There could be more to the Salesforce+ video streaming service than meets the eye

/0 Comments/in /by

When Salesforce announced its new business video streaming service called Salesforce+ this week, everyone had a reaction. While not all of it was positive, some company watchers also wondered if there was more to this announcement than meets the eye.

If you look closely, the new initiative suggests that Salesforce wants to take a bite out of LinkedIn and other SaaS content platforms and publishers. The video streaming service could be a launch point for a broader content platform, where its partners are producing their own content and using Salesforce+ infrastructure to help them advertise to and cultivate their own customers.

The video streaming service could be a launch point for a broader content platform, where its partners are producing their own content and using Salesforce+ infrastructure to help them advertise to and cultivate their own customers.

The company has, after all, done exactly this sort of thing with its online marketplaces and industry events to great success. Salesforce generated almost $6 billion in its most recent quarterly earnings report. That mostly comes from selling its sales, marketing and service software, not any kind of content production, but it has lots of experience putting on Dreamforce, its massive annual customer event, as well as smaller events throughout the year around the world.

On its face, Salesforce+ is a giant, ambitious and quite expensive content marketing play. The company reportedly has hired a large professional staff to produce and manage the content, and built a broadcasting and production studio designed to produce quality shows in-house. It believes that by launching with content from Dreamforce, its highly successful customer conference, attended by tens of thousands people every year pre-pandemic, it can prime the viewing pump and build audience momentum that way, perhaps even using celebrities as it often does at its events to drive audience. It is less clear about the long-term business goals.

New Anti Anti-Money Laundering Services for Crooks

/0 Comments/in /by

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.

Sample provided by Antinalysis.

“Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via Tor. “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”

The ad continues:

Some people might ask, why go into all that? Just cash out in XMR and be done with it. The problem is, cashing out in Monero raises eyebrows on exchanges and mail by cash method is sometimes risky as well. If you use BTC->XMR->BTC method, you’ll still get flagged down by our services labelled as high risk exchange (not to mention LE and exchanges). Our service provides you with a view from LE/exchange’s perspective of things (with similar accuracy, but quite different approach) that provides you with basic knowledge of how “clean” your address is.”

Tom Robinson, co-founder of blockchain intelligence firm Elliptic, said Antinalysis is designed to help crypto money launderers test whether their funds will be identified as proceeds of crime by regulated financial exchanges.

“Cryptoassets have become an important tool for cybercriminals,” Robinson wrote. “The likes of ransomware and darknet markets rely on payments being made in Bitcoin and other cryptocurrencies. However, laundering and cashing-out these proceeds is a major challenge.”

Cryptocurrency exchanges make use of blockchain analytics tools, he said, to check customer deposits for links to illicit activity. By tracing a transaction back through the blockchain, these tools can identify whether the funds originated from a wallet associated with ransomware or any other criminal activity.

“The launderer therefore risks being identified as a criminal and being reported to law enforcement whenever they send funds to a business using such a tool,” Robinson said. “Antinalysis seeks to help crypto launderers to avoid this, by giving them a preview of what a blockchain analytics tool will make of their bitcoin wallet and the funds it contains.”

Each lookup at Antinalysis costs roughly USD $3, with a minimum $30 purchase. Other plans go as high as $6,000 for 5,000 requests.

Robinson says the creator of Antinalysis is also one of the developers of Incognito Market, a darknet marketplace specializing in the sale of narcotics.

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero, a cryptoasset offering heightened anonymity,” he wrote. “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.”

Elliptic wasn’t impressed with the quality of the intelligence provided by Antinalysis, saying it performs poorly on detecting links to major darknet markets and other criminal entities. But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security.

“It is also significant because it makes blockchain analytics available to the public for the first time,” Robinson wrote. “To date, this type of analysis has been used primarily by regulated financial service providers.”

That may not be entirely true. Nick Bax is an independent expert in tracing cryptocurrency transactions, and he said it appears Antinalysis may be little more than a clone of AMLBot, an anti- anti-money laundering intelligence service that first came online in 2019.

AMLBot’s user interface.

“It looks almost identical to the cheap version of AMLBot,” Bax told KrebsOnSecurity. “My guess is they’re just white-labeling that.”

Bax said a lookup at AMLBot on the virtual currency address used in the sample provided by Antinalysis shows a near identical result. Here’s AMLBot’s result for the same crypto analysis performed by Antinalysis in the screenshot at the top of this story:

AMLBot’s response for the same cryptocurrency address provided as an example by Antinalysis.

