Due Diligence That Money Can’t Buy

/0 Comments/in /by

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble.

Nick is an investment banker who runs a firm that helps raise capital for its clients (Nick is not his real name, and like other investment brokers interviewed in this story spoke with KrebsOnSecurity on condition of anonymity). Nick’s company works primarily in the mergers and acquisitions space, and his job involves advising clients about which companies and investors might be a good bet.

In one recent engagement, a client of Nick’s said they’d reached out to an investor from Switzerland — The Private Office of John Bernard — whose name was included on a list of angel investors focused on technology startups.

“We ran into a group that one of my junior guys found on a list of data providers that compiled information on investors,” Nick explained. “I told them what we do and said we were working with a couple of companies that were interested in financing, and asked them to send some materials over. The guy had a British accent, claimed to have made his money in tech and in the dot-com boom, and said he’d sold a company to Geocities that was then bought by Yahoo.”

But Nick wasn’t convinced Mr. Bernard’s company was for real. Nick and his colleagues couldn’t locate the company Mr. Bernard claimed to have sold, and while Bernard said he was based in Switzerland, virtually all of his staff were all listed on LinkedIn as residing in Ukraine.

Nick told his clients about his reservations, but each nevertheless was excited that someone was finally interested enough to invest in their ideas.

“The CEO of the client firm said, ‘This is great, someone is willing to believe in our company’,” Nick said. “After one phone call, he made an offer to invest tens of millions of dollars. I advised them not to pursue it, and one of the clients agreed. The other was very gung ho.”

When companies wish to link up with investors, what follows involves a process known as “due diligence” wherein each side takes time to research the other’s finances, management, and any lurking legal liabilities or risks associated with the transaction. Typically, each party will cover their own due diligence costs, but sometimes the investor or the company that stands to benefit from the transaction will cover the associated fees for both parties.

Nick said he wasn’t surprised when Mr. Bernard’s office insisted that its due diligence fees of tens of thousands of dollars be paid up front by his client. And he noticed the website for the due diligence firm that Mr. Bernard suggested using — insideknowledge.ch — also was filled with generalities and stock photos, just like John Bernard’s private office website.

“He said we used to use big accounting firms for this but found them to be ineffective,” Nick said. “The company they wanted us to use looked like a real accounting firm, but we couldn’t find any evidence that they were real. Also, we asked to see an investment portfolio. He said he’s invested in over 30 companies, so I would expect to see a document that says, “here’s the various companies we’ve invested in.” But instead, we got two recommendation letters on letterhead saying how great these investors were.”

KrebsOnSecurity located two other investment bankers who had similar experiences with Mr. Bernard’s office.

“A number of us have been comparing notes on this guy, and he never actually delivers,” said one investment banker who asked not to be named because he did not have permission from his clients. “In each case, he agreed to invest millions with no push back, the documentation submitted from their end was shabby and unprofessional, and they seem focused on companies that will write a check for due diligence fees. After their fees are paid, the experience has been an ever increasing and inventive number of reasons why the deal can’t close, including health problems and all sorts of excuses.”

Mr. Bernard’s investment firm did not respond to multiple requests for comment. The one technology company this author could tie to Mr. Bernard was secureswissdata.com, a Swiss concern that provides encrypted email and data services. The domain was registered in 2015 by Inside Knowledge. In February 2020, Secure Swiss Data was purchased in an “undisclosed multimillion buyout” by SafeSwiss Secure Communication AG.

SafeSwiss co-CEO and Secure Swiss Data founder David Bruno said he couldn’t imagine that Mr. Bernard would be involved in anything improper.

“I can confirm that I know John Bernard and have always found him very honourable and straight forward in my dealings with him as an investor,” Bruno said. “To be honest with you, I struggle to believe that he would, or would even need to be, involved in the activity you mentioned, and quite frankly I’ve never heard about those things.”

DUE DILIGENCE

John Bernard is named in historic WHOIS domain name registration records from 2015 as the owner of the due diligence firm insideknowledge.ch. Another “capital investment” company tied to John Bernard’s Swiss address is liftinvest.ch, which was registered in November 2017.

Curiously, in May 2018, its WHOIS ownership records switched to a new name with the same initials: one “Jonathan Bibi,” with an address in the offshore company haven of Seychelles. Likewise, Mr. Bibi was listed as a onetime owner of the domain for Mr. Bernard’s company  —the-private-office.ch — as well as johnbernard.ch.

Running a reverse WHOIS search through domaintools.com [an advertiser on this site] reveals several other interesting domains historically tied to a Jonathan Bibi from the Seychelles. Among those is acheterdubitcoin.org, a business that was blacklisted by French regulators in 2018 for promoting cryptocurrency scams.

