Reddit Teams with Lucidworks to Build New Search Framework

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

TechCrunch | By Ron Miller | September 7, 2017

 

Reddit revealed today that it has teamed with Lucidworks to provide a long-needed, modern search tool for the immensely popular online discussion platform.

 

When you face the kind of scale that Reddit does with over 300 million monthly active users generating 5 million comments and a staggering 40 million searches every day across a more than a million communities, it’s a daunting task to find a search tool to handle that kind of volume.

 

The challenge with Reddit extends beyond indexing these massive numbers. They also have to deal with wide variety of content with text, gifs, images and video by the score. While part of the goal was to improve traditional search functionality and deliver more relevant results, perhaps even more critically, they wanted a tool to help users surface the subjects that interest them without having to explicitly state it in the search box, Nick Caldwell, VP of engineering at Reddit explained.

 

“I think that people who come to any site, and Reddit in particular, prefer an experience where they don’t have to do manual keyword entry, but want a continuous stream of interesting content,” he said.

 

Reddit’s search engine had actually been notoriously bad and Caldwell made upgrading it a priority. “One of the things I wanted to do when I started at Reddit, was I wanted to fix [search]. People have been complaining about it for five years,” he said.

 

Part of the issue up to that point wasn’t a lack of desire to improve the search experience. Everyone understood the issue, but finding the time to update it was another matter. When Caldwell came on board, Reddit had a small team of 40 engineers, whose primary job was keeping a site of this size and scope up and running.

 

Caldwell said that the company went with the Lucidworks Fusion platform because it had the right combination of technology and the ability to augment his engineering team, while helping search to continually evolve on Reddit. Buying a tool was only part of the solution though. Reddit also needed to hire a group of engineers with what Caldwell called “world class search and relevance engineering expertise.” To that end, he has set up a 30-person engineering search team devoted to maximizing the potential of the new search platform.

 

Lucidworks is built on the open source search tool, Apache Solr, but company CEO Will Hayes says the commercial product has been built to scale to Reddit-like proportions. “Solr is the core engine. We still heavily contribute to the open source project, but we put a lot of focus on how people consume data,” Hayes explained.

 

The means working in a streaming fashion to span billions of records in near real time, while using analytics and machine learning to understand the underlying data and deliver more relevant results and content to Reddit users.

 

Today’s search update is part of Reddit’s wider campaign to update the site’s look and feel, which became an organizational priority after the site’s two founders returned to the company — with Alexis Ohanian coming back in 2014 and Steve Huffman in 2015.

 

“With Steve and Alexis coming back, they brought to table that the site should be more welcoming and engaging than it has been in the past. It took the leadership of Steve and Alexis to see that the content we have is really a gold mine, and we have to find a way to present it to users to unlock that potential,” he said.

 

While Lucidworks remains an active partner in the project, Caldwell hopes his team will be able to take over by the end of the year. He says the ultimate goal is a tool that is not only more relevant, but looks better and is more engaging.

 

Find article here: www.techcrunch.com

Read More

Forcepoint Acquires RedOwl, Extends Global Human-Centric Security Leadership

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

PR Newswire | August 28, 2017

 

Integration of RedOwl UEBA with Forcepoint technology delivers holistic view of cyber behaviors to identify and address enterprise risk in real-time

 

AUSTIN, TexasAug. 28, 2017 /PRNewswire/ — Global cybersecurity leader Forcepoint today announced the acquisition of RedOwl, the leader in security analytics focused on helping customers understand and manage human risk. This latest milestone in Forcepoint’s strategy arms customers with cybersecurity systems designed for the reality of today’s threats.

 Forcepoint’s human point strategy views people – rather than technology infrastructure – as the focal point for cybersecurity. Cloud, mobility and ever-changing infrastructure makes the traditional perimeter a fallacy; by focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.

 

“The world has fundamentally changed and the way we think about security must change, as well. If the cybersecurity industry fails to put people at the center, it is certain to fall short in helping customers protect their most vital assets,” said Matthew P. Moynahan, chief executive officer of Forcepoint. “Forcepoint is absolutely committed to empowering customers with human-centric security systems, and RedOwl fits squarely into this promise.”

 

RedOwl’s user and entity behavior analytics (UEBA) technology is ideally suited for this human-first approach to addressing security and regulatory use cases. Since 2011, the company has focused specifically on delivering capabilities that provide visibility into the holistic activities of people, including cyber, physical and financial. Customers deploy these capabilities to analyze large amounts of complex data, assess high-risk events and behaviors, and enact centralized and supervisory oversight to satisfy both security and regulatory requirements.

 

“As I’ve watched Forcepoint’s story unfold, it is clear we share the view that a human-first approach must be the path to addressing cybersecurity and internal risk,” said Guy Filippelli, chief executive officer at RedOwl. “The opportunity to deliver a holistic solution around proactive human oversight is exciting; joining Forcepoint will accelerate our ability to deliver these important capabilities to our customers. We’re thrilled to become a part of the Forcepoint team.”

 

RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity system and will be integrated across the company’s portfolio, as well as with customers’ existing technologies (e.g., SIEM). This platform delivers real-time insight into anomalous interactions and access across people, data, devices and applications.  In addition, the combination of RedOwl’s, Forcepoint DLP and Forcepoint Insider Threat will provide the industry’s only comprehensive solution for understanding and responding to the behaviors and intent of people.

