Supercharge Your SOC With an Automated Approach to Incident Response

/0 Comments/in /by

How do you shoot down a missile before it hits its target? That’s the problem facing today’s incident response teams. As cyberattacks increase in volume and velocity, the security operations center (SOC) handling incident response is the nexus for this challenge.

The SOC must find new efficiencies in its bid to hold back the rising tide of cybersecurity threats. It can begin by rethinking its cultural makeup and its technical approach, revealing opportunities to increase its effectiveness.

The Growing Importance Of Incident Response

It’s there in black and white: a well-honed incident response operation can deliver an impressive return on investment.

The 2020 Ponemon Cost of a Data Breach report reveals that data breaches cost $3.29m for companies with an IR team that regularly tests its IR plan. That’s $2m less than companies without an IR team.

In many data breach incidents, the cost is more than financial. No organization exists in a vacuum. We’re all part of a broader value chain, so an incident in one place can cause adverse effects a long way away. Some of those effects can be painfully personal.

Take the cyber theft at Vastaamo, Finland’s largest private therapy center, in which attackers not only stole thousands of patients’ sensitive records but also extorted those people directly, threatening to release their details. That incident, in which vulnerable people were placed at direct risk, is a clear example of a data breach’s real human cost.

Time Is A Critical Factor. How Do We Save It?

With the stakes so high, detecting and handling cyber threats properly is critical. How can SOCs measure their success and improve it?

The incident response process incorporates several stages: minimizing risk, identifying the incident, containment, response, cleanup, and recovery. Time is a critical factor in most of these stages. Agile, efficient response is critical, whether you’re detecting an attack or neutralizing it.

As attackers become faster and more pernicious, SOCs are having trouble responding at speed. One factor holding them back is that they often don’t use tools cohesively.

Ebook: macOS Threat Hunting & Incident Response
This guide will arm you with the knowledge you need to defend your organization’s macOS fleet.

Read Now

When facing shifting threats from different threat actors using a wide variety of techniques, many SOCs look for technologies to help them cope. A common response is to install a panoply of tools. SOCs don’t always do that strategically. People have a tendency, when dealing with unknowns, to over-prepare with tools rather than ensuring that they can adapt.

When teams install security tools on a piecemeal basis they can end up with a disjointed ‘frankenstack’ of security tools that don’t interoperate well. This can leave the SOC without a unified workflow. They lack automated remediation capabilities, which leaves SOCs relying too heavily on human interaction. People must fill in the gaps left by the technology, but they cannot do so at speed. Human bottlenecks render the organization vulnerable.

Poor interoperability leaves critical security information languishing in different silos. Analysts end up flying blind. The data they do have hasn’t been properly filtered by a coordinated tool chain, increasing the signal to noise ratio and making attacks harder to spot. SOCs end up with too many false positives, making it hard to sift through data to find the alerts that matter. They also lack the contextual data that could give them a more complete picture of an emerging threat, understanding its shape, significance, and scope.

These weaknesses leave SOCs with a disjointed incident response process that is difficult to control and understand. Operatives end up with too many options at each step in the process, and they lack the collaboration platform they need for a fast response.

No wonder, then, that the Ponemon report found security system complexity to be the single most expensive factor when assessing the cost of a data breach. It increased the cost of a data breach by $292,000 on average.

The Way Forward

Your SOC has the power to overcome these challenges. At the top of your list should be an assessment of your current incident response process. Begin that assessment with a focus on outcomes. Everything should be geared to achieving preset goals.

Rapid Threat Hunting with Storylines
Time always seems to be on the attacker’s side, but security analysts can get ahead by hunting threats faster than ever before.

Read More

Those goals should be measurable by tying them to specific metrics. You must evaluate the metrics that you’re using to measure your success. Look for areas that you’re not measuring well and which could be leaving you vulnerable to poor performance. Can you decompose them into factors and identify what would influence them positively”?

At early stages in the incident response chain, those metrics should be geared toward prevention. How are you assessing the level of risk to various assets and its potential effect on the organization? Are you taking a mathematical approach to triaging risk based on the resources available?

At later stages in the process, your metrics should address the time taken to identify, contain, and neutralize incidents, along with the time taken to recover.

With appropriate measurement techniques at your disposal, you can work on building a seamless end-to-end incident response process with clear procedures and roles, so that no threat falls through the cracks.

Integrate your tool set to support this process. An idea tool chain will support harmonized, data flows that reduce or eliminate the number of hand-offs and tool or platform changes. Operatives will be able to handle tasks like changing firewall rules across the board without having to ask each platform owner individually for assistance. They will have full visibility into the history and scope of a threat. They will also enable analysts to see everything inside one familiar environment, saving them time and brain power by eliminating context switching. The result? Processes that took days could be executed in minutes.

Ranger® IoT
Network Visibility & Control. A cloud
delivered, software-defined network discovery solution designed to add global network visibility and control with minimal friction.