Another Seychelles concern tied to Mr. Bibi was effectivebets.com, which in 2017 and 2018 promoted sports betting via cryptocurrencies and offered tips on picking winners.

A Google search on Jonathan Bibi from Seychelles reveals he was listed as a respondent in a lawsuit filed in 2018 by the State of Missouri, which named him as a participant in an unlicensed “binary options” investment scheme that bilked investors out of their money.

Jonathan Bibi from Seychelles also was named as the director of another binary options scheme called the GoldmanOptions scam that was ultimately shut down by regulators in the Czech Republic.

Jason Kane is an attorney with Peiffer Wolf, a litigation firm that focuses on investment fraud. Kane said companies bilked by small-time investment schemes rarely pursue legal action, mainly because the legal fees involved can quickly surpass the losses. What’s more, most victims will likely be too ashamed to come forward.

“These are cases where you might win but you’ll never collect any money,” Kane said. “This seems like an investment twist on those fairly simple scams we all can’t believe people fall for, but as scams go this one is pretty good. Do this a few times a year and you can make a decent living and no one is really going to come after you.”

The Good, the Bad and the Ugly in Cybersecurity – Week 37

/0 Comments/in /by

The Good

Schools are trying to get kids back to their desks while also dodging outbreaks of viruses both physical and cyber. Fortunately, at least one roadblock was flattened when a 16-year-old student at South Miami Senior High was charged with launching a DDoS that paralyzed the school district’s computer network for the first three days of virtual classes. Over those three days, all students saw when they tried to log in for the new school year were error messages.

Make that a pummeling of attacks: The Miami-Dade school district said last week that the student admitted to pulling the strings behind eight DDoS attacks targeting the district’s networks, including the web-based systems needed for its online learning platform, called My School Online.

The school system has actually been targeted about two dozen times since the school year began, according to the Miami Herald. Investigators are trying to figure out who else might be behind the attacks besides the student, who admitted to succeeding with an embarrassingly basic attack: He used a decade-old, open-source tool called a Low Orbit Ion Cannon (LOIC) that even the most bare-bones firewall should be able to catch.

The Bad

Zeppelin ransomware has wafted back, again casting its shadow over IT and healthcare providers. This time, it’s picked up an obnoxious passenger: a new Trojan downloader that helps it to sneak around antivirus apps and evade detection.

Analysts at Juniper Threat Labs say that the misery starts with a Microsoft Word document that has a malicious macro hiding in its gut. The rigged email, which aims to lure victims into enabling VBA macros that will trigger infection, includes a blurred “invoice” and text box that are actually just images.

Push the blurry bits aside, and you’ll find random gobbledygook that actually hides snippets of Visual Basic scripts. The Visual Basic interpreter extracts the garbage text from the document, treats it as commented-out code, and ignores it, leaving just the malicious commands. Strip it down to just those commands and you get to the meat of the matter: a Zeppelin ransomware.exe that sleeps for 26 seconds as it tries to out-wait dynamic analysis in an automated sandbox before going on to run the ransomware executable.

As you can see, the ransom note includes its own mini helpdesk manual warning users against trying to rename or decrypt files. The crooks’ argument: You don’t want to add to the cost of your ransom by paying for help that won’t work, now do you? Besides, “you can become the victim of a scam”, the Zeppelin crooks ironically caution their victims. So helpful!

The Ugly

As they struggle to open, schools aren’t just dealing with the COVID-19 pandemic. They’re also dealing with an onslaught of ransomware attacks; DDoS attacks like the one I mentioned above in Miami-Dade, for which police arrested a high school student; and Zoom-bombing: all of it conspiring to delay children’s return to school.

As Threat Post reports, just this week we saw ransomware attacks on the school districts in Hartford, Conn. and Clark County, Nev. On Tuesday, Hartford Public Schools said that a ransomware attack had postponed school openings, both for in-person and online learning. AP reports that yesterday—Thursday, Sept. 10—the Clark County School District in Nevada said that it, too, experienced a ransomware attack during the first week of school and that some employee personal information may have been exposed.

In fact, according to Recorded Future, so far, there have been nine recorded ransomware attacks against school districts in July, August and September. That might sound bad, but it’s been worse: Last year, Recorded Future collected data from hacker forums, threat feeds, news reports and code repositories that showed that at least 15 school districts had been hit by ransomware attacks during a two-week period in September 2019.

