Pillar VC closes $192M for two funds targeting SaaS, crypto, biotech, manufacturing

As its name suggests, venture firm Pillar VC is focused on building “pillar” companies in Boston and across the Northeast.

The Boston-based seed-stage firm closed a raise of $192 million of capital that was split into two funds, $169 million for Pillar III and $23 million for Pillar Select. More than 25 investors are backing the new fund, including portfolio founders.

Jamie Goldstein, Sarah Hodges and Russ Wilcox are Pillar VC’s three partners, and all three lead investments for Pillar. The trio all have backgrounds as entrepreneurs: Goldstein, who has spent the past two decades in VC, co-founded speech recognition company PureSpeech, which was acquired by Voice Control Systems; Hodges was at online learning company Pluralsight; and Wilcox was CEO of electronic paper company E Ink, which he sold in 2009.

Pillar typically invests in a range of enterprise and consumer startups and aims to target Pillar III at startups focused on biology, enterprise SaaS, AI/ML, crypto, fintech, hardware, manufacturing and logistics. The firm will make pre-seed investments of $50,000 to $500,000 and seed-round investments of $2 million to $6 million.

One of the unique aspects of the firm is that it will buy common stock so that it will be aligned with founders and take on the same risks, Goldstein told TechCrunch.

The firm, founded in 2016, already has 50 portfolio companies from its first two funds — Pillar I, which raised $57 million, and Pillar $100 million. These include cryptocurrency company Circle, which announced a SPAC earlier this month, 3D printing company Desktop Metal that went public, also via SPAC, last year, and PillPack, which was bought by Amazon in 2018.

“Pillar is an experiment, answering the question of ‘what would happen if unicorn CEOs came in and helped bootstrap the next generation’,” Wilcox said. “The experience is working, and Pillar does what VCs ought to do, which is back first-of-its-kind ideas.”

In addition to leading investments, Hodges leads the Pillar VC platform for the firm’s portfolio companies. Many of the portfolio companies are spinouts from universities, and need help turning that technology into a company. Pillar provides guidance to recruit a CEO or partner on the business side, leadership development, recruit talent and makes introductions to potential customers.

Pillar also intends to invest a third of the new fund into that biology category, specifically looking at the convergence of life science and technology, Wilcox said.

In its second fund, the firm started Petri, a pre-seed bio accelerator focused on biotech, and brought in founders using computation and engineering to develop technologies around the areas of agriculture, genetics, cell and gene therapies, medical data and drug discovery. The third fund will continue to support the accelerator through both pre-seed and seed investments.

The first investments from Pillar III are being finalized, but Hodges expects to infuse capital into another 50 companies.

“We are super bullish on Boston,” she added. “So many companies here are growing to be household names, and an exciting energy is coming out.”

 

How we built an AI unicorn in 6 years

Today, Tractable is worth $1 billion. Our AI is used by millions of people across the world to recover faster from road accidents, and it also helps recycle as many cars as Tesla puts on the road.

And yet six years ago, Tractable was just me and Raz (Razvan Ranca, CTO), two college grads coding in a basement. Here’s how we did it, and what we learned along the way.

Build upon a fresh technological breakthrough

In 2013, I was fortunate to get into artificial intelligence (more specifically, deep learning) six months before it blew up internationally. It started when I took a course on Coursera called “Machine learning with neural networks” by Geoffrey Hinton. It was like being love struck. Back then, to me AI was science fiction, like “The Terminator.”

Narrowly focusing on a branch of applied science that was undergoing a paradigm shift which hadn’t yet reached the business world changed everything.

But an article in the tech press said the academic field was amid a resurgence. As a result of 100x larger training data sets and 100x higher compute power becoming available by reprogramming GPUs (graphics cards), a huge leap in predictive performance had been attained in image classification a year earlier. This meant computers were starting to be able to understand what’s in an image — like humans do.

The next step was getting this technology into the real world. While at university — Imperial College London — teaming up with much more skilled people, we built a plant recognition app with deep learning. We walked our professor through Hyde Park, watching him take photos of flowers with the app and laughing from joy as the AI recognized the right plant species. This had previously been impossible.

I started spending every spare moment on image classification with deep learning. Still, no one was talking about it in the news — even Imperial’s computer vision lab wasn’t yet on it! I felt like I was in on a revolutionary secret.

Looking back, narrowly focusing on a branch of applied science undergoing a breakthrough paradigm shift that hadn’t yet reached the business world changed everything.

Search for complementary co-founders who will become your best friends

I’d previously been rejected from Entrepreneur First (EF), one of the world’s best incubators, for not knowing anything about tech. Having changed that, I applied again.

The last interview was a hackathon, where I met Raz. He was doing machine learning research at Cambridge, had topped EF’s technical test, and published papers on reconstructing shredded documents and on poker bots that could detect bluffs. His bare-bones webpage read: “I seek data-driven solutions to currently intractable problems.” Now that had a ring to it (and where we’d get the name for Tractable).

