Atlassian’s in-house incubator lets employees put their product ideas to work

Every company wants to maintain that initial spark it had when it was an early stage startup, but keeping that going as you scale into a public company isn’t always easy. Atlassian is taking a unique approach by opening up product ideas to an internal competition, and actually funding and building the best ones with the goal of bringing them to market.

Steve Goldsmith, who is heading up the project for Atlassian says that it’s an in-house startup incubator called Point A. The company wants to encourage employees to be constantly thinking about new ways to improve the products. And every employee is encouraged to participate, not just engineers or product managers, as my might think.

“Point A is our internal framework for turning ideas into products. It’s our way of finding the innovation that’s happening all over the company, and giving a process and framework for those ideas to reach the maturity of actually becoming products that we offer to our customers,” Goldsmith told me.

He says that like many companies they hold internal hackathons and other events where many times employees come up with creative concepts for products, but they tend to get put on a shelf after the event is over and never get looked at again. With Point A, they can actually compete to put their experiments to work and see if they are actually viable.

“So we think of Point A as a way of finding all those different ideas and prototypes and concepts that people have in their brains or on the side of their desk kind of thing, and giving a process and a structure for those ideas to get out the door, and really invest in the ones that have some traction,” Goldsmith said.

He says by providing an official internal process to vet and maybe fund some of them, people inside the organization know that their proposals are being heard and they have a mechanism for submitting them, and the company has a way of seeing them.

The company launched Point A in 2019 looking at 35 possible projects, and testing them as possible products. Last January, they chose 9 that made the final cut and 4 turned into actual products and made it out the door this week including the Jira Work Management tool, which is being released today.

The next program is ready to roll with employees ready to present their ideas in a pitch day competition to get things going. “Our first class is graduating out of this program, and […] we start the process again. We actually just went through our big list of all the ideas to do it a second time, and we are doing a pitch day. It’s going t be a fun Shark Tank, The Voice kind of inspired [competition],” he said.

Company co-founders and co-CEOs Mike Cannon-Brookes and Scott Farquhar both participate in judging the competition, so it has executive buy-in giving more clout to the program and sending a message to employees that their ideas are being taken seriously.

The company provides funding, time away from your regular job, executive coaches and combines that with customer collaboration and early founder involvement with the goal of finding a scalable, repeatable process with defined phases that helps teams take the most innovative ideas from concept to customer.

Some make it. Some don’t as you might expect, but so far the plan seems to be working and is successfully encouraging innovation from within, something every company should be trying to do.

DigitalOcean says customer billing data accessed in data breach

DigitalOcean has emailed customers warning of a data breach involving customers’ billing data, TechCrunch has learned.

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22.

The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date and the name of the card-issuing bank. The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.

“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.

DigitalOcean said it fixed the flaw and notified data protection authorities, but it’s not clear what the apparent flaw was that put customer billing information at risk.

In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.

Companies with customers in Europe are subject to GDPR and can face fines of up to 4% of their global annual revenue.

Last year, the cloud company raised $100 million in new debt, followed by another $50 million round, months after laying off dozens of staff amid concerns about the company’s financial health. In March, the company went public, raising about $775 million in its initial public offering. 

Adobe launches a new, simplified digital asset manager

Adobe today announced the launch of a new asset management tool, Adobe Experience Manager Assets Essentials. That’s a mouthful, but while the company didn’t necessarily simplify the name, the idea here is to give teams that work with lots of digital assets an easier-to-use management experience in the Adobe Experience Cloud than Adobe’s current enterprise-centric asset management tool can offer.

In addition, Adobe is also launching the first tool to integrate this new experience: the Adobe Journey Optimizer. This new tool is meant to help users leverage their customer data to build out customer journeys and figure out the best ways to deliver messages and content along that journey.

“The push towards digital content and building these richer, engaging experiences — customers expect it,” Elliot Sedegah, director of Strategy and Product Marketing, Adobe, told me. “Almost every interaction that you go along, you expect a rich experience. And not only at that point of just having richer material, like images or video, etc., but you expect it at every point of interaction with that customer. So that customer, if you think of it, isn’t just interacting with a brand, but our customers, they think of it as a customer journey. So using the same content, from awareness to conversion to post-sale and loyalty — they expect that same story to maintain. And it’s getting increasingly hard to get to all the different touchpoints.”

Image Credits: Adobe

Like with similar products, the idea here is to create a centralized, collaborative space for content creators and the teams that use their work. In that respect, this new tool isn’t necessarily all that different from other shared online file management services. But Adobe is also leveraging some of its unique capabilities. It’s using its AI smarts and Adobe Sensei platform to help users organize and tag their assets, for example, to make them more easily searchable. And the new tool is integrated with Adobe Asset Link, so creative professionals can search, browse and edit these assets directly from Photoshop, Illustrator, InDesign and XD without having to switch context.

