Author: AllegisCap

RSAC | Small Business: Wake Up to Growing Cyber Threats

  |   Allegis News, The Latest

logo_rsac

A few months ago, Rokenbok Education, a Solana Beach, Calif., maker of educational toys, was facing perhaps the quintessential nightmare of the 21st century. Cyber criminals had encrypted the company’s computer files, rendering them useless.

The hackers were deploying ransomware. If Rokenbok wanted the data unlocked, it would have to pay a ransom. As the New York Times reported, the company ultimately managed to find a creative way out, sidestepping the ransom by laboriously reconstructing its key systems.

This was, in fact, the company’s second cybersecurity battle, and it underscores a fact that doesn’t get much attention: Small and mid-sized businesses are being breached more than big businesses, notwithstanding the apparent lack of motive and certainly a lack of widespread attention.

Studies and surveys show that 60 percent of cyber attacks on business target small and medium-sized businesses. About 40 percent of small businesses have been victims, at a cost averaging $9,000 to $36,000, depending on which survey you believe. These estimates don’t include reputation damage.

Many small businesses believe that cyber criminals are interested only in data from big companies, which obviously isn’t true. What they don’t take into account is that they have more digital assets than individuals, who are also commonly attacked, and sometimes inferior protection.

All too often, small businesses don’t update antivirus software, update firewalls or strengthen passwords. They could also put data in the cloud, rather than on company servers, but they usually don’t bother.

Cyber theft typically involves employee and customer data, bank account information, and access to the business’s finances. Small business also often provide access to supply chain networks.

Small and medium-sized businesses are most typically breached through malicious software delivery via email. People click on links from malicious email all the time. Chief financial officers and accounts payable employees are often sent well-worded emails falsified to look as though they were sent by the company’s owner, ostensibly approving wire payments to falsified bank accounts.

Among those increasingly concerned about the trend is the U.S. Small Business Administration, which says America’s 28 million small businesses create about two out of every three new jobs in the U.S. each year. Like all businesses, the SBA says, small businesses are increasingly reliant on information technology to store, process and communicate information. Protecting this information better is critical, the SBA says.

What should small businesses do? For starters, they should seriously consider hiring a cybersecurity specialist. They can make application recommendations for encryption, scanning, malware and safe browsing. They can also show a small business which digital information systems require enhanced protection, create and manage backup databases, and block the installation of external applications that make a small business vulnerable.

With or without a cybersecurity consultant, all small and mid-sized businesses must proactively adopt measures to mitigate cybersecurity threats.

Here are 8 tips from the Small Business Administration about what to do:

  1. Protect against viruses, spyware, and other malicious code:Make sure each of your business’s computers are equipped with antivirus software and antispyware, and updated regularly. All software vendors automatically provide patches and updates to correct security problems and improve functionality. 
  2. Secure your networks: Safeguard your internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. 
  3. Establish security practices and policies to protect sensitive information:Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
  4. Educate employees about cyber threats and hold them accountable: Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Employees should be educated about how to post online in a way that does not reveal any trade secrets. Hold employees accountable.
  5. Require employees to use strong passwords and to change them often: Consider implementing multifactor authentication, which requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
  6. Make backup copies of important business data and information:Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud. 
  7. Control physical access to computers and network components:Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
  8. Create a mobile device action plan:Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Set reporting procedures for lost or stolen equipment.

Small business should act today—not tomorrow—to improve their cybersecurity. A breach in security can put a small business at great legal liability. And a single attack, such as one that compromises a customer’s financial information, can freeze operations or even put an organization out of business. It makes no sense for any business to take such avoidable risks.

Small business should act today — not tomorrow — to improve their cybersecurity. A breach in security can put a small business at great legal liability. And a single attack, such as one that compromises a customer’s financial information, can freeze operations or even put an organization out of business. It makes no sense for any business to take such avoidable risks.

Robert Ackerman Jr. is Founder & Managing Director of Allegis Capital – a San Francisco, CA-based early stage venture capital firm specializing in cybersecurity.

bobheadshot

 

 

 

Find More:

http://www.rsaconference.com/blogs/small-business-wake-up-to-growing-cyber-threats

Read More

Bloomberg | The One Group Not Freaking Out About Brexit: VCs

  |   Allegis News, The Latest

Logo_bloombergBy: Lizette Chapman  |  June 28, 2016

 

The U.K.’s decision to leave the European Union is still shooting shock waves across global financial markets, but one investor group remains unruffled: venture capitalists.

 

This is partly because of the numbers and partly because of the nature of venture investing.

 

European businesses have captured between 10 percent and 16 percent of total global venture capital annually since 2006, according to data from Dow Jones VentureSource. Although 2015 was a banner year — European startups secured $12.9 billion — it was still just 10 percent of the year’s global total. Of that amount, U.K. startups commanded just $4.5 billion, or 3.5 percent of the world’s total venture capital. Germany nabbed 1.9 percent, and France took in 1.3 percent, according to VentureSource.

