SolarWinds Hack Could Affect 18K Customers

/0 Comments/in /by

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.

On Dec. 13, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.

In a Dec. 14 filing with the U.S. Securities and Exchange Commission (SEC), SolarWinds said roughly 33,000 of its more than 300,000 customers were Orion customers, and that fewer than 18,000 customers may have had an installation of the Orion product that contained the malicious code. SolarWinds said the intrusion also compromised its Microsoft Office 365 accounts.

The initial breach disclosure from SolarWinds came five days after cybersecurity incident response firm FireEye announced it had suffered an intrusion that resulted in the theft of some 300 proprietary software tools the company provides to clients to help secure their IT operations.

On Dec. 13, FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye didn’t explicitly say its own intrusion was the result of the SolarWinds hack, but the company confirmed as much to KrebsOnSecurity earlier today.

Also on Dec. 13, news broke that the SolarWinds hack resulted in attackers reading the email communications at the U.S. Treasury and Commerce departments.

On Dec. 14, Reuters reported the SolarWinds intrusion also had been used to infiltrate computer networks at the U.S. Department of Homeland Security (DHS). That disclosure came less than 24 hours after DHS’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to immediately disconnect the affected Orion products from their networks.

ANALYSIS

Security experts have been speculating as to the extent of the damage from the SolarWinds hack, combing through details in the FireEye analysis and elsewhere for clues about how many other organizations may have been hit.

And it seems that Microsoft may now be in perhaps the best position to take stock of the carnage. That’s because sometime on Dec. 14, the software giant took control over a key domain name — avsvmcloud[.]com — that was used by the SolarWinds hackers to communicate with systems compromised by the backdoored Orion product updates.



Armed with that access, Microsoft should be able to tell which organizations have IT systems that are still trying to ping the malicious domain. However, because many Internet service providers and affected companies are already blocking systems from accessing that malicious control domain or have disconnected the vulnerable Orion services, Microsoft’s visibility may be somewhat limited.

Microsoft has a long history of working with federal investigators and the U.S. courts to seize control over domains involved in global malware menaces, particularly when those sites are being used primarily to attack Microsoft Windows customers.

Microsoft dodged direct questions about its visibility into the malware control domain, suggesting those queries would be better put to FireEye or GoDaddy (the current domain registrar for the malware control server). But in a response on Twitter, Microsoft spokesperson Jeff Jones seemed to confirm that control of the malicious domain had changed hands.

“We worked closely with FireEye, Microsoft and others to help keep the internet safe and secure,” GoDaddy said in a written statement. “Due to an ongoing investigation and our customer privacy policy, we can’t comment further at this time.”

FireEye declined to answer questions about exactly when it learned of its own intrusion via the Orion compromise, or approximately when attackers first started offloading sensitive tools from FireEye’s network. But the question is an interesting one because its answer may speak to the motivations and priorities of the hackers.

Based on the timeline known so far, the perpetrators of this elaborate hack would have had a fairly good idea back in March which of SolarWinds’ 18,000 Orion customers were worth targeting, and perhaps even in what order.

Alan Paller, director of research for the SANS Institute, a security education and training company based in Maryland, said the attackers likely chose to prioritize their targets based on some calculation of risk versus reward.

Paller said the bad guys probably sought to balance the perceived strategic value of compromising each target with the relative likelihood that exploiting them might result in the entire operation being found out and dismantled.

“The way this probably played out is the guy running the cybercrime team asked his people to build a spreadsheet where they ranked targets by the value of what they could get from each victim,” Paller said. “And then next to that they likely put a score for how good the malware hunters are at the targets, and said let’s first go after the highest priority ones that have a hunter score of less than a certain amount.”

The breach at SolarWinds could well turn into an existential event for the company, depending on how customers react and how SolarWinds is able to weather the lawsuits that will almost certainly ensue.

“The lawsuits are coming, and I hope they have a good general counsel,” said James Lewis, senior vice president at the Center for Strategic and International Studies. “Now that the government is telling people to turn off [the SolarWinds] software, the question is will anyone turn it back on?”

According to its SEC filing, total revenue from the Orion products across all customers — including those who may have had an installation of the Orion products that contained the malicious update — was approximately $343 million, or roughly 45 percent of the firm’s total revenue. SolarWinds’ stock price has fallen 25 percent since news of the breach first broke.

Some of the legal and regulatory fallout may hinge on what SolarWinds knew or should have known about the incident, when, and how it responded. For example, Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.