As Sedegah noted, not too long ago, it was mostly the creative teams and marketing that were involved in the content creation and management process. But today, this group also includes sales teams and customer support, for example, and the pandemic only accelerated this process.

Image Credits: Adobe

“[Our customers] have been forced to rethink their business models, rethink the way that they engage with customers — and it essentially accelerated this digital-everywhere process of the experiences customers get, the agility that customers expect from businesses, and then the number of people — and how they work — leveraging that content.”

So while Adobe’s enterprise asset management tools worked just fine before, the company’s users were telling it that it needed to do a better job at creating tools that made its asset management technology easier to use by more teams.

The first tool to integrate this new asset management experience directly is the Journey Optimizer. “That was a great opportunity for us to rethink that user experience that our customers wanted to deliver — and then make it easier for that person to do,” Sedegah said. “So as you’re building out a content journey — or maybe you’re designing a piece of content that’s going to get sent to maybe a customer as they engage with a brand — the digital assets appear right there for that author to use.”

Next up for integration is Workfront, the work management platform Adobe acquired last year. There’s an obvious synergy here between Workfront’s abilities to manage the planning, review and approval stages of a project and an asset management system like this.

The long-term strategy, though, is to integrate this experience across all Experience Cloud applications.

With Workfront, Adobe combines automated workflow with customer experience

Five months ago, Adobe purchased (for $1.5 billion) Workfront, a company that helps build marketing department workflows. Today the company is officially announcing how it intends to use it. As marketing executives try to balance mapping strategy to the creative process while building customized experiences, a marketing workflow tool would fit neatly into Adobe Experience Manager (AEM), and that’s where it has landed.

Alex Shootman, who was CEO at Workfront and is now VP and GM of Adobe Workfront, told me they see the tool as the system of record for the marketing department inside of AEM. While there is more than a hint of marketing in that explanation, the data from Workfront’s workflows acts as a record of the creative process.

As part of Adobe, the company has built hooks into Experience Manager and Creative Cloud to enable marketing’s creative work to move through an organized and auditable process, leaving a data trail that lets management know exactly what happened — a marketing system of record.

Shootman says having this system of record in place allows marketing teams to do several things. For starters, it lets them connect strategy to execution. “If you think about a CMO, he or she and their team is developing the key priorities for decisions for the year or for the quarter [and this helps them] take those key priorities and make sure that they are driving the activities within the marketing organization,” he said.

He says that involves connecting the people, processes and data within marketing into a single system where teams can iteratively plan on the work as changes arise. That’s where Workfront comes into play.

Brent Leary, lead analyst at CRM Essentials, says the approach makes a great deal of sense. “Creating enough personalized content at scale to stay connected with customers as their needs evolve over time is a team sport. That calls for tighter collaboration throughout the creation process, and Workfront within the AEM brings a sophisticated project management capability to the creative process,” Leary said.

During the pandemic, that became imperative as the majority of sales moved online. That increased the need for speed and agility. Having this workflow tool in place inside the Adobe Experience Manager means it’s not only allowing marketing to build customized experiences for its customers, it also enables them to automate the workflows behind those customizations.

The way this could work in practice is a marketing team creates a campaign and maps it out in Workfront. From there, creatives get assigned tasks and these tasks show up in Creative Cloud. When they complete the assignment, it automatically goes back into Workfront where it will be reviewed, eventually get approved and get published to the Digital Asset Management (DAM) tool where it will be available for use by the entire marketing team.

When it comes to acquisitions, it’s hard to know how well they’ll turn out, but Workfront seems particularly well suited to the Adobe ecosystem, a tool that can help bring a missing workflow automation component to the entire creative process, while allowing marketing execs to see exactly how their strategy played out.

Vista Equity takes minority stake in Canada’s Vena with $242M investment

Vena, a Canadian company focused on the Corporate Performance Management (CPM) software space, has raised $242 million in Series C funding from Vista Equity Partners.

As part of the financing, Vista Equity is taking a minority stake in the company. The round follows $25 million in financing from CIBC Innovation Banking last September, and brings Vena’s total raised since its 2011 inception to over $363 million.

Vena declined to provide any financial metrics or the valuation at which the new capital was raised, saying only that its “consistent growth and…strong customer retention and satisfaction metrics created real demand” as it considered raising its C round.