Because Europe isn’t a big recipient of venture capital dollars, Brexit is less of a threat to the industry. “It’s a big deal geopolitically, but for venture-backed startups, and for venture capitalists, the impact for us is zero, zilch, nada,” said said Venky Ganesan, chair of the U.S. National Venture Capital Association and managing director at Menlo Ventures.

eurovcflow

Saul Klein, a partner at London-based venture firm LocalGlobe, agreed that investors in U.K. tech companies are likely to stay the course. “If they were interested yesterday, they should be even more interested today, and if they are not, they were probably tourists anyway.”

Venture investors spend months or sometimes years getting to know founders before backing their startups. Bets are long-term, with the average return not happening for seven to 10 years. During that time, a lot happens: investors typically help teams build product, hire, market, and sell in a bid to outmaneuver the competition. All startups learn to adjust to new changes in fast-paced technology markets, or risk perishing. New regulations governing the role of U.K.-based startups may not arrive for at least two years — an eternity in the startup world.

“As early investors, we are used to dealing with uncertainty, and so are entrepreneurs. Their whole makeup is about assessing new risks,” said Neil Rimer, co-founder of Index Ventures, which has raised the most of any European fund so far this year at $550 million.

Rimer is based in Geneva. Index has backed gaming startup Helsinki-based Supercell Oy, payments company Adyen BV, in Amsterdam, and on-demand services including Paris-based BlaBlaCar, Just Eat and Deliveroo, both in London. He said he and his firm are still assessing how Brexit could affect their U.K.-based startups. Early stage companies are agile, Rimer said, and can relocate if need be while mature companies like Supercell and King Digital are global in nature and not overly dependent on the U.K.

“The ones I worry about are the middle ones that are dependent on the U.K. and aren’t nimble enough to do something about it over a two- to three-year period,” said Rimer.

Rimer and others said they expect Brexit’s primary impact will be on how companies recruit employees and scale operations. Although it’s still too early to say how that will change, investors will be watching those areas closely.

“We are just 96 hours in,” said Bob Ackerman, founder of Allegis Capital. “We are still determining what it means.”

While the impact is muted in the U.S., there’s some anxiety in the European tech scene. Jeff Lynn, CEO of the crowdfunding platform Seedrs and co-founder of the U.K. tech advocacy group Coadec, said many entrepreneurs are concerned the referendum will make it harder to raise money and recruit employees.

He said some startups had investments scrapped because of Brexit, with at least one company he wouldn’t name having a “Brexit clause,” allowing the investors to back out after the U.K. vote. “The uncertainty is profound,” he said.

SoftTech VC partner Andy McLoughlin said Brexit could make it easier for other growing hubs like Berlin, Paris and Amsterdam to outshine London.

“This is an opportunity for them to step up,” he said.

 

— With assistance from Jeremy Kahn and Adam Satariano.

Find more: http://www.bloomberg.com/news/articles/2016-06-28/the-one-group-not-freaking-out-about-brexit-vcs

Read More

PYMNTS.com | Investors Make Last-Minute Play For B2B FinTechs

  |   Portfolio News, Series A, The Latest

Apruve-Fintech

While last week was a fairly impressive week for B2B venture capital, investors swooped in on their dark horses to give an extra bump to B2B financial services startups.

The first came Thursday (June 23) when reports emerged that Apruve secured $2.25 million in venture capital funding led by TTV Capital and Allegis Capital. Apruve provides financial management solutions for small businesses that operate in the B2B eCommerce space. According to reports, it enables companies to accept online orders from business customers and provides instant credit for their sales.

The Series A funding will be used to scale up the company, reports said. “We believe Apruve is solving a fundamental problem that well enable more businesses to ride the $1.3 trillion wave of B2B eCommerce that is currently unfolding,” said TTV managing director Tom Smith in a statement. “Their solution takes on outdated accounts receivable processes, automates it then underwrites the credit risk for the seller.”

Apruve integrates into eCommerce platforms like Shopify, Magento and BigCommerce.

Across the pond, U.K. startup Satago raised about $6.3 million from backers for its eInvoicing solution, reports also said Thursday.

The company provides a database for companies to see how well other businesses are paying their invoices on time. It provides automated invoices, payment requests and reminders, and credit reporting solutions into its service, geared toward micro-businesses and freelancers that need to manage outstanding bills from clients.

The funding, provided by ESF Capital, coincides with Satago’s launch of Invoice Finance. The new service that provides freelancers with access to working capital by funding 85 percent of outstanding bills. The final 15 percent is provided once a company pays the invoice.

Find More: http://www.pymnts.com/news/b2b-payments/2016/b2b-fintech-venture-capital-satago-apruve/

 

Read More

Apruve Raises $2.25 Million Round Led by TTV Capital

  |   Portfolio News, The Latest

The funding will help the technology platform grow the future of B2B ecommerce fintech

 

Logo_iReach

MINNEAPOLIS, June 22, 2016 /PRNewswire-iReach/ — B2B financial technology platform Apruve, Inc., announced today it has raised $2.25 million in a Series A funding round. The round was led by TTV Capital, with participation from Allegis Capital.