Allan Liska, a ransomware specialist at Recorded Future, said that the shift to remote learning might actually cause the trend to point downward. “We are definitely in an uncharted territory,” Liska said. “There has been a small uptick in ransomware attacks as schools get back into session, but with so many school systems going remote this semester there is a much smaller attack surface for the ransomware groups to target.”

Let’s hope he’s right: The kids need a break.

Like this article? Follow us on LinkedIn , Twitter , YouTube or Facebook to see the content we post.

Read more about Cyber Security

Feature Spotlight: Automated Application Control for Cloud Workloads

/0 Comments/in /by

One of the principles of cloud-native workloads is that they are built from immutable images containing everything an application needs in order to run. Whereas desktop and laptop users require the need to install new software, this is not the case for cloud workloads. Based upon the image of the containerized microservice, every process which runs inside a container is fully expected, from the moment the container is spawned until it is killed. Because containerized microservices are dynamic by nature, preserving the immutable state during runtime is crucial for defending against threats such as malware, cryptojacking, and zero-days.

Many solutions today rely upon static allow-lists (formerly, “whitelists”) of all processes that are cleared to run inside the containerized workload, with any deviation from that list considered a threat to be mitigated. There are two different approaches to automatically creating such allow-lists for containerized workloads:

  • Pre-deployment scanning. In this approach, the container image is scanned, creating an allow-list of (expected) processes. While this approach ensures that a container will always run with a predefined set of processes, it adds the overhead of managing allow-lists for new versions of images used in the organization. This overhead creates friction in the gears of agility.
  • Learning during runtime. Here, ML learns the behavior of a container over a period of time, usually in a sandbox, before pushing to production. While this approach provides an auto-generated allow-list, its effectiveness depends on the time period being set. Set it too low and you can miss processes that were not yet triggered yet, generating a high rate of false positives. Conversely, setting it too high causes long delays when pushing new versions to production.

Having seen organizations struggle to protect their containerized workloads with current solutions, we decided to take a different approach that requires zero-intervention by our customers and which does not compromise on security.

No More Allow-Lists

We are proud to introduce the Application Control Engine, built to protect cloud-native workloads, providing advanced “lockdown” capabilities that guarantee the immutable state of containerized workloads. It requires no special configurations and does not add complexity or delay to the software delivery chain. This engine protects container workloads from the get-go, whether they run as Kubernetes pods or as plain containers in Docker servers, and can be enabled by one simple click to secure the workloads.

How Does the Application Control Engine Work?

When the Application Control Engine detects a process that impairs the immutable state of a containerized workload, it immediately reports that process as a threat, mitigates it by killing the process, and moves relevant files into quarantine.

Let’s see it in action. Here we have a Node.js application running as a Kubernetes deployment:

Now let’s connect to the pod of this application, download a coin miner binary using wget, provide execute permissions, and run it:

Once executed, the Application Control Engine (1) identifies the execution of the foreign minerd binary as a threat, (2) eliminates it by running a mitigation action that kills the minerd process (exit code 137), and (3) moves the minerd binary to quarantine.

Now, let’s look at the forensics view of the threat:

This view reveals the command line used to initiate the threat (./minerd), the engine used for detection (Application Control) and the mitigation action taken to eliminate the threat (KILLED).

The forensics view also provides complete visibility to container and Kubernetes details including pod name, labels, namespace, and image name:

Now let’s switch to a different view that illustrates the chain of events that led to the execution of the coin miner:

We can clearly see how the kubectl exec command started a bash session inside the node-web-app pod, that was later used to download and execute the minerd binary using wget and chmod commands. The example above shows how Application Control eliminates a coin miner threat started as a binary, but it will, of course, provide the same level of protection for threats based on scripting languages, whether they run as standalone scripts or binaries.

Conclusion

The Application Control Engine is the answer to the security needs of containerized cloud workloads.  It helps secure runtime from known and unknown threats with a simple click of a button, and it does so without any ML training period or unwelcome delays to production release. The Application Control Engine feature is available starting Linux Agent 4.4 and Kubernetes Agent 4.4, which is in early availability, and requires the Liberty management console (now in GA).

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

StackRox nabs $26.5M for a platform that secures containers in Kubernetes

/0 Comments/in /by

Containers have become a ubiquitous cornerstone in how companies manage their data, a trend that has only accelerated in the last eight months with the larger shift to cloud services and more frequent remote working due to the coronavirus pandemic. Alongside that, startups building services to enable containers to be used better are also getting a boost.

StackRox, which develops Kubernetes-native security solutions, says that its business grew by 240% in the first half of this year, and on the back of that, it is announcing today that it has raised $26.5 million to expand its business into international markets and continue investing in its R&D.