The company was originally founded as a B2B provider of planning, budgeting and forecasting software. Over time, it’s evolved into what it describes as a “fully cloud-native, corporate performance management platform” that aims to empower finance, operations and business leaders to “Plan to Growtheir businesses. Its customers hail from a variety of industries, including banking, SaaS, manufacturing, healthcare, insurance and higher education. Among its over 900 customers are the Kansas City Chiefs, Coca-Cola Consolidated, World Vision International and ELF Cosmetics.

Vena CEO Hunter Madeley told TechCrunch the latest raise is “mostly an acceleration story for Vena, rather than charting new paths.”

The company plans to use its new funds to build out and enable its go-to-market efforts as well as invest in its product development roadmap. It’s not really looking to enter new markets, considering it’s seeing what it describes as “tremendous demand” in the markets it currently serves directly and through its partner network.

“While we support customers across the globe, we’ll stay focused on growing our North American, U.K. and European business in the near term,” Madeley said.

Vena says it leverages the “flexibility and familiarity” of an Excel interface within its “secure” Complete Planning platform. That platform, it adds, brings people, processes and systems into a single source solution to help organizations automate and streamline finance-led processes, accelerate complex business processes and “connect the dots between departments and plan with the power of unified data.”            

Early backers JMI Equity and Centana Growth Partners will remain active, partnering with Vista “to help support Vena’s continued momentum,” the company said. As part of the raise, Vista Equity Managing Director Kim Eaton and Marc Teillon, senior managing director and co-head of Vista’s Foundation Fund, will join the company’s board.

“The pandemic has emphasized the need for agile financial planning processes as companies respond to quickly-changing market conditions, and Vena is uniquely positioned to help businesses address the challenges required to scale their processes through this pandemic and beyond,” said Eaton in a written statement. 

Vena currently has more than 450 employees across the U.S., Canada and the U.K., up from 393 last year at this time.

What can the OKR software sector tell us about startup growth more generally?

In the never-ending stream of venture capital funding rounds, from time to time, a group of startups working on the same problem will raise money nearly in unison. So it was with OKR-focused startups toward the start of 2020.

How were so many OKR-focused tech upstarts able to raise capital at the same time? And was there really space in the market for so many different startups building software to help other companies manage their goal-setting? OKRs, or “objectives and key results,” a corporate planning method, are no longer a niche concept. But surely, over time, there would be M&A in the group, right?

During our first look into the cohort, we concluded that it felt likely that there was “some consolidation” ahead for the group “when growth becomes more difficult.” At the time, however, it was clear that many founders and investors expected the OKR software market to have material depth.

They were right, and we were wrong. A year later, in early 2021, we asked the same group how their previous year had gone. Nearly every single company had a killer year, with many players growing by well over 100%.


The Exchange explores startups, markets and money. Read it every morning on Extra Crunch or get The Exchange newsletter every Saturday.


OKR company Ally.io grew 3.3x in 2020, for example, while its competitor Gtmhub grew by 3x over the same time period. More capital followed. Ally.io raised $50 million in a Series C in the first quarter, while Gtmhub put together a $30 million Series B during the same period.

They won’t be the final startups in the OKR cohort to raise this year. We know this because we reached out to the group again this week, this time probing their Q1 performance, and, critically, asking the startups to discuss their level of optimism regarding the rest of 2021.

As before, the group’s recent results are strong, at least when compared to their own planning. But notably, the collection of competing companies is more optimistic than before about the rest of the year than they were before Q1 2021. Things are heating up for the OKR startup world.

A takeaway from our work today is that our prior notes about how impressively deep the software market is proving to be may have been too modest. And frankly, that’s super-good news for startups and investors alike. So much for SaaS-fatigue.

In a sense, we should not be surprised that OKR startups are doing well or that the startup software market is so large. You’d imagine that the historic pace of venture capital investment that we’ve seen so far in 2021 in Europe and the United States was based on results, or evidence that there was lots more room for software-focused startups to grow.

Interestingly, while these companies look similar to outsiders, they are each betting on strategies and differentiators that could help them win in their selected portion of the OKR space. Which also means that the sector may not be as crowded as it seems.

Don’t take our word for it. Let’s hear from Gtmhub COO Seth Elliott, Workboard CEO and co-founder Deidre Paknad, Koan CEO and co-founder Matt Tucker, Ally.io CEO and co-founder Vetri Vellore, and Perdoo CEO and founder Henrik-Jan van der Pol about just what the software market looks like to them.

We’ll start with how the startups performed in Q1 2021, dig into how they feel about the rest of the year, and then talk about how differentiation among the cohort could be helping them not step on each other’s toes.