Based in Minneapolis, Apruve was founded with a mission to make it easier for businesses to sell to other businesses. Apruve’s corporate account management and financing solution was launched at the beginning of this year. The solution allows online B2B sellers to give their business customers a revolving line of credit without any accounts receivable or cash flow risk.

“Businesses don’t buy things online like consumers do,” said Michael Noble, CEO of Apruve. “Within B2B, sellers offering their customers credit terms on their purchases is an industry norm. The problem is that it is difficult to manage and expensive to do. With Apruve, online sellers get a turnkey solution to manage all aspects of credit approval, invoicing and collections, plus sellers are paid within 24 hours of any order placed online by their buyers, completely eliminating the need to act like a bank for their customers.”

“We believe Apruve is solving a fundamental problem that will enable more businesses to ride the $1.3 trillion wave of B2B eCommerce that is currently unfolding,” said Tom Smith, Managing Director at TTV.  “Their solution takes an outdated A/R process, automates it and then underwrites the credit risk for the seller.  The ROI they can deliver is extremely strong.”

The round of funding will be used to expand the development, sales, and marketing teams in Minneapolis, as well as build integrations with even more ecommerce platforms.

About Apruve, Inc.

Apruve is dedicated to making B2B ecommerce between buyers and sellers as efficient, easy and safe as possible. Its turnkey corporate account management and financing solution allows online B2B sellers to give their customers a revolving line of credit without any accounts receivable or cash flow risk. Learn more at www.apruve.com

About TTV Capital

Based in Atlanta, TTV Capital invests in technology-enabled financial services businesses with disruptive technologies, software-as-a-service solutions or cloud applications that have scalable business models and exceptional growth opportunities. To learn more, visit www.ttvcapital.com

About Allegis Capital

Allegis Capital is a seed and early-stage venture capital investor in companies building disruptive and innovative cyber security solutions for the global digital economy. Founded in 1996, the firm has more than $700 million in capital under management and has been active in cyber security investing since 2000. For more information, visit www.allegiscap.com

Media Contact: Melissa Buening, Apruve, Inc., 608-780-9914, hello@apruve.com

News distributed by PR Newswire iReach: https://ireach.prnewswire.com

SOURCE  |  Apruve, Inc.

Find More: http://www.apruve.com

Article Found here:  http://www.ireachcontent.com/news-releases

 

Read More

vArmour Raises $41 Million to Expand Data Center and Cloud Security Leadership Globally Through Strategic Distribution Partners

  |   Portfolio News, The Latest

Funding to accelerate the distribution of vArmour’s simple, scalable and economical data center and cloud security solution    

vArmour-Logo-ColorMOUNTAIN VIEW, Calif. – May 24, 2016 — vArmour, the leading data center and cloud security company providing application-aware micro-segmentation with advanced security analytics, announced today that the company has raised $41 million in Series D funding. The round was led by Redline Capital, Telstra and other strategic investors, bringing total company funding to $83 million. vArmour will use the capital for global expansion and to accelerate worldwide software distribution of its Distributed Security System (DSS) through strategic partners in Asia-Pacific, EMEA and in North America. With DSS, organizations can gain application-layer visibility and control of their network, applications and users to prevent, detect and respond to cyber attacks and breaches in data center and cloud environments.

vArmour has deployed its distributed security system at hundreds of organizations across the globe, including a significant number of the world’s largest banks, telecom service providers, government agencies, healthcare providers and retailers. The rapid customer growth validates vArmour’s vision and product leadership as well as strategic initiatives unveiled over the last year addressing organizations’ security challenges, including:

“We are solving real problems for real people. vArmour is now segmenting and protecting critical data for some of the largest national infrastructure and financial institutions in the world,” said Tim Eades, CEO of vArmour. “We have proven that our product and model are extremely effective, cost efficient and scalable, and this new round of funding and investment from global distribution partners will propel company growth.”

With shrinking IT budgets and the costs of cybercrime estimated to rise from today’s $500 billion to $2 trillion by 2019, organizations are under extreme pressure to do more with less. vArmour’s funding event comes at a perfect time to help organizations across the globe protect themselves against advanced threats and security breaches, since traditional hardware-centric and agent-based approaches to security are failing.*

According to Gartner analysts Neil MacDonald, Lawrence Pingree and Peter Firstbrook, organizations in regards to firewalls and unified threat management should “consider greater network segmentation or micro-segmentation of east-west traffic in both on-premises and cloud environments to not only provide greater granularity of access between application tiers, but also slow the lateral spread of attacks.” Organizations, in regards to SaaS and public/private clouds, should also “prefer solutions that unify security policy and configuration, no matter what deployment option is being used in a consolidated interface.”**

See what recent investors, customers, industry partners and influencers are saying about the news:

“We believe that vArmour’s genuinely agile and scalable architecture, protecting up to 100,000 workloads across 1,000 hosts in a single solution, is a unique product offering which is perfectly aligned with the rapidly-changing data center and cloud landscape,” said Alastair Cookson, partner at Redline Capital. “We are particularly impressed by the early and deep adoption by demanding customers in many verticals and across the globe, and see this as great validation of vArmour’s approach and technology.”

