s some very good minds behind it. I just wouldn’t put the number of the thousands I put in the hundreds. What comes back is the notion of target selection. Yeah. If you’re in the military and you have available targets, you have to go through quality target selection. And that’s what I think is probably more aligned to the case.

I mean, I’ve done some analysis just based on the the C two beacons that have come out. You know, it’s you would figure this is Russia. They’re targeting government. Only about 20, I think was twenty two percent. If you round up of the initial C to Beacon’s come back or even government related technology like, you know, manufacturers of supersonic jet engines, like it’s not just tech, it’s very specific tech. And they’re showing a lot of state and local governments, which which is interesting. And then it was pretty heavy in health care and finance stuff. Finance is always targeted. I mean, yeah, that’s the thing about finance. You’re going to be hit by crime groups, by by nation states. You’re going to get anything you can imagine if it money flows.

Everybody wants to understand who, what, when, where, how, when it comes to money. So you’re always a target if you’re finance. Yeah, but health care by a nation state is not normal. That that’s just not normally what you would see. So one aspect of this is, hey, they went after solar winds. That’s a very Ebiquity software. It’s available. It’s going to make a very large target set. And that’s true, right? You’re going to tons of machines reporting and. Yeah. What they chose to actually execute against what they selected off of that target list, though, is pretty telling, and you’ve got to make your decisions and your determinations of what to process in what order process. Look, we didn’t we didn’t see this thing until December. It kicked off in March. The campaign executed. This wasn’t like we didn’t have this miraculous find and stop, but it was that all the DNC activity, everything was telling down. They did a great job, well executed, and it was successful, a successful campaign. And I don’t think anybody can call it anything other than that. Yeah, there’s definitely going to be some people in the US government right now with some very hard conversations. This was a successful campaign.

Yeah, I’m sure. Well, in that regard, you know, like you mentioned, this this was out there for a very long time. I mean, it’s amazing that, you know, people didn’t catch it. I mean, like you said, hindsight’s 20 20. Right. But what were some of the things that they were doing that that made it so incredibly stealthy?

Well, OK, so this is what Rush has always done when they get into an organization. And if you’re a crime group, you’re trying to drop in crypto miners or drop in ransom where you’re trying to figure how to get paid and what you’ve done. If you’re Russia, you’re coming in, you’re trying to avoid detection at all costs and you’re trying to discover information. Right. So at the end of the day, if you’re a nation state, you’re doing a cyber aggression for two primary reasons. I’m going to leave China outside of this because they’ll have a third. But one is denial, disruption of services. The power grids think equities and trading markets, things that you can cripple a country by taking down. Number two, which is the more prevalent use case, is intelligence gathering. So machines create data and information meant to be consumed by people. So you want your people to consume what you’re what your enemies are adversaries out there would have. So that’s that’s why nation states hack each other, right. So when you’re an organization like Russia and you’re going in to do an attack like this, you’re going to go after credentials, you’re going to make yourself appear to be a legitimate user inside of the organization.

And you’re going to get access as much as you can to join conversations, to monitor conversations, to to have access to data, to move around the environment and to do so. In today’s day and age, you either need identity certificates or identity accounts. And that’s what they focused on. Yeah. Interestingly enough, you know, although we didn’t have any SentinelOne customers compromised, we did open up until everybody had one incident. Response teams, if you want to help to investigate some leads, we’re happy to do so. We as a people are concerned and investigated. There were dead ends everywhere. But following the national conversation, what’s pretty clear is that the follow on activity was using cobalt stripe, which is something this no one does really, really well against. So there’s there’s telltale signs to catch the follow on activity once they get in. The companies and probably other organizations, I should say, not companies. Organizations, I think should have been able to detect some of that activity. So that’s a little bit disappointing that it got as far as it did there. But, yeah, once they get in, once they get access to those crowds, then everything else just looks like remote connections and it starts to look very legitimate.

And the case where you saw the FireEye, right, they got a little clumsy, not not excessively, but a little clumsy when they tried to do the two factor authentication registration, the publishers kept focusing on certificate’s. That’s that kind of tripped a wire. The difference is Biri has people who are used to doing deep dive investigations, and when something weird pops up, they don’t mind taking the time to delve in and do that investigation. Security companies will do that. Other organizations, they’ll just write it off as a glitch or it’s it’s an anomaly. Or maybe somebody tried something, but whatever, they didn’t get through because we didn’t create the account. They deactivated the move on. They don’t really have the resources to dig in and understand what’s going on. That’s the bigger concern, because there’s probably again, I don’t know, I’m not part of the conversation, but I would have to suspect in retrospect, there’s a whole bunch of red flags showing up that should have been watched that simply weren’t I mean, I would bet almost anything that that’s the case right now inside the US government. There’s probably some really hard conversations around that right now.

Yeah, well, I think I think you touched on maybe one of the biggest problems in security today, right. Is the fact that there’s not enough qualified people to go around. Right. And you look at red team, blue team and, you know, in dividing people up and you know how it all plays out. I mean, it’s a it’s a massive task to to not only just, you know, be very vigilant about this, but also to understand the types of things that are going on.

And when you see something that looks a little unusual, being able to do that deep dive to figure. Things out, and I know, you know, one of the things that you mentioned in sort of the Founders story about SentinelOne was the desire to apply, you know, artificial intelligence, machine learning and things like that to the process, which I think is is kind of an important piece to this puzzle.

Right. Because if there’s not enough people to go around having some intelligence in the apps that can help people who may not have the level of sophistication that they may need to derive answers and insights, I think is a really important piece. Right.

It is tremendously important. I can give you it’s it’s interesting, very early on the cybersecurity industry and you can put myself on this list when I when I was in the Air Force and people are talking about A.I., I was very resistant to the idea that a computer was going to offer any intelligence or analysis that the analysts we had couldn’t handle.