The funding, which appears to be a Series C, has an impressive list of backers. It is being led by Menlo Ventures, with Highland Capital Partners, Hewlett-Packard Enterprise, Sequoia Capital and Redpoint Ventures also participating. Sequoia and Redpoint are previous investors, and the company has raised around $60 million to date.

HPE is a strategic backer in this round:

“At HPE, we are working with our customers to help them accelerate their digital transformations,” said Paul Glaser, VP, Hewlett Packard Enterprise, and head of Pathfinder. “Security is a critical priority as they look to modernize their applications with containers. We’re excited to invest in StackRox and see it as a great fit with our new software HPE Ezmeral to help HPE customers secure their Kubernetes environments across their full application life cycle. By directly integrating with Kubernetes, StackRox enables a level of simplicity and unification for DevOps and Security teams to apply the needed controls effectively.”

Kamal Shah, the CEO, said that StackRox is not disclosing its valuation, but he confirmed it has definitely gone up. For some context, according to PitchBook data, the company was valued at $145 million in its last funding round, a Series B in 2018. Its customers today include the likes of Priceline, Brex, Reddit, Zendesk and Splunk, as well as government and other enterprise customers, in a container security market that analysts project will be worth some $2.2 billion by 2024, up from $568 million last year.

StackRox got its start in 2014, when containers were starting to pick up momentum in the market. At the time, its focus was a little more fragmented, not unlike the container market itself — it provided solutions that could be used with Docker containers as well as others. Over time, Shah said that the company chose to hone its focus just on Kubernetes, originally developed by Google and open-sourced, and now essentially the de facto standard in containerisation.

“We made a bet on Kubernetes at a time when there were multiple orchestrators, including Mesosphere, Docker and others,” he said. “Over the last two years Kubernetes has won the war and become the default choice, the Linux of the cloud and the biggest open-source cloud application. We are all Kubernetes all the time because what we see in the market are that a majority of our customers are moving to it. It has over 35,000 contributors to the open-source project alone, it’s not just Red Hat (IBM) and Google.” Research from CNCF estimates that nearly 80% of organizations that it surveyed are running Kubernetes in production.

That is not all good news, however, with the interest underscoring a bigger need for Kubernetes-focused security solutions for enterprises that opt to use it.

Shah says that some of the typical pitfalls in container architecture arise when they are misconfigured, leading to breaches; as well as around how applications are monitored; how developers use open-source libraries; and how companies implement regulatory compliance. Other security vulnerabilities that have been highlighted by others include the use of insecure container images; how containers interact with each other; the use of containers that have been infected with rogue processes; and having containers not isolated properly from their hosts.

But, Shah noted, “Containers in Kubernetes are inherently more secure if you can deploy correctly.” And to that end that is where StackRox’s solutions attempt to help: The company has built a multi-purposes toolkit that provides developers and security engineers with risk visibility, threat detection, compliance tools, segmentation tools and more. “Kubernetes was built for scale and flexibility, but it has lots of controls, so if you misconfigure it, it can lead to breaches. So you need a security solution to make sure you configure it all correctly,” said Shah.

He added that there has been a definite shift over the years from companies considering security solutions as an optional element into one that forms part of the consideration at the very core of the IT budget — another reason why StackRox and competitors like TwistLock (acquired by Palo Alto Networks) and Aqua Security have all seen their businesses really grow.

“We’ve seen the innovation companies are enabling by building applications in containers and Kubernetes. The need to protect those applications, at the scale and pace of DevOps, is crucial to realizing the business benefits of that innovation,” said Venky Ganesan, partner, Menlo Ventures, in a statement. “While lots of companies have focused on securing the container, only StackRox saw the need to focus on Kubernetes as the control plane for security as well as infrastructure. We’re thrilled to help fuel the company’s growth as it dominates this dynamic market.”

“Kubernetes represents one of the most important paradigm shifts in the world of enterprise software in years,” said Corey Mulloy, general partner, Highland Capital Partners, in a statement. “StackRox sits at the forefront of Kubernetes security, and as enterprises continue their shift to the cloud, Kubernetes is the ubiquitous platform that Linux was for the Internet era. In enabling Kubernetes-native security, StackRox has become the security platform of choice for these cloud-native app dev environments.”

Top Ways to Shorten Cybersecurity Remediation Cycles 

/0 Comments/in /by

A guest post by John Ayers, Chief Strategy Product Officer at Nuspire, on the importance of aligning your business priorities to your endpoint protection platform.