Andrew Morris, founder of the security firm GreyNoise Intelligence, on said that as of Tuesday evening SolarWinds still hadn’t removed the compromised Orion software updates from its distribution server.

Another open question is how or whether the incoming U.S. Congress and presidential administration will react to this apparently broad cybersecurity event. CSIS’s Lewis says he doubts lawmakers will be able to agree on any legislative response, but he said it’s likely the Biden administration will do something.

“It will be a good new focus for DHS, and the administration can issue an executive order that says federal agencies with regulatory authority need to manage these things better,” Lewis said. “But whoever did this couldn’t have picked a better time to cause a problem, because their timing almost guarantees a fumbled U.S. response.”

Vista acquires IT education platform Pluralsight for $3.5B

/0 Comments/in /by

The hectic M&A cycle we have seen throughout 2020 continued this weekend when Vista Equity Partners announced it was acquiring Pluralsight for $3.5 billion.

That comes out to $20.26 per share. The company stock closed on Friday at $18.50 per share on a market cap of over $2.7 billion.

With Pluralsight, Vista gets an online training company that helps educate IT professionals, including developers, operations, data and security, with a suite of online courses. As the pandemic has taken hold, it has breathed new life into edtech, but even before that, there was a market for upskilling IT Pros online.

This trend certainly didn’t escape Monti Saroya, co-head of the Vista Flagship Fund and senior managing director at Vista. “We have seen firsthand that the demand for skilled software engineers continues to outstrip supply, and we expect this trend to persist as we move into a hybrid online-offline world across all industries and interactions, with business leaders recognizing that technological innovation is critical to business success,” he said in a statement.

Pluralsight prices its IPO at $15 per share, raising over $300M

As is typical for acquired companies, Pluralsight CEO Aaron Skonnard sees this as a way to grow the company more quickly. “The global Vista ecosystem of leading enterprise software companies provides significant resources and institutional knowledge that will open doors and help fuel our growth. We’re thrilled that we will be able to leverage Vista’s expertise to further strengthen our market leading position,” Skonnard said in a statement.

In a 2017 interview with TechCrunch’s Sarah Buhr, Skonnard described the company as an enterprise SaaS learning platform. It goes beyond simply offering the courses by giving professionals in a given category such as developer or IT operations the ability to measure their skills and abilities against other pros in that category. He saw this assessment capability as a big differentiator.

“Our platform is ultimately focused on closing the technology skills gap throughout the world,” Skonnard told Buhr.

Pluralsight, which was founded in 2004, raised more than $190 million before going public in 2018. The company has 1,700 employees and more than 17,000 customers. The acquisition is subject to standard regulatory oversight, but is expected to close in the first half of next year. Once that happens, the company will go private once again.

Private equity firms can offer enterprise startups a viable exit option

German Bionic raises $20M led by Samsung for exoskeleton tech to supercharge human labor

/0 Comments/in /by

Exoskeleton technology has been one of the more interesting developments in the world of robotics: Instead of building machines that replace humans altogether, build hardware that humans can wear to supercharge their abilities. Today, German Bionic, one of the startups designing exoskeletons specifically aimed at industrial and physical applications — it describes its Cray X robot as “the world’s first connected exoskeleton for industrial use,” that is, to help people lifting and working with heavy objects, providing more power, precision and safety — is announcing a funding round that underscores the opportunity ahead.

The Augsburg, Germany-based company has raised $20 million, funding that it plans to use to continue building out its business, as well as its technology, both in terms of the hardware and the cloud-based software platform, German Bionic IO, that works with the exoskeletons to optimize them and help them “learn” to work better.

The Cray X currently can compensate up to 30 kg for each lifting movement, the company says.

“With our groundbreaking robotic technology that combines human work with the industrial Internet of Things (IIoT), we literally strengthen the shop floor workers’ backs in an immediate and sustainable way. Measurable data underscores that this ultimately increases productivity and the efficiency of the work done,” says Armin G. Schmidt, CEO of German Bionic, in a statement. “The market for smart human-machine systems is huge and we are now perfectly positioned to take a major share and substantially improve numerous working lives.”

The Series A is being co-led by Samsung Catalyst Fund, a strategic investment arm from the hardware giant, and German investor MIG AG, one of the original backers of BioNtech, the breakthrough company that’s developed the first COVID-19 vaccine to be rolled out globally.