But other industries have figured out how to let computers do some great things with it, like autopilot in the airline industry being one autonomous safety systems around transportation. I’m just look for your vehicles, right? When I was in college, I drove a nineteen seventy two and write A to Z. It had no air conditioning, it had no power brakes, power steering, like it was as basic of a car as you could get. Now I told people I was driving because it was a quote unquote drivers car. The reality was five hundred bucks and that’s what I could afford. And and today I drive a car that has lane departure warning, forward collision warning, auto braking, rear collision, avoiding crash avoidance, front airbags, side airbags like this car has so many systems. I’m still the driver. I still control the car. But when reaction times are where they are, it can start to react. You know, for me, it can tell me if I’m trying to transfer in. Someone’s in a blind spot that someone’s there. Like this is what you want from autonomous systems. If you go back to airplanes, right. You have all different types of safety systems that help pilots avoid mid-air collisions, things of this nature. The only time that crash has happened is when pilots ignore the systems, telling them what they should be doing because they want to be smarter than the system.

So let’s talk in cybersecurity world. Why do we need a high volume of data is number one and speed is number two. And by volume of data, we actually the buzz term in the industry now for this, which is alert fatigue, I would tell you it’s more like drowning unless I unless you’ve lived it firsthand, like walk in and see your SIM with ten thousand alerts in them and then you sit here and look at your stock and say, OK, well now our tier one is going to analyze all the high and critical and you watch them and they’re opening up the screen looking at some stuff and then deleting or they’re, you know, like there’s nothing happening at that level that’s incredibly valuable. And then the hard stuff is supposed to be caught by your huntings in tier three or tier for finding the stock that I’ve been working with. And these are for organizations that can afford the SOC and can build the SOC. Yeah. So, yeah, I’ve worked commercially, primarily in the energy and financial sectors with some teams that truly have world class security operations and they use orchestration, autonomous operations to enable them to scale like everybody else. How do you get there. Yeah. You’re not going to have the security, but it’s the best, and so I think it’s fair.

I mean, you know, I’ve come a long way and obviously now with no one, where do I an autonomous operation, behavioral analysis, we are taking what is really, really complex stuff. But we’re taking tier one responsibilities on ourselves. And this is this is fantastic for organizations that can’t afford the SOC. We literally have the teams to do that. Right. We can be the solution for other organizations that have the SOC. We can we can offload a lot of that Tier one and then we take all of our threat hunting and augment what they’re doing. So it’s like having this really, really specific expert system. It’s not just a software as a service, but it’s a software as a service that has expertise and behavioral algorithms that will process anything faster runtime and the human ever will. And then it’s augmented in the back end with an exceptionally good team to expand out your certainly that’s the right model for the industry today. And that’s that’s what Toma’s Vision wants. And is vision proved correct? Right. So, yeah, where we sit now, we’re the fastest growing company in our space. It’s amazing how fast we’re coming along here. And the adoption is because we’re solving a real need, a real pain. I’m taking some some pretty challenging problems on on behalf of our clients.

Yeah, I remember. You know, when you talk about alert fatigue, I remember back in the day at a global 500 company installed a security product. I won’t mention the name of it, but and, you know, a few weeks in, they were getting, I think, somewhere upwards of over twenty three thousand alerts a day. And obviously, you can’t that’s completely not actionable. Write and edit. And after a while, they just stopped looking at it. And that’s after spending millions of dollars to get everything in and installed and stuff like that. And know just they didn’t make the kind of investment to tweak and tune and do that, which is a full time job and in and of itself. But it is amazing and it continues to this day with a lot of a lot of organizations where there’s just too much data coming at them. Right. Crazy.

Oh, yeah, it’s insane. I mean, anybody who’s had a home alarm system probably knows you get more false alarms in a year and you risk getting fined by the police than you people working in your house. Yeah, yeah. I mean, and that’s at the most benign possible scale. Take that and throw that into an enterprise environment. Twenty three thousand alerts, even if you can analyze all the highs and critical. How accurate is that analysis going to be? Yeah. Think it’s just not going to be I it’s that’s not a hypothesis. Right. That’s just what I’ve lived multiple time and it’s it’s just not going to be accurate. So the other though, I think it’s not just about the alerts, it’s also about closing the cycle of the investigation. And this is where I think the autonomous side of SentinelOne kicks in a bit more, think the industry as a whole, the security industry as a whole has come along and says, yeah, we can we can use A.I. models to replace maybe everybody’s really comfortable with that and we can use behavioral rules to trigger alerts that are higher fidelity and everybody’s come along and are comfortable with that.

What people are not recognizing is that we’re we’re taking it a step further than that and that we’re tracking everything into a single storyline, everything that occurs on that point to a single storyline. And we can not only stop the attack, we can surgically remove that attack from the endpoint. And that means we’re automating not only the detection and the deflection of the attack, but we’re automating the recovery from the attack.

And if I go back to where I was in 06 and 07 in the Air Force, where we were trying to define his visions, grand vision of a self healing endpoint that would allow us to operate through cyber attacks, central ones delivered that more so for our customers, the endpoint, like we will attack, block, remediate and attack that entire cycle, the entire investigation, remediation trigger cycle, that whole piece of it can be done in point two seconds. Yeah, right. That’s operating at the speed of compute. Can we do that for every single attack. No. Can we do that for the vast majority. Yes. And for the ones that take a little bit longer, like a long cycle for us is maybe ten minutes. Right. And most of the industry is trying to get to benchmark standards that are that are multiples above and beyond what we’re delivering today. Yeah, and this is probably the most shocking thing because I don’t get on with the Fortune ten companies. I’ll get on with the Fortune 100 companies. I’ll explain to them what we’re doing. The same we’re not we’re going to be OK and we do it like, wow, you are. And that becomes a very different conversation. So. We’re doing it, we’ve been doing it, we’re doing it a skill, and we’re going to continue to drive on excellence in this fashion because it’s not about generating alerts. The security, security products and security vendors have got to get a mindset of generating and alerts is about deflecting attacks and keeping intruders out of the environment and doing that as seamlessly and frictionless as possible for the users of that company.

Yeah, yeah. Well, you know, I mean, there’s there’s a there’s a million different security products out there right now. I mean, this is a very disaggregated market. And I think that, you know, there’s so many companies, you know, some of which, you know, are more of a feature than a the whole platform or a product even, you know, attack very specific areas of the of the security chain. Right. You guys kind of playing the EDR space, which is, you know, kind of this evolving, you know, space of what fits into the definition of XDR. Where do you see your guy, you guys fitting into the whole security chain? And how how do you play in that that whole mix?

