Portfolio News

Allegis and Accel partner for Callsign’s $35M Series A to Support Global Expansion

  |   Allegis News, Portfolio News, Series A, The Latest
  • Investment used to roll-out Callsign’s authentication platform to enterprises, financial institutions and consumer-facing digital services and to ramp-up hiring

 

  • Seasoned cybersecurity executive and Allegis Venture Partner David DeWalt joins the board as Vice Chairman along with Bob Ackerman Founder of Allegis Capital

 

San Francisco/London, July 27th, 2017: Callsign, the leading artificial intelligence-based authentication platform, has raised a $35 million Series A investment led by premier, early stage cyber security investor Allegis Capital and global venture capital firm Accel. Early-stage investor PTB Ventures and cybersecurity industry veteran David DeWalt’s NightDragon Security also participated in the round.

 

With the proliferation of data breaches, advanced threats resulting in stolen user credentials, there is increasing pressure on companies of all sizes around the world to implement better authentication practices. In 2015 alone, cybercrime cost businesses $500 billion, and this is estimated to rise four times to $2 trillion in 2019[1]. At the same time, companies want to minimize the friction that universal two-factor authentication introduces to the user experience.

 

In response, Callsign developed a deep learning-based authentication platform called Intelligence Driven Authentication™ (IDA). It enables enterprises to select the most secure and least invasive authentication journey for each user in real-time, based on his or her risk profile and tendencies – in other words, it adapts the type of authentication to the situation virtually eliminating advanced threats such as spear phishing. The result is an experience that optimises for both security and usability – a win-win for the enterprise and the end user.

 

Callsign’s IDA platform uniquely derives the complete intelligence picture around authentication and authorisation events, giving enterprises the ability to set adaptive policies that pinpoint suspicious usage. While Callsign can be can be deployed with out-of-the box mobile authenticators, it is a very open and flexible platform to which enterprises can easily plug-in existing authenticators or data sources. Callsign has also integrated with several Identity and Access Management providers, like ForgeRock, to provide a truly end-to-end solution.

 

Callsign was founded in 2012. Its clients are enterprises, financial institutions and consumer-facing digital services and include some of the world’s largest banks, such as Lloyds Bank and Deutsche Bank. It’s being deployed to hundreds of thousands of users globally.

 

Zia Hayat, Founder & CEO of Callsign, said: “Several years ago, I realized that the way we identify ourselves online was very broken. I knew we needed to make existing solutions like multi-factor authentication and fraud analytics better by bringing them together. Our IDA platform has had an incredible reception from financial institutions, governments and other large enterprises, and this investment will allow us to grow the business and meet some of the strong demand we’re seeing.”

 

DeWalt, a Venture Partner with Allegis Capital and formerly President and CEO of McAfee and CEO and Executive Chairman of FireEye, will join the board of directors as Vice Chairman. DeWalt brings more than 25 years of experience in the cybersecurity sector, and is widely recognized as one of the industry’s most successful executives. He currently holds a number of board positions at leading cybersecurity companies, including Vice Chairman of ForgeRock and Vice Chairman of ForeScout Technologies, among others.

 

DeWalt said: “Zia and his exceptional product and engineering team have built the foundations of a very solid business. They are pioneering a new approach to authentication with a powerful product that is quickly attracting some of the world’s leading businesses as customers. As the company rolls out its solution, it’s an exciting time to be joining the board.”

 

The new investment will help accelerate the growth of the company. Callsign will be expanding globally from its headquarters in London, with a particular focus on the US and Far East, and is planning to open offices in both the Bay Area and New York City in the next few months. Callsign will be building out its engineering and commercial teams as well, including sales, marketing and business development roles.

 

Bob Ackerman, Allegis founder and Managing Director will also be joining the Board.  Ackerman said, “authentication of identities has become a core pillar in enterprise cyber security. Callsign’s IDA represents a breakthrough in meeting levels of identify assurance that are essential to enterprise operations without compromising the effectiveness and efficiency of digital business platforms. Callsign is leading the industry in delivering identify assurance without compromise,” Ackerman added.

 

Harry Nelis of Accel and Dave Fields from PTB Ventures are also joining the Callsign board of directors.

 

About Callsign Inc.