Get a Demo

Conclusion

An integrated tool chain will provide a solid platform for automation. Defining automated workflows to support your incident response process will cut down on human interaction and reduce latency at each step. This will have a positive impact on those time-based metrics while leaving human analysts to focus on nuanced decisions.

This optimization process carries profound ramifications for your SOC. Done well, it will enable you to convert a reactive approach to incident response into a forward-looking one, driven by clear objectives such as early detection and fast containment rather than fear of the unknown. We have spent too long relying purely on prior knowledge, which stops us detecting and defending against new attacks. A new approach will leave you more attuned to emerging threats and more able to jump on them when they surface.

Enhancing your attack prevention and accelerating your response to ongoing attacks will enable you to reduce your detection time, cut attackers’ dwell time, and increase your automation, limiting the blast radius of a security incident. Better still, you’ll be able to prevent those explosive events altogether.

If you’d like to learn more about how the SentinelOne Singuarlity platform can help your organization achieve these goals, contact us for more information or request a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Google Cloud hires Intel veteran to head its custom chip efforts

/0 Comments/in /by

There has been a growing industry trend in recent years for large-scale companies to build their own chips. As part of that, Google announced today that it has hired long-time Intel executive Uri Frank as vice president to run its custom chip division.

“The future of cloud infrastructure is bright, and it’s changing fast. As we continue to work to meet computing demands from around the world, today we are thrilled to welcome Uri Frank as our VP of Engineering for server chip design,” Amin Vahdat, Google Fellow and VP of systems infrastructure wrote in a blog post announcing the hire.

With Frank, Google gets an experienced chip industry executive, who spent more than two decades at Intel rising from engineering roles to corporate vice president at the Design Engineering Group, his final role before leaving the company earlier this month.

Frank will lead the custom chip division in Israel as part of Google. As he said in his announcement on LinkedIn, this was a big step to join a company with a long history of building custom silicon.

“Google has designed and built some of the world’s largest and most efficient computing systems. For a long time, custom chips have been an important part of this strategy. I look forward to growing a team here in Israel while accelerating Google Cloud’s innovations in compute infrastructure,” Frank wrote.

Google launches OpenTitan, an open-source secure chip design project

Google’s history of building its own chips dates back to 2015 when it launched the first TensorFlow chips. It moved into video processing chips in 2018 and added OpenTitan , an open-source chip with a security angle in 2019.

Frank’s job will be to continue to build on this previous experience to work with customers and partners to build new custom chip architectures. The company wants to move away from buying motherboard components from different vendors to building its own “system on a chip” or SoC, which it says will be drastically more efficient.

“Instead of integrating components on a motherboard where they are separated by inches of wires, we are turning to “Systems on Chip” (SoC) designs where multiple functions sit on the same chip, or on multiple chips inside one package. In other words, the SoC is the new motherboard,” Vahdat wrote.

While Google was early to the “Build Your Own Chip” movement, we’ve seen other large scale companies like Amazon, Facebook, Apple and Microsoft begin building their own custom chips in recent years to meet each company’s unique needs and give more precise control over the relationship between the hardware and software.

It will be Frank’s job to lead Google’s custom chip unit and help bring it to the next level.

2021 will be a calmer year for semiconductors and chips (except for Intel)

Box shares rise on report company is exploring sale

/0 Comments/in /by

Shares of Box, a well-known content-and-collaboration company that went public in 2015, rose today after Reuters reported that the company is exploring a sale. TechCrunch previously discussed rising investor pressure for Box to ignite its share price after years in the public-market wilderness.

At the close today Box’s equity was worth $23.65 per share, up around 5% from its opening value, but lower than its intraday peak of $26.47, reached after the news broke. The company went public a little over five years ago at $14 per share, only to see its share price rise to around the same level it returned today during its first day’s trading.

Box, famous during its startup phase thanks in part to its ubiquitous CEO and co-founder Aaron Levie, has continued to grow while public, albeit at a declining pace. Dropbox, a long-term rival, has also seen its growth rate decline since going public. Both have stressed rising profitability over revenue expansion in recent quarters.

As activist investors loom, what’s next for Box?

But the problem that Box has encountered while public, namely hyper-scale platform companies with competing offerings, could also prove a lifeline; Google and Microsoft could be a future home for Levie’s company, after years of the duo challenging Box for deals.

As recently as last week, Box announced a deal for tighter integration with Microsoft Office 365. Given the timing of the release, it was easy to speculate the news could be landing ahead of a potential deal. The Reuters article adds fuel to the possibility.

While we can’t know for sure if the Reuters article is accurate, the possible sale of Box makes sense.

The article indicated that one of the possible acquisition options for Box could be taking it private again via private equity. Perhaps a firm like Vista or Thoma Bravo, two firms that tend to like mature SaaS companies with decent revenue and some issues, could swoop in to buy the struggling SaaS company. By taking companies off the market, reducing investor pressure and giving them room to maneuver, software companies can at times find new vigor.