Well, the point is interesting and compelling because you’re at the point of data consumption, and so it’s really your ultimate last line of defense, the EDR space has gone from being a sensor telemetry driven system to an autonomous attack. Deflection position is where we have it now, where we can do seamless remediation, et cetera. Likewise, there’s been an NDR concept for a while. Network detection response responses started back with full Peka vendors and they went into metadata because PopCap was too hard to record, but again, storing on telemetry and then analyzing the events after the fact and then Djerriwarrh to tell you what happened. That generally means need to kick off an investigation. And so we’ve done integrations within EDR vendors and EDR, and a lot of that is driven through systems as well. So all of the standard integrations through since I think what’s the vision of the EDR vision? Is that crostini, detection and response? Right. We are not leaving NDR as a silo reporting into the SIM and EDR as a silo reporting into the SIM. You’re now moving into cross domain detection and attack. And I would like to our detection response and I would almost like to think of that as deflection in the SentinelOne methodology, meaning cross demesne. What automation’s can I drive cross to mean, what types of responses can I automate? And so what? We’ve done this with several different firewall vendors in the fabrics, looking for the fabric, for example, where we can push intelligence back and forth between the two, but we can also now adjust in terms of an automated response.

And this is typically been the domain of orchestration. And you had orchestration vendors building up and then you kind of see the same vendor sort of gobbling up orchestration. And at the same time, data is a lot more prevalent. When you started doing XDR, we start going crostini. You no longer care that the data is coming from just your endpoint telemetry instead of pulling data from any network or any other security appliance, logging, applying anything of that nature, allowing that data to come in. What we’re doing here and why this is such a good fit for SentinelOne is our core competency is working with data. We are in A.I. Behavioral Analysis Company. We do amazing things with data and we’ve proven it on the endpoint point, which is probably the most difficult space to operate in, at speed, at scale, with accuracy. We’ve proven it there. Now we take that into the EDR space. So what are we going to do? And this is literally why we bought scalar, which you kind of referred to earlier. But when we can start to move and operate at the speed of compute on large data sets across fabrics which include network and cloud and point, the fabric simply becomes compute, the protected becomes the data and the protected becomes the user of that data. And that’s really the vision we’re driving for. We will continue to invest very heavily on that data driven vision as we go forward.

Yeah, well, you brought up scalar. You know that that’s quite a significant acquisition. Could you talk a little bit about what scalar does and what scale it brings to to the game here?

Well, the the real key piece of what scale it brings to the game is that, again, when you’re talking to SentinelOne, hopefully what you’ve gotten for me is the autonomous and the speed at which we’re working right now, measuring things in hours or minutes. We measure things in seconds as much as possible. There are things we have to measure in minutes, but maybe even an hour every every occasionally. But we want to deflect and stop as much as possible. So when he starts looking at data, data aggregators, log aggregators, all that type of stuff that’s out there, there’s a lot of them in the market. What’s intriguing about scalar and what I think was really compelling for us is that it can ingest unstructured data. So we don’t need to have a predefined nomenclature or anything of that nature for the data set coming in. But more importantly, is ingesting and allowing us to take operations at the speed of ingest on unstructured data. So while we think we’re going to have gains from scalar in many, many different aspects of operating a security program, we think that among the most important is it’s going to align with our philosophy of deflection on autonomous operations.

And we started to get pretty excited when we think about where we can go in the future. The future of compute is data. We all know that. And there’s a lot of companies out there that are working on making it easy. To stand up data infrastructure, making it easy to scale data infrastructure and SentinelOne is going to do that, but we’re going to also let you do that security. So if you think about this, then it’s not just about how SentinelOne one is able to leverage scalar technology for our security mission, but how we’re going to be able to help people consume and leverage data securely in their environments. Because I’ve really never met a CEO, CIO that said I want to take on more security risk. I want to have more security burden on my team. They just want to be able to provide the business mission to their organizations if we give them a secure path to data compute. And that’s that’s pretty compelling.

Yeah, I think it’s interesting that I love to see acquisitions in this space because I think the the security market needs some consolidation.

Some of these need to be wrapped up in a broader suite of products brought together that are all integrated and, you know, kind of a single pane of glass sort of thing. And you guys are an interesting case because you guys raised quite a bit of money. I mean, I think you’ve raised almost upwards of 700 million dollars, you know, so I got to imagine you guys have a little bit of, you know, acquisition power, you know, even beyond scalars. So, you know, I know you can’t talk about what the future holds in acquisitions, but I got to imagine there’s some really interesting opportunities out there for you to do some consolidation.

Well, we’ll always be looking for things that are strategic that that give us the ability to deliver the most value to our customers over time. Yeah. And when those types of opportunities present themselves, we’ll definitely take advantage of them.

Yeah. Yeah. Well, that would be interesting to see. So tell me a little bit about what’s next for for for for SentinelOne. What, what, what do you where do you see things going for you guys.

Well, we have to continue on the rapid growth path, that’s what this industry demands from a business perspective. So scaling a business operation, doing this at the speed at which we’ve been doing this and I think we’ve settled into a pretty polished approach of this is really important. We need to keep innovating. So scaling the business is going to be one things we keep focused on innovation. This is this is the heart and soul of SentinelOne. We can leverage some exceptional talent. We have core competencies, fundamental core competencies, and what we believe is world class expertise in in the realms of machine learning, artificial intelligence, behavioral analysis. So how do we take that core competency and expand that into the EDR world? We’ve been doing that. We’ve been doing that actually for some time now. I think where we’re heading on the EDR vision is providing a greater security blanket. And more importantly, we’re not going to walk in and force an organization to rip and replace everything they have. Yeah, and it’s one of my pet peeves, right, is yes. We’re building an amazing platform. And yes, we have a lot of stuff you can do on this platform, but you’ve already made some investments are going to be strategic that you don’t want to change. And you know what? I had always wished the vendor would have told me when they walked in, said, I’m going to make your existing security investment better. I’ve never had a vendor tell me that when I was in the buying side.