Rapid growth

WorkBoard is having a strong start to 2021. Paknad’s company, which raised in both March of 2019 and January of 2020, told The Exchange that it hired 82 people in the first three months of 2021, and that it plans on doing it again in the current quarter. WorkBoard is “investing heavily,” Paknad said via DM, and “made [its] Q1 targets.”

Experian’s Credit Freeze Security is Still a Joke

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Experian’s page for retrieving someone’s credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.

Dune Thomas is a software engineer from Sacramento, Calif. who put a freeze on his credit files last year at Experian, Equifax and TransUnion after thieves tried to open multiple new payment accounts in his name using an address in Washington state that was tied to a vacant home for sale.

But the crooks were persistent: Earlier this month, someone unfroze Thomas’ account at Experian and promptly applied for new lines of credit in his name, again using the same Washington street address. Thomas said he only learned about the activity because he’d taken advantage of a free credit monitoring service offered by his credit card company.

Thomas said after several days on the phone with Experian, a company representative acknowledged that someone had used the “request your PIN” feature on Experian’s site to obtain his PIN and then unfreeze his file.

Thomas said he and a friend both walked through the process of recovering their freeze PIN at Experian, and were surprised to find that just one of the five multiple-guess questions they were asked after entering their address, Social Security Number and date of birth had anything to do with information only the credit bureau might know.

KrebsOnSecurity stepped through the same process and found similar results. The first question asked about a new mortgage I supposedly took out in 2019 (I didn’t), and the answer was none of the above. The answer to the second question also was none of the above.

The next two questions were useless for authentication purposes because they’d already been asked and answered; one was “which of the following is the last four digits of your SSN,” and the other was “I was born within a year or on the year of the date below.” Only one question mattered and was relevant to my credit history (it concerned the last four digits of a checking account number).

The best part about this lax authentication process is that one can enter any email address to retrieve the PIN — it doesn’t need to be tied to an existing account at Experian. Also, when the PIN is retrieved, Experian doesn’t bother notifying any other email addresses already on file for that consumer.

Finally, your basic consumer (read: free) account at Experian does not give users the option to enable any sort of multi-factor authentication that might help stymie some of these PIN retrieval attacks on credit freezes.

Unless, that is, you subscribe to Experian’s heavily-marketed and confusingly-worded “CreditLock” service, which charges between $14.99 and $24.99 a month for the ability to “lock and unlock your file easily and quickly, without delaying the application process.” CreditLock users can both enable multifactor authentication and get alerts when someone tries to access their account.

Thomas said he’s furious that Experian only provides added account security for consumers who pay for monthly plans.

“Experian had the ability to give people way better protection through added authentication of some kind, but instead they don’t because they can charge $25 a month for it,” Thomas said. “They’re allowing this huge security gap so they can make a profit. And this has been going on for at least four years.”

Experian has not yet responded to requests for comment.

When a consumer with a freeze logs in to Experian’s site, they are immediately directed to a message for one of Experian’s paid services, such as its CreditLock service. The message I saw upon logging in confirmed that while I had a freeze in place with Experian, my current “protection level” was “low” because my credit file was unlocked.

“When your file is unlocked, you’re more vulnerable to identity theft and fraud,” Experian warns, untruthfully. “You won’t see alerts if someone tries to access your file. Banks can check your file if you apply for credit or loans. Utility and service providers can see your credit file.”

Experian says my security is low because while I have a freeze in place, I haven’t bought into their questionable “lock service.”

Sounds scary, right? The thing is — except for the part about not seeing alerts — none of the above statement is true if you already have a freeze on your file. A security freeze essentially blocks any potential creditors from being able to view your credit file, unless you affirmatively unfreeze or thaw your file beforehand.

With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file). It is now free to freeze your credit in all U.S. states and territories.

Experian, like the other consumer credit bureaus, uses their intentionally confusing “lock” terminology to frighten consumers into paying for monthly subscription services. A key selling point for these lock services is they can be a faster way to let creditors peek at your file when you wish to apply for new credit. That may or may not be true in practice, but consider why it’s so important for Experian to get consumers to sign up for their lock programs.

The real reason is that Experian makes money every time someone makes a credit inquiry in your name, and it does not want to do anything to hinder those inquiries. Signing up for a lock service lets Experian continue selling credit report information to a variety of third parties. According to Experian’s FAQ, when locked your Experian credit file remains accessible to a host of companies, including:

-Potential employers or insurance companies

-Collection agencies acting on behalf of companies you may owe

-Companies providing pre-screened credit card offers

-Companies that have an existing credit relationship with you (this is true for frozen files also)

-Personalized offers from Experian, if you choose to receive them

It is annoying that Experian can get away with offering additional account security only to people who pay the company a hefty sum each month to sell their information. It’s also amazing that this sloppy security I wrote about back in 2017 is still just as prevalent in 2021.