“If you look at the breakdown the percentages are all almost identical,” Bax said. “I use AMLBot occasionally for good and righteous purposes. And it could also be useful for people who are just selling stuff online to make sure they aren’t receiving tainted funds.”

Update, 1:42 p.m. ET: Corrected the story to note that AMLBot has been around since 2019.

Update, 1:52 p.m. ET: Elliptic updated its blog post to confirm the connection between Antinanlysis and AMLBot, noting that AMLBot itself is a reseller of yet another service: “As first suggested in an article by Brian Krebs, we can now confirm that the results provided by Antinalysis are identical to those provided by AMLBot. It is therefore likely that Antinalysis makes use of the AMLBot API. AMLBot is itself a reseller for Crystal Blockchain, an analytics provider.”

What Is A Malware File Signature (And How Does It Work)?

/0 Comments/in /by

Many security products rely on file signatures in order to detect malware and other malicious files. The technique involves reading or scanning a file and testing to see if the file matches a set of predetermined attributes. These attributes are known as the malware’s ‘signature’. Malware signatures, which can occur in many different formats, are created by vendors and security researchers. Sets of signatures are collected in databases, some of which may be public and shared while others are contained in proprietary databases exclusive to a particular vendor.

Some security solutions rely entirely on this kind of technology for detection purposes, although there are various drawbacks in doing so. In this post, we’ll explore how malware file signatures are created, explain how they work, and discuss their advantages and disadvantages.

How Are Malware Signatures Created?

In order to create a signature for a particular malware file or family of files, a security analyst needs one or more (the more the better) samples of the file to work from. Such samples may be gathered ‘in the wild’ from infected computers, sourced from the darknet and other places malware authors trade their work, or from shared malware repositories where security researchers (and in some cases the public) can share known malware files. Some popular malware repositories available to security professionals include VirusTotal, Malpedia and MalShare.

MalShare is one of several malware repositories available to researchers

Once a vendor has a set or ‘corpus’ of files to work with, they begin to examine the files for common characteristics. These characteristics can involve factors such as file size, imported or exported functions, data bytes at certain positions (‘offsets’), sectional or whole-file hashes, printable strings and more.

The process of generating signatures can be automated, but it is often initially done manually by specialist malware analysts and reverse engineers, particularly when an entirely new family of malware is found.

While there are many different formats for creating signatures, one of the most popular formats widely in use today is YARA, which allows malware analysts to create signatures based on textual and binary patterns. For example, the following image shows a slice of code from a well-known malware family distributed by APT threat actor OceanLotus on the left, and a YARA signature to detect it on the right.

A sample of OceanLotus malware and a detection signature for it

Note the signature condition, which states that the file must be of type ‘Macho’ (Mach-O), and have a file size of less than 200KB, while also containing all the strings defined in the rule.

In the YARA format, the strings may occur as regular human-readable characters set between quotation marks, or – as in the example above – as hexademical-encoded bytes set between curly brackets. Some signature writers exclusively use the latter, even when the string to be matched is a string of human readable characters. Thus, ‘hello, world’ might be encoded in the signature as { 68 65 6c 6c 6f 2c 20 77 6f 72 6c 64 }.

There are various programs available that allow you to easily translate back and forth between human readable strings and hexadecimal. On Mac and most Linux machines, the command line utility xxd is one such program.

Translation between plain text and hex-encoded text with xxd

As we shall see below, sometimes malware is packed in ways that an engine cannot easily unpack, and a signature may need to rely on calculating hashes from one or more sections of a file, as in this snippet from another YARA rule:

...
hash.sha1(0, 450112) == "21b63689d192a7d1309d98afa35d42f695098d7a" or
hash.sha1(0, 474048) == "509dba18a168fdeecf990704741e14cb17b2a31e" or
hash.sha1(0, 888656) == "3a1665f1b92f1aae4eb44753f5134b3a0ec0a35f" or
...

What Are The Advantages of Signature-Based Detection?

Signature-based detection offers a number of advantages over simple file hash matching. First, by means of a signature that matches commonalities among samples, malware analysts can target whole families of malware rather than just a single sample.

Second, signatures are very versatile and can be used to detect many kinds of file-based malware. Signatures can easily include or exclude different file types, whether those be shell scripts, python files, Windows PE files, Linux ELF files or macOS Mach-O files. The same malware database, and even the same rule if it were appropriate, could potentially scan and match a signature across almost any file type.