Long remediation cycles are top of mind for many organizations. Decreasing detection time is an improvement; however, it doesn’t translate to shortening remediation cycles once the threat is identified. There continues to be a disconnect between how fast IT teams are detecting threats and how fast they can eradicate them.

As IT teams are tasked to do more with less, the question becomes: How can they optimize existing tools to meet both security and business operation goals?

The answer is aligning priorities to your endpoint protection platform (EPP). Utilizing the right endpoint protection and response (EDR) solution expands visibility into your environment so as to:

  • Further decrease time to detection and remediation
  • Improve your SecOps efficiencies and effectiveness
  • Achieve proactive security that manages the highest-risk cybersecurity threats

Containing a breach in fewer than 30 days could save you millions. Even for a large enterprise, that’s a sizable amount.

Integrated Managed Detection and Response (MDR)

When doing more with less is both the business and operations mandate, how can you achieve economies of scale? With MDR, you only have to see a threat once in your environment, and it’s blocked everywhere. This saves you a tremendous amount of time, shortening your remediation timeline and shrinking costs. EDR integrates with various MDR components on the back end, while its integration with security information and event management (SIEM) provides a user interface (UI) for the front end.

Endpoint isolation enables you to quickly block incoming and outgoing network activity, eliminating the risk of an infection spreading across your network. During isolation, which can be triggered manually or automatically, you can maintain complete visibility into the endpoint through the cloud. Once we mitigate the threat, we can quickly enable the healthy endpoint to rejoin the network.

Why Cutting Remediation Time Is Key to Cutting Costs

Here’s why that fast mitigation matters: the longer your time to remediate, the bigger the hit to your bottom line. Improving the mean time to detect key performance indicators (KPIs) to measure cybersecurity effectiveness is imperative for C-level stakeholders, including both the CISO and business operations. Yet both camps grapple with issues like the cybersecurity talent shortage, a high number of alerts and false positives—according to the CISO Benchmark Report, 41% of organizations get more than 10,000 security alerts daily—along with a lack of insight into what’s happening across their environment. To break this cycle, you don’t need more tools. You need to automate and integrate technologies that give you economies of scale.

EDR allows CISOs to perform in-depth search for information that other tools collect across the environment. This enables them to confirm whether that data directly relates to the attack. These insights improve scoping and significantly reduce remediation time.

EDR also enables you to perform advanced search—by schedule or on-demand—for any data across the entire environment, treating each endpoint as a database to be queried. You can quickly execute a query, based on triggers such as detection of indicators of compromise, with the option of increasing automated actions.

Next, let’s take a look at a couple of additional capabilities of EDR that provide actionable insights.

Continuous Monitoring and Scanning

As new threat information becomes available and a file is identified as malicious, EDR automatically quarantines the file and alerts you. Using the file trajectory feature, you can see the file’s lifespan across all endpoints, including malware movement from the initial infected host to other devices. Another feature, device trajectory, shows how hosts interact with files, including an event timeline that traces the threat.

Integrated Threat Intelligence

EDR is trained by algorithms to learn how to identify malicious files and activity based on the attributes of known malware. Machine learning capabilities in EDR are fed by the comprehensive artificial intelligence dataset from SentinelOne to ensure a better, more accurate model. This combination helps detect malware at the point of entry, even if a particular variant is brand-new, never having been previously encountered.

Machine Learning (ML) with a Little More Magic

EDR automatically receives actionable intelligence from SentinelOne’s Deep File Inspection (DFI) engine, which detects and prevents threats from executing by use of static ML models. Those models are trained to detect threats by looking at various static attributes that can be extracted from executables, making it a signature-less technology that’s superior at detecting file-based threats. Then, SentinelOne’s Dynamic Behavioral Tracking (DBT) tracks all activities on the system, including file/registry changes, service start/stop, inter-process communication and network activity. This information is fed into a dynamic ML model that detects and kills threats that haven’t already been caught by DFI. Since it models the behavior of all processes, the ML model identifies threats that are hard to catch with static models.

Improved Efficiency and Effectiveness

How do you identify which assets are the most exposed so that you can prioritize remediation of the relevant threats? The challenge is to determine which endpoints may have a piece of legacy software with a specific Common Vulnerabilities and Exposures (CVE) entry. Typical endpoint solutions identify which endpoints had outdated apps when they were launched. However, if the software hasn’t run on an endpoint in some time, determining the CVE entry exposure may be delayed or even missed.