But what we’re focusing on now is taking the singularity platform the SentinelOne has and applying that into our customers environments in a way that lets them get more value out of their existing security spend and putting that and really driving towards that EDR vision. So that’s, you know, that innovation pace that we maintain. We will continue to innovate internally very rapidly. And that’s that’s going to be a main focus of us. And then the probably the big elephant in the room that nobody wants to know is when is the IPO? I can’t tell you what the month exactly is. I can tell you that that is definitely the next phase. I actually look at the IPO as the starting line. I think we’ve all got the warm ups done and we’ve been doing a lot of work and training to get to this point. But we’re all really, really excited to get on the starting line and really take off. So we’re going and I think you’re going to see a bit of direction just with the staler acquisition alone. What we think is this the strategy for the future, but it’s going to be building and securing and providing a pretty comprehensive offering that appeals not just to a sister, to a CIO and to a board. So you’re going to see that, you know, that business side of the house.

You’ll see the IPO, you know, unless some crazy market conditions occur, you know, you can never predict the future and your senior year of college or September 11.

So, yeah, it’s it’s a it’s a strange world we live in these days. Nothing’s entirely predictable.

You never predict the future. But I would say that’s definitely something that we’re very we’re very focused on, is letting that IPO that’s that’s getting us to the real starting line. And that allows us to have a foundation to build a very formidable long term independent company for the four decades to come. That’s that’s the focus. That’s the goal.

So, Jared, I keep hearing from so many people, it’s hard to find really good security people. And I have found that to be true for us as well.

So where are they? Like, how do we where where do we go to find the folks that actually have the not just the theoretical expertise, but the practical expertise? Yeah, it’s an interesting question.

You can find I would say you can find people anywhere, and that’s that’s not the only one here. But I’ll tell you what, it’s really easy to find are people that understand the buzzwords and they know how to swing the buzz words and they can talk about the buzz words. People that understand how to be a practitioner is a bit more difficult. There’s training programs and they get people leveled up to be a tier one analyst. I think we can figure out how to get to one analyst and you can go find them at any of the larger organizations where they run their socks and they pay them sixty five thousand a year. And it’s pretty easy for company come in, hire them into a senior role and give them ninety five thousand moving somewhere across the country. So, yeah, you can find a lot of those in San Antonio around the officer. You can find them in different cities around the deserts in the federal service, and you can find them around the large organizations, especially the ones based in California. People are people are definitely wanting. It’s very difficult to live on. Eighty five a year in the Bay Area. So people in those sorts out there are those socks for the organizations out there. So that’s where you find the tier ones. I think the challenge and I think really what the question that you’re getting to is how do you find the person that would would have recognized that two factor authentication registration as not an anomaly, but security that you dig into? That’s harder, right? Because now you start to go and you start to touch into forensics. But really, what you’re looking there is an incident responders.

Where do you find the people that can drive a really, really good security program? You find them in the incident response world. People that have come out of college, they started working for an auditor and they got moved into the the IRR teams or people who were sysadmins. And they got kind of sucked up into EDR teams and doing instant response engagements and been dabbling in forensics and memory analysis. And they understand that world. That’s a pretty good place to recruit from. There’s actually a lot of companies out there that do that work. And, you know, that’s that’s where the talent gets a bit more expensive.

Can we build those? Can grow those?

I, I do see some corporations doing that, but I see the majority of that growth even today being done inside of the military. So Air Force LSI, they do some great cyber crime investigation staff, the any of the operations down the AF cyber teams, they get programmatically of different types of skill sets down there.

We do have a lot of core operators, a lot of core testing, run teamers, and then even the large the big five have some decent programs that can get you some some basic skill sets. The problem is that pipelined isn’t big enough. Yeah. And the problem is you go look at the universities who are doing cyber training and it’s far more problematic right now. Like as a comp sci student, I had a class on compilers. I hated that class. I have nightmares in that class, this data. Right. And I’m not a software coder because I figured out in college I didn’t want to be a sci person, but I did that because I had to write a compiler. I did that because I had to write at sea level in Perl and then Java and all these different programs and write different applications. You go through a cybersecurity program. Are you doing memory forensics? Are you doing Foldes acquisitions? Are you trying to do these things remotely? Now you’re kind of learning some tools, some skills, but it’s still a little too programmatic, a little to a high level things that are still a topic that you cover over a module like memory. Forensics should be a course or two and they should be just as painful as compilers was. Maybe so. So that’s a challenging set. Right. And it’s it’s fine that people to have enough of the understanding of coding and forensics and back and find that right mixed together is what makes challenging. So at the end of the day, the problem is we don’t have the right educational pipeline to scale and put out the volume of security analysts that are needed. Yeah, it’s it’s still reliant on a lot of self help, self teach, self learn or proper exposure in the limited places you get. And that’s the challenge.

Yeah, well, I, I think, you know, schools have a have a big challenge in that because to develop a curriculum is hard. And when you’re dealing with an industry that’s moving at the pace that security is and the level of change that happens in that that world, I don’t know how you get around, you know, finding people who are very self-motivated to do that learning. Right. I don’t know.

I think it comes down to some expectations and to raising the bar a little bit. The two parallels I would give you here, and obviously an Air Force got to go to aviation. Aviation is a pretty innovative industry. You can go get a degree in aeronautical engineering and you will have some really challenging courses and you’ll have a high a high washout rate. But you’ll also have a good job when you’re done and you’re going to be picked up by. Boeing or a Lockheed or someone big, and you’re going to apply all of those math and physics models right away, right out of the gate, you’re going to learn some skills and you’re going to have a very defined specialization within that industry. And there’s a fit for you. Yeah, the difference is Boeing builds airplanes, they sell them and they make money on it. Now, you do this as a cyber security person. Let’s say you became one of the best forensics analysis analysts out there. Companies don’t make money hiring a forensic analyst. Right. So this goes back to the core problem, that cybersecurity is a risk difference. It’s not revenue generated. Yeah. And so I can bash on the industry a little bit from the educational side of outsourcing. We’re not ramping up and preparing people properly. But unless you’re a cybersecurity vendor, you’re in a world of cost avoidance, cost deflection. So there needs to be a change in the mindset. And if you look at a system is a business a member of the executive council, as a business member, they’re out there to try to figure out how to maximize revenue.