That hackathon, we coded all night. The morning after, he and I knew something special was happening between us. We moved in together and would spend years side by side, 24/7, from waking up to Pantera in the morning to coding marathons at night.

But we also wouldn’t have got where we are without Adrien (Cohen, president), who joined as our third co-founder right after our seed round. Adrien had previously co-founded Lazada, an online supermarket in South East Asia like Amazon and Alibaba, which sold to Alibaba for $1.5 billion. Adrien would teach us how to build a business, inspire trust and hire world-class talent.

Find potential customers early so you can work out market fit

Tractable started at EF with a head start — a paying customer. Our first use case was … plastic pipe welds.

It was as glamorous as it sounds. Pipes that carry water and natural gas to your home are made of plastic. They’re connected by welds (melt the two plastic ends, connect them, let them cool down and solidify again as one). Image classification AI could visually check people’s weld setups to ensure good quality. Most of all, it was real-world value for breakthrough AI.

And yet in the end, they — our only paying customer — stopped working with us, just as we were raising our first round of funding. That was rough. Luckily, the number of pipe weld inspections was too small a market to interest investors, so we explored other use cases — utilities, geology, dermatology and medical imaging.

Spam Kingpin Peter Levashov Gets Time Served

Peter Levashov, appearing via Zoom at his sentencing hearing today.

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.

A native of St. Petersburg, Russia, the 40-year-old Levashov operated under the hacker handle “Severa.” Over the course of his 15-year cybercriminal career, Severa would emerge as a pivotal figure in the cybercrime underground, serving as the primary moderator of a spam community that spanned multiple top Russian cybercrime forums.

Severa created and then leased out to others some of the nastiest cybercrime engines in history — including the Storm worm, and the Waledac and Kelihos spam botnets. His central role in the spam forums gave Severa a prime spot to advertise the services tied to his various botnets, while allowing him to keep tabs on the activities of other spammers.

Severa rented out segments of his Waledac botnet to anyone seeking a vehicle for sending spam. For $200, vetted users could hire his botnet to blast one million emails containing malware or ads for male enhancement drugs. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million.

Severa was a moderator on the Russian spam community Spamdot[.]biz. In this paid ad from 2004, Severa lists prices to rent his spam botnet.

Early in his career, Severa worked very closely with two major purveyors of spam. One was Alan Ralsky, an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams.

The other was a major spammer who went by the nickname “Cosma,” the cybercriminal thought to be responsible for managing the Rustock botnet (so named because it was a Russian botnet frequently used to send pump-and-dump stock spam). Microsoft, which has battled to scrub botnets like Rustock off of millions of PCs, later offered a still-unclaimed $250,000 reward for information leading to the arrest and conviction of the Rustock author.

Severa ran several affiliate programs that paid cybercriminals to trick people into installing fake antivirus software. In 2011, KrebsOnSecurity dissected “SevAntivir” — Severa’s eponymous fake antivirus affiliate program  — showing it was used to deploy new copies of the Kelihos spam botnet.

A screenshot of the “SevAntivir” fake antivirus or “scareware” affiliate program run by Severa.

In 2010, Microsoft — in tandem with a number of security researchers — launched a combined technical and legal sneak attack on the Waledac botnet, successfully dismantling it. The company would later do the same to the Kelihos botnet, a global spam machine which shared a great deal of code with Waledac and infected more than 110,000 Microsoft Windows PCs.

Levashov was arrested in 2017 while in Barcelona, Spain with his family. According to a lengthy April 2017 story in Wired.com, he got caught because he violated a basic security no-no: He used the same log-in credentials to both run his criminal enterprise and log into sites like iTunes.

In fighting his extradition to the United States, Levashov famously told the media, “If I go to the U.S., I will die in a year.” But a few months after his extradition, Levashov would plead guilty to four felony counts, including intentional damage to protected computers, conspiracy, wire fraud and aggravated identity theft.

At his sentencing hearing today, Levashov thanked his wife, attorney and the large number of people who wrote the court in support of his character, but otherwise declined to make a statement. His attorney read a lengthy statement explaining that Levashov got into spamming as a way to provide for his family, and that over a period of many years that business saw him supporting countless cybercrime operations.

The plea agreement Levashov approved in 2018 gave Judge Robert Chatigny broad latitude to impose a harsh prison sentence. The government argued that under U.S. federal sentencing guidelines, Levashov’s crimes deserved an “offense level” of 32, which for a first-time offender means a sentence of anywhere from 121 to 151 months (10 to 12 years).

But Judge Chatigny said he had concerns that “the total offense level does overstate the seriousness of Mr. Levashov’s crimes and his criminal culpability,” and said he believed Levashov was unlikely to offend again.

“33 months is a long time and I’m sure it was especially difficult for you considering that you were away from your wife and child and home,” Chatigny told the defendant. “I believe you have a lot to offer and hope that you will do your best to be a positive and contributing member of society.”

