Cyber security is having its moment right now, with a huge number of companies in the space gaining recognition and earning money. That's no surprise, given the news over the last year; with the hackings of Target, Michaels, Neiman Marcus, along with tech companies like eBay, Twitter, Facebook and Apple, and the Heartbleed bug.
Frankly, I'd be shocked if these companies weren't raising money!
The latest company to gain interest from venture capitalists is Hexadite, an Israel-based company that focuses on automated cybersecurity incident response. The company came out of stealth mode on Tuesday, and announced that it has raised $2.5 million in seed funding. The round was led by YL Ventures with participation by former Microsoft Corporate Vice President Moshe Lichtman.
The Tel Aviv-based Hexadite was founded by Eran Barak, Idan Levin and Barak Klinghofer, all of whom are former military intelligence officers and private sector security experts.
I interviewed Eran Barak about where his company fits into an increasingly crowded space.
First, he explained to me that there are four different phases in the cyber security domain:
- Preparation, in which there many vendors, including IBM, who provide clients with with perimeter infrasturcuture and intelligence
- Detection, which he said is "really crowded," with lots of companies and startups, as well as mature vendors, who offer detection systems
- Incident response, which means that once a detection system raises an alert, the company has to respond;
- Forensic, which occurs after the incident, and the organization or enterprise wants to know who attacked, why, what was the interest and what data was lost
Hexadite covers the "incident response" portion of that equation, and the reason is because Barak, Levin and Klinghofer saw a major problem that had to be fixed: the huge gap that currently exists between detection and response.
Partially that is because most tools are based on a manual process, where the company has to hire someone to go and figure out the source of each alert. But it also has to with the sheer number of alerts that the detection systems are picking up, a large perctenage of which are false, he said.
"We understood that, today, some expertise was needed to handle all those alerts. While some are real breaches, there is a gap between the time the alert is raised to time when it was remediated," said Barak.
And that time gap can be days, or even weeks. With Hexadite, it can minutes, or as little as seconds, to fix the same problem, cutting the response time down by 95%. That can save companies both money and time, in terms of data that can be lost or corrupted, as well as operational costs of having to hire someone to do what Hexadite can do much faster.
What Hexadite does is provide automated solution that is flexibile, meaning it can "integrate to each and every detection system, and each and every alert."
"The system can start walking in parallel, so it can weed out false alarms," Barak said. "The problem with detection systems is that raise a lot of alerts, the majority of which are false alarms. Organizations can find themselves investigating only false alarms, but Hexidite can do it for them."
Given that the gap is so wide, I asked Barak why nobody had fixed this problem before. He told me that it was because the focus was previously on other phases/
"Until this year, the focus was on the preparation and detection phases. Companies were most concerned about how to detect an attack, and they were sure that they would be able to solve them once they got the alert," he said. "Those organizations have implemented a lot of detection systems, so the alerts have been growing, meaning they needed more personell. They understand now that they need to have something automated."
The new money will go toward building out the company's research and development, as well sales and marketing, teams. It currently has 10 employees, and will be adding at least five more people this year.
In addition, the company will be expanding to the United States, and opening an office here, but Barak says the Hexadite has not yet chosen which coast it wants to be on, let along which city it will be moving to.
Founded earlier this year, Hexadite currently has four customers, in Israel and the United States.
The cyber security space
There have been a rash of cyber security companies raising money lately.
In February, cyber security company Shape Security raised $40 million in Series C funding; Cybereason, a platform that proactively detects, and stops, security threats emerged from stealth mode with $4.6 million; cloud security company Elastica came out of stealth with $6.3 million; and cloud security company Apparity raised $8 million in an oversubscribed Series A round.
In addition, smart home security system Canary raised a $10 million Series A; Niara, a stealth enterprise security company, raised $9 million in funding; Verdasys, a security firm that specializes in endpoint data protection, raised $12 million; TrueVault, a healthcare app data security startup, raised $2.5 million in funding; network security startup Vectra Netoworks raised $17.8 million in funding; and Synack, a startup that has created a system to safely crowdsource security testing, raised $7.5 million in funding.
In addition, software security company Palo Alto Networks entered into an agreement to purchase Cyvera, a privately held cyber security company, for the price of around $200 million.
Most recently it was systems and security management company Tanium that raised $90 million.