Third, signature formats like YARA are very powerful and offer malware analysts both a wide variety of logic by which to define malicious behavior as well as a relatively simple format that is easy to write and test. Moreover, as signatures are text-based, a single database can contain many thousands, even millions, of signatures without itself being excessively large.

A common signature format like YARA is also easy to share among researchers and threat intelligence data feeds, ensuring that known malware is widely detected and the greatest number of computer users as possible are protected against known threats.

Detection of an OceanLotus malware sample as seen on VirusTotal

Malware researchers such as SentinelLabs, for example, regularly publish threat intelligence reports containing YARA rules that can be consumed by other vendors, businesses and even individuals to help them improve their own detection efforts.

Even when vendors use proprietary signature formats, it is usually unproblematic to translate a signature from a public format like YARA to a vendor-specific format, since most signature-based formats have similar capabilities.

What Are The Disadvantages of Signature-Based Detection?

Signature-based detection has been the standard for most security products for many years and continues to play an important role in fighting known, file-based malware, but today an advanced solution cannot rely solely or even primarily on file signatures for detection. Some of the reasons for this are due to the way threat actors have adapted to evade signature detection and some are related to drawbacks inherent to the method of scanning a file for specific attributes.

The first major drawback of using signatures to detect malware is that signatures can only be written after a malware sample has already been seen. This means that any solution that relies solely on signatures is always going to be one step behind the latest attacks.

The second major problem resides in the fact that today unique malware samples are created at such a rapid rate that writing enough effective signatures is not a realistic goal. This is part of the reason why so many signature-based solutions fail to catch known malware.

Source

Even without those two major issues to contend with, there are other problems for signature-based detection. Not least among these are that many attacks today are fileless, meaning that the malicious code is executed in-memory rather than by launching a malicious executable.

Moreover, the efficacy of a signature is proportional to the number of different samples of malware that share the same attributes used in the signature. If analysts only have a small set of samples – or sometimes only a single sample – to work from, the signature’s efficacy is both limited and prone to false positives: detecting non-malicious code that may have the same attributes.

As we noted above, signatures can contain conditions such as only matching a file that is below a certain file size. Vendors often make use of the ‘filesize’ condition in static signatures for performance reasons: the larger the file the more resources it takes to scan. While limiting the files to be scanned by size is good for performance, it is a drawback that can easily help malware authors, who have been known to bloat files with garbage code to avoid being detected.

Another serious drawback to signature-based detection is the use of compression and packing by malware authors. These technologies mean that the attributes of the file are hidden from a static scanner and only become apparent once the packed or compressed file is executed. While some vendor engines take account of this and include their own unpackers for common technologies like UPX, malware authors always have more custom packers and compression methods at their disposal than detection engines can incorporate.

UPX is a common, publicly available packer

Even when signature-based detections work as intended, the strength of the signature relies on how time-expensive the signature makes it for malware authors to refactor their code to avoid the signature. Signatures are weaker to the extent they look for characteristics that can easily be changed by the authors.

Moreover, public signatures have a limited shelf-life given that threat actors can also see the detection logic and adapt their malware accordingly. This is why some intelligence is only shared privately among law enforcement and trusted vendors. It is also one reason why most security solutions try to hide their static signatures from prying eyes through encryption. Even so, the other drawbacks mentioned above mean that signature-based detection is simply not sufficient to deal with today’s malware threats.

Moving Beyond Signature-Based Detection

Vendors like SentinelOne realized from the outset that signature-based detection was insufficient to protect endpoints not only from commodity malware but also from targeted attacks. Rather than relying on file characteristics to detect malware, SentinelOne developed machine learning algorithms and behavioral AI that examine what a file does or will do upon execution.

Such an approach solves the most serious drawbacks associated with signature detection. To begin with, harnessing the power of computer processors and machine learning algorithms takes the burden off analysts having to write individual signatures for new malware families.

Even more importantly, behavioral AI is able to recognize both known and novel malware that has never been previously seen. Regardless of implementation, all malware and malware authors have a finite set of objectives: to achieve persistence, exfiltrate data, communicate with a command-and-control server and so on. By training our models on attacker objectives rather than malware implementation, we are able to catch threats regardless of how they are constructed.

Conclusion

Detecting malware by means of a file signature has been a staple of security vendors for decades. Both vendors and analysts will continue to use file signatures to characterize and hunt for known, file-based malware. The technique provides both simplicity and a common framework for describing malware and sharing intelligence.