Consider the case of Marketo, a company that Vista purchased in 2016 for $1.6 billion before turning it around and selling to Adobe in 2018 for $4.75 billion. The end result generated a strong profit for Vista, and a final landing for Marketo as part of a company with a broader platform of marketing tools.

If there are expenses at Box that could be trimmed, or a sales process that could be improved, is not clear. But Box’s market value of $3.78 billion could put it within grasp of larger private-equity funds. Or well within the reaches of a host of larger enterprise software companies that might covet its list of business customers, technology or both.

If the rumors are true, it could be a startling fall from grace for the company, moving from Silicon Valley startup darling to IPO to sold entity in just six years. While it’s important to note these are just rumors, the writing could be on the wall for the company, and it could just be a matter of when and not if.

Private equity firms can offer enterprise startups a viable exit option

Jumio raises $150M as its all-in-one ID authentication platform crosses 300M verified identities

/0 Comments/in /by

Digital identity services — used as a key link between organizations to verify that you are who you say you are online and individuals logging into those services — have come into their own in this past year. Now, one of the companies providing digital identity products is announcing a large round of funding, underscoring both the market size and its ambitions to be a central player in that space.

Jumio, which has built a platform that provides a variety of digital identity tools and technology — using biometrics, machine learning, computer vision, big data, and more to run checks on ID documents, log-ins, to help prevent suspicious financial activity, identity theft and more — has closed a $150 million round of funding. The Palo Alto-based company says it will use the funds to build more tools on its platform, and to double down on customer growth after a big year.

Currently, Jumio’s primary business is B2B: it provides tools to enterprise customers like HSBC to manage digital identity verification. Some of the areas where it will be investing include expanding its AI capabilities to do more anti-money laundering work, and to look at building a B2C product, using the data, tools and network of customers that it has to help individuals better manage their identities online.

“I think the big thing is that the foundation of the internet is identity not anonymity,” said CEO Robert Prigge in an interview, who said the trend of digital transformation has spurred that chane. “It’s been a big shift over the last couple of years. People wanted to originally hide behind anonymity, but now identify is the keystone. Whether it’s online banking or social networks, you need to be able to establish trust remotely.”

Of course, anonymity still is there, just in a different form: data protection regulations are all about making sure that we can stay private if we so choose as we use the tools that are now the norm, and countries like the UK are fleshing that out further with regulations in the works to make sure that services that use or manage digital identities are carried out on a common framework and with adequate oversight from users themselves. That presents the challenge and opportunity for a company like Jumio: how to navigate the push for identity while still providing a way to do that with privacy protections in mind.

The funding is coming from a single investor, Great Hill Partners, which will be joining Centana and Millennium as shareholders in the company. The valuation is not being disclosed but CEO Robert Prigge noted a few details that he believes point to the company’s position right now.

He confirmed that Jumio made $100 million in revenues last year; this is the first money the company has raised in nearly five years after bringing in a modest $16 million in 2016; and this looks to be the largest single round ever raised for a digital identity company.

However, given the market environment and the advances of tech, there has been quite a lot of momentum in the space, and a number of other digital identity and anti-money laundering (AML) prevention startups have been launching, growing and raising money. Just in the last year, they have included ForgeRock ($96 million round), Onfido ($100 million), Payfone ($100 million), ComplyAdvantage ($50 million), Ripjar ($36.8 million) Truework ($30 million), Zeotap ($18 million), Persona ($17.5 million) — so I wouldn’t be surprised if this is not an outlier at the end of the day.

Acquisitions like Equifax buying Kount earlier this year, and Okta acquiring Auth0 for $6.5 billion, meanwhile, point to encroaching competition from other areas of the market such as credit rating agencies and those providing login services for corporates, as well as the bigger consolidation trends.

The pandemic has precipitated a shift where many services we might have used in person are now accessible via the web and apps, but at the same time, the amount of cybercrime aimed at abusing that environment is on the rise, and both trends fuel a stronger demand for ID verification tools.

Jumio is notable among the group of companies providing those services both for being one of the bigger and older players. Prigge said that currently has around 1,000 customers, including some of the very biggest enterprises like the banking group HSBC, United Airlines and the telecoms operator Singtel, and it is active in 200 countries.

It’s also distinctive for having developed a platform approach, where it offers a range of different kinds of tools. This is in contrast to many others, which — partly as newer entrants — are focusing on more specific technology or addressing a narrower aspect of what is a pretty complex problem. That said, the company’s earliest work seems to still be the mainstay of what it does. The number of documents that it can “read” to begin the process of verifying users now numbers about 3,500. That has propelled more than 300 million verifications made on Jumio’s platform.