To solve that problem, EDR performs advanced search to continuously query all endpoints through a SaaS-based portal. Regardless of when an application with a CVE last ran, if at all, you can run a report that identifies all endpoints and where they reside. If the vulnerability is critical, you can choose to isolate the affected endpoints from the network and mitigate the weakness before attackers can exploit it.

On top of this, EDR has more capabilities that can make your security operations more efficient such as Automated Workflows and Endpoint Isolation.

Automated Workflows

One example of automated workflows is retrospective analysis, which automatically quarantines a malicious file that originally presented itself as benign. New, unknown threats don’t get blocked when they first enter the environment, but EDR tracks and monitors the file and its behavior. When new threat intelligence indicates the file is malicious, the retrospective feature doesn’t wait for a human to discover it—it quickly blocks the file while triggering an alert so you can review the incident and mitigate it.

Endpoint Isolation

Even with visibility into your environment, removing a threat and remediating a compromised endpoint takes time. This leaves a wider window for a threat to escalate while increasing your remediation time and, consequently, your risk. Endpoint isolation enables you to quickly block incoming and outgoing network activity, eliminating the risk of an infection spreading across your network. During isolation, which can be triggered manually or automatically via APIs, you can maintain complete visibility into the endpoint through the cloud, as well as allow IP address whitelisting. Once you’ve mitigated the threat, you can quickly enable the healthy endpoint to rejoin the network.

Conclusion

EDR enables you to meet both the business and SecOps goals without additional resources. Defending against evolving threats is a complicated responsibility, but you can reduce the complexity and increase efficiency with advanced solutions that are designed to solve today’s complicated security challenges.

Find a provider that has a comprehensive security portfolio that amplifies your IT team’s ability to defend your organization against the riskiest threats. Enable both CISOs and IT teams to do more with less while improving your security posture—and your bottom line.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Snyk bags another $200M at $2.6B valuation 9 months after last raise

/0 Comments/in /by

When we last reported on Snyk in January, eons ago in COVID time, the company announced $150 million investment on a valuation of over $1 billion. Today, barely nine months later, it announced another $200 million and its valuation has expanded to $2.6 billion.

The company is obviously drawing some serious investor attention, and even a pandemic is not diminishing that interest. Addition led today’s round, bringing the total raised to $450 million with $350 million coming this year alone.

Snyk has a unique approach to security, building it into the development process instead of offloading it to a separate security team. If you want to build a secure product, you need to think about it as you’re developing the product, and that’s what Snyk’s product set is designed to do — check for security as you’re committing your build to your git repository.

With an open-source product at the top of funnel to drive interest in the platform, CEO Peter McKay says the pandemic has only accelerated the appeal of the company. In fact, the startup’s annual recurring revenue (ARR) is growing at a remarkable 275% year over year.

McKay says even with the pandemic his company has been accelerating, adding 100 employees in the last 12 months to take advantage of the increasing revenue. “When others were kind of scaling back we invested and it worked out well because our business never slowed down. In fact, in a lot of the industries it really picked up,” he said.

That’s because as many other founders have pointed out, COVID is speeding up the rate at which many companies are moving to the cloud, and that’s working to Snyk’s favor. “We’ve just capitalized on this accelerated shift to the cloud and modern cloud-native applications,” he said.

The company currently has 375 employees, with plans to add 100 more in the next year. As it grows, McKay says that he is looking to build a diverse and inclusive culture, something he learned about as he moved through his career at VMware and Veeam.

He says one of the keys at Snyk is putting every employee through unconscious bias training to help limit bias in the hiring process, and the executive team has taken a pledge to make the company’s hiring practices more diverse. Still, he recognizes it takes work to achieve these goals, and it’s always easy for an experienced team to go back to the network instead of digging deeper for a more diverse candidate pool.

“I think we’ve put all the pieces in place to get there, but I think like a lot of companies, there’s still a long way to go,” he said. But he recognizes the sooner you embed diversity into the company culture, the better because it’s hard to go back after the fact and do it.

Addition founder Lee Fixel says he sees a company that’s accelerating rapidly and that’s why he was willing to pour in so big an investment. “Snyk’s impressive growth is a signal that the market is ready to embrace a change from traditional security and empower developers to tackle the new security risk that comes with a software-driven digital world,” he said in a statement.

Snyk was founded in 2015. The founders brought McKay on board for some experienced leadership in 2018 to help lead the company through its rapid growth. Prior to the $350 million in new money this year, the company raised $70 million in 2019.

Snyk snags $150M investment as its valuation surpasses $1B

Sprinklr raises $200M on $2.7B valuation four years after last investment

/0 Comments/in /by

Sprinklr has been busy the last few years acquiring a dozen companies, then rewriting their code base and incorporating them into the company’s customer experience platform. Today, the late-stage startup went back to the fundraising well for the first time in four years, and it was a doozy, raising $200 million on a $2.7 billion valuation.