Yeah.

And, you know, ransomware is probably the thing that has shifted a lot of board members that I talked to and a lot of CEOs that I talked to into understanding the financial penalties of this cited that people just didn’t care like.

Ok, so Russia hacked us and they got a couple of things maybe and this is bad and we’ll spend a couple more million, but they’re not investing in it as if it’s the same thing as the next product line is going to make them the revenue. They’re not hiring the best talent so they can outcompete their competitors to produce the best revenue.

And that’s one of the challenges. Maybe the medical industry’s a bit closer of a parallel. We have a lot of complex systems. You have a lot of data that needs to be analyzed and you wind up with a lot of specialties. The difference there, though, is as a patient, you will go between specialists. You don’t own them. All right. Right. And I think that’s where the industry is going to trend closer towards. Companies are going to want to to look to people like SentinelOne and say, OK, you’ve got the numbers. But the end point, I want these services. I want to pick up all these components in your platform, and I want you to simply provide that service to this company. And I think that’s the direction that the industry is going and will continue to go, because that’s more aligned with cost avoidance than it is with revenue generation. Yeah, and and if we want to get into a world where there was enough cybersecurity talent for every company to hire and use them, they would have to be making money on the cybersecurity versus just avoiding using it.

Yeah, I think I think you’re spot on with that. And I think that, you know, you talk about some of the key security folks that you have in your organization that can reach out and help your customers. I think that’s kind of a really, you know, the model that’s going to work in this world, because there’s going to be concentrations of these really talented people. And I think, you know, companies are going to have to reach out to other organizations to get that talent to help them.

Well, you better be able to keep it when you find it.

Yeah, like this this is one of the things that I think is underestimated is when you’ve built a program and it generates a ton of data and a ton of alerts and a ton of noise, nobody in their right mind wants to be a tier one forever. That’s like saying you want to work and the Help Desk forever. Like, yeah, no, there’s everybody has that writing job early on in their career. And you do it and you work your tail off through that grind. And that’s what tier one is in cybersecurity. If you hire really, really competent people and then you expose them at all to tier one grind repeatedly, they’re going to go work for the place that has better tools, better processes, that exposes into less mind numbing work. Yeah. So I think I fully, fully expect industry to hold me accountable as a vendor to offload the mind numbing stocks. Yeah. And the way we’re going to offload it is to isolate them.

Well, and I think another you know, we had the CEO of Arctic, Wolf, on a couple of weeks ago. And one of the things that he said is that, you know, so many of these security people that go into these organizations and half the time they’re building boxes and, you know, doing server admin and stuff like that. And that’s not a security person signs up for. And that’s why he’s like, I have an advantage to hire people because they do security work 100 percent of the time rather than, you know, like doing crappy busywork that the organization needs them to do. And, you know, and that’s why I think, you know, like organizations like yours are going to have the advantage in that case because it’s a more compelling environment to be in.

And at the end of the day, yeah, I mean, look, if you’re a really good professional at what you do and you think you’re a world class professional, then you probably want to work at a company who has world class tools. Yeah. And lets you challenge and challenge yourself with really complex problems. And if you can’t give your top end security members that type of experience and. Yeah, they’re going to go somewhere else.

Yeah. Jared, I got to say thanks so much for coming on. I think, you know, you brought some really interesting insights that, you know, we haven’t really heard before, I think, regarding the solar wind’s conversation. So I think that’s that’s really great information for folks. And I wish you guys the best of luck. And hopefully you continue your success and you have a phenomenal IPO and you can, you know, continue your consolidation of the market that we’re hoping to build something for a long time.

So I’m excited. Thanks again for taking the time to talk to me today. It was fun.

Yeah, that was definitely fun. Appreciate it. Thanks so much. Thank you.

Thanks for watching. If you like what you saw, please click the like button, hit that subscribe button because that’s super important for the channel.

And if you want to get notified when I post new content, click on that bell icon and you will get notifications and I will see you in the next video.

Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.

Automatically convert your mp4 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.

Sonix has many features that you’d love including automated subtitles, automated translation, collaboration tools, advanced search, and easily transcribe your Zoom meetings. Try Sonix for free today.

(function(s,o,n,i,x) {
if(s[n])return;s[n]=true;
var j=o.createElement(‘script’);j.type=’text/javascript’,j.async=true,j.src=i,o.head.appendChild(j);
var css=o.createElement(“link”);css.type=”text/css”,css.rel=”stylesheet”,css.href=x,o.head.appendChild(css)
})(window,document, “__sonix_video”,”//sonix.ai/widget_video.js”,”//sonix.ai/widget.css”);


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Axonius nabs $100M at a $1.2B valuation for its asset management cybersecurity platform

Remote work has become the norm for many businesses in the last year, and today a startup that has built a cybersecurity platform to help manage all the devices connecting to organizations’ wide-ranging networks — while also providing a way for those organizations to take advantage of all the best that the quite fragmented security market has to offer — is announcing a major round of funding and a big boost to its valuation after seeing its annual recurring revenues grow ten-fold over 15 months.

Axonius, which lets organizations manage and track computing-based assets that are connecting to their networks — and then plug that data into some 300 different cybersecurity tools to analyse it — has closed a round of $100 million, a Series D that values the company at over $1 billion ($1.2 billion, to be exact).

“We like to call ourselves the Toyota Camry of cybersecurity,” Axonius co-founder and CEO Dean Sysman told me in an interview last year. “It’s nothing exotic in a world of cutting-edge AI and advanced tech. However it’s a fundamental thing that people are struggling with, and it is what everyone needs. Just like the Camry.” It will be using the funding to continue scaling the company, it said, amid surging demand, with ARR growing to $10 million last year.

This latest round — led by Stripes, with past investors Bessemer Venture Partners (BVP), OpenView, Lightspeed and Vertex also participating — represents a huge jump for the startup.