Storm Ventures, Benhamou Global Ventures (founded and led by Eric Benhamou, who was the founding CEO of Palm and before that the CEO of 3com) and IT Farm also participated. Previously, German Bionic had only raised $3.5 million in seed funding (with IT Farm, Atlantic Labs and individual investors participating).

German Bionic’s rise comes at an interesting moment in terms of how automation and cloud technology are sweeping the world of work. When people talk about the next generation of industrial work, the focus is usually on more automation and the rise of robots to replace humans in different stages of production.

But at the same time, some robotics technologists have worked on another idea. Because we’re probably still a long way away from being able to make robots that are just like humans, but better in terms of cognition and all movements, instead, create hardware that doesn’t replace, but augments, live laborers, to help make them stronger while still being able to retain the reliable and fine-tuned expertise of those humans.

The argument for more automation in industrial settings has taken on a more pointed urgency in recent times, with the rise of the COVID-19 health pandemic: Factories have been one of the focus points for outbreaks, and the tendency has been to reduce physical contact and proximity to reduce the spread of the virus.

Exoskeletons don’t really address that aspect of COVID-19 — even if you might require less of them as a result of using exoskeletons, you still require humans to wear them, after all — but the general focus that automation has had has brought more attention to the opportunity of using them.

And in any case, even putting the pandemic to one side, we are still a long way away from cost-effective robots that completely replace humans in all situations. So, as we roll out vaccinations and develop a better understanding of how the virus operates, this still means a strong market for the exoskeleton concept, which analysts (quoted by German Bionic) predict could be worth as much as $20 billion by 2030.

In that context, it’s interesting to consider Samsung as an investor: The company itself, as one of the world’s leading consumer electronics and industrial electronics providers, is a manufacturing powerhouse in its own right. But it also makes equipment for others to use in their industrial work, both as a direct brand and through subsidiaries like Harman. It’s not clear which of these use cases interests Samsung: whether to use the Cray X in its own manufacturing and logistics work, or whether to become a strategic partner in manufacturing these for others. It could easily be both.

“We are pleased to support German Bionic in its continued development of world-leading exoskeleton technology,” says Young Sohn, corporate president and chief strategy officer for Samsung Electronics and chairman of the board, Harman, in a statement. “Exoskeleton technologies have great promise in enhancing human’s health, wellbeing and productivity. We believe that it can be a transformative technology with mass market potential.”

German Bionic describes its Cray X as a “self-learning power suit” aimed primarily at reinforcing lifting movements and to safeguard the wearer from making bad calls that could cause injuries. That could apply both to those in factories, or those in warehouses, or even sole trader mechanics working in your local garage. The company is not disclosing a list of customers, except to note that it includes, in the words of a spokesperson, “a big logistics player, industrial producers and infrastructure hubs.” One of these, the Stuttgart Airport, is highlighted on its site.  

Roam debuts a robotic exoskeleton for skiers

“Previously, efficiency gains and health promotion in manual labor were often at odds with one another. German Bionic Systems managed to not only break through this paradigm, but also to make manual labor a part of the digital transformation and elegantly integrate it into the smart factory,” says Michael Motschmann, managing partner with MIG in a statement. “We see immense potential with the company and are particularly happy to be working together with a first-class team of experienced entrepreneurs and engineers.”

Exoskeletons as a concept have been around for over a decade already — MIT developed its first exoskeleton, aimed to help soldiers carrying heavy loads — back in 2007, but advancements in cloud computing, smaller processors for the hardware itself and artificial intelligence have really opened up the idea of where and how these might augment humans. In addition to industry, some of the other applications have included helping people with knee injuries (or looking to avoid knee injuries!) ski better, and for medical purposes, although the recent pandemic has put a strain on some of these use cases, leading to indefinite pauses in production.

iCIMS acquires video recruiting startup Altru for $60M

/0 Comments/in /by

Enterprise recruiting company iCIMS is announcing that it has acquired Altru.

ICIMS declined to comment on the terms of the deal, but a source with knowledge of the companies told us that the price is a combination of cash and stock, totaling around $60 million.

Founded in 2000, iCIMS offers a “talent cloud” used by more than 4,000 employers to attract, engage and hire new employees, and to help existing employees continue to develop their careers.

Former Marketo chief executive Steve Lucas became CEO in February, and he told me that the recruiting world is overdue for reinvention. After all, every company says they want to hire the most talented people around, so he wondered, “Well, okay, if you want that, why do you create such boring content? Why do you take a job that is exciting and should demand amazing human beings and create this super boring job description?”