Callsign is the leading artificial intelligence-based authentication platform for enterprises, financial institutions and consumer-facing digital services. Its unique Intelligence Driven Authentication™ (IDA) solution enables more informed and truly adaptive access control decisions, putting enterprises and their users back in control. This creates frictionless access for users, whilst reducing false rejection rates and increasing security as well as operational agility.

 

Callsign serves Tier 1 banking clients, government bodies and enterprises throughout Europe and the US. Their IDA technology puts enterprises and users back in complete control. For additional information please visit callsign.com

 

About Allegis Capital

Allegis Capital is a premier, early-stage venture firm that invests solely in cybersecurity and was the first venture fund to focus strictly on cyber. In addition to Callsign, current investments include Area 1, Bracket Computing, Cyber GRX, E8 Security, RedOwl, Shape Security, Signifyd, Synack, tCell.io and vArmour. Allegis is also a founding partner in cyber Start-Up Studio, DataTribe, based in Columbia, Maryland. Allegis Capital is based in San Francisco Ca.

 

 

About Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Atlassian, BlaBlaCar, Cloudera, Crowdstrike, Deliveroo, DJI, Dropbox, Etsy, Facebook, Flipkart, Forescout, ForgeRock, Funding Circle, Kayak, QlikTech, Slack, Spotify, Supercell and WorldRemit are among the companies the firm has backed over the past 30 years. The firm seeks to understand entrepreneurs as individuals, appreciate their originality and play to their strengths. Because greatness doesn’t have a stereotype. For more, visit www.accel.com, www.facebook.com/accel or www.twitter.com/accel.

 

About PTB

PTB Ventures is a thesis-driven venture capital firm investing in early-stage companies in the emerging digital identity ecosystem. Digital identity is the cornerstone of a transformation that will see trillions of networked devices connected to billions of humans. This transformation will create unprecedented economic expansion and a new level of security and access to billions of people. PTB is headquartered in New York City.

 

 

[1] https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

Read More

Meet the 2017 CNBC Disruptor 50 companies

  |   Portfolio News, The Latest

Tuesday, 16 May 2017 | 6:00 AM ET

 

In the fifth annual Disruptor 50 list, CNBC features private companies in a range of industries — from biotech and machine learning to transportation and retail — whose innovations are changing the world. These forward-thinking starts-ups have identified unexploited niches in the marketplace that have the potential to become billion-dollar businesses, and they rushed to fill them. A startling 31 are unicorns that have already reached or passed the billion-dollar mark. In the process, they are creating new ecosystems for their products and services. Unseating corporate giants is no easy feat. But we ranked those venture capital–backed companies doing the best job. In aggregate, these 50 companies have raised nearly $44 billion in venture capital at an implied Disruptor 50 list market valuation of about $239 billion, according to PitchBook data. Already it’s hard to think of the world without them. Read more about the consumer and business trends that stand out in the 2017 list ranking and the methodology used to select this year’s Disruptor companies.

1 Airbnb It’s a $31 billion trip
2 Lyft The car-ownership killer with a conscience
3 WeWork Reworking the office
4 Grab Uber-growth for an Asian ride-share rival
5 Uptake Technologies Capturing Warren Buffett’s billionaire energy
6 Houzz The homiest e-catalog
7 Ginkgo Bioworks Growing products in the lab
8 Palantir Technologies Tracking the world’s secrets
9 Cylance Making cyberthreats idle
10 Udacity Closing the skills gap
11 CrowdStrike Going into the breach
12 23andMe Bring your genome home
13 Progyny Rocking the cradle
14 SpaceX Humanity’s interstellar escape plan
15 SurveyMonkey Question everything
16 Ezetap India’s answer to Apple Pay
17 GreenSky A credit to the mobile race
18 Moderna Therapeutics Going viral
19 Uber The car controversy with a valuation bigger than Tesla, GM or Ford
20 SparkCognition Deciphering the data overload
21 IEX The traders Michael Lewis made famous in a flash
22 GitHub The biggest coding party in the world
23 Bloom Energy Helping companies like Apple get off the grid
24 Drawbridge An ad strategy Facebook and Google can’t ignore
25 Jaunt VR that both Disney and Paul McCartney have experience in
26 Coursera Go to a top school, without going
27 MongoDB The BIG idea in databases
28 Qualtrics Surveying the corporate landscape
29 Domo Complete cloud cover
30 Blippar You, augmented
31 Pinterest An image is worth $11 billion
32 Illumio A new segment in cybersecurity
33 Phononic Quietly cool
34 Veniam Constructing the global superhighway of data
35 Spotify Not even Apple Music has slowed it
36 Dropbox The file-sharing economy
37 Trulioo Tracks twice as many people as Facebook: 4 billion, exactly
38 Synack Who the IRS and DoD use against hackers
39 DocuSign Signed, sealed, electronically delivered
40 Payoneer Payments without borders
41 Skillz A sport to surpass the NFL, with less injury risk
42 Blue Apron What’s for dinner
43 Robinhood There is no brokerage fee low enough
44 Zocdoc Real patient-centered health care
45 SoFi $18 billion in loans and counting
46 Foursquare A success story turned inside out
47 Warby Parker Still seeing things in new ways
48 Persado A motivational speaker that’s not human
49 Stripe Visa is banking on this platform
50 Quid The ultimate trendspotter