Not only is this the company’s biggest round to date, but last year’s $58 million Series C — which closed just as the COVID-19 pandemic was kicking off and remote working, to better enforce social distancing, was starting to take off with it — valued the company at just over $302 million, according to PitchBook data. Axonius has now raised around $195 million in funding.

Last week BVP announced a new pair of funds totaling $3.3 billion, with one dedicated to later-stage growth rounds: This indicates that this money is already getting put to work. Amit Karp, the BVP partner who sits on Axonius’ board, describes the startup as one of the “fastest-growing companies in BVP history.”

When I last covered Axonius, one of the details that really struck me is that its platform is especially useful in today’s market, not just because of its focus on identifying devices on networks may well — and today genuinely do — extend outside of a traditional “office”, but also because of how it views the cybersecurity industry.

It’s a very fragmented market today, with hundreds of companies all providing useful tools and techniques to safeguard against one threat or another. Axonius essentially accepts that fragmentation and works within it, and it has its job cut out for it. Last year when I covered the company’s funding, it integrated with and ran network assets through 100 different cybersecurity tools; now that number is 300.

The crux of what Axonius provides starts with a very basic but critical issue, which is being able to identify how many devices are actually on a network, where they are and what they do there. The idea for the company came when Dean Sysman, the CEO who co-founded Axonius with Ofri Shur and Avidor Bartov, was previously working at another firm, the Integrity Project (now a part of Mellanox, which means now it’s a part of Nvidia).

“Every CIO I met I would ask, ‘do you know how many devices you have on your network?’ And the answer was either ‘I don’t know,’ or a big range, which is just another way of saying, ‘I don’t know,’ ” Sysman told me last year. “It’s not because they’re not doing their jobs but because it’s just a tough problem.”

He said part of the reason is because IP addresses are not precise enough, and de-duplicating and correlating numbers is a gargantuan task, especially in the current climate of people using not just a multitude of work-provided devices, but a number of their own.

Axonius’s algorithms — “a deterministic algorithm that knows and builds a unique set of identifiers that can be based on anything, including timestamp, or cloud information. We try to use every piece of data we can,” said Sysman — are built to bypass some of this.

The resulting information then can be used across a number of other pieces of security software to search for inconsistencies in use (bringing in the behavioural aspect of cybersecurity) or other indicators of malicious activity.

The fact of that platform play — and how it can grow with both the range of devices that are added, as well as technology built to counteract increasingly sophisticated threats — is what attracted investors. 

“It’s always exciting to invest in fast-growing, innovative, category-creating companies, but what Axonius has accomplished in such a short time is remarkable,” said Stripes founding partner Ken Fox in a statement. “With its commitment to solving a fundamental challenge with a simple, powerful platform that collects and correlates data from hundreds of products its customers already use, Axonius has built one of the most beloved products in security. We look forward to partnering with the Axonius team as they continue to invest in technical innovation and grow to meet global demand in 2021 and beyond.” Fox will join the Axonius board of directors with this round.

It seems that some of this news leaked out over the weekend. A spokesperson has confirmed it all to us but the “official” announcement will be coming out later today.

Twilio to become minority owner in Syniverse Technologies with $750M investment

Syniverse Technologies, a company that helps mobile providers move communications across public and private networks, announced an extensive partnership with Twilio this morning. Under the agreement, Twilio is investing up to $750 million to become a minority owner in the company.

The idea behind the partnership is to combine Twilio’s API communications expertise with Syniverse’s mobile carrier contacts to create this end-to-end communications system. Twilio’s strength has always been its ability to deliver communications like texts without having a carrier relationship. This deal gives them access to that side of the equation.

James Attwood, executive chairman at Syniverse, certainly saw the value of the two companies working together. “The partnership will provide Syniverse access to Twilio’s extensive enterprise and API services expertise, creating opportunities to continue to build on Syniverse’s highly innovative product portfolio that helps mobile network operators and enterprises make communications better for their customers,” Attwood said in a statement.

Today’s deal comes on the heels of the company’s $3.2 billion acquisition of Segment at the end of last year as it continues to look for ways to expand its markets. Will Townsend, an analyst at Moor Insight & Strategy who covers the network and carrier markets, sees this deal giving Twilio access to a broader set of technologies.

“Twilio [gets] access to Syniverse’s significant capabilities in massive industrial IoT and private 4G LTE and 5G cellular networking. Both are poised to ramp significantly given newfound enterprise access to licensed spectrum via recent C-Band and CBRS auctions,” Townsend told me. He believes this will help Twilio reach parts of the enterprise not connected by Wi-FI or where the customers are dealing with “a mishmash of solutions that don’t scale or propagate well.”

As it turns out, it’s not a coincidence the two companies are coming together like this. In fact, Twilio has been a Syniverse customer for some time, according to Chee Chew, chief product officer at Twilio.

It’s a case of an old-school company like Syniverse, which was founded in 1987, combining forces with a more modern approach to communications like Twilio, which provides developers with APIs to deliver communications services inside applications with just a couple of lines of code.

The Wall Street Journal, which broke the news of this deal, is also reporting the company could go public via SPAC at a value of between $2 and $3 billion some time later this year. That would suggest that it has not gained much value since the 2010 deal.

Holger Mueller, an analyst at Constellation Research, says the SPAC provides an interesting additional component to the deal. “The high-flying stock market creates all kind of new chickens, one of them being a SPAC, and that’s the financial opportunity that Twilio is likely pursuing with the investment into Syniverse. The more immediate benefit is for Twilio to use the messaging vendor for its services. Call it a partnership with investment upside,” Mueller said.

According to Syniverse, “the company is one of the largest private IP Packet Exchange (IPX) providers in the world and offers a range of networking solutions, excelling in scenarios where seamless connections must cross over networks — either across multiple private networks or between public and private networks.”

The company is currently owned by the Carlyle Group private equity firm, which bought it in 2010 for $2.6 billion. Twilio launched in 2008 and raised over $236 million before going public in 2016 at $15 per share. The stock was up 3.82% in early trading, suggesting that Wall Street approves of the deal.