Lucas sees video as a key piece of the solution, allowing companies to bring more “authenticity” to what can be a stuffy and bureaucratic process. Just over a month ago, iCIMS announced another acquisition in this area — Paris-based Easyrecrue.

Altru raises $1.3M to improve recruiting with employee videos

Lucas said that while Easyrecrue has created tools to enrich video interviews, Altru can be most helpful earlier in the recruiting process, when companies are trying to stay connected with the most promising candidates and get them excited about a potential job.

Altru CEO Alykhan Rehmatullah (who founded the startup with CTO Vincent Polidoro — they’re both pictured above) told me that while the company started out with a focus on recording and sharing employee videos for recruitment, its asynchronous videos are becoming used more broadly across companies. He suggested that’s particularly true this year, while teams are working from home and everyone’s looking for ways to communicate that are more expressive than Slack and don’t require putting “another 30-minute Zoom call on your calendar.”

In fact, Lucas said that before talking to me, he’d actually been recording videos on Altru to explain the acquisition to his own team. He praised the platform’s ease of use, joking, “If I can use this thing, anybody can use it.”

Rehmatullah said the entire Altru team will be joining iCIMS, where he’ll become vice president of content strategy. The goal is to continue operating Altru as a standalone product while also finding new ways to integrate it into the iCIMS platform.

Altru previously raised a total of $1.3 million from Birchmere Ventures, Active Capital and Techstars.

Why CEOs should spend up to half their time recruiting

5 questions every IT team should be able to answer

/0 Comments/in /by
Christy Wyatt
Contributor

Christy Wyatt is Chief Executive Officer and a member of the board of directors at Absolute, a leader in endpoint resilience solutions and the industry’s only undeletable defense platform embedded in over a half-billion devices.

Now more than ever, IT teams play a vital role in keeping their businesses running smoothly and securely. With all of the assets and data that are now broadly distributed, a CEO depends on their IT team to ensure employees remain connected and productive and that sensitive data remains protected.

CEOs often visualize and measure things in terms of dollars and cents, and in the face of continuing uncertainty, IT — along with most other parts of the business — is facing intense scrutiny and tightening of budgets. So, it is more important than ever to be able to demonstrate that they’ve made sound technology investments and have the agility needed to operate successfully in the face of continued uncertainty.

For a CEO to properly understand risk exposure and make the right investments, IT departments have to be able to confidently communicate what types of data are on any given device at any given time.

Here are five questions that IT teams should be ready to answer when their CEO comes calling:

What have we spent our money on?

Or, more specifically, exactly how many assets do we have? And, do we know where they are? While these seem like basic questions, they can be shockingly difficult to answer … much more difficult than people realize. The last several months in the wake of the COVID-19 outbreak have been the proof point.

With the mass exodus of machines leaving the building and disconnecting from the corporate network, many IT leaders found themselves guessing just how many devices had been released into the wild and gone home with employees.

One CIO we spoke to estimated they had “somewhere between 30,000 and 50,000 devices” that went home with employees, meaning there could have been up to 20,000 that were completely unaccounted for. The complexity was further compounded as old devices were pulled out of desk drawers and storage closets to get something into the hands of employees who were not equipped to work remotely. Companies had endpoints connecting to corporate network and systems that they hadn’t seen for years — meaning they were out-of-date from a security perspective as well.

This level of uncertainty is obviously unsustainable and introduces a tremendous amount of security risk. Every endpoint that goes unaccounted for not only means wasted spend but also increased vulnerability, greater potential for breach or compliance violation, and more. In order to mitigate these risks, there needs to be a permanent connection to every device that can tell you exactly how many assets you have deployed at any given time — whether they are in the building or out in the wild.

Are our devices and data protected?

Device and data security go hand in hand; without the ability to see every device that is deployed across an organization, it becomes next to impossible to know what data is living on those devices. When employees know they are leaving the building and going to be off network, they tend to engage in “data hoarding.”

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

/0 Comments/in /by

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.

Some of SolarWinds’ customers. Source: solarwinds.com

According to a Reuters story, hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. Reuters reports the attackers were able to surreptitiously tamper with updates released by SolarWinds for its Orion platform, a suite of network management tools.

In a security advisory, Austin, Texas based SolarWinds acknowledged its systems “experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.”

In response to the intrusions at Treasury and Commerce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to immediately disconnect the affected Orion products from their networks.

“Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” CISA advised.

A blog post by Microsoft says the attackers were able to add malicious code to software updates provided by SolarWinds for Orion users. “This results in the attacker gaining a foothold in the network, which the attacker can use to gain elevated credentials,” Microsoft wrote.

From there, the attackers would be able to forge single sign-on tokens that impersonate any of the organization’s existing users and accounts, including highly privileged accounts on the network.

“Using highly privileged accounts acquired through the technique above or other means, attackers may add their own credentials to existing application service principals, enabling them to call APIs with the permission assigned to that application,” Microsoft explained.

Malicious code added to an Orion software update may have gone undetected by antivirus software and other security tools on host systems thanks in part to guidance from SolarWinds itself. In this support advisory, SolarWinds says its products may not work properly unless their file directories are exempted from antivirus scans and group policy object restrictions.

The Reuters story quotes several anonymous sources saying the intrusions at the Commerce and Treasury departments could be just the tip of the iceberg. That seems like a fair bet.

SolarWinds says it has over 300,000 customers including:

-more than 425 of the U.S. Fortune 500
-all ten of the top ten US telecommunications companies
-all five branches of the U.S. military
-all five of the top five U.S. accounting firms
-the Pentagon
-the State Department
-the National Security Agency
-the Department of Justice
-The White House.

It’s unclear how many of the customers listed on SolarWinds’ website are users of the affected Orion products. But Reuters reports the supply chain attack on SolarWinds is connected to a broad campaign that also involved the recently disclosed hack at FireEye, wherein hackers gained access to a slew of proprietary tools the company uses to help customers find security weaknesses in their computers and networks.

The compromises at the U.S. federal agencies are thought to date back to earlier this summer, and are being blamed on hackers working for the Russian government. FireEye said its breach was the work of APT 29, a.k.a. “Cozy Bear,” a Russian hacker group believed to be associated with one or more intelligence agencies of Russia.

In its own advisory, FireEye said multiple updates poisoned with a malicious backdoor program were digitally signed with a SolarWinds certificate from March through May 2020, and posted to the SolarWindws update website.

FireEye posits the impact of the hack on SolarWinds is widespread, affecting public and private organizations around the world.

“The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the company’s analysts wrote. “We anticipate there are additional victims in other countries and verticals.”

The Good, the Bad and the Ugly in Cybersecurity – Week 50

/0 Comments/in /by

The Good

Will the real APT32 please stand up? The OceanLotus APT group have been hitting the headlines a lot recently, but it’s reasonably unprecedented for an APT group’s identity to be outed in the way Facebook doxed the group this week.

The social media giant fingered Vietnamese IT company CyberOne Security as the entity behind APT32 activity that has targeted victims including human rights activists, news agencies, governmental and NGO agencies, as well as a wide range of businesses from agriculture and health to tech and IT. Researchers from Facebook identified Windows malware, a macOS backdoor and TTPs that include malicious Play Store apps, watering hole attacks, and fake FB and other social media personas to lure victims.

Facebook say they have disrupted the group’s behaviour by blocking associated domains from being posted on the platform, removing the group’s accounts and notifying suspected victims. As for the fake “CyberOne Security” company, journalists’ attempts to contact anyone via phone and email went, perhaps unsurprisingly, unanswered.

The Bad

It’s all about the APTs this week. While the security industry has rallied round to help enterprises defend against an APT attack on FireEye that resulted in the theft of offensive red teaming tools, it appears that Russian APT groups have been actively taking advantage of a vulnerability in VMware systems, according to a 3-page US National Security Agency advisory published this week.

Successfully exploiting the bug, CVE-2020-4006, allows threat actors to execute commands of choice on a compromised system running the vulnerable software. The agency reported that attackers have been exploiting the vulnerability via installing a web shell as a gateway into networks and accessing protected data by means of forged SAML assertions.

The VMware products affected by the security flaw are:

  • VMware Access 20.01 and 20.10 on Linux
  • VMware vIDM 3.3.1, 3.3.2, and 3.3.3 on Linux
  • VMware vIDM Connector 3.3.1, 3.3.2, 3.3.3, 19.03
  • VMware Cloud Foundation 4.x
  • VMware vRealize Suite Lifecycle Manager 8.x

Malicious activity based on the flaw occurs within the TLS tunnel associated with the devices. Security teams that lack visibility into encrypted connections can hunt for post-compromise indicators in the configurator log (/opt/vmware/horizon/workspace/logs/configurator.log), specifically for an ‘exit’ statement followed by a 3-digit number, the NSA advised.