Find article here: www.cnbc.com

Read More

Unstructured-data search giant Lucidworks makes its first acquisition

  |   Portfolio News, The Latest

lucidworks

In addition to helping organizations make their unstructured-data troves searchable, Lucidworks Inc. now wants to provide the tools for visualizing them.

 

The company set its plan in motion today by acquiring Twigkit Ltd, a British provider of dashboarding software that boasts clients such as General Electric Co., Toyota Motor Corp. and Thomson Reuters Corp. Its product lineup consists of seven integrated development modules that provide the ability to build a customized visual frontend for interacting with a dataset.

 

A car maker such as Toyota, for instance, could employ Twigkit’s toolkit to aggregate technical documents from its various systems in a central portal where they may be easily accessed by engineers. Analytics teams in turn can use the software for various business intelligence activities. The company said its modules provide the ability to create a wide variety of graphs ranging from standard bar charts to heat maps depicting complex geospatial information.

Moreover, Twigkit provides the ability to do so with considerably less effort than traditional data visualization products. Grant Ingersoll, the chief technology officer of Lucidworks, indicated in a blog post that the toolkit’s ease of use was one of the main motivations behind the acquisition. He highlighted how the software enabled his team to build a financial news application with Thomson Reports in four days when previous attempts took three weeks.

Another big advantage of the Twigkit software is that it can handle data managed by Lucidworks’ Fusion search platform, which should help the acquisition go smoothly from a technical standpoint. Igersoll wrote that his company will work to “more tightly integrate the two applications together” and add new features over the coming months. Twigkit Chief Executive Stefan Olafsson is joining Lucidworks as chief strategy officer to help with the effort, along with Chief Technology Officer Bjarki Holm, who will assume the title of vice president of solutions.

The financial terms of the deal were not disclosed.

Read More

Signifyd raises $56 million for e-commerce fraud protection

  |   Allegis News, Portfolio News, The Latest

 

 

 

 

 

 

 

TechCrunch | Katie Roof | May 4th 2017

 

E-commerce fraud is a growing problem, but Signifyd thinks it has a solution to save businesses money.

Their company is growing fast and has closed a $56 million Series C investment led by Bain Capital Ventures. Menlo Ventures and American Express also participated in the round.

Signifyd counts big clients like Jet.com, Peet’s Coffee and Lacoste, where it uses its pattern recognition technology to warn them upfront about potential fraudulent charges. Signifyd is so confident in its assessments that it offers the companies a guarantee, so they don’t have to pay for errors.

The product “protects the merchants so they don’t have to bear the liability,” said co-founder and CEO Rajesh Ramanand. The team has been developing a “machine learning platform that makes these decision in real-time.”

E-commerce brands spend a lot of money paying back credit card companies after processing transactions that are criminal. That’s why 5,000 businesses are now paying for Signifyd’s technology — because its early warning system eliminates these frustrating reimbursement costs, known as “chargebacks.” 

Indy Guha, partner at Bain Capital Ventures said he invested in the company because his research shows that “fraud is growing faster than overall e-commerce growth.” He feels that “Signifyd is a really easy piece of insurance to turn on.”

Investors have been throwing a lot of money at Signifyd. In addition to the latest sizable round, Signifyd raised two rounds last year, totaling $39 million.

Ramanand says they are going to use the money to double their engineering headcount and continue to improve their machine learning platform. They also want to expand internationally, particularly in Europe and Australia.