Early Stage is the premiere “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included in each for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Martech company Zeta Global raises $222.5M in debt

Zeta Global, the marketing technology company founded by David A. Steinberg and former Apple CEO John Sculley, is announcing an additional $222.5 million in new debt financing.

The company has gone down the debt route before — a Series F raised in 2017 combined $115 million funding with $25 million in debt. BofA Securities served as lead arranger and bookrunner for the new financing, with participation from Barclays, Credit Suisse and Morgan Stanley Senior Funding.

“For this round, we were able to both refinance our debt and add in a large amount of capacity for current operations and future initiatives,” Steinberg (Zeta’s CEO) told me via email. “We were able to work with our syndicate to capture a low interest rate and take advantage of the strong credit markets.”

The company emphasizes its data-driven approach to marketing, combining companies’ first-party data with artificial intelligence and what it says are more than 2.4 billion customer identifiers. Steinberg said this approach has only become more crucial, with 2020 delivering “a five-year acceleration” as brands face the challenge of “digitally transforming their business structure to be data-centric.”

“Zeta’s capabilities are helping marketers engage customers across the entire digital ecosystem more intelligently and efficiently, with individualized messages, offers, and content by way of our identity-based data and predictive AI,” Steinberg continued. “Our challenge is to continue to keep up with our customers’ needs and maintain our competitive advantage around data and AI.”

The company’s funding announcement notes that previous loans have been used to finance acquisitions and integrations, including commenting platform Disqus and machine learning-powered marketing platform Boomtrain. Asked whether this new debt will also be used for acquisitions, Steinberg said the company continues to “organically innovate,” with a focus on its customer data platform and connected TV capabilities.


Early Stage is the premiere ‘how-to’ event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included in each for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Google updates Workspace

Google Workspace, the company’s productivity platform you’ll forever refer to as G Suite (or even “Google Docs”), is launching a large update today that touches everything from your calendar to Google Meet and how you can use Workspace with Google Assistant.

Image Credits: Google

Indeed, the highlight here is probably that you can now use Assistant in combination with Google Workspace, allowing you to check your work calendar or send a message to your colleagues. Until now, this feature was available in beta and even after it goes live, your company’s admins will have to turn on the “Search and Assistant” service. And this is a bit of a slow rollout, too, with this capability now being generally available on mobile but still in beta for smart speakers and displays like Google’s own Nest Hub. Still, it’s been a long time coming, given that Google promised these features a very long time ago now.

The other new feature that will directly influence your day-to-day work is support for recurring out-of-office entries and segmentable working hours, as well as a new event type, Focus Time, to help you minimize distractions. Focus Time is a bit cleverer than the three-hour blocks of time you may block off on your calendar anyway in that it limits notifications during those event windows. Google is also launching a new analytics feature that tells you how much time you spend (waste) in meetings. This isn’t quite as fully featured (and potentially creepy) as Microsoft’s Productivity Score, since it only displays how much time you spend in meetings, but it’s a nice overview of how you spend your days (though you know that already). None of this data is shared with your managers.

For when you go back to an office, Google is also adding location indicators to Workspace so you can share when you will be working from there and when you’ll be working from home.

And talking about meetings, since most of these remain online for the time being, Google is adding a few new features that now allow those of you who use their Google Nest Hub Max to host meetings at home and to set up a laptop as their own second-screen experience. What’s far more important, though, is that when you join a meeting on mobile, Google will now implement a picture-in-picture mode so you can be in that Meet meeting on your phone and still browse the web, Gmail and get important work done during that brainstorming session.

Mobile support for background replace is also coming, as well as the addition of Q&As and polls on mobile. Currently, you can only blur your background on mobile.

Image Credits: Google

For frontline workers, Google is adding something it calls Google Workspace Frontline, with new features for this group of users, and it is also making it easier for users to build custom AppSheet apps from Google Sheets and Drive, “so that frontline workers can digitize and streamline their work, whether it’s collecting data in the field, reporting safety risks, or managing customer requests.”

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

Singapore-based Infatica[.]io is part of a growing industry of shadowy firms trying to woo developers who maintain popular browser extensions — desktop and mobile device software add-ons available for download from Apple, Google, Microsoft and Mozilla designed to add functionality or customization to one’s browsing experience.

Some of these extensions have garnered hundreds of thousands or even millions of users. But here’s the rub: As an extension’s user base grows, maintaining them with software updates and responding to user support requests tends to take up an inordinate amount of the author’s time. Yet extension authors have few options for earning financial compensation for their work.

So when a company comes along and offers to buy the extension — or pay the author to silently include some extra code — that proposal is frequently too good to pass up.

For its part, Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infatica’s computer code can earn anywhere from $15 to $45 each month for every 1,000 active users.

An Infatica graphic explaining the potential benefits for extension owners.

Infatica’s code then uses the browser of anyone who has that extension installed to route Web traffic for the company’s customers, including marketers or anyone able to afford its hefty monthly subscription charges.

The end result is when Infatica customers browse to a web site, that site thinks the traffic is coming from the Internet address tied to the extension user, not the customer’s.

Infatica prices its service based on the volume of web traffic a customer is seeking to anonymize, from $360 a month for 40 gigabytes all the way to $20,000 a month for 10,000 gigabytes of data traffic pushed through millions of residential computers.

THE ECONOMICS OF EXTENSIONS

Hao Nguyen is the developer behind ModHeader, an extension used by more than 400,000 people to test the functionality of websites by making it easier for users to modify the data shared with those sites. When Nguyen found himself spending increasing amounts of his time and money supporting the extension, he tried including ads in the program to help offset costs.

ModHeader users protested loudly against the change, and Nguyen removed the ads — which he said weren’t making him much money anyway.

“I had spent at least 10 years building this thing and had no luck monetizing it,” he told KrebsOnSecurity.

Nguyen said he ignored multiple requests from different companies offering to pay him to insert their code, mainly because the code gave those firms the ability to inject whatever they wanted into his program (and onto his users’ devices) at any time.