But Experian is hardly alone. In 2019, I wrote about how Equifax’s new MyEquifax site made it simple for thieves to lift an existing credit freeze at Equifax and bypass the PIN if they were armed with just your name, Social Security number and birthday.

Also in 2019, identity thieves were able to get a copy of my credit report from TransUnion after successfully guessing the answers to multiple-guess questions like the ones Experian asks. I only found out after hearing from a detective in Washington state, who informed me that a copy of the report was found on a removable drive seized from a local man who was arrested on suspicion of being part of an ID theft gang.

TransUnion investigated and found it was indeed at fault for giving my credit report to ID thieves, but that on the bright side its systems blocked another fraudulent attempt at getting my report in 2020.

“In our investigation, we determined that a similar attempt to fraudulently obtain your report occurred in April 2020, and was successfully blocked by enhanced controls TransUnion has implemented since last year,” the company said. “TransUnion deploys a multi-layered security program to combat the ongoing and increasing threat of fraud, cyber-attacks and malicious activity.  In today’s dynamic threat environment, TransUnion is constantly enhancing and refining our controls to address the latest security threats, while still allowing consumers access to their information.”

For more information on credit freezes (also called a “security freezes”), how to request one, and other tips on preventing identity fraud, check out this story.

If you haven’t done so lately, it might be a good time to order a free copy of your credit report from annualcreditreport.com. This service entitles each consumer one free copy of their credit report annually from each of the three credit bureaus — either all at once or spread out over the year.

n8n raises $12M for its ‘fair code’ approach to low-code workflow automation

As businesses continue to look for better ways to work more efficiently, a pioneer in the space of low-code tools to help automate how apps work together is announcing a round of funding on the back of impressive early traction.

Berlin-based n8n — which provides a framework for both technical and non-technical people to synchronize and integrate data and workflows — has raised $12 million in a Series A round of funding.

The startup plans to use the money to continue expanding its team, which now numbers 60 people, and to expand its platform and the services it provides to users.

Currently, n8n can help link up and integrate data and functions between more than 200 established applications, as well as any custom apps or services that you might be using in your specific organization. And since launching in October 2019, the startup has picked up an impressive 16,000 users — including both developers and “citizen developers” (those whose jobs might be described as non-technical but they are not afraid to be more hands-on in trying to build in ways to work better).

Now it wants to make the service easier for more of the latter group to get stuck in with using it.

“We are still seen as a technical product and less of one for citizen developers,” founder and CEO Jan Oberhauser said in an interview. “Our plan is to make n8n simpler to use, so that it’s much easier to adopt. We want to give everyone technical superpowers, whether it’s the marketing team or the IT department.” That means for example building not just chatbots but more intelligent ones, or creating new ways of visualizing data in Slack or something else altogether. And n8n’s platform can also be used to build automation within products, for example to monitor performance and flag when something might need maintenance.

The round is being led by Felicis Ventures, with Sequoia Capital, firstminute Capital and Harpoon Ventures also participating. Sequoia and firstminute co-led n8n’s seed round about a year ago, which also included participation from Eventbrite’s Kevin Hartz, Supercell’s Ilkka Paananen and unnamed early employees of Google and Zendesk, among others. The startup has now raised around $14 million and is not disclosing valuation.

There are a number of low-code and no-code startups on the market today and many of them have been seeing a surge of in interest in the last year. It’s a trend I suspect was brought about in no small part by the arrival of COVID-19.

The pandemic not only led to more people working remotely and relying on apps and other cloud-based services to get what they needed to do done, but in many cases it led organizations to refocus on how they were working, and what could be improved. In some cases, it also has meant a severe tightening of belts, and so companies are needing to do more with less human power, another factor leading to more proactive efforts to use software to get more out of… software.

That’s meant more strain on IT teams, and that too has led to more people within departments themselves getting proactive in improving their own workflows.

Other startups in the space include Bryter (which raised a $66 million Series B earlier this month) and Genesis (which raised $45 million in March), along with Zapier, Airtable, Rows, GyanaUshurCreatio, EasySend and CapivateIQ, some of which are coming to the market with a variety of solutions targeting a set of generic tools, while others are building solutions for more narrow use cases.

In the case of n8n, the company might be considered a “pioneer” in the space not just because of its focus on the growing area of low-code tools, but because of how it views the world of software.