Mark Rasch, a former federal prosecutor with the U.S. Justice Department, said the sentencing guidelines are no longer mandatory, but they do reflect the position of Congress, the U.S. Sentencing Commission, and the Administrative Office of the U.S. Courts about what seriousness of the offenses.

“One of the problems you have here is it’s hard enough to catch and prosecute and convict cybercriminals, but at the end of the day the courts often don’t take these offenses seriously,” Rasch said. “One the one hand, sentences like these do tend to diminish the deterrent effect, but also I doubt there are any hackers in St. Petersburg right now who are watching this case and going, ‘Okay, great now I can keep doing what I’m doing.’”

Judge Chatigny deferred ruling on what — if any — financial damages Levashov may have to pay as a result of the plea.

The government acknowledged that it was difficult to come to an accurate accounting of how much Levashov’s various botnets cost companies and consumers. But the plea agreement states a figure of approximately $7 million — which prosecutors say represents a mix of actual damages and ill-gotten gains.

However, the judge delayed ruling on whether to impose a fine because prosecutors had yet to supply a document to back up the defendant’s alleged profit/loss figures. The judge also ordered Levashov to submit to three years of supervised release, which includes constant monitoring of his online communications.

The Rise of Big Data | Solving Today’s Challenges with SentinelOne XDR (Part 1)

Extended Detection and Response (XDR) has become a prominent topic amongst security vendors and analysts in recent months. The promise of improved threat detections across a broader range of interconnected hardware and software solutions feels a lot like the early days of SIEM as it expanded beyond simple log management capabilities. Like with most legacy SIEM deployments, early XDR customers have struggled to balance investments in tooling and positive business outcomes. In fact, most enterprises have yet to fully consider the cost and complexity associated with data collection and analytics required by some vendor XDR solutions. Let’s take a look at the challenges in more detail and consider how SentinelOne is revolutionizing the XDR landscape by tackling one of the largest and most complex obstacles threatening successful XDR adoption: data management at scale.

Data Is Growing, Exponentially

IDC predicts that by 2025, the total volume of data stored globally will reach 175ZB! That’s a whopping 5-fold increase from 2018 (33ZB). For those that stopped counting at gigabytes, one zettabyte is equal to one trillion GB. Stored on DVD media, that would be a stack of disks spanning to the moon and back 12 times! But how does this data break down, and how much of this can be used to inform better security decisions to keep enterprises safe from targeted attacks? Let’s dig a little deeper into the data.

Of the predicted 175ZB, roughly 85% is enterprise and/or public cloud data storage. More importantly, IDC predicts that by 2025 as much as 30% of this data will be classified as ‘real-time, sensorized’ telemetry from endpoint and IoT devices. This presents an enormous challenge – as well as opportunity – for enterprises looking to improve their security posture by leveraging this abundant wealth of data.

Source: IDC/Seagate DataAge Study

Remember that data alone is not useful and that more data does not magically become more useful by volume. Data must be contextualized and analyzed to become information. By that same understanding, we know that information only becomes knowledge once we apply meaningful linkages between multiple points of information, assembling the contextualized data into actionable results. Therefore, data without context tends to be superfluous, and our human brains quickly try to expel such unimportant bits of data.

Effective Data Management Requires Context

Most enterprises today generate mountains of telemetry data for each and every entity including the activity logs from users, devices, applications and sensors. In this ‘age-of-observability’ we can be certain that nothing important happens without a corresponding record of it having occurred. This typically takes the form of a log or event: a transactional message that describes the entity, action, attributes and possibly a response condition. Additional forms of telemetry can contain simple metrics containing sampled or summarized measurements.

Information security has taught us that even the most innocuous and banal sets of data might somehow be relevant in the scope of an investigation or malicious detection. Frequently, we don’t know what we don’t know until long after a successful breach from a stealthy adversary. While most attacks can be thwarted by an effective endpoint detection and prevention platform before they impact the enterprise, analysis of the breadcrumbs trail left behind can be the only effective means to identify the attackers’ TTPs (tactics, techniques and procedures) as well as possible motivations and the scope of an attack.

Singularity ActiveEDR/XDR leverages the unique capabilities of SentinelOne’s patented Storyline technology to stitch together disparate security events into a single timeline and attack visualization, complete with MITRE ATT&CK technique attribution as well as threat actor details where possible.

Rogue Devices / Shadow IT Creates Information Blind Spots

There’s also much to be learned by what is NOT in the sensor data collected by an enterprise. Attackers are opportunistic and will target any and all exposed devices – not just the ones that are known to the security operations team. As the enterprise attack surface expands (thanks to IoT, cloud transformation, containerized workloads and BYOD) so too does the need to expand our sources of telemetry, minimizing or eliminating any blind spots that inevitably exist.

Most organizations struggle to maintain an accurate inventory of connected devices, and fewer yet have the ability to identify when rogue or orphan devices appear on the network that could pose a potential security risk.