 

“Combining the deep collection capabilities of Forcepoint Insider Threat, the powerful analytics of RedOwl’s technology and the risk mitigation of DLP creates a system capable of protecting critical business data and IP like no other,” said Heath Thompson, senior vice president and general manager of the Data and Insider Threat Security business at Forcepoint. “Context is everything and we look forward to helping customers differentiate between carelessness, compromise and malice in the most efficient way possible.”

 

RedOwl technology and employees are joining the Forcepoint team as part of the Data and Insider Threat Security business reporting to Thompson.

 

Find Article Here: www.prnewswire.com

Read More

Changing the security landscape for entrepreneurs

  |   Allegis News, The Latest

 

 

 

 

 

 

TechCrunch | By Robert R. Ackerman, Jr. | August 17, 2017

 

Throughout the course of human history, disruptive innovation has been required to unleash higher tiers of human potential. Think of Gutenberg and movable type, Edison and electricity or Berners-Lee and the World Wide Web.

 

We are in need of another such breakthrough today. Cloud computing and the Internet of Things (IoT) embody vast promise for advancing civilization. But they also have given rise to seemingly intractable security exposure, including nation-state rifts, not to mention profound quandaries about the erosion of individual privacy.

 

The good news is that a new technological advance could unleash the full promise of cloud computing and put IoT on the verge of everyday use by U.S. intelligence agencies and in the private sector. This advance — two decades in the making — is called “homomorphic encryption,” and it allows data to be queried and analyzed without decrypting it.

 

Homomorphic encryption: Smashing through a technology barrier

 

“Homomorphic encryption is the Holy Grail of encryption,” says Ellison Anne Williams, a math PhD, former NSA senior researcher and co-founder and CEO of ENVEIL, a security startup that has fine-tuned a homomorphic encryption system for commercial use.

 

The explosive growth of cloud computing makes this crucial. Amazon EC2, Google Cloud and Microsoft Azure have made cloud storage and processing services a major enabler of digital commerce. An enterprise that uses one of these services is effectively extending the boundary of their trusted enterprise compute environment, owned and managed by them, to an untrusted location owned and managed by a third party.

 

The problem is that there is a security gap in cloud services today. Companies routinely encrypt data kept in storage and make certain only encrypted data is transported to and from cloud storage facilities. But in order to act on this data — to, say, do a simple search or perform an analytic — both the query and the stored data must be decrypted. This creates an opportunity for an alert intruder lurking on the network to steal the data in unencrypted form.

 

The genesis of homomorphic encryption

 

Threat actors are acutely aware of this “Achilles’ heel” of cloud computing and are salivating to exploit it. We know this because business networks routinely falter and briefly expose decrypted data. When this happens, security analysts at large enterprises pay close attention. In a few cases recently, network intruders have been detected doing much the same type of reconnaissance of a company’s crown jewels.

 

The current roots of homomorphic encryption date back to 2008, when IBM researcher Craig Gentry came up with a way to perform mathematical operations on encrypted data without first needing to decrypt the data — the first working example of homomorphic encryption.

 

Trouble was, it took gargantuan computing power to make Gentry’s rudimentary prototype work. Steady progress was made over time by others, however, and today we are finally on the threshold of seeing homomorphic encryption deployed in daily business use.

 

Speaking recently at the Billington Cybersecurity Summit in Washington, Jason Matheny, director of the government’s Intelligence Advanced Research Projects Activity (IARPA), told attendees it has taken “math magic” for this technology to arrive at this point. IARPA is in the late phase of developing a database query system based on homomorphic encryption.

 

Homomorphic encryption creates new investigative opportunities

 

The embrace of homomorphic encryption is powerful. For example, authorities, acting on evidence, will be able to search travel and financial records or telephone and email logs, while, say, hot on the trail of a terrorist. And they will be able to do so without ever exposing the underlying data — personal information that belongs to the wider citizenry, muting the possibility of abusing power.

 

Computer processing power, of course, has advanced steadily since IBM’s Gentry produced his prototype. But it is really the collective brainpower of a group of math geniuses who followed him that brought us to the point we are at today. Driving efforts within the federal government and in private research labs at places like IBM and Microsoft, these highly insightful experts have been pushing the envelope.

 

Last year, Microsoft researchers smashed a homomorphic encryption speed barrier. While there is still work to be done, Kristin Lauter, a principal research manager at Microsoft, has said that initial results look very promising and that the technology could be used, for example, on specialized devices for medical or financial predictions. “We are definitely going toward making it available to customers and the community,” she told The Register, a British technology news website.

 

IBM also continues to make progress. It has been granted a patent, for instance, on a particular homomorphic encryption method. This is a strong hint that it continues to work toward a practical solution, not simply continued pursuit of theoretical research. Meanwhile, ENVEIL’s Williams, who spent years at the NSA chiseling away at a practical version of homomorphic encryption, now has 10 pending customers analyzing its proof of concept.

 

Heightened innovation and commercial disruption will occur

 

It is in the commercial arena, in particular, where homomorphic encryption is destined to be truly disruptive. To start with, it shrinks the attack surface for organizations increasingly dependent on cloud services. That alone will make compliance much easier, both in meeting data handling rules and, for governments, enforcing them. Neither is a small feat. Meeting federal rules for the handling of medical and financial records or the handling of transaction data is significantly easier for companies with well-defended networks.

 

Meanwhile, regulatory pressure to better protect data is intensifying. There is a rising tide of state-imposed data security rules, such as those recently enacted in New York, Massachusetts, Vermont and Colorado. In addition, there is Europe’s pending new General Data Protection Regulation, one replete with exhaustive data protection requirements and onerous penalties if they are not met.