The basic approach n8n is taking is around the idea of “fair code.” This is somewhat similar to open-source, and is analogous to a freemium-style model for the concept. The code is available in a public repository and the idea is that this will never disappear (one issue many enterprises face on the bleeding edge of tech: companies and their services sometimes shut down). However, n8n itself limits how much it can be used for free, before users start to pay to use it so that n8n can monetize its work, which it does in the form of consulting and integration services. (In the case of n8n, that limit looks to be up to a limit of $30,000 in support services revenues.)

Oberhauser was an early proponent of the concept of n8n and he runs a site dedicated to spreading the word. (You can also read about the different approaches to fair code, and some of what led to the creation of the concept, here.)

While basic and limited access to the code will remain free, and even as a company like n8n aims to make it easier and easier for non-developers to build integrations, there will be areas that need attention to make those services accessible to the people within an organization. For starters, there is the issue of setting up the basic integration connectors, especially in cases where the software a company is using is proprietary or customized.

There is also another issue that is likely to become more prominent as low-code and no-code tools continue to grow in popularity, and that is security. While IT departments may not have oversight of every single integration, neither will the security teams, which means that new data vulnerabilities might well become more commonplace, too. For all of these reasons, n8n is betting that there will still be some integration and consulting involved in implementation.

“Almost every company needs help connecting outside and internal systems, to make it easier for people to get started,” Oberhauser said.

Aydin Senkut, founder and managing partner of Felicis Ventures, who led the round, said that what attracted him to n8n was the extensibility of the platform — that it could be applied not just for app integration and workflow automation in those apps but a much wider set of use cases — and the very early traction of 16,000 users that it’s picked up with very little fanfare, a sign that the service has some stickiness and usefulness to it.

And the fact that it lets developers — “citizen” or otherwise — play with so many options is also a key part of it.

“We feel that data is the new oil, and one of the special things here is not just low or no-code per se, but how n8n is making it seamless and easy to connect tens or even hundreds of apps.” Senkut said that it reminded him a little of Felicis’ early investment in Plaid. “Essentially, the more data and APIs you have the more valuable the company can be. I think to measure the potential of a company, look at the APIs. If you can connect disparate things together, that is key.”

The Good, the Bad and the Ugly in Cybersecurity – Week 17

The Good

Notorious card-stealing and financial crime gang, FIN7, have had a busy time in the news this week. Former sys admin for the 70-strong gang of thieves and fraudsters, Fedir Hladyr, has been handed down a 10-year prison sentence for conspiracy to commit wire fraud and conspiracy to commit computer hacking. Prosecutors say Hladyr, a Ukrainian national, was responsible for maintaining the gang’s network of servers and controlling their encrypted communication channels. He was also involved in aggregating stolen card details and supervising other members of the criminal organization.


Source

The gang are believed to have compromised millions of financial accounts and are said to be responsible for over a billion dollars of loss to U.S. businesses and individuals. A statement from the FBI noted that thanks to international cooperation among law enforcement agencies, “these fraudsters are not beyond our reach and cannot hide from the law”. Threat actors of all stripes take note.

Among FIN7’s arsenal of tools is a malware family known as ‘Carbanak’. According to MITRE, the same malware is used by a different group who are tracked separately to FIN7 as the Carbanak group. Because of their similarities, both were used in the latest round of MITRE Engenuity evaluations, which aim to provide independent evaluation of enterprise security products.

The results of the latest round of testing were released this week and speak for themselves (spoiler: SentinelOne was the only one of the 29 vendors evaluated that had zero missed detections and 100% visibility. But you don’t have to take our word for it, see what MITRE Engenuity had to say!). That’s good news for SentinelOne customers and good news for businesses looking for an independent evaluation of enterprise security solutions.

The Bad

When it comes to bad news, if it’s not ransomware, it’s a supply chain attack, and sometimes it’s both. Such is the case this week with what appears to be another high-profile victim of the REvil ransomware group. The RaaS operators, or one of their affiliates, appear to have compromised Quanta, a Taiwanese-based company that manufactures products for, among others, Apple. However, their initial attempts at trying to extort the victim fell flat, so instead the crew decided to go after Apple directly.

The gang says that since Quanta did not seem to “care about the data of its customers and employees”, it would release “large quantities of confidential drawings and gigabytes of personal data”, which – it is claimed – include data of “upcoming releases” of Apple products. The threat actors have publicly given Apple until May 1st to pay an undisclosed sum to prevent the leak. Previously, the same group had demanded $50 million from laptop maker Acer, and it is believed that a similar or higher sum is being demanded of Apple.


Source

As we’ve seen over the last 18 months or so, ransomware gangs have branched out from simple encryption to data theft and extortion of victims. This case, however, appears to be the first in which threat actors, having failed to persuade the primary target to pay, have then gone on to try and extort money directly from clients of the victim. We don’t expect it to be the last.