“The move to multi-cloud requires a completely different approach to security,” said Mark Sherman, managing director at Telstra Ventures. “We are very excited to be investing in vArmour, as we believe they sit at the forefront of this rapidly growing market. With vArmour’s distributed security system that delivers massive scale, coverage and control that agent or traditional perimeter-based solutions cannot support, the company is in a great position to help customers realize the full potential of multi-clouds.”

“Our No. 1 priority is serving our patient community with the best care possible, which means keeping their data safe with the most cutting-edge security solutions,” said Jon Russell, CIO at John Muir Health. “As healthcare is undergoing a massive digital transformation with IT acting as the underpinning for this shift, vArmour is helping us re-think our security architecture to protect patient information without sacrificing speed for service delivery.”

To see learn more about vArmour and Project Ice Cream, visit here. To get up and running quickly with vArmour’s application-aware micro-segmentation, visit http://www.varmour.com to start your trial today.

*Forbes, Cyber Crime Costs Projected To Reach $2 Trillion by 2019, Steve Morgan, 17 January 2016

**Gartner: Best Practices for Detecting and Mitigating Advanced Threats, 29 March 2016

About vArmour

Based in Mountain View, CA, vArmour is the data center and cloud security company, and the leader in application-aware micro-segmentation with advanced security analytics. The company was founded in 2011 and is backed by top investors including Highland Capital Partners, Menlo Ventures, Columbus Nova Technology Partners, Citi Ventures, Work-Bench Ventures, Allegis Capital, Redline Capital and Telstra. The vArmour DSS Distributed Security System is deployed in a significant number of the world’s largest banks, telecom service providers, government agencies, healthcare providers, and retailers, and is leading the industry with a new patented, distributed approach to data security that allows organizations to deliver IT at the speed of business. vArmour partners with companies including AWS, Cisco and HPE to secure many of the largest data center and cloud environments in the world.

vArmour Media Contact:

  Denise Schenasi

  Highwire PR for vArmour

  (415) 963-4174 x22

  vArmour@HighwirePR.com

Find More:

https://www.varmour.com/past-press/253-varmour-raises-41-million-to-expand-data-center-and-cloud-security-leadership-globally-through-strategic-distribution-partners

Read More

Meet the 2016 CNBC Disruptor 50 companies

  |   Portfolio News, The Latest

Logo_CNBC

 

Meet the 2016 CNBC Disruptor 50 companies

Tuesday, 7 Jun 2016 | 6:06 AM ET

#20 : Synack – Getting there before the hackers do

 

In the fourth annual Disruptor 50 list, CNBC features private companies in 15 industries — from aerospace to financial services to cybersecurity to retail — whose innovations are revolutionizing the business landscape. These forward-thinking starts-ups have identified unexploited niches in the marketplace that have the potential to become billion-dollar businesses, and they rushed to fill them. Some have already passed the billion-dollar mark at a speed that is unprecedented. In the process, they are creating new ecosystems for their products and services. Unseating corporate giants is no easy feat. But we ranked those venture capital–backed companies doing the best job. In aggregate, these 50 companies have raised $41 billion in venture capital at an implied Disruptor 50 list market valuation of $242 billion, according to PitchBook data. Already it’s hard to think of the world without them. Read more about the consumer and business trends that stand out in the 2016 list ranking and the methodology used to select this year’s Disruptor companies.

Synack-Logo-ColorFounders: Jay Kaplan & Mark Kuhr
Launched: 2013
Funding: $34.2 million
Valuation: n/a
Disrupting: Penetration testing, automated tools
Rival: IBM

This Redwood City, California-based company combines the best of human knowledge and know-how with cutting-edge technology to help its customers guard against debilitating cyberattacks. Synack was started in 2013 by former National Security Agency agents Jay Kaplan, CEO, and Mark Kuhr, CTO, who specialized in counterterrorism before founding the company.

One of its most potent advantages over other security firms is its Red Team — a private crowd of highly-skilled ethical hackers from all over the world who can go in and prove where a customer is vulnerable before the bad guys find out. That’s become a growing industry. Reports from Gartner predict the cybersecurity market will grow 10 percent a year between now and 2020 to over $170 billion.

With so many businesses, big and small, desperate for a security solution that really protects them, Synack is in an ideal position and claims it has been able to increase revenue by nearly 300 percent over the past year. As a result, the company has raised $34 million in venture capital from Kleiner Perkins Caufield & Byers, Google Ventures and Greylock Partners since getting started.