For endpoint security vendors, however, signature-based detection must be supplemented with more advanced detection layers that are not restricted either by the means of execution (file-based or fileless) or the implementation. If you would like to see how SentinelOne can help your organization detect malware, known and novel, reliably and at machine speed, contact us for more information or request a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Box reports earnings early to give shareholders time to review financials ahead of board vote

/0 Comments/in /by

Box has been in an ongoing dispute with activist investors Starboard Value over control of the board, an argument that is expected to come to a head on September 9th at the annual shareholder meeting. In an effort to show shareholders that the numbers are continuing to improve under the current leadership, Box took the unusual move of releasing its earning report this morning, two weeks ahead of the expected August 25th report date.

Companies don’t normally report ahead of schedule, but perhaps Box sees the opportunity to do some lobbying, or conversely, to counter any negative lobbying that Starboard may be doing with its fellow investors ahead of the vote.

It’s also worth noting that in spite of the meeting being on September 9th, like a lot of voting these days, people will be sending in votes throughout this month, ahead of that day. Box wants to get its latest financial information out there sooner rather than later to catch those early voters before they cast their ballots.

Fortunately for Box and CEO Aaron Levie, the numbers look decent.

Earnings

It’s not hard to see why Box released its earnings early, as the numbers provide an argument for keeping the company’s current leadership in place.

In the three-month period ending July 31, 2021 — the second quarter of Box’s fiscal 2022 — the company generated $214 million in revenue, up 11% on a year-over-year basis. And, as Box is quick to point out, its second consecutive quarter of “accelerating revenue growth.” The company bested its own guidance of $211 to $212 million in revenue for the period.

It matters that Box is showing an ability to accelerate its revenue growth. First, because doing so puts wind in the sales of its stock; quickly growing companies are worth more per dollar of revenue than more slowly growing concerns, and accelerating revenue growth over time is investor catnip.

Activist investor Starboard Value makes official bid for Box board seats in letter

The accelerating pace of growth over the last half year also provides footing for Box’s leadership to argue that their product choices have been sound, directly supporting their positions that they should remain in charge of the company. If they made good product decisions quarters ago, and those choices are leading to accelerating revenue growth, why swap out the CEO?

Box had more quarterly good news apart from its revenue numbers to disclose. It also reported improved GAAP and non-GAAP operating margins — a key measure of profitability — better billings results than it had previously anticipated for the period. Box’s net retention rate also expanded to 106% from 103% in the sequentially preceding period.

And the company boosted its guidance for its fiscal year from “$845 million to $853 million” to “$856 million to $860 million.”

The counter arguments are somewhat easy to generate, however. Yes, Box’s revenue growth is accelerating, but from an admittedly reduced base; it’s not as hard to accelerate revenue expansion from low numbers as it is from higher base levels. And the company’s net retention is lower than what any business-focused SaaS company would want to report.

Will the good news be enough? Shares of Box are up around 1.5% in today’s regular trading, despite a somewhat mixed overall market. Investors now have to vote with more than just their dollars.

Boardroom context

Starboard bought approximately 7.5% of the company in 2019, and actually stayed fairly quiet for the first year, but at the end of 2020 it started making itself heard with rumors of pressure to sell the company. In what appeared to be a defensive move, Box took a $500 million investment from private equity firm KKR and gave the investor a board seat in April.

The activist investor did not take kindly to that move, writing in a letter to investors in early May, “The only viable explanation for this financing is a shameless and utterly transparent attempt to “buy the vote” and shows complete disregard for proper corporate governance and fiscal discipline.” In that same letter, Starboard made it official that it wanted to take over several board seats, outlining a litany of complaints it had about the way the company was being run. It also made clear that it wanted co-founder and CEO Aaron Levie gone or the company sold.

Industry experts bullish on $500M KKR investment in Box, but stock market remains skeptical

 

Box pushed back that the letter and another on May 10th did not accurately reflect the progress that the company had made. In July, Box took the battle public in an SEC filing detailing the back and forth dance that had been going between Box and Starboard since it bought its stake in the company

So far, the cloud content management company has staved off all attempts to force its hand and sell the company or fire Levie, but this is all going to culminate with the shareholder’s vote. It’s truly a battle for the soul of the company.

If Starboard convinces shareholders to give it several seats on the Box board, it would probably be able to push out Levie, take control of the company and likely sell it to the highest bidder. The early financial report released today, while not exactly stellar, shows a pattern of increasingly good quarters, and that’s what Box is hoping voters will focus on when they fill out their ballots.

As activist investors loom, what’s next for Box?