“Almost all vendors verify you are who you say you are, not that it’s really you. That is why the biometrics is so important.
In our case we see it as a holistic onboarding,” Prigge said. “We are one of the only AML and KYC [know your customer] providers.” The AML tools came by way of an acquisition the company made last year, of Beam Solutions.

This funding round, nevertheless, is a big step up for a company that has, in fact, seen a lot of ups and downs.

To be clear, Prigge is very explicit when he says that the Jumio he runs has nothing to do with an older incarnation of the company.

Jumio the first came into existence around a decade ago and raised nearly $40 million in funding from investors like Andreessen Horowitz and Eduardo Saverin as an early player in mobile payments, with technology that could use the camera on a phone to scan cards and IDs to enable the payments. That business ran into a lot of hot water for mis-stating financial results and mostly likely other related things, and eventually it filed for bankruptcy in March 2016. Saverin apparently wanted to buy the business — if only to encourage other buyers to come out of the woodwork — eventually Centana did, at a bargain price of $850,000.

While that took a portion of the business (mainly branding, a business concept and some employees) out of bankruptcy, the legacy Jumio remained in a bankruptcy process that is, almost exactly five years to the date, still ongoing, partly because the original founder is being accused of destroying documents needed to finally conclude that mess. 

The fact that Great Hill Partners is doing the investing here is notable. It’s mostly a PE firm that has been doing an increasing amount of investing in tech companies, part of a bigger trend where more PE firms are getting involved in rounds for later-stage startups. Its interest is in backing a company that has emerged as a leader in a crowded space but one targeting a big opportunity in digital identity, forecast to be worth some $12.8 billion by 2024, from $6 billion in 2019.

“Jumio has an incredible foundation – an expert management team, deep product roadmap and a global reach that is positioning the company for significant growth as the volume of online transactions and interactions, and associated fraud, is reaching record-highs. In particular, we have deep conviction in the company’s AI-enabled identity verification solution Jumio Go and KYC orchestration platform,” said Nick Cayer, partner at Great Hill Partners, in an emailed interview. “Jumio will need to both keep pace with incredible demand for online identity verification services, and of course outlast new and evolving competition in the space. We have strong conviction that Jumio has the right management team, innovative product roadmap and group of supporting investors to maintain leadership in the space.”

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Orca Security raises $210M Series C at a unicorn valuation

/0 Comments/in /by

Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.

If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.

Orca Security co-founders Gil Geron (left) and Avi Shua (right). Image Credits: Orca Security

As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.

“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”

YL Ventures sells its stake in cybersecurity unicorn Axonius for $270M

Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.

“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”

It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”

Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.

2020 was a record year for Israel’s security startup ecosystem

“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”

As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.

“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

ServiceNow takes RPA plunge by acquiring India-based startup Intellibot

/0 Comments/in /by

ServiceNow became the latest company to take the robotic process automation (RPA) plunge when it announced it was acquiring Intellibot, an RPA startup based in Hyderabad, India. The companies did not reveal the purchase price.

The purchase comes at a time where companies are looking to automate workflows across the organization. RPA provides a way to automate a set of legacy processes, which often involve humans dealing with mundane repetitive work.

The announcement comes on the heels of the company’s no-code workflow announcements earlier this month and is part of the company’s broader workflow strategy, according to Josh Kahn, SVP of Creator Workflow Products at ServiceNow.

“RPA enhances ServiceNow’s current automation capabilities including low code tools, workflow, playbooks, integrations with over 150 out of the box connectors, machine learning, process mining and predictive analytics,” Khan explained. He says that the company can now bring RPA natively to the platform with this acquisition, yet still use RPA bots from other vendors if that’s what the customer requires.

Looking ahead after 2020’s epic M&A spree

“ServiceNow customers can build workflows that incorporate bots from the pure play RPA vendors such as Automation Anywhere, UiPath and Blue Prism, and we will continue to partner with those companies. There will be many instances where customers want to use our native RPA capabilities alongside those from our partners as they build intelligent, end-to-end automation workflows on the Now Platform,” Khan explained.

The company is making this purchase as other enterprise vendors enter the RPA market. SAP announced a new RPA tool at the end of December and acquired process automation startup Signavio in January. Meanwhile Microsoft announced a free RPA tool earlier this month, as the space is clearly getting the attention of these larger vendors.

ServiceNow has been on a buying spree over the last year or so buying five companies including Element AI, Loom Systems, Passage AI and Sweagle. Khan says the acquisitions are all in the service of helping companies create automation across the organization.

“As we bring all of these technologies into the Now Platform, we will accelerate our ability to automate more and more sophisticated use cases. Things like better handling of unstructured data from documents such as written forms, emails and PDFs, and more resilient automations such as larger data sets and non-routine tasks,” Khan said.

Intellibot was founded in 2015 and will provide the added bonus of giving ServiceNow a stronger foothold in India. The companies expect to close the deal no later than June.