Headshot_JayKaplan_Synack

Jay Kaplan: CEO & CoFounder of Synack

 

Find More:  http://www.cnbc.com/2016/06/06/synack-2016-disruptor-50.html

Read More

New York Times | The Chinese Hackers in the Back Office

  |   Portfolio News, The Latest

 

The New York Times      |     By NICOLE PERLROTH     |    June 11, 2016

BELLEVILLE, Wis. — Drive past the dairy farms, cornfields and horse pastures here and you will eventually arrive at Cate Machine & Welding, a small-town business run by Gene and Lori Cate and their sons. For 46 years, the Cates have welded many things — fertilizer tanks, jet-fighter parts, cheese molds, even a farmer’s broken glasses.

And like many small businesses, they have a dusty old computer humming away in the back office. On this one, however, an unusual spy-versus-spy battle is playing out: The machine has been taken over by Chinese hackers.

hacker machineThe hackers use it to plan and stage attacks. But unbeknown to them, a Silicon Valley start-up is tracking them here, in real time, watching their every move and, in some cases, blocking their efforts.

“When they first told us, we said, ‘No way,’” Mr. Cate said one afternoon recently over pizza and cheese curds, recalling when he first learned the computer server his family used to manage its welding business had been secretly repurposed. “We were totally freaked out,” Ms. Cate said. “We had no idea we could be used as an infiltration unit for Chinese attacks.”

On a recent Thursday, the hackers’ targets appeared to be a Silicon Valley food delivery start-up, a major Manhattan law firm, one of the world’s biggest airlines, a prominent Southern university and a smattering of targets across Thailand and Malaysia. The New York Times viewed the action on the Cates’ computer on the condition that it not name the targets.

The activity had the hallmarks of Chinese hackers known as the C0d0s0 group, a collection of hackers for hire that the security industry has been tracking for years. Over the years, the group has breached banks, law firms and tech companies, and once hijacked the Forbes website to try to infect visitors’ computers with malware.

There is a murky and much hyped emerging industry in selling intelligence about attack groups like the C0d0s0 group. Until recently, companies typically adopted a defensive strategy of trying to make their networks as impermeable as possible in hopes of repelling attacks. Today, so-called threat intelligence providers sell services that promise to go on the offensive. They track hackers, and for annual fees that can climb into the seven figures, they try to spot and thwart attacks before they happen.

These companies have a mixed record of success. Still, after years of highly publicized incidents, Gartner, a market research company, expects the market for threat intelligence to reach $1 billion next year, up from $255 million in 2013.

Remarkably, many attacks rely on a tangled maze of compromised computers including those mom-and-pop shops like Cate Machine & Welding. The hackers aren’t after the Cates’ data. Rather, they have converted their server, and others like it, into launchpads for their attacks.

These servers offer the perfect cover. They aren’t terribly well protected, and rarely, if ever, do the owners discover that their computers have become conduits for spies and digital thieves. And who would suspect the Cate family?

Two years ago, the Cates received a visit from men informing them that their server had become a conduit for Chinese spies. The Cates asked: “Are you from the N.S.A.?”

One of the men had, in fact, worked at the National Security Agency years before joining a start-up company, Area 1, that focuses on tracking digital attacks against businesses. “It’s like being a priest,” said Blake Darché, Area 1’s chief security officer, of his N.S.A. background. “In other people’s minds, you never quite leave the profession.”

weldingMr. Darché wanted to add the Cates’ server to Area 1’s network of 50 others that had been co-opted by hackers. Area 1 monitors the activity flowing into and out of these computers to glean insights into attackers’ methods, tools and websites so that it can block them from hitting its clients’ networks, or give them a heads-up days, weeks or even months before they hit.

The Cates called a family meeting. “People work really hard to make products, and they’re getting stolen,” Ms. Cate said. “It seemed like the least we could do.” Area 1 paid for the installation cost, about $150.

Shortly after installing a sensor on the machine, Mr. Darché said his hunch was confirmed: The sensor lit up with attacks. Area 1 began to make out the patterns of a familiar adversary: the C0d0s0 group.

Area 1 was founded by three former N.S.A. analysts, Mr. Darché, Oren Falkowitz and Phil Syme. The three sat side by side at Fort Meade, tracking and, in some cases, penetrating adversaries’ weapons systems for intelligence. A little over two years ago, they decided to start their own company and raised $25.5 million in funding from major venture capitalists and security entrepreneurs in Silicon Valley, including Kleiner Perkins Caulfield & Byers and Cowboy Ventures, and security veterans like Ray Rothrock, the chief executive of RedSeal, and Derek Smith, the chief executive of Shape Security.

Area 1 is a new player in threat intelligence, a nascent subsector of the security business that includes companies like iSight Partners and Recorded Future that track attackers in underground web forums and on social media, gleaning intelligence about them.