 

A key byproduct of the elimination of the unencrypted security gap will be heightened innovation, and at an important juncture. Consider, for example, the oceans of sensitive personal information that will be collected as IoT continues to grow. Analysts will be far more inclined to gather this broad expanse of data if they know it will be protected properly. They are keenly aware of a personal privacy line that must not be crossed in mining IoT data for marketing purposes, lest consumers revolt.

 

Beyond consumerism, opportunities to enhance the world of medicine could open up with the embrace of homomorphic encryption. Imagine, for example, medical researchers being able to query millions of HIPAA-protected patient records to identify disease trends by demographics and geographic location. We could enter a golden age of medical advances.

 

No doubt, other amazing developments are sure to spin out of the mainstreaming of homomorphic encryption. Stay tuned. This disruption can change everything for the better.

 

Robert Ackerman Jr. is the founder and a managing director of Allegis Capital, an early-stage cybersecurity venture firm, and a founder of DataTribe, a startup “studio” for fledgling cyber startups staffed by former government technology innovators and cybersecurity professionals.

 

Find Article Here: Techcrunch.com

Read More

Dragos, a Global Industrial Control System Cybersecurity Startup, Raises $10 Million in Series A Venture Capital

  |   Allegis News, Portfolio News, Series A, The Latest

 

 

 

 

 

 

Funding Provided by Allegis Capital, Energy Impact Partners and DataTribe Dragos Is Building the First Industrial Cybersecurity Ecosystem

 

HANOVER, Maryland (August 14, 2017) — Dragos Inc., (pronounced Dray-gohs), an industrial control system (ICS) cybersecurity company made up of industry experts with the vision of securing global industrial infrastructure, announced today that it has received a $10 million Series A round of venture capital from co-lead investors Allegis Capital and Energy Impact Partners (EIP), with additional support from DataTribe, a cybersecurity startup studio that initially funded Dragos.

 

The Series A round will be used to increase the company’s workforce to meet rising customer demand, generated in part through key partnerships with Deloitte, the global audit and financial advisory services firm, and CrowdStrike Inc., a leader in cloud-delivered endpoint protection.

 

CRASHOVERRIDE AND DRAGOS REPORT

Dragos has attracted attention for recently producing a report on CRASHOVERRIDE, the malware used to temporarily interrupt power in the Ukraine in a widely publicized cyber-attack last December. CRASHOVERRIDE is the only known malware that disrupts the electrical grid and only the fourth known type of malware to be specifically tailored toward ICS overall.

 

Founded May 2016 and funded until this point with a seed round of $1.2 million from DataTribe, Dragos has built the first industrial cybersecurity ecosystem. This consists of three core offerings and an assessment tool – the Dragos Platform, the Dragos Threat Operations Center, Global ICS Intelligence, and CyberLens network assessment software. This combination gives customers access to technology to monitor and respond to threats in the ICS, along with intelligence to make informed decisions about threats. Services range from threat hunting to incident response, as well as lightweight software for routine assessments.

 

The company’s biggest technological differentiator is its behavioral analytics. Instead of “anomaly detection” and other types of machine learning-driven technologies that are hitting the market, the approach of Dragos is to codify human experience facing human adversaries. It identifies adversary tradecraft and turns it into behavioral analytics. As a result, defenders get context of what is going on and recommendations on what to do next, not merely a series of alerts.

 

“Dragos exists to safeguard civilization,” said Robert M. Lee, the CEO of Dragos.  “Critical infrastructure powers the global economy and the fabric of modern society. We all strongly believe that civilian infrastructure should be off limits to any adversaries, no matter where the infrastructure is located in the world.”

 

Dragos was founded by ICS cybersecurity experts Lee, Jon Lavender and Justin Cavinee, all veterans of the U.S. intelligence community. There they established a first-of-its-kind mission for the U.S. government to identify, analyze and respond to nation-states launching ICS-focused cyberattacks.

 

“Industrial control systems are unique unto themselves – hybrid digital and analog environments with very different operational temperaments,” said Bob Ackerman, the founder and a Managing Director of cybersecurity investment specialist Allegis Capital. “Unless you have lived your life in this environment, you can’t truly appreciate how different or complex ICS systems are.  With Dragos, we invested in the “A” team.”

 

“Protecting the integrity of the grid has always been a top priority for utility operators,” said Sameer Reddy, a Vice President at EIP and co-leader of the Series A financing. “One of the critical challenges is access to sufficient human capital. The Dragos platform, which is built and managed by true ICS cybersecurity experts, provides significant force multiplication to ICS operators around the world.”

 

“Energy is essential to our economy and way of life. As a result, energy infrastructure is increasingly a target,” said Thomas A. Fanning, Chairman, President and CEO of Southern Company. “As a founding investor in Energy Impact Partners, Southern Company is proud to support enhancing the resiliency of critical infrastructure, in order to better protect the communities where we live and serve.”

 

 

About Dragos Inc.

Dragos Inc., based in Hanover, Md., is the trusted authority on threats to industrial networks (ICS/IoT). The Dragos Platform is an on-premise or cloud-based security technology that continually and passively collects data to perform asset identification, detects cyber threats through industrial specific behavioral analytics, and enables better efficiency and effectiveness of security personnel through the codification of automated workflows, best practices and incident response procedures. The Dragos Platform is continually enhanced through the Dragos Threat Operations Center, a team of experts providing services that include incident response, threat hunting, and compromise assessments. Both are backed by Dragos Intelligence, which allows for the analysis of adversary intrusions and provides the industry with weekly threat intelligence reports and adds new behavioral analytics to the Dragos Platform. For more information, visit https://dragos.com.