The company has about 130 employees and is based in San Jose, California.

Read More

CyberGRX Closes $20M Series B Funding to Accelerate Growth of World’s First Third-Party Cyber Risk Exchange

  |   Portfolio News, The Latest

 

Bessemer Venture Partners Leads Series B Round with Participation from Existing Investors; Funding Comes on Heels of Launch of CyberGRX Exchange

 

Business Wire | April 18, 2017 | 8am ET

 

DENVER – April 18, 2017 – CyberGRX, the provider of the most comprehensive third-party cyber risk management platform, today announced that it has raised $20 million in Series B funding led by Bessemer Venture Partners (BVP). CyberGRX’s existing investors also participated in the round, including Aetna Ventures, Allegis Capital, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures, TenEleven Ventures and several other strategic investors. CyberGRX will use the funding to accelerate adoption of the CyberGRX Exchange, the world’s first global third-party cyber risk management (TPCRM) exchange.

As enterprises’ digital ecosystems grow and become increasingly interconnected, the volume and complexity of security and resiliency risks from third parties, including contractors, vendors, partners and customers, only grows. According to PwC’s 2016 Global State of Information Security report, third-party contractors are the biggest source of security incidents outside of a company’s employees. At the same time, the third-party cyber risk management process is largely driven by sharing spreadsheets and trusting unvalidated assessments. Built in partnership with the chief security and risk officers from some of the world’s largest companies, including Aetna, ADP and MassMutual, the CyberGRX Exchange brings massive efficiency to this process while providing boardroom-level information about real-time cyber risk exposure across an enterprise’s entire ecosystem of third parties.

“For an enterprise today, managing cyber risk requires visibility into the extended network of vendors who store information about us,” said David Cowan, the BVP partner joining CyberGRX’s board of directors. “The CISO’s we surveyed overwhelmingly look to CyberGRX to help them identify, assess and remediate cyber risks in their extended networks.”

Launched in March 2017, the CyberGRX Exchange is designed to make it simple and cost effective for enterprises to get up-to-date, comprehensive, one-click access to their third parties’ cyber risk assessments. It is purpose-built to transform companies’ third-party cyber risk management processes from a compliance-based to a risk management-based approach. For third parties, the CyberGRX Exchange is designed to make it easy to complete one updated cyber risk assessment and share it with their many upstream partners. The CyberGRX Exchange delivers standardized assessments, actionable analytics, remediation management and real-time threat intelligence updates to enterprises and their third parties, enabling them to mitigate risk, reduce costs and manage process complexity.

“There’s a simple question at the heart of third-party cyber risk: which vendors, partners, suppliers or contractors pose the biggest threat to my organization?” said Fred Kneip, CyberGRX CEO. “The answer isn’t usually as simple because it’s constantly changing. We’ve developed the world’s first and only global third-party cyber risk exchange, which will continuously answer that question and provide actionable recommendations and the tools for companies to effectively manage that risk.  This capital from Bessemer Venture Partners and our existing investors will help us scale the business around the CyberGRX Exchange to meet growing demand from enterprises and third parties who’ve grown tired of the status quo. The relationships we have with key investors, customers and design partners puts CyberGRX in the pole position to be the new industry standard for third-party cyber risk management.”

Founded by former CISO’s and risk officers and backed by world-class investors, CyberGRX partners with some of the most trusted names and brands in cybersecurity. With this investment, David Cowan joins the CyberGRX board of directors. Also forming part of the board are: Bob Ackerman, founder and managing director at Allegis Capital; Jay Leek, managing director at ClearSky; Mark Hatfield, founder and general partner at TenEleven Ventures; Stuart McClure, CEO at Cylance and Fred Kneip, CEO at CyberGRX.   

For more information on CyberGRX or to join the CyberGRX Exchange, please visit https://www.cybergrx.com/.

About CyberGRX 

CyberGRX provides the most comprehensive third-party cyber risk management platform to cost-effectively identify, assess, mitigate and monitor an enterprise’s risk exposure across its entire partner ecosystem. Through automation and advanced analytics, the CyberGRX solution enables enterprises to collaboratively mitigate threats presented from their increasing interdependency on vendors, partners and customers. Based in Denver, CO, CyberGRX is backed by Allegis Capital, Bessemer Venture Partners, Blackstone, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures, TenEleven Ventures and several other strategic investors. For more information, visit www.cybergrx.com or follow @CyberGRX1 on Twitter.