ThirdAI raises $6M to democratize AI to any hardware

/0 Comments/in /by

Houston-based ThirdAI, a company building tools to speed up deep learning technology without the need for specialized hardware like graphics processing units, brought in $6 million in seed funding.

Neotribe Ventures, Cervin Ventures and Firebolt Ventures co-led the investment, which will be used to hire additional employees and invest in computing resources, Anshumali Shrivastava, Third AI co-founder and CEO, told TechCrunch.

Shrivastava, who has a mathematics background, was always interested in artificial intelligence and machine learning, especially rethinking how AI could be developed in a more efficient manner. It was when he was at Rice University that he looked into how to make that work for deep learning. He started ThirdAI in April with some Rice graduate students.

ThirdAI’s technology is designed to be “a smarter approach to deep learning,” using its algorithm and software innovations to make general-purpose central processing units (CPU) faster than graphics processing units for training large neural networks, Shrivastava said. Companies abandoned CPUs years ago in favor of graphics processing units that could more quickly render high-resolution images and video concurrently. The downside is that there is not much memory in graphics processing units, and users often hit a bottleneck while trying to develop AI, he added.

“When we looked at the landscape of deep learning, we saw that much of the technology was from the 1980s, and a majority of the market, some 80%, were using graphics processing units, but were investing in expensive hardware and expensive engineers and then waiting for the magic of AI to happen,” he said.

He and his team looked at how AI was likely to be developed in the future and wanted to create a cost-saving alternative to graphics processing units. Their algorithm, “sub-linear deep learning engine,” instead uses CPUs that don’t require specialized acceleration hardware.

Swaroop “Kittu” Kolluri, founder and managing partner at Neotribe, said this type of technology is still early. Current methods are laborious, expensive and slow, and for example, if a company is running language models that require more memory, it will run into problems, he added.

“That’s where ThirdAI comes in, where you can have your cake and eat it, too,” Kolluri said. “It is also why we wanted to invest. It is not just the computing, but the memory, and ThirdAI will enable anyone to do it, which is going to be a game changer. As technology around deep learning starts to get more sophisticated, there is no limit to what is possible.”

AI is already at a stage where it has the capability to solve some of the hardest problems, like those in healthcare and seismic processing, but he notes there is also a question about climate implications of running AI models.

“Training deep learning models can be more expensive than having five cars in a lifetime,” Shrivastava said. “As we move on to scale AI, we need to think about those.”

Deep Science: Keeping AI honest in medicine, climate science and vision

 

Talkdesk’s valuation jumps to $10B with Series D for smart contact centers

/0 Comments/in /by

Talkdesk, a provider of cloud-based contact center software, announced $230 million in new Series D funding that more than triples the company’s valuation to $10 billion, Talkdesk founder CEO Tiago Paiva confirmed to TechCrunch.

New investors Whale Rock Capital Management, TI Platform Management and Alpha Square Group came on board for this round and were joined by existing investors Amity Ventures, Franklin Templeton, Top Tier Capital Partners, Viking Global Investors and Willoughby Capital.

Talkdesk uses artificial intelligence and machine learning to improve customer service for midmarket and enterprise businesses. It counts over 1,800 companies as customers, including IBM, Acxiom, Trivago and Fujitsu.

“The global pandemic was a big part of how customers interact and how we interacted with our customers, all working from home,” Paiva said. “When you think about ordering things online, call, chat and email interactions became more important, and contact centers became core in every company.”

San Francisco-based Talkdesk now has $498 million in total funding since its inception in 2011. It was a Startup Battlefield contestant at TechCrunch Disrupt NY in 2012. The new funding follows a $143 million Series C raised last July that gave it a $3 billion valuation. Prior to that, Talkdesk brought in $100 million in 2018.

The 2020 round was planned to buoy the company’s growth and expansion to nearly 2,000 employees, Paiva said. For the Series D, there was much interest from investors, including a lot of inbound interest, he said.

“We were not looking for new money, and finished last year with more money in the bank that we raised in the last round, but the investors were great and wanted to make it work,” Paiva said.

Half of Talkdesk’s staff is in product and engineering, an area he intends to double down in with the new funding as well as adding to the headcount to support customers. The company also has plans to expand in areas where it is already operating — Latin America, Europe, Asia and Australia.

This year, the company unveiled new features, including Talkdesk Workspace, a customizable interface for contact center teams, and Talkdesk Builder, a set of tools for customization across workspaces, routing, reporting and integrations. It also launched contact center tools designed specifically for financial services and healthcare organizations and what it is touting as the “industry’s first human-in-the-loop tool for contact centers and continues to lower the barrier to adopting artificial intelligence solutions.”