By harnessing the existing sensor grid – and the data collected from it – enterprises can more quickly identify gaps in security coverage to protect  more of the attack surface. When event volumes from existing sensors change without a justified policy modification, security operations can be notified to ensure a configuration change – whether malicious or benign – hasn’t left the device in a state where logging is disabled or reduced.

Singularity Ranger provides enterprises visibility into the entirety of their device estate, enabling security operations teams to quickly identify unmanaged/at-risk devices, fingerprinting their characteristics and highlighting those without protection capabilities. Ranger Deploy can then perform remote agent installation and policy enforcement of supported systems to reduce the enterprise attack surface and improve an organization’s security posture.

Singularity Ranger
Network Visibility & Control. A cloud
delivered, software-defined network discovery solution designed to add global network visibility and control with minimal friction.

Accessibility Through Integration

The volume of sensor data is not the only significant challenge facing enterprises today. More important is the location and cross-platform accessibility of discrete data silos. In cybersecurity use cases, this has for years been the purview of a Security Information Event Management (SIEM) platform where logs/events were collected and stored from the most common sources of telemetry, namely firewalls, intrusion detection platforms, legacy antivirus solutions and a short list of critical server assets.

With the advent of Endpoint Detection & Response (EDR) enterprises have access to enormous volumes of high-fidelity, high-value, real-time event data from protected endpoints, but this data typically resides in an entirely separate data repository from SIEM. As more enterprise workloads are moved to PaaS/IaaS solutions, we see yet another disconnected silo of data from a new set of sensors.

Combining these disparate and quite unique sets of endpoint, cloud, network and security data in one location is costly, and the value realized is often difficult if not impossible to justify. As enterprise security architectures become more diverse, it is more important than ever that cross-vendor data analytic models become part of an effective detection and protection arsenal.

The Singularity Marketplace ensures that the growing list of partners in the SentinelOne security ecosystem can be easily integrated into both the data collection pipeline as well as the response and remediation options of a diverse enterprise.

The sheer number of telemetry sources, combined with the unique nature of each data source (different formats, content, context and cardinality) has created a challenging data problem for today’s enterprise. To effectively consume, parse, enrich, normalize, store and analyze this massive set of data is not a cost-effective proposition for most organizations. As a result, most enterprises are faced with the burden of selectively choosing which data sources to process based on the perceived value of each as it relates to business process improvement or greater security efficacy.

Singularity Marketplace
Extend the power of the Singularity XDR Platform with one-click applications for unified prevention, detection, and response.

All data is not equal in terms of value from a security operations perspective. Sometimes, the easiest data to consume (WMI logs from Windows, for example) can be the least useful in terms of threat detection and security incident triage. More often, the most voluminous logs within an enterprise like network flow data, email transaction logs, DNS request/response events and authentication alerts provide greater value, but the low signal-to-noise ratio makes them too cumbersome to collect and process in real-time without an efficient, performant and scalable data management platform.

Data Retention: The Key to Effective Threat Hunting

Another challenge facing enterprise security teams is the cost implication of long-term retention and searchability of collected telemetry. Consuming high-value, high-volume data but being forced to ‘roll over’ after 30 days certainly fails the SecOps use case of historical hunting.

In fact, most vendors tend to cap retention at between 7 and 30 days! As we saw recently with the SolarWinds supply chain attack, it was months before the security community were made aware of the malicious artifacts and adversarial TTPs. This meant that many organizations were unable to perform the historical hunting across the relevant time window because those logs had already aged out of the platform or had been moved into offline archives making it difficult to triage the scope of the attack.

Customers of the SentinelOne Singularity platform can perform real-time threat hunting across a live 365-day retention period, allowing SOC analysts full artifact and adversarial TTP visibility across an entire year of event collection. 

Automated hunting and alerting rules can be created using SentinelOne patented STAR™ (Storyline Active Response) functionality, triggering on data from real-time and historical EDR and 3rd-party telemetry stored in the Deep Visibility data store. Content packs containing relevant adversarial artifacts (IoCs) are published for automated detection of known threat actor campaigns. For even longer term retention, we will be offering a capability called HindSight, which provides a facility to archive even longer periods of data for limitless retroactive threat hunting across the entire scope and duration of data collected.

Key Takeaways

The solution to the challenges of data management at scale is a data management strategy that democratizes the data generated, collected and analyzed by an enterprise.

As a general rule:

  • No one application should hold your data hostage
  • Duplication of data in multiple repositories is costly and unmanageable
  • Maintaining disparate data silos leads to missed threat detections and blind spots in security incident triage and scoping efforts
  • Enterprises should never be faced with the necessity to collect/store reduced volumes of highly relevant sensor data to justify the Cost:Value equation

In the next post in this blog series on XDR, we will highlight some of the unique capabilities delivered through the SentinelOne Data Platform (formerly Scalyr Event Data Cloud). Stay tuned for a deeper look into how SentinelOne is transforming the XDR landscape with unparalleled sensor collection and processing capabilities, improved signal to noise reduction, meaningful threat detections that span multiple sources and prescriptive and actionable response integrations.

SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

JLL, Khosla lead Jones’ $12.5M Series A for real estate vendor compliance

Commercial real estate tenants and property managers have to abide by strict liability rules that any vendor entering the property must have insurance certificates and meet other requirements. The approval process for this currently can take days and is still largely done on paper.

Enter Jones. The New York-based commercial real estate startup is curating a marketplace of pre-approved vendors for tenants and property managers to find and hire the people they need in a compliant way.

To continue advancing its network, the company announced Monday it raised $12.5 million in Series A funding led by JLL Spark and Khosla Ventures that also included strategic investors Camber Creek, Rudin Management, DivcoWest and Sage Realty. This new investment brings Jones’ total raised to $20 million, according to Crunchbase data.

Jones, founded in 2017, also manages certifications and approvals, moving the whole process online. Its technology can process an insurance certificate in less than an hour and reduce the overall vendor approval time to 2.5 days — from 12 days — with 99.9% accuracy, co-founder and CEO Omri Stern told TechCrunch.

The accuracy portion is key. With much of the work being done by hand, current accuracy is at about 30%, he added. In addition, the certifications are lengthy, and it is typically up to property managers to parse through the insurance documents to identify what is missing rather than spending time with tenants.

“In the consumer world, a homeowner expects to go on a marketplace and find a service and hire them,” Stern said. “Office managers and tenants can’t get their preferred vendors through the approval process, so we want to provide a similar digital experience that they can consume and use in real estate.”

He says Jones’ differentiator from competitors is that all of the stakeholders are in place: a group of high-profile real estate customers, including Lincoln Property Co., Prologis, DivcoWest, Rudin Management, Sage Realty and JLL.

Yishai Lerner, co-CEO of JLL Spark, agrees, telling TechCrunch that commercial real estate is one of the largest and last asset classes that is undergoing a technology transformation, similar to what fintech was 20 years ago.

He estimates the U.S. market to be $16 trillion, of which technology could unlock a lot of the value. That opportunity was one of the drivers for JLL to create JLL Spark, where Jones is one of the first investments.

Though Lerner spent time with property management teams on the ground, he became up close and personal with the problem when his wife, while moving offices, found out her vendors were not allowed in the building because they didn’t have the right insurance.

“We learned that property managers spend half of their time just working to verify the compliance of vendors coming into their building,” Lerner said. “We wondered why there wasn’t technology for this. Jones was doing construction at the time, and we brought them into commercial real estate because they had an example of how technology could solve the problem.”

Meanwhile, the Series A comes at a time when Stern is seeing Jones’s SaaS tool take off in the past 10 months. He would not get specific with growth metrics, but did say that what is driving growth is “competing against the status quo” as companies are searching for and adapting workflow solutions.

The company intends to use the new funds on product development in both quicker and easier approvals and bringing on new vendors. Jones already works with tens of thousands of vendors. It will also focus on integration, offering an API that could be used in other industry verticals where compliance is necessary.

Stern would also like to continue building the team. Having brought in real estate experts, he is now also looking for people with backgrounds in fintech, cybersecurity and insurtech to bring in additional perspectives.

“We are building an incredible company with the opportunity to be the next big digital marketplace,” he added.

 

Dover raises $20M to bring the concept of ‘orchestration’ to recruitment

Despite being one of the earliest adopters of using the world wide web to disrupt how its business is done and connect with more potential customers, the recruitment industry ironically remains one of the more fragmented and behind the times when it comes to using new, cloud-based services to work more efficiently. A new startup is hoping to change that, and it’s picked up some funding on strong, early signs of traction.

Dover, which has built what CEO and co-founder Max Kolysh describes as a “recruitment orchestration platform” — aimed at recruiters, it helps them juggle and aggregate multiple candidate pools to source suitable job candidates automatically, and then manage the process of outreach (including using tools to automatically re-write job descriptions, as well as to write recruitment and rejection letters) — has raised $20 million from an impressive list of investors.

Tiger Global led the Series A round, with Founders Fund, Abstract Ventures and Y Combinator also investing. Dover was part of YC’s Summer 2019 class (which debuted in August 2020), and Founders Fund led its seed round. Since leaving the incubator, it has picked up more than 100 customers, mostly from the world of tech, including ClearCo, Lattice, Samsara and others, even larger companies that you might have assumed would have their own in-house orchestration and automation platforms in place already.

“Orchestration” in the world of business IT is commonly used for software built for the fields of sales and marketing: In both of these, there is a lot of fragmentation and work involved in sourcing good leads to become potential customers, and so tech companies have built platforms both to source interesting contacts and handle some of the initial steps needed to reach out to them, and get them engaged.

That, it turns out, is a very apt way to think of the recruitment industry, too, not least because it also, to a degree, involves a company “selling” itself to candidates to get them interested.