 

Contact:

 

Ted Weismann

fama PR for CyberGRX

(617) 986-5009

CyberGRX@famapr.com

 

 

Read More

Security startup Synack scores $21M investment from Microsoft, HPE and Singtel

  |   Portfolio News, The Latest

 

 

 

Synack, a startup that combines software security tools with a network of white-hat hackers to help keep its customers secure, announced a $21.25 million Series C funding round today.

 

The round was led by Microsoft Ventures with participation from Hewlett Packard Enterprise and Singtel Innov8. Previous investors GGV Capital, GV (formerly Google Ventures) and Kleiner Perkins Caufield & Byers also participated. Today’s investment brings the total raised to $55 million, according to the company.

It’s hard not to notice that is an impressive combination of company and traditional venture capital attention.

Perhaps that’s because Synack takes an unusual approach to enterprise security, going on offense instead of defense, according to company CTO Mark Kuhr. He and his co-founder CEO Jay Kaplan might know a thing or two about going on offense, having previously worked for the NSA before starting Synack in 2013.

Kuhr says they decided to start the company when they saw the defensive tactics companies were using simply weren’t working — as Sony, JP Morgan Chase, OPM, Ashley Madison, Adobe, Target and many others can attest.

“Jay Kaplan and I left the NSA to come up with a different way for offensive security for the enterprise. We noticed at NSA that hackers were coming through all the defenses, taking data and putting malware on the systems,” he said.

Kuhr say his company uses a three-pronged strategy to help protect systems and IP — Command, control and action. “We couple the human element with machines. It’s a man and machine story. We bring in people when we need to,” he said.

In fact the command piece starts with a community of several hundred white-hat hackers from around the world whom the company has vetted to be sure they are ethical and pass a background check.

The control piece is their penetration testing service, which looks for vulnerabilities in an automated way. The action is the plan they come up with to help protect the system once they find a problem. For instance, if they find an open back door in the code, they would recommend that the client close it up.

Photo: Synack

Kuhr says it’s similar to the strategy they employed at the NSA where they went on offense, getting in the shoes of the adversary and trying to understand what they were doing. But he understands that most private companies don’t have access to the talent they had at the NSA. That’s why they are trying to package that kind of support and protection as a service.

They work on a flat-fee subscription model, running the automated systems and bringing in a team of expert hackers when necessary to root out vulnerabilities. While the friendly hacker approach sounds a lot like the HackerOne strategy, Kuhr says the difference is that HackerOne uses an open model and his company a private one.

The company has around 100 employees plus the network of hackers. That will probably increase this year with the new funding as they look to expand into new markets in Europe and Asia. Currently, they have 100 customers mostly in the enterprise. Kuhr says company revenue has been doubling every year and today’s investment is about keeping that momentum going.

Find more here: www.techcrunch.com

Read More

China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity

  |   Portfolio News, The Latest

 

 Customers of managed security service providers, website of U.S. trade lobby group targeted in separate campaigns
Dark Reading | Jai Vijayan | April 6, 2017

An unknown number of managed service providers and their customers are victims of a massive, global cyber espionage campaign by a China-based threat actor that this week was also fingered in another attack against a U.S. group involved in lobbying around foreign trade policy.

News of the campaigns coincides with Chinese President Xi Jinping’s first official visit to the U.S. to meet with President Trump. It suggests that cyber-enabled espionage out of China continues to be an issue, despite a September 2015 agreement between the U.S and Chinese governments not to support or engage in such activities.

“Even as IP-focused cyber-espionage has reduced since the Xi Jinping-Obama agreement, big business will continue to be targeted, if nothing else than for the influence they hold over governments,” warns Hardik Modi, vice president of threat research at Fidelis Cybersecurity.

Fidelis was one of the organizations that this week disclosed new cyber espionage activity by APT10, a well-known China-based advanced threat group that is also known as Stone Panda. The other warning about the APT10 group’s resurgent activity, after a period of relative quiet, came from PwC UK and BAE Systems.