Threat intelligence is still more art than science. The jury is still out on whether companies are equipped to use that intelligence to thwart hackers. Area 1 claims that it can head off attacks through the compromised servers it is tracking. It can also use its vantage point to see where attackers are setting up shop on the web and how they plan to target their intended victims.

A handful of Area 1 customers confirmed that its technology had helped head off attackers. One client, a chief information security officer at a large health care provider, said the health care sector had been slammed by digital criminals and governments in recent years. He asked that the company not be named, to avoid becoming a more visible target.

He credited Area 1’s sensors with blocking several attacks on his network, helping his company avoid the fates of the health insurer Anthem, which was breached by Chinese hackers last year, and a growing number of hospitals hit by attacks that have forced them to pay a ransom to get important information back.

Mr. Smith, the chief executive of Shape Security, said Area 1 gave his company warning of three attacks before they happened, providing time to block them. Mr. Smith said he was impressed enough that he made a small investment in Area 1.

“Many of these mom-and-pop shops are ambivalent because the attacks don’t directly impact their business and revenue,” he said. “Meanwhile, they unwittingly operate this attack infrastructure.”

But Area 1’s business model can pose ethical dilemmas. What does the company do when it sees attacks against prominent companies and government agencies who are not Area 1 customers?

“We
think of ourselves as a bodyguard, not a police force that runs around telling everyone they’re a victim,” said Mr. Falkowitz, Area 1’s chief executive. “We’re in the business of pre-emption.”

They do warn some victims, he said. For instance, they tipped off a law firm, a manufacturer, a financial services firm and electronics company that were attacked via the Cates’ server after they saw the C0d0s0 hackers make off with their intellectual property. Some of those victims, including the law firm, later signed up for Area 1 services.

Not all companies heed the warning. A security consultant for one victim, who spoke on the condition of anonymity because of nondisclosure agreements, said that his client chose not to act on a tip from Area 1 last year out of concern that a scandal over a successful online attack against the company would jeopardize its recent acquisition. It figured its acquirer would not have been thrilled to learn that the start-up’s proprietary technology was now in Chinese hacker’s hands.

Logo_Area1Posted on the wall of Area 1’s headquarters in a historic house in Redwood City, Calif., is a list titled “45 Things That Are Harder Than Cybersecurity.” It includes flight, solar power, the flu vaccine, brain surgery, the internet, heart transplants, skyscrapers, the Thermos and the Q-tip.

Mr. Falkowitz disagrees with a growing concern that it is too difficult or impossible to stop online attacks. As attackers have grown more sophisticated, many security companies have stopped believing they can block attacks with traditional defenses like antivirus software. Instead, many focus on trying to detect an intrusion “in real time,” to catch hackers before they steal too much.

Eighty percent of the time, victims learn they have been breached only when law enforcement or someone else shows up with their stolen data, according to Verizon, which tracks breach data.

At the N.S.A., Mr. Falkowitz had worked with teams that detected North Korean missile launches. Much of that early work was done with satellites that would look for sudden heat blasts.

Eventually, Mr. Falkowitz’s team tried a more proactive approach. If they could hack the computers that controlled the missile launch systems, they could glean launch schedules. Area 1 is now taking a similar approach to digital attacks, tapping into the attackers’ launchpads, as it were, rather than waiting for them to attack.

Hackers don’t just press a big red “attack” button one day. They do reconnaissance, scout out employees on LinkedIn, draft carefully worded emails to trick unsuspecting employees to open them and click on links or email attachments that will try to launch malicious attacks.

Once they persuade a target to click — and 91 percent of attacks start this way, according to Trend Micro, the security firm — it takes time to crawl through a victim’s network to find something worth taking. Then they have to pull that data off the network. The process can take weeks, months, even years and leaves a digital trail.

Area 1 watches for this kind of activity and then teams up with firms like Blue Coat, a web security company, to build what it has learned into security software that can try to block attacks when they come.

The owners of Cate Machine & Welding say that living with Chinese attackers in your office can be a strange feeling. Recently, Area 1 executives visited the shop and showed them some of what they had learned from watching their computer. The C0d0s0 group had used their server to pilfer a law firm’s due diligence on an impending acquisition, a financial services firm’s confidential trading plans, a mobile payment start-up’s proprietary source code, some blueprints and loan applications at a mortgage company.

Hearing that, Mr. Cate expressed pride — and maybe even a hint of schadenfreude. For years, the welding business that is his family’s bread and butter has been migrating to China. Now his family is helping American businesses fight back.

“We want to do the right thing for these businesses,” Mr. Cate said, “For our country.”

Find More:

http://www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html?_r=0

Read More

VentureBeat | IMVU’s social avatar powers Kim Kardashian West’s new Kimoji app

  |   Portfolio News, The Latest

By: Dean Takahashi | VentureBeat | June 1, 2016

 

IMVU, the social network with 3D animated avatars, said that it has provided the technology behind a new version of the popular Kimoji paid app created by Kim Kardashian West.