In addition to the funding, Talkdesk appointed its first chief financial officer, Sydney Carey, giving the company an executive team of 50% women, Paiva said. Carey has a SaaS background and joins the company from Sumo Logic, where she led the organization through an initial public offering in 2020.

“We were hiring our executive team over the past couple of years, and were looking for a CFO, but with no specific timeline, just looking for the right person,” Paiva added. “Sydney was the person we wanted to hire.”

Though Paiva didn’t hint at any upcoming IPO plans, TI Platform Management co-founders Trang Nguyen and Alex Bangash have followed Paiva since he started the company and said they anticipate the company heading in that direction in the future.

“Talkdesk is an example of what can happen when a strong team is assembled behind a winning idea,” they said in a written statement. “Today, Talkdesk has become near ubiquitous as a SaaS product with adoption across a broad array of industries and integrations with the most popular enterprise cloud platforms, including Salesforce, Zendesk and Slack.”

Leverage AI to optimize customer service outcomes

 

Consumer goods software company Aforza bags $22M to open US headquarters

/0 Comments/in /by

Aforza, developing cloud and mobile apps for consumer goods companies, announced a $22 million Series A round led by DN Capital.

The London-based company’s technology is built on the Salesforce and Google Cloud platforms so that consumer goods companies can digitally transform product distribution and customer engagement to combat issues like unprofitable promotions and declining market share, Aforza co-founder and CEO Dominic Dinardo told TechCrunch. Using artificial intelligence, the company recommends products and can predict the order a retailer can make with promotions and pricing based on factors like locations.

The global market for consumer packaged goods apps is forecasted to reach $15 billion by 2024. However, the industry is still using outdated platforms that, in some cases, lead to a loss of 5% of sales when goods are out of stock, Dinardo said.

Aforza’s trade promotion designer mobile image. Image Credits: Aforza

Dinardo and his co-founders, Ed Butterworth and Nick Eales, started the company in 2019. All veterans of Salesforce, they saw how underserved the consumer goods industry was in terms of moving to digital.

Aforza is Dinardo’s first time leading a company. However, from his time at Salesforce he feels he got an education like going to “Marc Benioff’s School of SaaS.” The company raised an undisclosed seed round in 2019 from Bonfire Ventures, Daher Capital, DN Capital, Next47 and Salesforce Ventures.

Then the pandemic happened, which had many of the investors leaning in, which was validation of what Aforza was doing, Dinardo said.

“Even before the pandemic, the consumer goods industry was challenged with new market entrants and horrible legacy systems, but then the pandemic turned off pathways to customers,” he added. “Our mission is to improve the lives of consumers by bringing forth more sustainable products and packaging, but also helping companies be more agile and handle changes as the biggest change is happening.”

Joining DN Capital in the round were Bonfire Ventures, Daher Capital and Next47.

Brett Queener, partner at Bonfire Ventures, said he helped incubate Aforza with Dinardo and Eales, something his firm doesn’t typically do, but saw a unique opportunity to get in on the ground floor.

Also working at Salesforce, he saw the consumer goods industry as a major industry with a compelling reason to make a technology shift as customers began expecting instant availability and there were tons of emerging startups coming into the direct-to-consumer space.

Those startups don’t have a year or two to pull together the kind of technology it took to scale. With Aforza, they can build a product that works both online and off on any device, Queener said. And rather than planning promotions on a quarterly basis, companies can make changes to their promotional spend in real time.

“It is time for Aforza to tell the world about its technology, time to build out its footprint in the U.S. and in Europe, invest more in R&D and execute the Salesforce playbook,” he said. “That is what this round is about.”

Dinardo intends on using the new funding to continue R&D and to double its employee headcount over the next six months as it establishes its new U.S. headquarters in the Northeast. It is already working with customers in 20 countries.

As to growth, Dinardo said he is using his past experiences at startups like Veeva and Vlocity, which was acquired by Salesforce in 2020, as benchmarks for Aforza’s success.

“We have the money and the expertise — now we need to take a moment to breathe, hire people with the passion to do this and invest in new product tiers, digital assets and even payments,” he said.

Salesforce Ventures invested $300M in Automattic while Salesforce was building a CMS

 

Youreka Labs spins out with $8M to provide smart mobile assistant apps to field workers

/0 Comments/in /by

Mobile field service startup Youreka Labs Inc. raised an $8 million Series A round of funding co-led by Boulder Ventures and Grotech Ventures, with participation from Salesforce Ventures.