The Ugly

Remember SUPERNOVA (well, it’s easy to forget with so many new malware families being foisted upon us these days)? As suspected some time ago, it appears that there’s more than one APT threat actor leveraging SolarWinds Orion vulnerabilities. This week, CISA gave details regarding a second actor that has been enjoying long-term compromise of an enterprise network by exploiting vulnerabilities in SolarWinds Orion and dropping the SUPERNOVA malware to gather credentials.

What makes this particular case more worrisome than usual is the threat actor’s initial point of ingress. It appears that from around March 2020 or earlier until February 2021, the attackers used residential IP addresses in the U.S. to connect to the victim’s network via a Pulse Secure VPN appliance, masquerading as remote WFH employees. It is not known how the attacker gained the initial credentials, but it is known that they were not MFA enabled. Once logged on to the VPN instance, the attackers moved laterally to the victim’s SolarWinds Orion appliance and installed the SUPERNOVA malware.

SUPERNOVA, you may recall, is a web shell implant that can compile and execute C# code in memory on exposed hosts. The implant uses a trojanized copy of a legitimate DLL .NET library, App_Web_logoimagehandler.ashx.b6031896.dll.


Source

Although unconfirmed due to the removal of logs by the attacker, CISA believes the threat actor also likely exploited an authentication bypass vulnerability in SolarWinds Orion API (CVE-2020-10148 ) to allow execution of API commands remotely.

Lessons to be learned? Ensure your VPN has MFA enabled for all accounts, and ensure you have a security solution that keeps logs in the cloud, well out of reach of attackers’ meddling hands. Further details and recommendations from CISA are available here.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

MITRE ATT&CK Engenuity: AI & Big Data Powered EDR > Human Powered Products

Finally! The long-awaited 2020 ATT&CK evaluation results published. And along with it, almost every participating vendor’s interpretation of the results and how they excelled in the evaluation. As you read the industry’s commentary on the results, keep an eye out for contrived and/or creatively adjusted metrics. Below you will find a data-first approach to understanding our performance.

The benefit of MITRE Engenuity ATT&CK is that testing data is open and publicly accessible. In an effort to be transparent with our results, in this post, we will only talk about the numbers and metrics published by MITRE Engenuity – so that you can validate the information for yourself and separate fact from fiction. No number fudging, no creative invention.

SentinelOne’s MITRE Results

Here is a screenshot of SentinelOne evaluations from MITRE Engenuity; you will see that SentinelOne had:

  • 100% Visibility – 174 of 174 steps
  • Highest Analytic Coverage – 159 of 174 steps
  • Zero Delayed Modifiers
  • Zero Config Change Modifiers
Source: MITRE Engenuity

Read on to understand how the above metrics are critical for an effective security posture. 

The latest ATT&CK results were released Tuesday, April 20, 2021. While the Round 1 ATT&CK Evaluation  (the first year of testing) was based on APT3 (Gothic Panda), and the Round 2 ATT&CK Evaluation focused on TTPs associated with APT29 (Cozy Bear), this year’s evaluation focuses on emulating financial threat groups. Testing day 1 simulates the Carbanak adversary group’s attack methodology. Their objective? Breach the HR Manager, quietly move about the network, identify payment data, and exfiltrate it. It involves 4 Windows computers and a Linux server and consists of 96 techniques in 10 steps.  See the Carbanak emulation.

Testing day 2 simulates the FIN7 adversary group. Similarly, their objective is to steal financial data. This simulation involves five computers and 78 techniques in 10 steps.

Visibility is the Foundation of Best-In-Class EDR

1. SentinelOne is the ONLY vendor to deliver 100% visibility with ZERO missed detections across all tested operating systems – Windows & Linux.

The foundation of a superior EDR solution is its ability to consume pertinent SecOps data at scale across a variety of OSes and cloud workloads while missing nothing in the process. With the increased sophistication and frequency of today’s attacks, depth and breadth of visibility are fundamental capabilities that an EDR solution should deliver. Having no gaps in visibility means no blind spots, significantly reducing the attacker’s ability to operate undetected.

Complete in-depth visibility is table stakes for any worthy EDR solution. No visibility, no breach protection!

As the ATT&CK evaluation data shows, SentinelOne had ZERO misses in this round. We detected 100% of attacks over Windows devices as well as Linux servers.

Detection Quality Separates the Wheat from the Chaff

2. SentinelOne delivered the MOST high-quality analytic detections to provide automated instant insight into adversary actions.