 

About Allegis Capital 

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Dragos, current investments include Area 1 Security, Bracket Computing, Callsign, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in DataTribe, a cybersecurity startup studio based in Fulton, Maryland. Allegis Capital is based in San Francisco. For more information, visit www.allegiscap.com or Twitter at @AllegisCapital.

 

About Energy Impact Partners

Energy Impact Partners is a collaborative strategic investment firm that invests in companies optimizing energy consumption and improving sustainable energy generation. Through close collaboration with its strategic investor base, EIP seeks to bring the best companies, buying power and vision in the industry to bear on the emerging energy landscape. EIP’s utility partners include Southern Company, National Grid, Xcel Energy, Ameren, Great Plains Energy, Fortis Inc., AGL, Avista, MGE Energy Inc., TEPCO, PTT Public Company Limited, OGE Energy Corp., TransCanada, and Alliant Energy. For more information, visit www.energyimpactpartners.com.

 

 

About DataTribe

DataTribe, based in Fulton, Maryland, and Silicon Valley, is a cybersecurity startup studio formed with the mission of combining breakthrough innovation in cybersecurity, Big Data and analytics. The technological base of its startups emerge from federal agencies, such as the National Security Agency, or from government research labs.  DataTribe draws upon Silicon Valley start-up expertise to help create, define and lead new market segments. As an operating company, it directly takes on the task of building startups from concept to initial customer deployments while significantly lowering risk and preserving returns. For more information, visit www.datatribe.com.

 

For media inquiries, contact Jennifer Jones at jennifer@jenniferjones.com.

Cell: 650-465-5831

 

 

 

 

 

 

 

 

 

 

 

Read More

350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

  |   Allegis News, The Latest

Two entrepreneurs place a big bet on cybersecurity startups along the Capital Beltway

 

CSO | By Steve Morgan | August 7, 2017

 

Silicon Valley is home to the largest population of cybersecurity product companies in the world.

Sand Hill Road in Menlo Park, California, is the epicenter of technology (and cybersecurity) venture capital. Scores of venture capital (VC) firms dotting the Bay Area have made it an attractive HQ location for startups seeking funding.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups.

Bob Ackerman is the managing director and founder of Allegis Capital in Palo Alto, California, one of the best-known and most successful VC firms that invests into early-stage cybersecurity companies—a bulk of them hailing from Northern California.

Now Ackerman is dropping a line in the Washington, D.C., Beltway waters. His phish-finder says there’s 350 percent more cyber engineers and analysts in that area than the rest of the U.S. combined.

Mike Janke, former chairman of Silent Circle, a former Navy SEAL, and a highly respected cybersecurity industry veteran, has teamed up with Ackerman on their own startup—Fulton, Maryland-based DataTribe—a holding company that focuses on helping local entrepreneurs productize cyber technology solutions.

While the D.C. metro area is long on cybersecurity talent, it’s short on cybersecurity product companies, according to a paper written by Ackerman and Janke. They say Beltway cyber experts lack the commercial DNA essential to commercialize market growth.

DataTribe is an incubator of sorts—complete with venture capital, office space, in-house experts providing a range of start-up help, and most important—access to alumni who have transitioned to the private sector and built successful cybersecurity product companies.

While the D.C. metro area doesn’t have nearly the number of cybersecurity product companies in proportion to its local cyber talent pool compared to San Francisco or Israel (the world’s number two exporter of cybersecurity technology behind the U.S.)—it does boast an impressive and growing roster.

Cybersecurity who’s who in the D.C. metro area 

A short list of some hot, cybersecurity product-centric companies in the Virginia/Maryland/D.C. region:

Arxan, Bethesda, Md.

Centripetal, Herndon, Va.

CYREN, McLean, Va.

Daon, Washington, D.C.

Distil Networks, Arlington, Va.

Dragos, Washington, D.C.

Endgame, Arlington, Va.

ePlus Security, Herndon, Va.

GigaTrust, Herndon, Va.

Haystax, McLean, Va.

IronNet Cybersecurity, Fulton, Md.

LookingGlass, Arlington, Va.

Nehemiah Security, Tysons Corner, Va.

Novetta, McLean, Va.

Ntrepid, Herndon, Va.

Oberthur Technologies, Chantilly, Va.

PhishMe, Leesburg, Va.

Protenus, Baltimore, Md.

RedOwl, Baltimore, Md.

Risk Based Security, Richmond, Va.

Saint Corporation, Bethesda, Md.

Surfwatch Labs, Sterling, Va.

Tenable Network Security, Columbia, Md.

ThreatConnect, Arlington, Va.

ThreatQuotient, Reston, Va.

Thycotic, Washington, D.C.

TrustedKnight, Annapolis, Md.

Verisign, Reston, Va.

Virgil Security, Manassas, Va.

Virtu, Washington, D.C.

ZeroFox, Baltimore, Md.

This list doesn’t include all of the impressive product companies in the area or the much larger number of cybersecurity consulting, advisory and professional services firms.

Born and raised in D.C. 

One company, Dragos, born in Washington, D.C., is a DataTribe resident. Robert Lee, founder and CEO at Dragos, partnered with DataTribe to get his startup off the ground.

Dragos is poised to raise venture capital shortly. Lee’s venture is focused on industrial control systems (ICS) security, an emerging and fast-growing cyber sector.

The highly experienced team of ICS and IIoT security experts at Dragos will benefit from the commercialization experience that DataTribe brings. Raising a product company is a lot different than raising a services firm, and Lee is smart enough to know the difference.