 

kimoji

Redwood City, Calif.-based IMVU operates a social network where users can create their own animated spaces. It created a proprietary Server Side Rendering (SSR) technology that powers its avatars, and that same technology is behind the latest release of the Kimoji app.

“Kanye and I found this amazing social experience company, IMVU, and worked with them on creating some of our latest Kimoji designs and GIFs. They’re such innovators who have helped me really set Kimoji apart,” Kardashian wrote on her site.

The technology enables personalization of 2D, 3D, and virtual reality (VR) content, allowing users to express themselves as they wish. The IMVU SSR tech brings to life the work of Kardashian and the application technology of Whalerock Technologies, a Los Angeles media company. The app makers approached IMVU to enhance their popular app and introduce KimoGIFs. The Kimoji app and its subsequent updates have topped Apple’s App Store list of highest-grossing paid apps.

“With our Server Side Rendering technology, and with our catalog of 20 million-plus user-generated 2D, 3D, and VR-ready products, we are redefining the way people communicate universally,” said Brett Durrett, CEO of IMVU, in a statement. “Our technology makes it possible for all users to easily create an infinite amount of highly expressive content starring their customized avatar.”

IMVU was founded in 2004 as part of the virtual world craze, but it’s interesting to see how it continues to morph and exploit its technology over time.

iOS users can send their customized 3D Stickers in messaging apps, including Facebook Messenger, iMessage, and Gmail; both Android and iOS users can create and send 3D Stickers within IMVU conversations.

 

 

 

Find More …

Takahashi, Dean. “IMVU’s social avatar powers Kim Kardshain West’s new Kimoji app VentureBeat, 1 June 2016.

Read More

Signifyd Named 2016 “Bay Area Best Place to Work”

  |   Portfolio News, The Latest

signifyd2016

 

Great news!

 

Signifyd has been recognized as a winner of the 2016 Bay Area Best Places To Work, an awards program presented by the San Francisco Business Times and the Silicon Valley Business Journal.

 

Aside from our beloved coffee machine that serves 28 different kinds of drinks, Signifyd was chosen because of our commitment to empower our employees to work on projects that interest them and develop their own individualized career path, and to have fun while doing it.

In the words of one of our employees, “Signifyd is great at being transparent with its objectives and allows people of all levels to contribute ideas for new projects, as well as initiatives to accomplish them. We’re empowered to extend our roles by branching out into surrounding areas of interest, and are able to actively participate in shaping our roles and career paths following our own aspirations.” That, plus our fully-stocked game room, equals a vibrant, collaborative culture where employees are motivated to contribute to the team’s shared vision of protecting e-commerce companies from fraud.

Award applicants were evaluated and ranked across 5 categories according to the number of Bay Area employees. The ranking found companies in the region whose employees rate them as the highest on such values as fun, collaborative culture, solid compensation and benefits offerings and other amenities as well as management practices. The rankings were unveiled yesterday, April 19, 2016, at the awards event in San Francisco. Signifyd placed #7 in the “Bay Area Best Places To Work: Smallest Companies” category.

Thanks to the San Francisco Business Times and Silicon Valley Business Journal for giving us this honor!

About 2016 Bay Area Best Places to Work
Best Places to Work is an innovative publication and awards program produced by the San Francisco Business Times and the Silicon Valley Business Journal. The rankings were determined by surveys that went directly to employees who answered a series of questions. The survey was administered online by the employers and through a service provided by Quantum Workplace, our research partner. The rankings are numeric, based on Quantum’s scoring process. By ranking companies and sharing best practices we facilitate idea sharing and help other companies learn from the best.

Read more at Signifyd.com:

“Signifyd Named 2016 ‘Bay Area Best Place to Work.'” 

Via:

Reyes, Lemery. “The 125 Best Places to Work in the Bay Area.” San Francisco Business Times. 19 April 2016. Web. 21 April 2016.

Read More

Mercury News | Silicon Valley startups stumble, forced into cost cutting

  |   Allegis News, The Latest

By: Marisa Kendall | mkendall@mercurynews.com

Once it seemed there was nowhere to go but up.

Today, with fears of bloated valuations, a rocky stock market and the worst IPO climate since the financial crisis of 2008, startups are coming down from the clouds. And to woo venture capitalists, they are talking about profitability and high gross margins to prove they are building sustainable businesses — not just sexy ones.

“Bottom line is that entrepreneurs and investors alike have discovered that gravity exists after all,” said Robert Ackerman Jr., managing director and founder of Allegis Capital.

Reflecting a more sober Silicon Valley, at least a dozen Bay Area startups have cut costs by laying off staff since November. Others in the saturated on-demand industry, like San Francisco’s Zirx, are changing their focus. And a few have simply shut down, with Berkeley-based SpoonRocket becoming the latest victim.