Source

Patches for the above have been available since December 3rd, and all users are advised to update as soon as possible. In addition, since exploitation of the bug requires password-based access to the web-based management interface of a targeted device, admins are urged to ensure that they follow best practice to avoid weak passwords and, where possible, to ensure the web-based management interface is not accessible from the internet. Other workarounds where patching is not immediately possible are suggested in the NSA advisory.

The Ugly

As we noted last week, there’s been a disturbing trend recently among both crimeware actors and sophisticated adversaries of targeting research data, organizations and infrastructure related to developing, manufacturing and distributing COVID-19 vaccines.

That trend continued this week with a cyberattack on the European Medicines Agency. The organization’s terse statement offered no further details other than to confirm an attack had taken place, but subsequent reports say documents relating to regulatory submission of the Pfizer/BioNTech vaccine, BNT162b2, had been accessed.

EMA is in the midst of the approval process for the vaccine and the documents were stored on an EMA server, according to a press release from BioNTech.

It is not clear whether such documents were the primary target of the attack or what other data may have been compromised, but there is no indication to date that any PPI belonging to staff or persons involved in vaccine trials was exposed. Reportedly, EMA have said the cyberattack will not delay regulatory approval of the vaccine in the EU, which is expected to be within the next few weeks.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Hibob raises $70M for its new take on human resources

/0 Comments/in /by

Productivity software has been getting a major re-examination this year, and human resources platforms — used for hiring, firing, paying and managing employees — have been no exception. Today, one of the startups that’s built what it believes is the next generation of how HR should and will work is announcing a big fundraise, underscoring its own growth and the focus on the category.

Hibob, the startup behind the HR platform that goes by the name of “bob” (the company name is pronounced, “Hi, Bob!”), has picked up $70 million in funding at a valuation that reliable sources close to the company tell us is around $500 million.

“Our mission is to modernize HR technology,” said Ronni Zehavi, Hibob’s CEO, who co-founded the company with Israel David. “We are a people management platform for how people work today. Whether that’s remotely or physically collaborative, our customers face challenges with work. We believe that the HR platforms of the future will not be clunky systems, annoying, giant platforms. We believe it should be different. We are a system of engagement rather than record.”

The Series B is being led by SEEK and Israel Growth Partners, with participation also from Bessemer Venture Partners, Battery Ventures, Eight Roads Ventures, Arbor Ventures, Presidio Ventures, Entree Capital, Cerca Partners and Perpetual Partners, the same group that also backed Hibob in its last round (a Series A extension) in 2019. It has raised $124 million to date.

The company has its roots in Israel but these days describes its headquarters as London and New York, and the funding comes on the back of strong growth in multiple markets. In an interview, Zehavi said that Hibob specialises in the mid-market customers and says that it has more than 1,000 of them currently on its books across the U.S., Europe and Asia, including Monzo, Revolut, Happy Socks, ironSource, Receipt Bank, Fiverr, Gong and VaynerMedia. In the last year Hibob has had “triple-digit” year-on-year growth (it didn’t specify what those digits are).

Human resources has never been at the more glamorous end of how a company works, and it can sometimes even be looked on with some disdain. However, HR has found itself in a new spotlight in 2020, the year when every company — whether one based around people sitting at desks or in more interactive and active environments — had to change how it worked.

That might have involved sending everyone home to sign in from offices possibly made out of corners of bedrooms or kitchens, or that might have involved a vastly different set of practices in terms of when and where workers showed up and how they interacted with people once they did. But regardless of the implementations, they all involved a team of people who needed to be linked together, still feeling connected and managed; and sometimes hired, furloughed, or let go.

That focus has started to reveal the strains of how some legacy systems worked, with older systems built to consider little more than creating an employee identity number that could then be tracked for payroll and other purposes.

Hibob — Zehavi said they chose the name after the person who owned the bob.com domain wanted too much to sell it, but they liked “bob” for the actual product — takes an approach from the ground up that is in line with how many people work today, balancing different software and apps depending on what they are doing, and linking them up by way of integrations: its own includes Slack, Microsoft Teams and Mercer, and other packages that are popular with HR departments. 