Much like many of his Beltway contemporaries, Lee is an ex-cyber military expert. He pursued cybersecurity in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community.

The mashup of DataTribe and local cyber-preneurs is sure to breed new product companies in the D.C. metro area. But one startup studio will do only so much. It remains to be seen if more Sand Hill money will flow into the Beltway.

 

Read More

Allegis and Accel partner for Callsign’s $35M Series A to Support Global Expansion

  |   Allegis News, Portfolio News, Series A, The Latest
  • Investment used to roll-out Callsign’s authentication platform to enterprises, financial institutions and consumer-facing digital services and to ramp-up hiring

 

  • Seasoned cybersecurity executive and Allegis Venture Partner David DeWalt joins the board as Vice Chairman along with Bob Ackerman Founder of Allegis Capital

 

San Francisco/London, July 27th, 2017: Callsign, the leading artificial intelligence-based authentication platform, has raised a $35 million Series A investment led by premier, early stage cyber security investor Allegis Capital and global venture capital firm Accel. Early-stage investor PTB Ventures and cybersecurity industry veteran David DeWalt’s NightDragon Security also participated in the round.

 

With the proliferation of data breaches, advanced threats resulting in stolen user credentials, there is increasing pressure on companies of all sizes around the world to implement better authentication practices. In 2015 alone, cybercrime cost businesses $500 billion, and this is estimated to rise four times to $2 trillion in 2019[1]. At the same time, companies want to minimize the friction that universal two-factor authentication introduces to the user experience.

 

In response, Callsign developed a deep learning-based authentication platform called Intelligence Driven Authentication™ (IDA). It enables enterprises to select the most secure and least invasive authentication journey for each user in real-time, based on his or her risk profile and tendencies – in other words, it adapts the type of authentication to the situation virtually eliminating advanced threats such as spear phishing. The result is an experience that optimises for both security and usability – a win-win for the enterprise and the end user.

 

Callsign’s IDA platform uniquely derives the complete intelligence picture around authentication and authorisation events, giving enterprises the ability to set adaptive policies that pinpoint suspicious usage. While Callsign can be can be deployed with out-of-the box mobile authenticators, it is a very open and flexible platform to which enterprises can easily plug-in existing authenticators or data sources. Callsign has also integrated with several Identity and Access Management providers, like ForgeRock, to provide a truly end-to-end solution.

 

Callsign was founded in 2012. Its clients are enterprises, financial institutions and consumer-facing digital services and include some of the world’s largest banks, such as Lloyds Bank and Deutsche Bank. It’s being deployed to hundreds of thousands of users globally.

 

Zia Hayat, Founder & CEO of Callsign, said: “Several years ago, I realized that the way we identify ourselves online was very broken. I knew we needed to make existing solutions like multi-factor authentication and fraud analytics better by bringing them together. Our IDA platform has had an incredible reception from financial institutions, governments and other large enterprises, and this investment will allow us to grow the business and meet some of the strong demand we’re seeing.”

 

DeWalt, a Venture Partner with Allegis Capital and formerly President and CEO of McAfee and CEO and Executive Chairman of FireEye, will join the board of directors as Vice Chairman. DeWalt brings more than 25 years of experience in the cybersecurity sector, and is widely recognized as one of the industry’s most successful executives. He currently holds a number of board positions at leading cybersecurity companies, including Vice Chairman of ForgeRock and Vice Chairman of ForeScout Technologies, among others.

 

DeWalt said: “Zia and his exceptional product and engineering team have built the foundations of a very solid business. They are pioneering a new approach to authentication with a powerful product that is quickly attracting some of the world’s leading businesses as customers. As the company rolls out its solution, it’s an exciting time to be joining the board.”

 

The new investment will help accelerate the growth of the company. Callsign will be expanding globally from its headquarters in London, with a particular focus on the US and Far East, and is planning to open offices in both the Bay Area and New York City in the next few months. Callsign will be building out its engineering and commercial teams as well, including sales, marketing and business development roles.

 

Bob Ackerman, Allegis founder and Managing Director will also be joining the Board.  Ackerman said, “authentication of identities has become a core pillar in enterprise cyber security. Callsign’s IDA represents a breakthrough in meeting levels of identify assurance that are essential to enterprise operations without compromising the effectiveness and efficiency of digital business platforms. Callsign is leading the industry in delivering identify assurance without compromise,” Ackerman added.

 

Harry Nelis of Accel and Dave Fields from PTB Ventures are also joining the Callsign board of directors.

 

About Callsign Inc.

Callsign is the leading artificial intelligence-based authentication platform for enterprises, financial institutions and consumer-facing digital services. Its unique Intelligence Driven Authentication™ (IDA) solution enables more informed and truly adaptive access control decisions, putting enterprises and their users back in control. This creates frictionless access for users, whilst reducing false rejection rates and increasing security as well as operational agility.

 

Callsign serves Tier 1 banking clients, government bodies and enterprises throughout Europe and the US. Their IDA technology puts enterprises and users back in complete control. For additional information please visit callsign.com

 

About Allegis Capital

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Callsign, current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in cyber Start-Up Studio, DataTribe, based in Columbia, Maryland. Allegis Capital is based in San Francisco Ca.

 

 

About Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Atlassian, BlaBlaCar, Cloudera, Crowdstrike, Deliveroo, DJI, Dropbox, Etsy, Facebook, Flipkart, Forescout, ForgeRock, Funding Circle, Kayak, QlikTech, Slack, Spotify, Supercell and WorldRemit are among the companies the firm has backed over the past 30 years. The firm seeks to understand entrepreneurs as individuals, appreciate their originality and play to their strengths. Because greatness doesn’t have a stereotype. For more, visit www.accel.com, www.facebook.com/accel or www.twitter.com/accel.