ServiceNow adds new no-code capabilities

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Ghana’s Redbird raises $1.5M seed to expand access to rapid medical testing in sub-Saharan Africa

/0 Comments/in /by

For patients and healthcare professionals to properly track and manage illnesses especially chronic ones, healthcare needs to be decentralized. It also needs to be more convenient, with a patient’s health information able to follow them wherever they go.

Redbird, a Ghanaian healthtech startup that allows easy access to convenient testing and ensures that doctors and patients can view the details of those test results at any time, announced today that it has raised a $1.5 million seed investment.  

Investors who participated in the round include Johnson & Johnson Foundation, Newton Partners (via the Imperial Venture Fund), and Founders Factory Africa. This brings the company’s total amount raised to date to $2.5 million.

The healthtech company was launched in 2018 by Patrick Beattie, Andrew Quao and Edward Grandstaff. As a founding scientist at a medical diagnostics startup in Boston, Beattie’s job was to develop new rapid diagnostic tests. During his time at Accra in 2016, he met Quao, a trained pharmacist in Ghana at a hackathon whereupon talking found out that their interests in medical testing overlapped.

Beattie says to TechCrunch that while he saw many exciting new tests in development in the US, he didn’t see the same in Ghana. Quao, who is familiar with how Ghanaians use pharmacies as their primary healthcare point, felt perturbed that these pharmacies weren’t doing more than transactional purchases.

They both settled that pharmacies in Ghana needed to imbibe the world of medical testing. Although both didn’t have a tech background, they realized technology was necessary to execute this. So, they enlisted the help of Grandstaff to be CTO of Redbird while Beattie and Quao became CEO and COO, respectively.

L-R: Patrick Beattie (CEO), Andrew Quao (COO), and Edward Grandstaff (CTO)

Redbird enables pharmacies in Ghana to add rapid diagnostic testing for 10 different health conditions to their pharmacy services. These tests include anaemia, blood sugar, blood pressure, BMI, cholesterol, Hepatitis B, malaria, typhoid, prostate cancer screening, and pregnancy.  

Also, Redbird provides pharmacies with the necessary equipment, supplies and software to make this possible. The software —  Redbird Health Monitoring — is networked across all partner pharmacies and enables patients to build medical testing records after going through 5-minute medical tests offered through these pharmacies.

Rather than employing a SaaS model that Beattie says is not well appreciated by its customers, Redbird’s revenue model is based on the supply of disposable test strips.

“Pharmacies who partner with Redbird gain access to the software and all the ways Redbird supports our partners for free as long as they purchase the consumables through us. This aligns our revenue with their success, which is aligned with patient usage,” said the CEO.

This model is being used with over over 360 pharmacies in Ghana, mainly in Accra and Kumasi. It was half this number in 2019 which Redbird has since doubled despite the pandemic. These pharmacies have recorded over 125,000 tests in the past three years from more than 35,000 patients registered on the platform.

Redbird will use the seed investment to grow its operations within Ghana and expand to new markets that remain undisclosed.

In 2018, Redbird participated in the Alchemist Accelerator just a few months before launch. It was the second African startup after fellow Ghanaian healthtech startup mPharma to take part in the six-month-long program. The company also got into Founders Factory Africa last year April.

According to Beattie, most of the disease burden Africans might experience in the future will be chronic diseases. For instance, diabetes is projected to grow by 156% over the next 25 years. This is why he sees decentralized, digitized healthcare as the next leapfrog opportunity for sub-Saharan Africa.

“Chronic disease is exploding and with it, patients require much more frequent interaction with the healthcare system. The burden of chronic disease will make a health system that is highly centralized impossible,” he said.Like previous leapfrog events, this momentum is happening all over the world, not just in Africa. Still, the state of the current infrastructure means that healthcare systems here will be forced to innovate and adapt before health systems elsewhere are forced to, and therein lies the opportunity,” he said.

But while the promise of technology and data is exciting, it’s important to realize that healthtech only provides value if it matches patient behaviors and preferences. It doesn’t really matter what amazing improvements you can realize with data if you can’t build the data asset and offer a service that patients actually value.

Beattie knows this all too well and says Redbird respects these preferences. For him, the next course of action will be to play a larger role in the world’s developing ecosystem where healthcare systems build decentralised networks and move closer to the average patient.

Healthcare by 2028 will be doctor-directed, patient-owned and powered by visual technologies

This decentralised approach is what attracted U.S. and South African early-stage VC firm Newtown Partners to cut a check. Speaking on behalf of the firm, Llew Claasen, the managing partner, had this to say.

“We’re excited about Redbird’s decentralised business model that enables rapid diagnostic testing at the point of primary care in local community pharmacies. Redbird’s digital health record platform has the potential to drive significant value to the broader healthcare value chain and is a vital step toward improving healthcare outcomes in Africa. We look forward to supporting the team as they prove out their  business model and scale across the African continent.”