The Maryland-based company also officially announced its CEO — Bill Karpovich joined to lead the company after previously holding executive roles with General Motors and IBM Cloud & Watson Platform.

Youreka Labs spun out into its own company from parent company Synaptic Advisors, a cloud consulting business focused on the customer relationship management transformations using Salesforce and other artificial intelligence and automation technologies.

The company is developing robotic smart mobile assistants that enable frontline workers to perform their jobs more safely and efficiently. This includes things like guided procedures, smart forms and photo or video capture. Youreka is also embedded in existing Salesforce mobile applications like Field Service Mobile so that end-users only have to operate from one mobile app.

Youreka has identified four use cases so far: healthcare, manufacturing, energy and utilities and the public sector. Working with companies like Shell, P&G, Humana and the Transportation Security Administration, the company’s technology makes it possible for someone to share their knowledge and processes with their colleagues in the field, Karpovich told TechCrunch.

“In the case of healthcare, we are taking complex medical assessments from a doctor and pushing them out to nurses out in the field by gathering data into a simple mobile app and making it useful,” he added. “It allows nurses to do a great job without being doctors themselves.”

Karpovich said the company went after Series A dollars because it was “time for it to be on its own.” He was receiving inbound interest from investors, and the capital would enable the company to proceed more rapidly. Today, the company is focused on the Salesforce ecosystem, but that can evolve over time, he added.

The funding will be used to expand the company’s reach and products. He expects to double the team in the next six to 12 months across engineering to be able to expand the platform. Youreka boasts 100 customers today, and Karpovich would also like to invest in marketing to grow that base.

In addition to the use cases already identified, he sees additional potential in financial services and insurance, particularly for those assessing damage. The company is also concentrated in the United States, and Karpovich has plans to expand in the U.K. and Europe.

In 2020, the company grew 300%, which Karpovich attributes to the need of this kind of tool in field service. Youreka has a licensing model with charges per end user per month, along with an administrative license, for the people creating the apps, that also charges per user and per month pricing.

“There are 2.5 million jobs open today because companies can’t find people with the right skills,” he added. “We are making these jobs accessible. Some say that AI is doing away with jobs, but we are using AI to enhance jobs. If we can take 90% of the knowledge and give a digital assistant to less experienced people, you could open up so many opportunities.”

Enhanced computer vision, sensors raise manufacturing stakes for robots as a service

 

Salesforce wants Salesforce+ to be the Netflix of biz content

/0 Comments/in /by

Salesforce just closed a $28 billion mega-deal to buy Slack, generating significant debt along the way, but it’s not through spending big money.

Today the CRM giant announced it was taking a leap into streaming media with Salesforce+, a forthcoming digital media network with a focus on video that, in the words of the company, “will bring the magic of Dreamforce to viewers across the globe with luminary speakers.” (Whether that’s a good thing or not is in the eye of the beholder.)

Over the last year, Salesforce has watched companies struggle to quickly transform into fully digital entities. The Slack purchase is part of Salesforce’s response to the evolving market, but the company believes it can do even more with an on-demand video service providing business content around the clock.

Salesforce president and CMO Sarah Franklin said in an official post that her company has had to “reimagine how to succeed in the new digital-first world.” The answer apparently involves getting the larger Salesforce community together in a new live, and recorded video push.

In a Q&A with Colin Fleming, Salesforce’s senior vice president of Global Brand Marketing, he sees it as a way to evolve the content the company has been sharing all along. “As a result of the pandemic, we looked at the media landscape, where people are consuming content, and decided the days of white papers in a business-to-business setting were no longer interesting to people. We’re staring at a cookie-less future. And looking at the consumer world, we reflected on that for Salesforce and asked, “Why shouldn’t we be thinking about this too,” he said in the Q&A.

The company’s efforts are not small. Axios reports that there are “50 editorial leads” aboard the project to help it launch, and “hundreds of people at Salesforce currently working on Salesforce+” more broadly.

Notably Salesforce does not have near-term monetization plans for Salesforce+. The service will be free, and will not feature external advertising. Salesforce+ will launch in September in conjunction with Dreamforce and include four channels: Primetime for news and announcements, Trailblazer for training content, Customer 360 for success stories and Industry Channels for industry-specific offerings.

The company hopes that by combining the announcement with Dreamforce, it will help drive interest in what Salesforce has cooked up. After the Dreamforce push, Salesforce+ will enter into interesting territory. How much do Salesforce customers, and the larger business community, really want what the company describes as “compelling live and on-demand content for every role, industry and line of business,” and “engaging stories, thought leadership and expert advice”?