 

About PTB

PTB Ventures is a thesis-driven venture capital firm investing in early-stage companies in the emerging digital identity ecosystem. Digital identity is the cornerstone of a transformation that will see trillions of networked devices connected to billions of humans. This transformation will create unprecedented economic expansion and a new level of security and access to billions of people. PTB is headquartered in New York City.

 

 

[1] https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

Read More

Why the Hub of U.S. Cybersecurity – the D.C. Beltway – Produces So Few Commercial Cyber Startups

  |   Allegis News, The Latest

 

 

 

 

By Robert R. Ackerman Jr. and Mike Janke

 

FULTON, Md. — The Washington D.C. Beltway is a beehive of cybersecurity activity. In Maryland alone, Fort Meade houses the U.S. Cyber Command, the National Security Agency and the Defense Information Systems Agency.

 

Fort Meade’s approximately 60,000 employees – more than double the number of workers at The Pentagon – and other bastions of local cyber activity, such as the CIA, reflects the federal government’s huge cybersecurity presence here. It also mirrors decades of collaboration between government labs and the University of Maryland and other local universities in the business of training cyber engineers.

It should be no surprise, then, that the population of cyber engineers and analysts throughout the Washington Beltway is 3 ½ times as big as the rest of the U.S. combined.

What is uncanny, however, is the inability of the region to produce a respectable supply of product-oriented cybersecurity startups. Don’t get us wrong. There are plenty of cyber startups in these parts, but they are myopically wedded to the local economy. Fundamentally, they look askance at the cybersecurity world in general. This means significant economic potential lies fallow.

According to a recent study by American University’s Kogod School of Business and Amplifier Advisors, there are a hefty 858 cybersecurity-related firms in metropolitan Washington. But a mere 5.7% of these companies, or 48, actually offer products in the marketplace. Instead, the vast majority are services companies focused on offering services and related expertise to government customers – in many cases, in fact, the same customers that helped them develop their cyber expertise.

This conundrum boils down to this. While the alumni of tech giants such as Google and Facebook leverage their know-how and move on to build high-growth global product-oriented companies, the alumni of world-class institutions, such as the NSA and CIA, move on merely to launch local, slow-growth services businesses.

This local services orientation has two unfortunate by-products: 1) It severely limits access to commercial sectors, and 2) it precludes the growth of a robust and sustainable community of cyber innovation – a highly focused, mini Silicon Valley, if you will. Such a community requires a product orientation.

The disconnect between the enormous expertise in The Beltway and the almost single-minded focus on the services sector is reflected in the amount of venture capital funding in the metropolitan Washington area.

According to an analysis of Q2 2017 venture capital investment activity by the PwC- CB Insights

Money Tree Report, metropolitan Washington garnered 40 venture deals valued at a total of $370 million. By contrast, Silicon Valley and San Francisco garnered 342 deals valued at more than $7.7 billion.

Moreover, the pace of funding in San Francisco and Silicon Valley is rising while it is falling in metropolitan Washington. The funding level in San Francisco was the highest since 4Q 2016 and in Silicon Valley the highest in two years. The VC funding level in metropolitan Washington, meanwhile, plummeted to a two-year low.

What is happening is stunningly clear. Venture capitalists – the financiers of technical innovation – are focused on product companies. These reside overwhelmingly in Silicon Valley and environs. If a cyber entrepreneur is running a services company, he is basically off VC radar.

The Beltway cyber community has its stars, such as the cybersecurity hubs of defense giants Boeing and General Dynamics and a few heralded startups. But it’s not nearly enough. Elite cyber alumni of the U.S. intelligence community default to building service companies because that is what they know — and what exists — in the Washington area.

Then, too, the local entrepreneurial path from public servant to services contractor is well-known and understood.  The D.C. area is optimized to facilitate this pathway in terms of government contracting mechanisms, business financing opportunities, legal support, and technical recruiting efforts.

Getting too comfortable, however, is just plain unwise. The Beltway needs to step up to the plate, broaden its ambitions and truly embrace the deep reservoir of cyber engineering expertise in the D.C. area – a magnet of untapped wealth.

Early to rise to the challenge, Mike and I and others have formed Fulton-based DataTribe, a holding company that partners with D.C.-area entrepreneurial engineers with deep cyber expertise. Yes, they lack the commercial DNA essential to commercialize market growth. This is where DataTribe enters the picture.  It is a startup “studio” currently housing three cyber startups and filling the commercial expertise hole by bringing to the party Silicon Valley expertise, human capital, customer relationships and investment capital. DataTribe and its entrepreneurs form partnerships with engineering entrepreneurs to co-found startup companies.

DataTribe selects and intensely coaches seed-stage startups and provides seed financing of up to $1.5 million. It will kick in additional funding for each company as a member of their Series A investment syndicate. Two DataTribe-based startups – Dragos and Enveil – are already poised to attract formal venture capital in coming months. Dragos is an industrial control systems security firm. Enveil is developing a next-generation version of homographic encryption, which allows enterprises to process data while it remains encrypted, substantially improving security.

DataTribe represents a good start in getting Washington area-based startups on the map, but it is just that – a start. Much more remains to be done. It is product companies, not services companies, that move the economic needle. And if more Beltway cyber entrepreneurs “productize” cybersecurity technology, Americans ultimately will benefit. Beltway cyber technologists simply need to be catalyzed into action.