‘TradeSecret’ campaign against National Foreign Trade Council

The Fidelis report involves “TradeSecret,” the company’s name for a targeted and strategic campaign directed at the website of the National Foreign Trade Council (NFTC), a trade lobby group representing some of America’s largest companies.

According to Fidelis, its security researchers in February discovered a reconnaissance tool called “Scanbox,” previously associated with China government-sponsored threat actors, embedded on specific pages of the NFTC site. Among the infected page were those that NFTC board members used to register for meetings.

The malware was configured to infect the systems of anyone that visited the pages and to collect credential and session information and also system-level data that could later be used in phishing attacks or for exploiting specific vulnerabilities. It’s unclear how the APT10 group initially breached the site in order to embed Scanbox on it.

“Scanbox is a robust framework that can include a variety of reconnaissance modules,” Modi says. It can, for instance, be used to determine the software running on a target system, the type and version of antivirus on it, and other details. “In some instances, it has been known to serve up a JavaScript keylogger that can be used to grab credentials that the target enters on the page,” he says.

NFTC members have been major contributors to the dialogue around the new U.S. trade policy framework being developed by the Trump Administration. It is highly likely the APT10 group will use data that Scanbox collected to craft targeted attacks against them.

‘Cloud Hopper’ campaign against MSPs

Meanwhile, in a separate advisory, PwC and BAE Systems warned about a systematic and widespread APT10 campaign they have dubbed “Cloud Hopper” to steal data from an unknown, but most likely large, number of organizations.

What makes the campaign scary and highly scalable, according to the two organizations, is the APT10 group’s tactic to target companies via their managed service providers, rather than directly.

 

Multiple MSPs have been hit since late 2016 and their infrastructure has been used to gain access to the networks of their customers. Typical attacks have involved APT10 gaining access to a MSP network, looking for customers that match its interests, and then breaking into their networks using the MSP’s legitimate access.

The China-based group has then been extracting data from the victim’s network, putting the data into compressed files, sending it back to the MSP network and from there to servers controlled by APT10.

The investigations by BAE and PwC show that the campaign is focused on extracting intellectual property and other sensitive data from organizations. “APT10 is known to have exfiltrated a high volume of data from multiple victims, exploiting compromised MSP networks, and those of their customers, to stealthily move this data around the world,” the two companies said in their report.

The Cloud Hopper campaign is a classic example of the evolution of third-party cyber risk, says Fred Kneip, CEO, CyberGRX. It takes advantage of the implicit trust that many organizations place on their cloud service providers and other third parties that they do business with.

“Although attacks via third parties are the second biggest source of security incidents, most organizations do not have a consistent process to help them understand which partners pose the most risk to their organization,” Kneip says. Organizations need to truly understand their residual risk from each third party, and perform their own validation of key controls as opposed to relying on self-assessments, he says.

“Customers need to ask relevant questions of their provider as to how they achieve customer segmentation and segregation,” advises Jim Reavis, executive director of the Cloud Security Alliance. “Customers also need to understand their own responsibilities and in many cases it is their job to add data protection controls like encryption or to use the provider’s logging capabilities to monitor access to their own cloud instances.”

Meanwhile, campaigns such as Cloud Hopper also highlight the need for cloud service providers to perform segmentation at multiple levels, including networks, users, applications and data, to mitigate the fallout from a data breach, Reavis says. “No company can prevent all breaches, but systems should be designed so that a single breach impacts a maximum of one customer.”

John Pescatore, director of emerging threats at the SANS Institute said that attacks targeting cloud service providers are nothing new. Edward Snowden’s leaks showed the US government was targeting IT service providers as far back as 2013. And attacks on Google and others in subsequent years have shown that Chinese threat actors have been doing the same for some time now, he says.

“The bigger suppliers are pretty good at protecting themselves, but they are rarely the low cost providers,” Pescatore says.  “All too often obtaining [specific security] certifications are all the lower cost providers have to show in order to win competitions,” he says. “There has been talk in the IT service provider industry association of raising the bar, like has been done in the UK, but not much movement forward.”

Read More

Exclusive: Blackstone-Backed Network for Cyber Risk Launches Today

  |   Portfolio News, The Latest
 
Fortune | Jeff John Roberts | 7:40 AM Pacific

Financial firms have long used rating agencies like Moody’s or S&P to judge the risk of bonds. Now, companies that face risk from cyber attacks—which these days is almost everyone—have a tool to do the same.