Then came Infatica, whose code was fairly straightforward by comparison, he said. It restricted the company to routing web requests through his users’ browsers, and did not try to access more sensitive components of the user’s browser experience, such as stored passwords and cookies, or viewing the user’s screen.

More importantly, the deal would net him at least $1,500 a month, and possibly quite a bit more.

“I gave Infatica a try but within a few days I got a lot of negative user reviews,” he said. “They didn’t like that the extension might be using their browser as a proxy for going to not so good places like porn sites.”

Again he relented, and removed the Infatica code.

A TARGET-RICH ENVIRONMENT

These days, Nguyen is focusing more of his time on chrome-stats.com, which provides detailed information on more than 150,000 extensions. The service is free for limited use, but subscribers who pay a monthly fee can get access to more resources, such as older extension versions and details about their code components.

According to chrome-stats.com, the majority of extensions — more than 100,000 of them — are effectively abandoned by their authors, or haven’t been updated in more than two years. In other words, there a great many developers who are likely to be open to someone else buying up their creation and their user base.

Image: chrome-stats.com

The vast majority of extensions are free, although a handful that have attracted a large and loyal enough following have been able to charge for their creations or for subscription services tied to the extension. But last year, Google announced it was shutting down paid Chrome extensions offered on its Chrome Web Store.

Nguyen said this will only exacerbate the problem of frustrated developers turning to offers from dodgy marketing firms.

“It’s a really tough marketplace for extension developers to be able to monetize and get reward for maintaining their extensions,” he said. “There are tons of small developers who haven’t been able to do anything with their extensions. That’s why some of them will go into shady integration or sell the extension for some money and just be done with it.”

A solicitation sent by Infatica to the developer of the SponsorBlock extension. Image: sponsor.ajay.app

WHO IS INFATICA?

It is unclear how many extensions currently incorporate Infatica’s code. KrebsOnSecurity searched for extensions that invoke several domains tied to Infatica’s Web proxy service (e.g., extendbalanc[.]org, ipv4v6[.]info). This research was conducted using Nguyen’s site and crxcavator.io, a similar extension research site owned by networking giant Cisco Systems.

Those searches revealed that Infatica’s code has been associated with at least three dozen extensions over the past few years, including several that had more than 100,000 users. One of those is Video Downloader Plus, which at one point claimed nearly 1.4 million active users.

The founder and director of Infatica — a resident of Biysk, Russia named Vladimir Fomenko — did not respond to multiple requests for comment.

Infatica founder Vladimir M. Fomenko.

Fomenko is the sole director of the iNinja VPN, another service that obfuscates the true Internet address of its more than 400,000 users. It stands to reason that iNinja VPN also is not only offering its customers a way to obfuscate their Internet address, but is actively using those same systems to route traffic for other customers: A Chrome browser plugin and ad blocker by the same name whose code includes Infatica’s “extenbalanc” domain has 400,000 users.

That would put Infatica in line with the activities of another major controversial VPN/proxy provider: Luminati, a.k.a. “HolaVPN.” In 2015, security researchers discovered that users of the HolaVPN browser extension were being used to funnel Web traffic for other people. Indeed, in the screenshot above, Infatica’s marketing team can be seen comparing its business model to that of HolaVPN.

Fomenko has appeared in two previous KrebsOnSecurity stories; both concerned King Servers (a.k.a. “Hosting Solution Ltd.“), a hosting company he has operated for years which caters mostly to adult websites.

In 2016, hackers suspected of working for Russian state security services compromised databases for election systems in Arizona and Illinois. Six of the eight Internet addresses identified by the FBI as sources of the attack traced back to King Servers. In an interview with The New York Times several months later, Fomenko flatly denied having any ties to the hacking.

According to the Russian daily Novaya Gazeta, revelations about the 2016 hacking incident’s ties to King Servers led to treason charges against Sergey Mikhaylov, the former deputy chief of Russia’s top anti-cybercrime unit.

Russian authorities charged that Mikhaylov had tipped off the FBI to information about Fomenko and King Servers. In 2019, Mikhaylov was convicted and sentenced to 22 years in a penal colony.

BE SPARING IN TRUSTING EXTENSIONS

Browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. The powers granted to each extension are roughly spelled out in its “manifest,” basically a description of what it will be able to access once you incorporate it into your browser.

According to Nguyen’s chrome-stats.com, about a third of all extensions for Chrome — by far the most widely-used Web browser — require no special permissions. But the remainder require the user to place a good deal of trust in the extension’s author. For example, approximately 30 percent can view all of your data on all or specific websites, or index your open tabs and browsing activity.

Image: chrome-stats.com

More than 68,000 Chrome extensions allow the execution of arbitrary code in the context of webpages, effectively allowing the extension to alter the appearance and functionality of specific sites.

I hope it’s obvious by this point, but readers should be extremely cautious about installing extensions — sticking mainly to those that are actively supported and respond to user concerns.

Personally, I do not make much use of browser extensions. In almost every case I’ve considered installing one I’ve been sufficiently spooked by the permissions requested that I ultimately decided it wasn’t worth the risk, given that any extension can go rogue at the whims of its author.

If you’re the type of person who uses multiple extensions, it may be wise to adopt a risk-based approach going forward. Given the high stakes that typically come with installing an extension, consider carefully whether having the extension is truly worth it. This applies equally to plug-ins designed for Web site content management systems like WordPress and Joomla.

Do not agree to update an extension if it suddenly requests more permissions than a previous version. This should be a giant red flag that something is not right. If this happens with an extension you trust, you’d be well advised to remove it entirely.

Also, never download and install an extension just because some Web site says you need it to view some type of content. Doing so is almost always a high-risk proposition. Here, Rule #1 from KrebsOnSecurity’s Three Rules of Online Safety comes into play: “If you didn’t go looking for it, don’t install it.” Finally, in the event you do wish to install something, make sure you’re getting it directly from the entity that produced the software.

Google Chrome users can see any extensions they have installed by clicking the three dots to the right of the address bar, selecting “More tools” in the resulting drop-down menu, then “Extensions.” In Firefox, click the three horizontal bars next to the address bar and select “Add-ons,” then click the “Extensions” link on the resulting page to view any installed extensions.