Robert Ackerman Jr. is a co- founder of DataTribe and founder of Allegis Capital, an early-stage Silicon-based cybersecurity venture capital firm.

Mike janke is also a co-founder of DataTribe and the founder and current chairman of silent circle as well as the co-founder of Blackphone and Blue Pacific Studios, along with Shopify co-founder Daniel Weinand.

 

 

 

Read More

Amid Comey Furor, Companies React to Trump’s Cybersecurity Order

  |   Allegis News, The Latest

 

 

 

Xconomy | By Bernadette Tansey | May 12, 2017

 

On a day dominated by news about President Trump’s firing of FBI director James Comey, and its impact on the ongoing investigation of Russian hacking of the 2016 presidential election, two significant developments for the cybersecurity industry also emerged Thursday.

First, President Trump signed an executive order laying out plans to shore up data security for federal agencies as well as for critical U.S. infrastructure, which can include private companies such as electric utilities. The order, which calls on executive branch agencies to assess and remedy their security vulnerabilities, could open up opportunities for cybersecurity companies.

Second, at a Senate Intelligence Committee hearing primarily focused on the Comey firing, senators and U.S. intelligence chiefs discussed whether American agencies should avoid doing business with Kaspersky Lab, a major U.S. seller of antivirus protection, because the company is based in Russia.

The public hearing surfaced a controversial question: Should customers looking for cybersecurity services first consider the national origin of security providers, and even the ex-U.S. ties of their founders and executive team members?

Xconomy sounded out Bay Area cybersecurity experts on these two fronts.

 

Executive order on cybersecurity

Veteran cybersecurity investor Bob Ackerman applauded President Trump’s executive order for calling on U.S. agencies and departments to take responsibility for their own security, and to cooperate to conform with common technology standards.

“It’s a good starting point as a baseline,” Ackerman says.

Steven Grossman, vice president of strategy at cybersecurity company Bay Dynamics, praised the executive order for building on an initiative launched by President Obama in 2014 and making some valuable additions. He pointed to a section calling for efforts to build up the nation’s workforce to address a shortage of experts trained in cybersecurity.

The executive order sets a 90-day deadline for the leaders of each executive branch agency to submit a risk management report detailing their security measures and any unmitigated risks. The document also calls for a study on the feasibility of operating all or some of the agencies under consolidated network architectures, with shared services such as e-mail, Web-based software, and cybersecurity.

“The executive branch has for too long accepted antiquated and difficult–to-defend IT,” the report states.

Grossman says cybersecurity companies stand to gain government contracts to help assess the current risks and then help fill in the security gaps.

“It’s a huge amount of opportunity,” Grossman says.

Oren Falkowitz, co-founder and CEO of cybersecurity company Area 1 Security, says simplifying the security infrastructure and creating common standards are good steps.

“Complexity in networks is one of the things attackers take advantage of,” Falkowitz says. He emphasizes the urgency of security improvements, not only for government agencies but also for companies and organizations.

“The trend in cybersecurity is not good,” Falkowitz says. “Intellectual property is being stolen, elections are being hacked, and financial damage is being done.”

Falkowitz says he expects the administration’s plan will be followed by further executive orders and perhaps Congressional action to add elements to the federal security framework.

Ackerman, founder and managing director at Allegis Capital, already has some ideas to suggest. He proposes that the government create an “IT department” that would serve all government agencies, so that each wouldn’t have to develop its own cybersecurity methods. He also advocates for a mechanism whereby cybersecurity experts in U.S. intelligence agencies could share some of their knowledge with U.S. industries. That government expertise could also be an element of a “cybersecurity infrastructure bank,” proposed by Ackerman. The bank would make loans of government funds to small water plants, utilities, and other key entities to help them quickly upgrade their defenses against attack.

The bank could focus on institutions that lack the expertise and capital available to better-funded and more sophisticated parts of the critical infrastructure, such as stock exchanges, Ackerman says.

“You’re only as strong as your weakest link,” he says.

The government also should make it easier for innovative security startups to compete for government work, which is currently a slow and “resource-intensive” process that few startups can afford, Ackerman says.

 

The question of “cyber-nationality”

The conclusion by U.S. intelligence agencies that Russia interfered with the 2016 presidential election— by means such as hacking into e-mail accounts of Democratic campaign officials and spreading fake news—has now forced the Russian cybersecurity company Kaspersky Lab into the public spotlight.

The company’s national origins became a focus Thursday for the Senate Intelligence Committee, which is investigating Russia’s role in the U.S. election and the possibility that the Trump campaign colluded with Russian operatives to gain an advantage over Trump’s Democratic opponent, Hillary Clinton.

Senators at the committee hearing voiced concerns that the Russian government might use Kaspersky’s software to infiltrate U.S. agency computers or damage broader American information networks. The intelligence chiefs said they were monitoring Kaspersky. When Sen. Marco Rubio (R-Florida) asked leaders of the agencies whether they would be comfortable using Kaspersky software, the heads of the FBI, CIA, NSA, and three other intelligence agencies all said no.

Ackerman says the underlying concerns are not limited to Kaspersky, or even to cybersecurity companies. “In this globalized economy, everyone is in favor of open trade,” he says. But the inspections and commerce system isn’t prepared to deal with the speed and diversity of goods moving among countries. Customers need to develop criteria to decide whom to trust, whether they’re buying food, microprocessors, or cybersecurity services, he says.

“You do have to look at the nation, or nations, of origin,” Ackerman says.