On Wednesday, CyberGRX unveiled a platform that acts as a clearinghouse for cyber risk. Developed by a group of blue chip security pros from companies like Blackstone and Aetna, CyberGRX promises to make the process of flagging cyber dangers from their vendors dramatically more efficient.

The risk posed by vendors has been top of mind for many companies ever since the infamous hack on Target (TGT, +0.40%) in 2013, which saw attackers compromise the computer systems of Target’s HVAC supplier in order to steal credit card information from 40 million customers.

According to Jay Leek, the former chief security officer of Blackstone, the idea for a clearinghouse came about because companies spend enormous amounts of time filling out check-lists to assess the security risks posed by their vendors. Many of Blackstone’s portfolio companies, for instance, were all conducting the same compliance tests to see if vendors—which can include anyone from software giants like Salesforce (CRM, +0.86%) or Workday (WDAY, +0.65%) to catering companies—had programs in place to defend against cyber-attacks.

This process, says Leek, resulted in a lot of duplicated efforts and security officers spending their time on checklists rather than on mitigating cyber dangers.

In response, Leek and others realized the approach was to build what they call a “third party global cyber risk exchange” that will let companies assess vendors in the same way banks rely on ratings agencies to assess bonds. Leek likens it to performing cyber-risk by means of a Turbo Tax method, rather than doing it by hand.

“The inherent efficiency of the CyberGRX Exchange eliminates the waste in today’s approach—largely based on sharing spreadsheets—in a way no one in the market does. For the first time, companies will know which of their third parties pose the greatest risk to their organizations,” says Fred Kneip, CyberGRX CEO.

The process has been in the works since last year when CyberGRX raised $9 million from investors that include Allegis Capital, Blackstone, TenEleven Ventures, Rally Ventures, GV (formerly Google Ventures), and MassMutual Ventures.

To building process has relied on what CyberGRX calls its “design partners” like Aetna, and their existing dossiers of tens of thousands of vendor reports.

Now, the tool is ready for primetime as CyberGRX (GRX is for global risk exchange) invited other companies to take part. Here is how CyberGRX described it in a release announcing the news:

Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.

While the plan will provide a way for big companies to speed up their cyber risk assessments, it will also help hundreds of thousands of vendors who currently must wait for a cyber seal-of-approval before they can start providing their services.

As for the risk assessments the platform provides, those are compiled from the reports provided by the member companies but also from a host of outside signals. These include threat reports from security companies as well as news reports from Thomson Reuters and others.

The other advantage of the service, according to CyberGRX, is that it will continually update the security profiles of all the companies on the exchange. This means companies will no longer need to rely on an annual checklist system to confirm a vendor can still be trusted.

The idea for a cyber risk clearinghouse is not a new one. According to Leek, S&P tried unsuccessfully to come up such a service way back in 2006. Goldman Sachs(GS, +0.23%), meanwhile, tried to create a risk standard with Moody’s in 2015 but was likewise unable to pull it off.

If CyberGRX is a success, its backers say the service could save companies billions in legal and compliance costs, and allow security executives to devote far more time to threat mitigation rather than bureaucratic measures.

The new service may also jumpstart the market for cyber-insurance, which has been expanding in light of the ongoing number of high profile data breach incidents. But that is far from mature—in large part because of a lack of information on how to price cyber risk.

Article found here: www.fortune.com

Read More

G6 Hospitality Leverages RedOwl to Prevent Insider Threats

  |   Portfolio News, The Latest
RedOwl Analytics, Inc.

 

 

Top Lodging Company Boosts Protection of Sensitive Data of Company and Guests

 

Marketwired | March 07, 2017 11:00 ET

 

SAN FRANCISCO, CA–(Marketwired – March 07, 2017) – RedOwl, the leading provider of insider risk solutions, today announced that G6 Hospitality, known for its iconic economy lodging brands, Motel 6 and Studio 6 in the U.S. and Canada, has deployed the RedOwl Insider Risk Management platform to mitigate the risk of negligent, compromised and malicious employees leaking sensitive company intellectual property or customer data.

G6 Hospitality owns, operates and franchises over 1,300 lodging locations and employs more than 10,000 team members across the U.S. and Canada. Like many organizations, at G6, email is how business is done — both internally and with its franchisees who still at times maintain their own email systems. The company selected RedOwl specifically because it is the leading solution for electronic communication content and behavioral analytics as well as having the capability to integrate other critical streams of activity and employee-specific characteristics.