“I would say recruiting is sales and marketing,” Kolysh said. “We’re comparable to sales ops, but sales is five-10 years ahead in terms of technology.”

Recruiters and hiring managers, especially those working in industries where talent is at a premium and therefore proactively hiring good people can be a challenge, are faced with a lot of busy work to find interesting candidates and engage them to consider open jobs, and subsequently handling the bigger process of screening, reaching out to them and potentially rejecting some while making offers to others.

This is mainly because the process of doing all of these is typically very fragmented: Not only are there different tools built to handle these different processes, but there is an almost endless list of sources today where people go to look for work, or get their names out there.

Dover’s approach is based on embracing that fragmentation and making it easier to handle. Using AI, it taps platforms like LinkedIn, Indeed and Triplebyte — a likely list, given its initial focus on tech — to source candidates that it believes are good fits for a particular opening at a company.

Dover does this with a mix of AI and understanding what a recruiter is looking for, plus any extra parameters if they have been set by the recruiter to carry this out (for example, diversity screening, if the employer would like to have a candidate pool that is in line with a company’s inclusion targets).

Dover also uses data science and AI to help calibrate a recruiter’s communications with would-be candidates, from the opening job description through to job offer or rejection letters. (Why dwell on rejection letters? Because these candidates are already in a short list, and so even if they didn’t get one particular job, they are likely good prospects for future roles.)

“No human wants to write 100 cold emails per week, but on the other hand, there are many people to hit up and connect with,” Kolysh said of the challenges that recruiters face. “When a company is seeing a lot of growth, it needs to scale fast. You just can’t do that without technology anymore.” Kolysh — who co-founded the company with Anvisha Pai (CTO) and George Carollo (COO) — said all three founders experienced that firsthand working at previous startups and trying to recruit while also building the other aspects of the business. (They are pictured above, along with founding engineer John Holliman.)

Given how much orchestration has caught on in the world of sales, there is a strong opportunity here for Dover to bring a similar approach to recruitment, based on what seems to be a very close understanding of the flawed recruitment process as it exists today. Whether that brings more competitors to the space — or more tools from some of the bigger players in, say, candidate sourcing — will be one factor to watch, as will how and if Dover manages to make the leap to other industries beyond tech.

But for now, its usefulness for a particular segment of the market is also what caught the eye of Tiger Global.

John Luttig, the partner who led the investment for Founders Fund, noted in an interview that most recruiting tools in the market today might best be described as point solutions, addressing scheduling or interviews, for example.

“It’s the full stack here that is appealing,” he told me. “And it’s automated, which is particularly valuable for early and mid-stage tech companies, to keep candidates from falling through the cracks. It also saves time from having to build up big recruiting departments. And because Dover owns all that work, those working in recruitment can instead focus on culture building, or assessing the candidates.”

Updated to note that Luttig is at Founders Fund, and to correct that the customer is ClearCo.

Choco bites into $100M Series B, at a $600M valuation, to build a more transparent, sustainable food supply chain

The United States estimates of the food produced here approximately 40% is wasted. Globally, $2.6 trillion annually is lost.

Berlin-based Choco, which has built ordering software for restaurants and their suppliers, is working to digitize the food supply chain and announced $100 million in Series B funding, led by Left Lane Capital, to give it a $600 million post-market valuation. Joining in is new investor Insight Partners and existing investors Coatue Management and Bessemer Venture Partners.

The new round comes just over a year after Choco’s $63.7 million Series A, raised at two different periods, a $33.5 million round in 2019 and a $30.2 million round in 2020 — at a $230 million valuation — to bring total funding to $171.5 million since the company was founded in 2018.

The company’s core food procurement technology digitizes ordering workflow and communications for restaurants and suppliers. During the global pandemic, Khachab said Choco became the go-to tool for operators to be more efficient around procurement processes and reducing expenses as they adapted to the changing market conditions.

With the food industry a $6 trillion market, Choco CEO Daniel Khachab told TechCrunch he aims to make the food supply chain more transparent and sustainable in order to help increase margins in the food service sector and combat climate change.

The company did 14 months of food waste research and found that it was central to a lot of other global problems: Food waste is the third-largest driver of climate change and is causing deforestation — as evident by news from the Amazon last year  — and the extinction of animals.

“It makes sense to try and solve it,” he added. “The food system is highly fragile, and what was shown in the first and second waves of the pandemic is how fragile and inflexible it was. It made the industry realize that it has to step up and that it can’t continue to work on pen and paper.”

Between the farmer and the end point, there are some nine parties involved, Khachab said. None are connected to another, which often means nine data silos and data not collected along the chain. It is important to connect them on one single platform so decision-making can be data-driven, he added.

As uncertainty swept across the food industry at the beginning of the pandemic, Khachab said Choco could either lay low and wait or invest in the company. He chose the latter, pumping up the team, regions and technology. As a result, Choco’s technology is stronger than it was 15 months ago and proved to be flexible amid the inflexible environment.