While Ackerman isn’t saying that Kaspersky has done anything wrong, he says it might be a pragmatic decision to choose another cybersecurity provider.

“There’s clear, irrefutable evidence that Russia is engaging in nefarious activities,” he says. There’s also good evidence that Russia collaborates with the “private cybersecurity firms” in Russia, he says.

“Anything from Russia immediately becomes suspect,” Ackerman says.

In addition to looking at the national origins of companies, people are also scrutinizing the backgrounds of cybersecurity company founders and other executives for links to other nations, Ackerman says. The concerns extend not only to U.S. national security, but also to fears that cybersecurity companies might share sensitive intellectual property with competitors in other countries, he says.

Area 1’s Falkowitz says company risk management departments are always looking into factors such as the supply chains of their vendors and other possible threats to security. But he’s uncomfortable with the idea of ruling out a business partner based on geography alone.

“I think we would take great offense to such assertions by other governments that our cybersecurity or tech companies were agents of our government,” Falkowitz says.

“To create fear around the national origins of companies is a mistake,” Falkowitz says. “There are many amazing companies here in the U.S. that were founded by people of foreign origin—Google, for example.’’

Instead, buyers should examine the merits of a company’s work, such as the standards it uses to ensure quality, Falkowitz says. Certainly, though, if company wrongdoing is uncovered, that should be brought forward, he says.

“I also don’t see anything wrong with buying American,” Falkowitz says. “There are other reasons why that might be the right thing to do—such as that the companies’ work is very good.”

Find Article Here: www.xconomy.com

 

Read More

Allegis Capital Appoints David DeWalt, Former FireEye CEO, As Venture Partner

  |   Allegis News, The Latest

Globe Newswire | May 12, 2017

 

SAN FRANCISCO, May 12, 2017 (GLOBE NEWSWIRE) — David G. DeWalt, the former CEO of publicly held cybersecurity company FireEye, is joining Allegis Capital as a venture partner.  Previously, DeWalt served as the CEO of cybersecurity market leader McAfee and held executive positions at EMC.

DeWalt, 52, becomes the sixth cyber security executive serving as a venture partner at Allegis, a 21-year-old early stage venture firm that focuses solely on investing in cybersecurity startups.

DeWalt is a member or leader of a number of boards of directors including ForgeRock, a San Francisco-based multinational identity and access management software company. He is also vice chairman of ForeScout Technologies, a San Jose cybersecurity firm focused on network-connected devices, and a board member of Five9, a leading San Ramon-based provider of cloud contact center software.  Additionally, DeWalt is a director of Delta Air Lines.

“Allegis Capital is differentiated by the breadth, depth and experience of our operational cyber bench – our Venture Partners. These executives bring tremendous domain expertise and broad networks to our investment team and our portfolio companies,” said Robert R. Ackerman Jr., the founder and managing director of Allegis Capital. “Dave has operated at the top of the cyber security market for many years and is a superlative addition to an already-impressive group of venture partners.  Cyber is a market where you can’t have too much expertise,” Ackerman added.

“Allegis Capital was the very first cyber-focused venture firm and has invested in a number of top-flight cybersecurity startups.  The firm’s reputation for rolling up its collective sleeves to support its portfolio companies is a great fit for my experience and interests,” DeWalt said. “This is an excellent opportunity for me to help the firm grow further and to broaden my participation in the fastest-growing space within information technology.”

The five other cyber venture partners at Allegis Capital are:

  • Nawaf Bitar, chief information officer, Citadel Securities
  • Tom Gillis, founder and CEO, Bracket Computing
  • Joe Levy, chief technology officer, Sophos
  • John Stewart, SVP and chief security and trust officer, Cisco Systems
  • Jeff Williams, former VP, worldwide sales and business development, FireEye

About Allegis Capital

Allegis Capital, founded in 1996 and based in San Francisco, is an early-stage venture firm that invests solely in cybersecurity. Current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in Cyber Start-Up Studio, DataTribe, based in Columbia, Maryland.

Read More

Signifyd raises $56 million for e-commerce fraud protection

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

 

TechCrunch | Katie Roof | May 4th 2017

 

E-commerce fraud is a growing problem, but Signifyd thinks it has a solution to save businesses money.

Their company is growing fast and has closed a $56 million Series C investment led by Bain Capital Ventures. Menlo Ventures and American Express also participated in the round.

Signifyd counts big clients like Jet.com, Peet’s Coffee and Lacoste, where it uses its pattern recognition technology to warn them upfront about potential fraudulent charges. Signifyd is so confident in its assessments that it offers the companies a guarantee, so they don’t have to pay for errors.

The product “protects the merchants so they don’t have to bear the liability,” said co-founder and CEO Rajesh Ramanand. The team has been developing a “machine learning platform that makes these decision in real-time.”

E-commerce brands spend a lot of money paying back credit card companies after processing transactions that are criminal. That’s why 5,000 businesses are now paying for Signifyd’s technology — because its early warning system eliminates these frustrating reimbursement costs, known as “chargebacks.” 

Indy Guha, partner at Bain Capital Ventures said he invested in the company because his research shows that “fraud is growing faster than overall e-commerce growth.” He feels that “Signifyd is a really easy piece of insurance to turn on.”

Investors have been throwing a lot of money at Signifyd. In addition to the latest sizable round, Signifyd raised two rounds last year, totaling $39 million.

Ramanand says they are going to use the money to double their engineering headcount and continue to improve their machine learning platform. They also want to expand internationally, particularly in Europe and Australia.

The company has about 130 employees and is based in San Jose, California.

Read More