The money came from private equity firm Hellman & Friedman, which also invested $300 million in buying back secondary shares. Meanwhile the company also announced $150 million in convertible securities from Sixth Street Growth. That’s a lot of action for a company that’s been quiet on the fundraising front for years.

Company founder and CEO Ragy Thomas says he sought the investment now because after building a customer experience platform, he was ready to accelerate and he needed the money to do it. He expects the company to hit $400 million in annual recurring revenue by year’s end and he says that he sees a much bigger opportunity on the horizon.

“We think it’s a $100 billion opportunity and our large public competitors have validated that and continue to do so in the customer experience management space,” he said. Those large competitors include Salesforce and Adobe.

He sees customer experience management as having the kind of growth that CRM has had in the past, and this money gives him more options to grow faster, while working with a big private equity firm.

“So what was appealing in this market for us was not just putting some more money in the bank and being a little more aggressive in growth, innovation, go to market and potential M&A, but what was also appealing is the opportunity to bring someone like a Hellman & Friedman to the table,” Thomas said.

The company has 1,000 clients, some spending millions of dollars a year. They currently have 1,900 employees in 25 offices around the world, and Thomas wants to add another 500 over the next 12 months — and he believes that $1 billion in ARR is a realistic goal for the company.

As he builds the company, Thomas, who is a person of color, has codified diversity and inclusion into the company’s charter, what he calls the “Sprinklr Way.” “For us, diversity and inclusion is not impossible. It is not something that you do to check a box and market yourself. It’s deep in our DNA,” he said.

Tarim Wasim a partner at investor Hellman & Friedman, sees a company with tremendous potential to lead a growing market. “Sprinklr has a unique opportunity to lead a Customer Experience Management market that’s already massive — and growing — as enterprises continue to realize the urgent need to put CXM at the heart of their digital transformation strategy,” Wasim said in a statement.

Sprinklr was founded in 2009. Before today, it last raised $105 million in 2016 led by Temasek Holdings. Past investors include Battery Ventures, ICONIQ Capital and Intel Capital.

Sprinklr launches major push into customer experience

Xometry raises $75M Series E to expand custom manufacturing marketplace

/0 Comments/in /by

When companies need to find manufacturers to build custom parts, it’s not always an easy process, especially during a pandemic. Xometry, a seven-year-old startup based in Maryland, has built an online marketplace where companies can find manufacturers across the world with excess capacity to build whatever they need. Today, the company announced a $75 million Series E investment to keep expanding the platform.

T. Rowe Price Associates led the investment, with participation from new firms Durable Capital Partners LP and ArrowMark Partners. Previous investors also joined the round, including BMW i Ventures, Greenspring Associates, Dell Technologies Capital, Robert Bosch Venture Capital, Foundry Group, Highland Capital Partners and Almaz Capital . Today’s investment brings the total raised to $193 million, according to the company.

Company CEO and co-founder Randy Altschuler says Xometry fills a need by providing a digital way of putting buyers and manufacturers together with a dash of artificial intelligence to put the right combination together. “We’ve created a marketplace using artificial intelligence to power it, and provide an e-commerce experience for buyers of custom manufacturing and for suppliers to deliver that manufacturing,” Altschuler told TechCrunch.

The kind of custom pieces that are facilitated by this platform include mechanical parts for aerospace, defense, automotive, robotics and medical devices — what Altschuler calls mission-critical parts. Being able to put companies together in this fashion is particularly useful during COVID-19 when certain regions might have been shut down.

“COVID has reinforced the need for distributed manufacturing and our platform enables that by empowering these local manufacturers, and because we’re using technology to do it, as COVID has unfolded […] and as continents have shut down, and even specific states in the United States have shut down, our platform has allowed customers to autocorrect and shift work to other locations,” he explained

What’s more, companies could take advantage of the platform to manufacture critical personal protective equipment. “One of the beauties of our platform was when COVID hit customers could come to our platform and suddenly access this tremendous amount of manufacturing capacity to produce this much-needed PPE,” he said.

Xometry makes money by facilitating the sale between the buyer and producer. They help set the price and then make money on the difference between the cost to produce and how much the buyer was willing to pay to have it done.

They have relationships with 5,000 manufacturers located throughout the world and 30,000 customers using the platform to build the parts they need. The company currently has around 350 employees, with plans to use the money to add more to keep enhancing the platform.