Once a buzzword, digital transformation is reshaping markets

Salesforce is considered the most successful SaaS-first company in history, and as such may have an opinion that people are interested in hearing. In its most recent quarterly earnings report in May, the company disclosed $5.96 billion in revenue, up 23% compared to the year-ago quarter, putting it close to a $25 billion run rate. The company also generates lots of cash. But being cash-rich doesn’t absolve the question of whether this new streaming effort will prove to be a money pit, costing buckets of cash to produce with limited returns.

The service sounds a bit like your LinkedIn feed brought to life, but in video form. At the very least, it’s probably the largest content marketing scheme of all time, but can it ever pay for itself either as a business unit or through some other monetization plans (like advertising) down the road?

Brent Leary, founder and principal analyst at CRM essentials, says that he could see Salesforce eyeing advertising revenue with this venture and having it all tie into the Salesforce platform. “A customer could sponsor a show, advertise a show or possibly collaborate on a show… and have leads generated from the show directly tied to the activity from those options while tracking ROI, and it’s all done on one platform. And the content lives on with ads living on with them,” Leary told TechCrunch.

Whether that’s the ultimate goal of this venture remains to be seen, but Salesforce has proven that there is market appetite for Dreamforce content at least in the physical world, with over a hundred thousand people involved in 2019, the last time the company was able to hold a live event. While the pandemic shifted most traditional conference activity into the digital realm, making Dreamforce and related types of content available year-round in video format makes some sense in that context.

Precisely how the company will justify the sizable addition to its marketing budget will be interesting; measuring ROI from video products is not entirely straightforward when it is not monetized directly. And sooner or later it will have to have some direct or indirect impact on the business or face questions from shareholders on the purpose of the venture.

Salesforce at 20 offers lessons for startup success

VCs are betting big on Kubernetes: Here are 5 reasons why

/0 Comments/in /by
Ben Ofiri
Contributor

Ben Ofiri is the co-founder and CEO of the Kubernetes troubleshooting platform Komodor. He previously worked at Google, where he served as product lead for the company’s flagship conversational AI project, Google Duplex.

I worked at Google for six years. Internally, you have no choice — you must use Kubernetes if you are deploying microservices and containers (it’s actually not called Kubernetes inside of Google; it’s called Borg). But what was once solely an internal project at Google has since been open-sourced and has become one of the most talked about technologies in software development and operations.

For good reason. One person with a laptop can now accomplish what used to take a large team of engineers. At times, Kubernetes can feel like a superpower, but with all of the benefits of scalability and agility comes immense complexity. The truth is, very few software developers truly understand how Kubernetes works under the hood.

I like to use the analogy of a watch. From the user’s perspective, it’s very straightforward until it breaks. To actually fix a broken watch requires expertise most people simply do not have — and I promise you, Kubernetes is much more complex than your watch.

How are most teams solving this problem? The truth is, many of them aren’t. They often adopt Kubernetes as part of their digital transformation only to find out it’s much more complex than they expected. Then they have to hire more engineers and experts to manage it, which in a way defeats its purpose.

Where you see containers, you see Kubernetes to help with orchestration. According to Datadog’s most recent report about container adoption, nearly 90% of all containers are orchestrated.

All of this means there is a great opportunity for DevOps startups to come in and address the different pain points within the Kubernetes ecosystem. This technology isn’t going anywhere, so any platform or tooling that helps make it more secure, simple to use and easy to troubleshoot will be well appreciated by the software development community.

In that sense, there’s never been a better time for VCs to invest in this ecosystem. It’s my belief that Kubernetes is becoming the new Linux: 96.4% of the top million web servers’ operating systems are Linux. Similarly, Kubernetes is trending to become the de facto operating system for modern, cloud-native applications. It is already the most popular open-source project within the Cloud Native Computing Foundation (CNCF), with 91% of respondents using it — a steady increase from 78% in 2019 and 58% in 2018.

While the technology is proven and adoption is skyrocketing, there are still some fundamental challenges that will undoubtedly be solved by third-party solutions. Let’s go deeper and look at five reasons why we’ll see a surge of startups in this space.

 

Containers are the go-to method for building modern apps

Docker revolutionized how developers build and ship applications. Container technology has made it easier to move applications and workloads between clouds. It also provides as much resource isolation as a traditional hypervisor, but with considerable opportunities to improve agility, efficiency and speed.