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Dataminr raises $475M on a $4.1B valuation for real-time insights based on 100k sources of public data

/0 Comments/in /by

Significant funding news today for one of the startups making a business out of tapping huge, noisy troves of publicly available data across social media, news sites, undisclosed filings and more. Dataminr, which ingests information from a mix of 100,000 public data sources, and then based on that provides customers real-time insights into ongoing events and new developments, has closed on $475 million in new funding. Dataminr has confirmed that this Series F values the company at $4.1 billion as it gears up for an IPO in 2023.

This Series F is coming from a mix of investors including Eldridge (a firm that owns the LA Dodgers but also makes a bunch of other sports, media, tech and other investments), Valor Equity Partners (the firm behind Tesla and many tech startups), MSD Capital (Michael Dell’s fund), Reinvent Capital (Mark Pincus and Reid Hoffman’s firm), ArrowMark Partners, IVP, Eden Global and investment funds managed by Morgan Stanley Tactical Value, among others.

To put its valuation into some context, the New York-based company last raised money in 2018 at a $1.6 billion valuation. And with this latest round, it has now raised over $1 billion in outside funding, based on PitchBook data. This latest round has been in the works for a while and was rumored last week at a lower valuation than what Dataminr ultimately got.

The funding is coming at a critical moment, both for the company and for the world at large.

In terms of the company, Dataminr has been seeing a huge surge of business.

Ted Bailey, the founder and CEO, said in an interview that it will be using the money to continue growing its business in existing areas: adding more corporate customers, expanding in international sales and expanding its AI platform as it gears up for an IPO, most likely in 2023. In addition to being used journalists and newsrooms, NGOs and other public organizations, its corporate business today, Bailey said, includes half of the Fortune 50 and a number of large public sector organizations. Over the last year that large enterprise segment of its customers doubled in revenue growth.

“Whether it’s for physical safety, reputation risk or crisis management, or business intelligence or cybersecurity, we’re providing critical insights on a daily basis,” he said. “All of the events of the recent year have created a sense of urgency, and demand has really surged.”

Activity on the many platforms that Dataminr taps to ingest information has been on the rise for years, but it has grown exponentially in the last year especially as more people spend more time at home and online and away from physically interacting with each other: that means more data for Dataminr to crawl, but also, quite possibly, more at stake for all of us as a result: there is so much more out there than before, and as a result so much more to be gleaned out of that information.

That also means that the wider context of Dataminr’s growth is not quite so clear cut.

The company’s data tools have indeed usefully helped first responders react in crisis situations, feeding them data faster than even their own channels might do; and it provides a number of useful, market-impacting insights to businesses.

But Dataminr’s role in helping its customers — which include policing forces — connect the dots on certain issues has not always been seen as a positive. One controversial accusation made last year was that Dataminr data was being used by police for racial profiling. In years past, it has been barred by specific partners like Twitter from sharing data with intelligence agencies. Twitter used to be a 5% shareholder in the company. Bailey confirmed to me that it no longer is but remains a key partner for data. I’ve contacted Twitter to see if I can get more detail on this and will update the story if and when I learn more. Twitter made $509 million in revenues from services like data licensing in 2020, up by about $45 million on the year before.

In defense of Dataminr, Bailey that the negative spins on what it does result from “misperceptions,” since it can’t track people or do anything proactive. “We deliver alerts on events and it’s [about] a time advantage,” he said, likening it to the Associated Press, but “just earlier.”

“The product can’t be used for surveillance,” Bailey added. “It is prohibited.”

Of course, in the ongoing debate about surveillance, it’s more about how Dataminr’s customers might ultimately use the data that they get through Dataminr’s tools, so the criticism is more about what it might enable rather than what it does directly.

Despite some of those persistent questions about the ethics of AI and other tools and how they are implemented by end users, backers are bullish on the opportunities for Dataminr to continue growing.

Eden Global Partners served as strategic partner for the Series F capital round.

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

Customer data platform ActionIQ extends its latest funding round to $100M

/0 Comments/in /by

ActionIQ, which helps companies use their customer data to deliver personalized experiences, is announcing that it has extended its Series C funding, bringing the round to a total size of $100 million.

That number includes the $32 million that ActionIQ announced in January of last year. Founder and CEO Tasso Argyros said the company is framing this as an extension rather than a separate round because it comes from existing investors — including March Capital — and because ActionIQ still has most of that $32 million in the bank.

Argyros told me that there were two connected reasons to raise additional money now. For one thing, ActionIQ has seen 100% year-over-year revenue growth, allowing it to increase its valuation by more than 250%. (The company isn’t not disclosing the actual valuation.) That growth has also meant that ActionIQ is getting “a lot more ambitious” in its plans for product development and customer growth.

“We raised more money because we can, and because we need to,” Argyros said.