While it covers all of the necessary HR bases like payroll and further compensation, onboarding, managing time off and benefits, it further brings in a variety of other features that help build out bigger profiles of users, such as performance and culture, with the ability for peers, managers and workers themselves to provide feedback to enhance their own engagement with the company, and for the company to have a better idea of how they are fitting into the organization, and what might need more attention in the future.

That then links into a bigger organizational chart and conceptual charts that highlight strong performers, those who are possible flight risks, those who are leaders and so on. While there have been a number of others in the HR world that have built standalone apps that cover some of these features (for example, 15five was early to spot the value of a platform that made it much easier to set goals and provide feedback), what’s notable here is how they are all folded into one system together.

The end effect, as you can see here, looks less like word salad and more interactive, graphic interfaces that are presumably a lot more enjoyable and at least easier to use for HR people themselves.

The importance for investors has been that the product and the startup has identified the opportunity, but has delivered not just more engagement, but a strong piece of software that still provides the essentials.

“This is certainly not a Workday,” said Adam Fisher, a partner at Bessemer, in an interview. “Our overall thesis has been that HR is only growing in importance. And while engagement is super important, that opportunity is not enough to create the market.”

The end result is a platform that has a significant shot at building in even more over time. For example, another large area that has been seeing traction in the world of enterprise and B2B software is employee training. Specifically, enterprise learning systems are creating another way to help keep people not only up to speed on important aspects of how they work, but also engaged at a time when connections are under strain.

“Training, a SuccessFactors-style offering, is definitely in our road map,” said Zehavi, who noted they are adding new features all the time. The latest has been compensation, sometimes known as merit increase cycles. “That is a very complex issue and requires deeper integrations finance and the CFO’s office. We streamlined it and made it easy to use. We launched two months ago and it’s on fire. After learning and development there are other modules also down the road.”

New Relic acquires Kubernetes observability platform Pixie Labs

/0 Comments/in /by

Two months ago, Kubernetes observability platform Pixie Labs launched into general availability and announced a $9.15 million Series A funding round led by Benchmark, with participation from GV. Today, the company is announcing its acquisition by New Relic, the publicly traded monitoring and observability platform.

The Pixie Labs brand and product will remain in place and allow New Relic to extend its platform to the edge. From the outset, the Pixie Labs team designed the service to focus on providing observability for cloud-native workloads running on Kubernetes clusters. And while most similar tools focus on operators and IT teams, Pixie set out to build a tool that developers would want to use. Using eBPF, a relatively new way to extend the Linux kernel, the Pixie platform can collect data right at the source and without the need for an agent.

At the core of the Pixie developer experience are what the company calls “Pixie scripts.” These allow developers to write their debugging workflows, though the company also provides its own set of these and anybody in the community can contribute and share them as well. The idea here is to capture a lot of the informal knowledge around how to best debug a given service.

“We’re super excited to bring these companies together because we share a mission to make observability ubiquitous through simplicity,” Bill Staples, New Relic’s chief product officer, told me. “[…] According to IDC, there are 28 million developers in the world. And yet only a fraction of them really practice observability today. We believe it should be easier for every developer to take a data-driven approach to building software and Kubernetes is really the heart of where developers are going to build software.”

It’s worth noting that New Relic already had a solution for monitoring Kubernetes clusters. Pixie, however, will allow it to go significantly deeper into this space. “Pixie goes much, much further in terms of offering on-the-edge, live debugging use cases, the ability to run those Pixie scripts. So it’s an extension on top of the cloud-based monitoring solution we offer today,” Staples said.

The plan is to build integrations into New Relic into Pixie’s platform and to integrate Pixie use cases with New Relic One as well.

Pixie Labs raises $9.15M Series A round for its Kubernetes observability platform

Currently, about 300 teams use the Pixie platform. These range from small startups to large enterprises and, as Staples and Pixie co-founder Zain Asgar noted, there was already a substantial overlap between the two customer bases.

As for why he decided to sell, Asgar — a former Google engineer working on Google AI and adjunct professor at Stanford — told me that it was all about accelerating Pixie’s vision.

“We started Pixie to create this magical developer experience that really allows us to redefine how application developers monitor, secure and manage their applications,” Asgar said. “One of the cool things is when we actually met the team at New Relic and we got together with Bill and [New Relic founder and CEO] Lew [Cirne], we realized that there was almost a complete alignment around this vision […], and by joining forces with New Relic, we can actually accelerate this entire process.”