Those changes are signs of healthy market correction after years of frenzied overspending, said Paul Boyd of San Francisco-based wealth management firm ClearPath Capital Partners. But that doesn’t mean they’re not painful — for everyone. As startups spend less, the slowdown will be felt in other areas as well, he said.

“It’s almost like ink,” Boyd said, “it’s going to slowly spread.”

His team keeps a close eye on the VC and startup ecosystem as an indicator of the health of the overall economy. Right now, the signs aren’t pointing in a positive direction.

Venture capital funding in the U.S. dropped by about 30 percent in the fourth quarter of 2015 compared with the quarter before, according to the MoneyTree Report by PricewaterhouseCoopers and the National Venture Capital Association. Meanwhile, IPO activity has all but dried up. The cash raised by IPOs in the first quarter of 2016 was down almost 90 percent from the quarter before, according to data from Renaissance Capital, and only eight companies went public. The only Silicon Valley offering was a Burlingame pharmaceutical company.

Last month Optimizely, which helps companies test and improve their websites and mobile platforms, announced it was laying off 40 people, or 10 percent of its team. Despite raising more than $146 million in funding from some of Silicon Valley’s most prestigious venture capital firms, the company was struggling to break even. In a blog post announcing the layoffs, CEO and co-founder Dan Siroker pointed to a “wake-up call” in February when public cloud companies collectively lost $28 billion in market value in one day, signifying that “the market has clearly shifted.”

Insurance software startup Zenefits announced it cut 250 jobs in February, after revelations that some of the company’s employees were selling insurance without a license. The company, which sells health insurance and provides companies with software to manage employee benefits, once had been revered as the software industry’s fastest-growing startup. In two years the company ballooned from 15 employees to 520, and CB Insights reports it’s now valued at $4.5 billion.

“It’s no secret that Zenefits grew too fast, stretching both our culture and our controls,” CEO David Sacks wrote in an email to employees announcing the layoffs.

Other San Francisco companies that reportedly cut staff in recent months include wearable tech company Jawbone, mobile and web analytics company Mixpanel, dating website Zoosk and Practice Fusion, which digitizes health records. Jumio, a Palo Alto-based credit card authorization company, announced last month that it’s filing for bankruptcy and selling its assets.

The market shift caught Foster City resident Erica Halverson off guard. She spent just four months as marketing director for SenStay, a property management startup for home-sharing rentals, before she was laid off in February along with a handful of other employees.

“It put me literally into a panic,” 39-year-old Halverson said, “because I had a commitment from the company and I had expectations that I was helping them build and get to a certain level. And I felt like the rug was ripped out from under me.”

Now Halverson spends most of her time job hunting, sending out 10 to 15 résumés a day.

The shift is especially noticeable in Silicon Valley’s on-demand industry, where dozens of mobile apps compete to deliver everything from meals to baby sitters. San Francisco restaurant delivery startup DoorDash recently had to slash its valuation in order to raise another round of funding. The company reported a $127 million Series C round in March at a $700 million valuation — falling short of its reported goal to hit a $1 billion “unicorn” valuation.

Berkeley-based SpoonRocket, which prepared and delivered meals to customers, shut down last month. The company failed because it expanded too quickly, said Rahul Ramakrishnan, president of UC Berkeley-based consulting group Venture Strategy Solutions.

Ramakrishnan worked with SpoonRocket to optimize its delivery routes in Berkeley about three years ago. He said the company was doing well in Berkeley, but its business model fell apart when it expanded into San Francisco. The demand was too high, the company didn’t have enough drivers and the couriers had a hard time navigating the city’s traffic, he said.

“They expanded at a rate in which they couldn’t keep up with their promise to deliver food in under five minutes,” Ramakrishnan said. “That made customers very angry.”

San Francisco-based Bento, which prepares and delivers customized Asian meals, recently shifted gears to avoid a fate similar to SpoonRocket’s. Bento’s original on-demand model was too expensive to be sustainable, said CEO Jason Demant, so now the company requires customers to pre-order their lunches in the morning.

“We decided to try something else before we ran out of time,” Demant said. “It’s really tough to raise money.”

Other companies couldn’t distinguish themselves from the competition. In January ride-booking platform Sidecar announced it was shutting down and selling its assets to General Motors.

“We were unable to compete against Uber, a company that raised more capital than any other in history and is infamous for its anti-competitive behavior,” co-founder and CEO Sunil Paul wrote in a blog post.

In February San Francisco-based Zirx shut down its consumer on-demand valet parking service because it was too expensive to buy parking spaces, CEO and co-founder Sean Behr said. Zirx pivoted to a business-to-business model, which includes parking for employees, as well as some new features Behr has yet to reveal.

“Given where I believe the funding market is headed, and has been headed,” Behr said, “it was a tough decision, but the best one for the company.”

Kendall, Marisa. “Silicon Valley startups stumble, forced into cost cutting.” Mercury News. 5 April 2016. Web. 6 April 2016.

Read More