Choco saw orders quadruple on the platform in the past year, and gross merchandise value grew to $900 million annualized, up from $230 million, Khachab said.

As the company continues to learn how it can provide value to the food supply chain, half of the Series B funding will go into technology development. It will also go toward doubling its headcount, especially on the engineering side. Choco recently brought on ex-Uber and Facebook executive Vikas Gupta as chief technology officer, and Khachab said Gupta’s expertise will enable the company “to build the best technology team in Europe” and scale faster.

Choco is already operating in six markets, including the United States, Germany, France, Spain, Austria and Belgium. Khachab expects to expand in those markets and gain a footprint in new markets like Latin America, the Middle East and Asia.

 

SmartRecruiters raises $110M at a $1.5B valuation to expand its end-to-end recruitment platform

The global Covid-19 pandemic had a chilling effect on a number of industries and their workforces, resulting in mass furloughs and layoffs. But now, with countries now taking steps back to “normal”, that has been leading, in many cases, back to a hiring surge. Today, SmartRecruiters, one of the companies that has built software to handle that process more smoothly, is announcing $110 million in funding to seize the moment.

The funding, a Series E, is coming in at a $1.5 billion valuation, the company confirmed. Silver Lake Waterman is leading this round, with previous backers Insight Partners, and Mayfield Fund also participating.

The investment will be used in two areas. First, SmartRecruiters plans to continue expanding business — its primary customers are large enterprises with Visa, Square, McDonald’s, Ubisoft, FireEye, Biogen, Equinox and Public Storage among them, and the plan will be to bring on more of these globally. Jerome Ternynck, SmartRecruiters’ CEO and founder, pointed out that one of its clients made a move recently in which it had to swiftly ramp up by 10,000 people in 90 days.

“That is the scale of the great rehire that we are aiming to serve,” he said.

And second, it plans to hire and invest more in product. Specifically, Ternynck said the company is looking to build more intelligence into its platform, so that it can help customers find ideal matches for roles and provide them with tools to automate and reduce the busy work of managing a recruitment process.

This is a notable area for growth, and one that smaller startups have also identified and are building to fix: just yesterday, one of them, Dover, announced a Series A.

Ternynck likes to describe SmartRecruiters as “the Salesforce of recruiting”, by which he means that it provides a system of record for large enterprises who can manage 100% of the process of recruitment, from sourcing candidates to hire.

“In recruiting tech, we are the mothership,” he said, with some 600 vendors integrated into its platform — a mark of how fragmented the wider industry really is.

(Salesforce, incidentally, is an investor in SmartRecruiters, and while right now it’s not directly working with its portfolio company to build recruitment into what it operates as essentially a massive CRM behemoth, it’s an interesting prospect and seems like a no-brainer that it might try to some day. Ternynck would not comment…)

There are already a lot of application tracking systems in the market that can handle the basics of logging candidates and managing their progress through the screening, interview, references, and hiring/rejection cycle — Ternynck, in fact founded and sold one of the pioneers in that space, But the problem with these is that they are limited and often work within their own silos. He refers to these ATS systems as “the first generation” of recruitment software, a generation that is now getting replaced.

There are some big changes driving that evolution, and specifically SmartRecruiters’ growth. One key area is the bigger shift in “digital transformation”, precipitated by the pandemic but also a bigger shift to cloud-based computing and evolutions in big data management. Fragmentation is rife in recruiting, but we now are equipped in the world of IT with many, many ways of navigating that and using the wide amount of information out there to our advantage.

But there is another, more epistemological shift, too. Recruitment, and talent in general, has become a critical part of how a company conceives of its future success. Get the right people on board and you will grow. Fail to hire correctly and you will not, and you might even fail.

“This round and our progression signals the fact that CEOs have been forced to care more about recruiting,” he said. They want want to hire the best, he added, but that is fundamentally different from how recruiting has traditionally been approached, which is focused on cost per hire.

“This means recruiting is coming out of the administration function and into value add and sales and marketing,” he added. (That’s another interesting parallel with Dover which has gone so far as to conceive of its recruitment approach as “orchestration”, a word more commonly associated with sales software.)

The pandemic has had an impact here, too: employees and “hires” today are not what they used to be. It has become more acceptable to work remotely, and what people have come to expect out of jobs, and what roles they are coming from when applying, are all so different, and that also demands a different kind of platform to engage with them.

Indeed, that bigger area — sometimes referred to as “the future of work” — is part of what attracted this investment.

“Hiring talent and building human capital is more complex and important than ever, and SmartRecruiters is well positioned to help companies attract and land top talent,” said Shawn O’Neill, Managing Director and Group Head, Silver Lake Waterman, in a statement. “Their scale and customer growth are testament to their strong leadership and industry leading platform. We are excited to help fuel SmartRecruiters’ next growth chapter.”