“One of the biggest strains on resources within our security team is ensuring all of our employees across North America are aware of how email should and shouldn’t be used and are educated on the risks of phishing and other types of external attacks and internal risky behavior that could result in critical data loss for our organization,” said Harvey Ewing, chief information security officer (CISO) of G6 Hospitality. “With RedOwl, our team no longer has that burden, as the platform can analyze and alert potential threats before they become incidents.”

RedOwl combines content and behavioral analytics to identify both acts of exfiltration and the potential precursor activities that indicate unwanted behavior in the enterprise, such as data theft and even employee flight risk. Critical to the team at G6 is RedOwl’s ability to reduce the noise and false positives typically seen in monitoring as well as to be able to quickly go from alert to in-depth investigation.

“Insider threats can no longer be ignored by organizations looking to protect their intellectual property and customer data,” said Guy Filippelli, founder and CEO of RedOwl. “RedOwl is proud to be G6’s partner as they work to further protect themselves and their customers from insider threats.”

In the year ahead, G6 Hospitality will continue to strengthen its defenses by leveraging more insider risk management capabilities offered on the RedOwl platform.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

ABOUT G6 HOSPITALITY
G6 Hospitality LLC owns, operates and franchises more than 1,350 economy lodging locations under the iconic Motel 6 and the extended stay Studio 6 brands in the U.S and Canada, and Hotel 6 and Estudio 6 brands in Latin America. Headquartered in Dallas (Carrollton), Texas, G6 Hospitality was rated one of the top ten hospitality companies according to the Hotel Management 2015 Top Hotel Companies rankings list, which evaluated over 260 hotel companies. For more information please visit G6Hospitality LLC.

Article found here: www.marketwired.com

Read More

RedOwl Enters Agreement with immixGroup to Reduce Insider Threat Risks for Government

  |   Portfolio News, The Latest

 

 

 

 

New Relationship to Strengthen Agencies’ Risk Management Posture

 

Marketwired | February 21, 2017

 

 

SAN FRANCISCO, CA–(Marketwired – February 21, 2017) – RedOwl, the leading provider of insider risk solutions, today announced an agreement with immixGroup, an Arrow company that helps technology companies do business with the government. Through immixGroup contracts with governments at the federal, state and local levels, agencies will be able to purchase RedOwl’s behavior risk analytics to avoid insider threats to mitigate classified information leaks, intellectual property loss, data theft and employee flight risk. In addition, government organizations can use RedOwl to comply with the Presidential Order for agencies to implement an insider threat program, in addition to meeting compliance standards set by National Industrial Security Program Operating Manual (NISPOM) for government contractors.

“Major cyber espionage and data leaks affecting the U.S. government over the past few years are proof that, more so than ever before, the public sector has the huge responsibility to protect against insider threats within their own organizations, but also the societal imperative to respect the privacy of employees,” said Guy Filippelli, CEO of RedOwl. “With its deep-rooted commitment to providing governments with reliable access to the enterprise software and hardware solutions they need to achieve mission success, our agreement with immixGroup aims to do just that. Only RedOwl can help governments and enterprises monitor and detect precursor behavior in a comprehensive, unbiased, systematic and automated way while ensuring employee privacy.”

RedOwl unlocks the power of existing enterprise data to identify and mitigate unwanted behavior. Only RedOwl ingests and combines structured, unstructured and business data to analyze interactions between employees, contractors, devices, files and applications. Using a combination of statistical pattern matching, machine learning and content analytics to profile user behavior, RedOwl gives risk management professionals the in-depth narratives required to effectively pinpoint and distinguish negligent, compromised and malicious employees.

ABOUT REDOWL
RedOwl helps large enterprise and government organizations mitigate insider threats with technology designed for the modern workplace. Information security and regulatory surveillance teams trust our behavioral analytics platform to provide holistic and actionable visibility of all human risk, ranging from common employee data leaks to malicious insider attacks. With offices in Baltimore, New York City, San Francisco, and London, RedOwl’s investors include the Blackstone Group, Allegis Capital, and Conversion Capital. To learn more about RedOwl, visit: https://redowl.com.

Article found here: marketwired.com

Read More