The company continues to develop the core platform, for example by introducing more support for real-time data and analysis. But Argyros suggested that the biggest change has been in the broader market for customer data platforms, with companies like Morgan Stanley, The Hartford, Albertsons, JCPenney and GoPro signing on with ActionIQ in the past year.

Customer data platform ActionIQ raises $32M

Some of these enterprises, he said, “normally would not work with a cutting-edge technology company like us, but because of the pandemic, they’re willing to take some risk and really invest in their customer base and their customer experience.”

Argyros also argued that as regulators and large platforms restrict the ways that businesses can buy and sell third-party data, platforms like ActionIQ, focusing on the first-party data that companies collect for their own use, will become increasingly important. And he said that ActionIQ’s growth comes as the big marketing clouds have “failed” — either announcing products that have yet to launch or launching products that don’t match ActionIQ’s capabilities.

Companies that were already using ActionIQ include The New York Times. In fact, the funding announcement includes a statement from The Times’ senior vices president of data and insights Shane Murray declaring that the newspaper is using ActionIQ to deliver “hundreds of billions of personalized customer experiences” across “mail, in-app, site, and paid media.”

ActionIQ has now raised around $145 million total, according to Crunchbase.

Microsoft enhances customer data platform as pandemic drives need for personalization

Early Stage is the premier ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, product market fit, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20 percent off tickets right here.

RedTorch Formed from Ashes of Norse Corp.

/0 Comments/in /by

Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

A snapshot of Norse’s semi-live attack map, circa Jan. 2016.

Norse’s attack map was everywhere for several years, and even became a common sight in the “brains” of corporate security operations centers worldwide. Even if the data that fueled the maps was not particularly useful, the images never failed to enthrall visitors viewing them on room-sized screens.

“In the tech-heavy, geek-speak world of cybersecurity, these sorts of infographics and maps are popular because they promise to make complicated and boring subjects accessible and sexy,” I wrote in a January 2016 story about Norse’s implosion. “And Norse’s much-vaunted interactive attack map was indeed some serious eye candy: It purported to track the source and destination of countless Internet attacks in near real-time, and showed what appeared to be multicolored fireballs continuously arcing across the globe.”

That story showed the core Norse team had a history of ambitious but ultimately failed or re-branded companies. One company proclaimed it was poised to spawn a network of cyber-related firms, but instead ended up selling cigarettes online. That company, which later came under investigation by state regulators concerned about underage smokers, later rebranded to another start-up that tried to be an online copyright cop.

Flushed with venture capital funding in 2012, Norse’s founders started hiring dozens of talented cybersecurity professionals. By 2014 it was throwing lavish parties at top  Internet security conferences. It spent quite a bit of money on marketing gimmicks and costly advertising stunts, burning through millions in investment funding. In 2016, financial reality once again would catch up with the company’s leadership when Norse abruptly ceased operations and was forced to lay off most of its staff.

Now the top executives behind Norse Corp. are working on a new venture: A corporate security and investigations company called RedTorch that’s based in Woodland Hills, Calif, the home of many Hollywood celebrities.

RedTorch’s website currently displays a “We’re coming soon” placeholder page. But a version of the site that ran for two years beginning in 2018 explained what clients can expect from the company’s services:

  • “Frigg Mobile Intelligence,” for helping celebrities and other wealthy clients do background checks on the people in their lives;
  • “Cheetah Counter Surveillance” tools/services to help deter others from being able to spy on clients electronically;
  • A “Centurion Research” tool for documenting said snooping on others.

An ad for RedTorch’s “Cheetah” counter-surveillance tech. The Guy Fawkes mask/Anonymous threat featured prominently and often on RedTorch’s website.

The closest thing to eye candy for RedTorch is its Cheetah Counter Surveillance product line, a suite of hardware and software meant to be integrated into other security products which — according to RedTorch — constantly sweeps the client’s network and physical office space with proprietary technology designed to detect remote listening bugs and other spying devices.

Frigg, another core RedTorch offering, is…well, friggin’ spooky:

“Frigg is the easiest way to do a full background check and behavioral analysis on people,” the product pitch reads. “Frigg not only shows background checks, but social profiles and a person’s entire internet footprint, too. This allows one to evaluate a person’s moral fiber and ethics. Frigg employs machine learning and analytics on all known data from a subject’s footprint, delivering instant insight so you can make safer decisions, instantly.”

The background checking service from RedTorch, called Frigg, says it’s building “one of the world’s largest facial recognition databases and a very accurate facial recognition match standard.”

Frigg promises to include “elements that stems [sic] from major data hacks of known systems like Ashley Madison, LinkedIn, Dropbox, Fling.com, AdultFriendFinder and hundreds more. Victims of those breaches lost a lot of private data including passwords, and Frigg will help them secure their private data in the future. The matching that is shown will use email, phone and full name correlation.”