Interestingly, Ternynck noted that even despite the mass layoffs and furloughs experienced in some industries in the last year and a half, SmartRecruiters has seen business grow, even through some of the worst moments of Covid-19. Over the last 12 months, bookings have grown by 70%, he said. That’s a mark of how recruiting priorities are indeed changing, regardless of whether it’s a SmartRecruiters, or another kind of company entirely — and there are many, from Taleo and Cornerstone, through to smaller hopefuls like Dover, and even Salesforce — who might reap the spoils longer term.

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

This story isn’t about what organizations do in response to cybercriminals holding their data for hostage, which has become something of a best practice among most of the top ransomware crime groups today. Rather, it’s about why victims still pay for a key needed to decrypt their systems even when they have the means to restore everything from backups on their own.

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.

“In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar, chief technology officer at Emsisoft. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”

Wosar said the next most-common scenario involves victims that have off-site, encrypted backups of their data but discover that the digital key needed to decrypt their backups was stored on the same local file-sharing network that got encrypted by the ransomware.

The third most-common impediment to victim organizations being able to rely on their backups is that the ransomware purveyors manage to corrupt the backups as well.

“That is still somewhat rare,” Wosar said. “It does happen but it’s more the exception than the rule. Unfortunately, it is still quite common to end up having backups in some form and one of these three reasons prevents them from being useful.”

Bill Siegel, CEO and co-founder of Coveware, a company that negotiates ransomware payments for victims, said most companies that pay either don’t have properly configured backups, or they haven’t tested their resiliency or the ability to recover their backups against the ransomware scenario.

“It can be [that they] have 50 petabytes of backups … but it’s in a … facility 30 miles away.… And then they start [restoring over a copper wire from those remote backups] and it’s going really slow … and someone pulls out a calculator and realizes it’s going to take 69 years [to restore what they need],” Siegel told Kim Zetter, a veteran Wired reporter who recently launched a cybersecurity newsletter on Substack.

“Or there’s lots of software applications that you actually use to do a restore, and some of these applications are in your network [that got] encrypted,” Siegel continued. “So you’re like, ‘Oh great. We have backups, the data is there, but the application to actually do the restoration is encrypted.’ So there’s all these little things that can trip you up, that prevent you from doing a restore when you don’t practice.”

Wosar said all organizations need to both test their backups and develop a plan for prioritizing the restoration of critical systems needed to rebuild their network.

“In a lot of cases, companies don’t even know their various network dependencies, and so they don’t know in which order they should restore systems,” he said. “They don’t know in advance, ‘Hey if we get hit and everything goes down, these are the services and systems that are priorities for a basic network that we can build off of.’”

Wosar said it’s essential that organizations drill their breach response plans in periodic tabletop exercises, and that it is in these exercises that companies can start to refine their plans. For example, he said, if the organization has physical access to their remote backup data center, it might make more sense to develop processes for physically shipping the backups to the restoration location.

“Many victims see themselves confronted with having to rebuild their network in a way they didn’t anticipate. And that’s usually not the best time to have to come up with these sorts of plans. That’s why tabletop exercises are incredibly important. We recommend creating an entire playbook so you know what you need to do to recover from a ransomware attack.”

Zoom buys cloud call center firm Five9 for $14.7 billion

Zoom is taking advantage of the impressive rise in its stock price in the past year to make its first major acquisition. The popular video conferencing firm, which was valued at about $9 billion at its IPO two years ago, said Sunday evening it has agreed a deal to buy cloud call centre service provider Five9 for about $14.7 billion in an all-stock transaction.

20-year-old Five9 will become an operating unit of Zoom after the deal, which is expected to close in the first half of 2022, the two firms said.

The proposed acquisition is Zoom’s latest attempt to expand its offerings. In the past year, the video conferencing software has added several office collaboration products, a cloud phone system, and an all-in-one home communications appliance.

The acquisition of Five9 — which has amassed over 2,000 customers worldwide including Citrix and Under Armour and processes over 7 billion minutes of calls annually — will help Zoom enter the “$24 billion” market for contact centers, the company said.

“We are continuously looking for ways to enhance our platform, and the addition of Five9 is a natural fit that will deliver even more happiness and value to our customers,” said Eric S. Yuan, founder and chief executive of Zoom, in a statement.

Joining forces will offer both firms “significant” cross-selling opportunities in each other’s respective customer bases, the two firms said.

“Businesses spend significant resources annually on their contact centers, but still struggle to deliver a seamless experience for their customers,” said Rowan Trollope, chief executive of Five9.

“It has always been Five9’s mission to make it easy for businesses to fix that problem and engage with their customers in a more meaningful and efficient way. Joining forces with Zoom will provide Five9’s business customers access to best-of-breed solutions, particularly Zoom Phone, that will enable them to realize more value and deliver real results for their business. This, combined with Zoom’s ‘ease-of use’ philosophy and broad communication portfolio, will truly enable customers to engage via their preferred channel of choice.”

The two firms will do a joint Zoom call Monday to share more about the transaction.