New Relic has recently done a lot of work on open-sourcing various parts of its platform, including its agents, data exporters and some of its tooling. Pixie, too, will now open-source its core tools. Open-sourcing the service was always on the company’s road map, but the acquisition now allows it to push this timeline forward.

“We’ll be taking Pixie and making it available to the community through open source, as well as continuing to build out the commercial enterprise-grade offering for it that extends the New Relic One platform,” Staples explained. Asgar added that it’ll take the company a little while to release the code, though.

“The same fundamental quality that got us so excited about Lew as an EIR in 2007, got us excited about Zain and Ishan in 2017 — absolutely brilliant engineers, who know how to build products developers love,” Benchmark Ventures General Partner Eric Vishria told me. “New Relic has always captured developer delight. For all its power, Kubernetes completely upends the monitoring paradigm we’ve lived with for decades. Pixie brings the same easy to use, quick time to value, no-nonsense approach to the Kubernetes world as New Relic brought to APM. It is a match made in heaven.”

Boast.ai raises $23M to help businesses get their R&D tax credits

/0 Comments/in /by

Nobody likes dealing with taxes — until the system works in your favor. In many countries, startups can receive tax credits for their R&D work and related employee cost, but as with all things bureaucracy, that’s often a slow and onerous task. Boast.ai aims to make this process far easier, by using a mix of AI and tax experts. The company, which currently has about 1,000 customers, today announced that it has raised a $23 million Series A round led by Radian Capital.

Launched in 2012 by co-founders Alex Popa (CEO) and Lloyed Lobo (president), Boast focuses on helping companies — and especially startups — in the U.S. and Canada claim their R&D tax credits.

“Globally, over $200 billion has been given in R&D incentives to fund businesses, not only in the U.S. and Canada, but the U.K., Australia, France, New Zealand, Ireland give out these incentives,” Lobo explained. “But there’s huge red tape. It’s a cumbersome process. You got to dive in and figure out work that qualifies and what doesn’t. Then you’ve got to file it with your taxes. Then if the government audits you, it’s like a long, laborious process.”

Image Credits: Boast.ai

After working on a few other startup ideas, the co-founders decided to go all-in on Boast. And in the process of working on other ideas, they also realized that AI wasn’t going to be able to do it all, but that it was getting good enough to augment humans to make a complex process like dealing with R&D tax credits scalable.

“The way I think to bootstrap a company is three things,” Lobo explained. “One, customers are looking for an outcome. Get them that outcome in the fastest, cheapest way possible. Two, when you’re doing that, you may have to do a lot of manual work. Figure out what those manual touch points are and then build the workflow to automate that. And once you have those two things, then you’ll have enough data to start working on artificial intelligence and machine learning. Those are the key learnings that we learned the hard way.”

So after doing some of that manual work, Boast can now automatically pull in data using tech tools like JIRA and GitHub and a company’s financial tools like QuickBooks, Gusto and (soon) ADP. It then uses its algorithms to cluster this data, figure out how much time employees spend on projects that would qualify for a tax credit and automate the tax filing process. Throughout the process — and to interact with the government if necessary — the company keeps humans in the loop.

“So all our [customer success] team is engineers,” Lobo noted. “Because if you don’t have engineers they can’t inform the decision-making process. They help figure out if there are any loose ends and then they deal with the audits, communicating with the government and whatnot. That’s how we’re able to effectively get SaaS-like margins or more.”

Ideally, a tool like Boast pays for itself and the company says it has secured more than $150 million in R&D tax credits since launch. Currently, it’s also doubling growth year over year, and that’s what made the founders decide to raise outside money for the first time. That funding will go toward increasing the sales team (which is currently only four people strong) and improving the platform, but Lobo was clear that he doesn’t want to be too aggressive. The goal, he said, is not to have to raise again until Boast can hit the $30 to $50 million revenue mark.

Once fully implemented, Boast also effectively becomes a system of record for all R&D and engineering data. And indeed, that’s the company’s overall vision, with the tax credits being somewhat of a Trojan horse to get to this point. By the middle of next year, the team plans to offer a new product around R&D-based financing, Lobo tells me.

Over the years, the Boast team also focused on not just growing its customer base but also the overall startup ecosystem in the markets in which it operates, with a special focus on Canada. The Boast team, for example, is also the team behind the popular annual Traction conference in Vancouver, Canada (Disclosure: I’ve moderated sessions at the event since its inception). A thriving startup ecosystem creates a larger client base for Boast, too, after all — and coincidently, the team met its investors at the event, too.