From the rest of Frigg:

Frigg references sanction lists such as OFAC, INTERPOL wanted persons, and many more international and domestic lists. Known locations results are based on social media profiles and metadata where, for example, there was an image posted that showed GPS location, or the profile mentions locations among its comments.

Frigg provides the option of continuous monitoring on searched background reports. Notification will be sent or shown once an important update or change has been detected

The flagship version of Frigg will allow a user to upload a picture of a face and get a full background check instantly. RedTorch is working to develop one of the world’s largest facial recognition databases and a very accurate facial recognition match standard.

WHO IS REDTORCH?

The co-founders of Norse Networks, “Mr. White” (left) Norse Corp. co-founder and RedTorch CEO Henry Marx;, and “Mr. Grey,” CTO and Norse Corp. co-founder Tommy Stiansen.

RedTorch claims it is building a huge facial recognition database, so it’s perhaps no surprise that its founders prefer to obscure theirs. The contact email on RedTorch says henry @redtorch dot com. That address belongs to RedTorch Inc. CEO Henry Marx, a former music industry executive and co-founder of Norse Networks.

Marx did not respond to requests for comment. Nor did any of the other former Norse Corp. executives mentioned throughout this story. So I should emphasize that it’s not even clear whether the above-mentioned products and services from RedTorch actually exist.

One executive at Red Torch told this author privately that the company had plenty of high-paying clients, although that person declined to be more specific about what RedTorch might do for those clients or why the company’s site was currently in transition.

Now a cadre of former Norse Corp. employees who have been tracking the company’s past executives say they’ve peered through the playful subterfuge in the anonymous corporate identities on the archived RedTorch website.

Marx appears to be the “Mr. White” referenced in the screenshot above, taken from an archived Aug. 2020 version of RedTorch.com. He is wearing a Guy Fawkes mask, a symbol favored by the Anonymous hacker collective, the doomed man behind the failed Gunpowder plot of 1604 in England, and by possibly the most annoying costumes that darken your front door each Halloween.

Mr. White says he has “over 30 years in the entertainment industry; built numerous brands and controlled several areas of the entertainment business side,” and that he’s “accomplished over 200 million sold artist performances.”

Pictured beside Mr. White is RedTorch’s co-founder, “Mr. Grey.” Norse watchers say that would be Tommy Stiansen, the Norwegian former co-founder of Norse Corp. whose LinkedIn profile says is now chief technology officer at RedTorch. One of his earliest companies provided “operational billing solutions for telecom networks.”

“Extensive experience from Telecom industry as executive and engineer,” reads Mr. Grey’s profile at RedTorch. “Decades of Cyber security experience, entrepreneurship and growing companies; from single employee to hundreds of employees. Been active on computers since 7 years old, back in mid-80’s and have pioneered many facets of the internet and cyber security market we know today. Extensive government work experience from working with federal governments.”

Stiansen’s leadership at Norse coincided with the company’s release of a report in 2014 on Iran’s cyber prowess that was widely trounced as deeply flawed and headline-grabbing. Norse’s critics said the company’s founders had gone from selling smokes to selling smoke and mirrors.

In its report, Norse said it saw a half-million attacks on industrial control systems by Iran in the previous 24 months — a 115 percent increase in attacks! But there was just one problem: The spike in attacks Norse cited weren’t real attacks against actual industrial targets. Rather, they were against “honeypot” systems set up by Norse to mimic a broad range of devices online.

Translation: The threats Norse warned about weren’t actionable, and weren’t anything that people could use to learn about actual attack events hitting sensitive control system networks.

In a scathing analysis of Norse’s findings, critical infrastructure security expert Robert M. Lee said Norse’s claim of industrial control systems being attacked and implying it was definitively the Iranian government was disingenuous at best. Lee had obtained an advanced copy of a draft version of the Norse report that was shared with unclassified government and private industry channels, and said the data in the report simply did not support its conclusions.

Around the same time, Stiansen was reportedly telling counterparts at competing security firms that Norse had data showing that the Sony Pictures hack in November 2014 — in which Sony’s internal files and emails were published online — was in fact the work of a disgruntled insider at Sony.

Norse’s crack team of intelligence analysts had concluded that the FBI and other intelligence sources were wrong in publicly blaming the massive breach on North Korean hackers. But Norse never published that report, nor did it produce any data that might support their insider claim in the Sony hack.

Last month, the U.S. Justice Department unsealed indictments against three North Korean hackers accused of plundering and pillaging Sony Pictures, launching the WannaCry ransomware contagion of 2017, and stealing more than $200 million from banks and other victims worldwide.

Norse’s conclusions on Iran and Sony were supported by Tyson Yee, a former Army intelligence analyst who worked at Norse from 2012 to Jan. 2016. Yee is listed on LinkedIn as director of intelligence at RedTorch, and his LinkedIn profile says his work prior to RedTorch in Nov. 2018 was for two years as a “senior skunk works analyst” at an unnamed employer.