Altschuler says from a human perspective, he wants his company to have a diverse workforce because he never wants to see people being discriminated against for whatever reason, but he also says as a company with an international market, having a diverse workforce is also critical to his business. “The more diversity that we have within Xometry, the more we’re able to effectively market to those folks, sell to those folks and understand how they utilize technology. We’re just going to better understand our customer set as we [build a more diverse workforce],” he said.

As a Series E-stage company, Altschuler does not shy away from the IPO question. In fact, he recently brought in new CFO Jim Rallo, who has experience taking a company public. “The market that we operate in is so large, and there’s so many opportunities for us to serve both our customers and our suppliers, and we have to be great for both of them. We need capital to do that, and the public markets can be an efficient way to access that capital and to grow our business, and in the end that’s what we want to do,” he said.

Xometry acquires European on-demand manufacturing marketplace Shift

Socialbakers acquired by customer engagement company Astute

/0 Comments/in /by

Astute, a customer engagement platform headquartered in Columbus, Ohio, is announcing that it has acquired social media marketing company Socialbakers.

The financial terms of the acquisition were not disclosed. Socialbakers CEO Yuval Ben-Itzhak will become president of Socialbakers for the combined company, and he told me via email that the entire Socialbakers team will be joining as well, resulting in a combined organization with more than 600 employees and $100 million in annual recurring revenue.

Socialbakers was one of the last independent players from the first wave of social analytics. Founded in 2008 and based in Prague, the company raised a total of $34 million in funding, according to Crunchbase, from investors including Earlybird Venture Capital and Index Ventures. And it’s used by more than 2,500 brands globally.

Astute, meanwhile, has been around for 25 years, and focuses on unifying customer data. Ben-Itzhak said that by acquiring Socialbakers, Astute will be able to add social media-focused features like audience insights, content planning, influencer marketing and ad analytics.

“Socialbakers and Astute are already sharing dozens of mutual brand customers in the enterprise segment,” he said. “This is, in fact, how the acquisition talks came about. The platform integration process has already started and is expected to continue through Q4.”

In a statement, Astute CEO Mark Zablan also emphasized the comprehensiveness of the resulting platform.

“The lines between customer care, customer experience, and marketing have become increasingly blurred, presenting real challenges for companies,” Zablan said. “Combining the market-leading social media marketing capabilities of Socialbakers with Astute’s engagement suite not only helps our customers tackle this challenge more effectively, but also marks a major milestone along Astute’s journey towards becoming the end-to-end customer engagement platform that the Chief Customer Officer needs to succeed.”

Meltwater has acquired DataSift to double down on social media analytics

B2B marketing company Metadata.io raises $6.5M

/0 Comments/in /by

Metadata.io announced today that it has raised $6.5 million in Series A funding.

It’s been more than four years since I wrote about the startup’s $2 million seed funding. At the time, co-founder and CEO Gil Allouche described the product as helping business-to-business marketers target their ads as people who resemble their existing sales leads.

Since then, the company has launched its product in general availability, and Allouche told me yesterday that it’s become “really the middleware for the sales and marketing stack.”

“It doesn’t just … give you insights, it skips the human as the bottleneck of execution for marketing [operations],” Allouche said, adding that this makes marketing teams more efficient while also eliminating much of the drudgery. “If you’re a Don Draper who’s really good at creative or content, you should spend your time on that and not in an Excel spreadsheet.”

At the same time, ad targeting remains a key part of the company’s capabilities. For example, its new product MetaMatch allows advertisers to build and target custom audiences on Facebook, LinkedIn and programmatic display.

Allouche also said that demand has increased “quite significantly” since the beginning of the pandemic. That’s counter to larger digital ad trends, but he noted that B2B companies still need to reach customers, and many of the old tools — like in-person events — are now off the table.

Metadata leadership team

Gil Allouche and the Metadata leadership team

In addition, he said that Metadata’s proprietary database of 1.4 billion customer profiles have given it an additional advantage in the face of privacy regulation and ad-tracking restrictions.

The platform has been used by companies including Zoom, Drift, Pendo, Udacity, and Vonage.

The new funding was led by Resolute Ventures, with participation from Greycroft, York IE, Stormbreakers, Eloqua founder Mark Organ, Segment founder Ilya Volodarsky and others.

Metadata isn’t another marketing technology,” Organ said in a statement. “From the origin of the company transforming marketing operations by eliminating tedious manual work, to today, creating a category that transcends demand gen, it is enabling the autonomous marketer to be a reality. It is the marketer that’s needed for the future.”

5 VCs agree: COVID-19 reshaped adtech and martech