Analytics Detection Coverage (a count of any non-telemetry detection) rather than Detection Counts should be a factor to consider when deciding on the best EDR solution. Having a high number of general, tactic, or technique detections leads to higher quality detections because this ensures fewer attacks are missed. Having access to high-fidelity, high-quality detections gives enterprises more time to investigate events rather than searching through a sea of data that may be predominantly false positives.

In the ATT&CK  evaluation, “Techniques” and “Tactics” are the key measures of data precision.

  • Technique: The epitome of relevant and actionable data – fully contextualized data points that tell a story, indicating what happened, why it happened, and crucially, how it happened.
  • Tactic: The next level down in the hierarchy, representing categories of techniques that tell us the actor’s steps in achieving their ultimate goals (persistence, data egress, evasions, etc.) In short, the ‘what’ and the ‘why.’

These two detection classifications are the core of the MITRE ATT&CK framework and are of the highest value in creating context. According to MITRE Engenuity’s published results, out of all participants in this evaluation, SentinelOne recorded the highest number of analytic detections.

Detection Delays are Deadly

3. SentinelOne experienced zero delayed detections, making EDR real-time.

Time is a critical factor whether you’re detecting an attack or neutralizing it.

A delayed detection, according to MITRE Engenuity, is not immediately available to the analyst; it may come in minutes or hours after the adversary has performed the malicious activity.

A delayed detection during the evaluation often means that an EDR solution required a human analyst to manually confirm suspicious activity due to the inability of the solution to do so on its own. The solution typically needs to send data to the analyst team or third-party services such as sandboxes, which in turn analyzes the data and alerts the customer, if required. However, many critical parts of this process are done manually, resulting in a window of opportunity for the adversary to do real damage.

Adversaries operating at high speed must be countered with machine speed automation that’s not subject to the inherent slowness of humans.

As the ATT&CK evaluation data shows, SentinelOne had zero delayed detections in this evaluation.

Configuration Changes Highlight Fragility & Scaling Problems

4. SentinelOne required zero configuration changes, making EDR effortless.

According to MITRE Engenuity, Config change refers to any detection that was made possible only because the vendor changed the initial configuration.

However, in a real-world scenario,  SOC operators do not have time to customize settings, especially during an ongoing attack. Constantly tuning, fine-tuning, and adjusting a product means the battle is lost before it starts. In reality, SOC operators wouldn’t even know what changes to make. Without an alert, they would not know what to look for to drive the configuration change.

Technology-powered solutions should work at an enterprise-scale right out of the box to realize immediate time-to-value. SentinelOne Enterprise-Grade EDR deploys in seconds and works at total capacity instantly, as shown by the MITRE Engenuity evaluation data.

Storyline Automatically Connects the Dots

5. SentinelOne produced one console alert per targeted device.

Ask any SOC Operator about their biggest frustrations, and alert fatigue will be high among them. They constantly struggle to identify the serious threat indicators while wading through false positives. Rather than getting alerted on every piece of telemetry within an incident and fatiguing the already-burdened SOC team, an EDR solution should eliminate the noise before it reaches you by automatically grouping individual data points into combined alerts.

Consolidating hundreds of data points across a 48-hour advanced campaign, SentinelOne correlated and crystallized the attack into one complete story, represented as a single alert per target machine. SentinelOne provides instant insights within seconds rather than having analysts spend hours, days, or weeks correlating logs and linking events manually.

SentinelOne reduces the amount of manual effort needed, helps with alert fatigue, and significantly lowers the skillset barrier of benefiting from EDR.

What the Results Mean for You

As a security leader, it’s important that you look at how you can improve your security posture and reduce risk while reducing the burden on your security team. While evaluating, look for an EDR solution that:

  • Provides complete visibility without any blind spots
  • Automatically correlates detections instead of relying on humans to interpret and manually stitch the data
  • Defeats adversaries in real-time
  • Works out-of-the-box as expected without needing continuous tune-ups
  • Includes granular remediation capabilities for automated cleanup and recovery

SentinelOne’s exceptional performance in 2020 ATT&CK evaluations once again prove that purpose-built, future-thinking solutions deliver the in-depth visibility, automation, and speed that the modern SOC needs to combat adversaries. As evidenced by the results data, SentinelOne excels at visibility and detection, and even more importantly, in the autonomous mapping and correlating of data into fully indexed and correlated stories through Storyline™ technology. This technology advantage sets us apart from every other vendor on the market.

To learn more about SentinelOne’s performance in the 2020 MITRE Engenuity ATT&CK Evaluation, register for the upcoming webinar on Monday, April 26 at 10 a.m. PDT.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security