Monthly Archives: May 2021

Emerging open cloud security framework has backing of Microsoft, Google and IBM

Posted by on 5 May, 2021

This post was originally published on this site

Each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. The Cloud Security Notification Framework (CSNF), a new working group that includes Microsoft, Google and IBM is trying to create a new open and standard way of delivering this information.

Nick Lippis, who is co-founder and co-chairman of ONUG, an open enterprise cloud community, which is the primary driver of CSNF says that what they’ve created is part standard and part open source. “What we’ve been really focusing on is how do we automate governance on the cloud. And so security was the place that was ripe for that where we can actually provide some value right away for the community,” he said.

While they’ve pulled in some of the big cloud vendors, they’ve also got large companies who consume cloud services like FedEx, Pfizer and Goldman Sachs. Conspicuously missing from the group is AWS, the biggest player in the cloud infrastructure market by far. But Lippis says that he hopes as the project matures, other companies including AWS will join.

“There’s lots of security programs and industry programs that get out there and that people are asking them to join, and so some companies want to wait to see how well this pans out [before making a commitment to it],” Lippis said. His hope is that over time, that Amazon will come around and join the group, but in the meantime they are working to get to the point everyone in the community will feel good about what they’re doing.

The idea is to start with security alerts and find a way to build a common format to give companies the same kind of system they have in the data center to track security alerts in the cloud. The way they hope to do that is with this open dialogue between the cloud vendors and the companies involved with the group.

“So the structure of that is that there’s a steering committee that is chaired by CISOs from these large cloud consumer brands, and also the cloud providers, and they provide voting and direction. And then there’s the working group where all the work is done. The beauty of what we do is that we have now consumers and also providers working together and collaborating,” he said.

Don Duet, a member of ONUG, who is CEO and co-founder of Concourse Labs, has been involved in the formation of the CSNF. He says to keep the project focused they are looking at this as a data management problem and they are establishing a common vocabulary for everyone to work within the group.

“How do you build a consensus on what are the types of terms that everybody can agree on and then you build the underlying basis so that the experts in your resource providers in this case, Cloud Service Providers, can bless how their data [connects] to those common standards,” Duet explained.

He says that particular problem is more of an organizational problem than a technical one, getting the various stakeholders together and just building consensus around this. At this point, they have that process in place and the next step is proving it by having the various companies involved in this test it out in the coming months.

After they get past the testing phase, in October they plan to actually demonstrate what this looks like in a before and after scenario, with the new framework and without it. As the group works toward these goals, the hope is that eventually the framework will become more established and other companies and vendors will come on board and make this a more standard way of sharing security alerts. If all goes well, they hope to build in other security information into this framework over time.

Posted Under: Tech News
Timescale grabs $40M Series B as it goes all in on cloud version of time series database

Posted by on 5 May, 2021

This post was originally published on this site

Timescale, makers of the open source TimescaleDB time series database, announced a $40 million Series B financing round today. The investment comes just over two years after it got a $15 million Series A.

Redpoint Ventures led today’s round with help from existing investors Benchmark, New Enterprise Associates, Icon Ventures and Two Sigma Ventures. The company reports it has now raised approximately $70 million.

TimescaleDB lets users measure data across a time dimension, so anything that would change over time. “What we found is we need a purpose-built database for it to handle scalability, reliability and performance, and we like to think of ourselves as the category-defining relational database for time series,” CEO and co-founder Ajay Kulkarni explained.

He says that the choice to build their database on top of Postgres when it launched 4 years ago was a key decision. “There are a few different databases that are designed for time series, but we’re the only one where developers get the purpose-built time series database plus a complete Postgres database all in one…,” he said.

While the company has an open source version, last year it decided rather than selling an enterprise version (as it had been), it was going to include all of that functionality in the free version of the product and place a bet entirely on the cloud for revenue.

“We decided that we’re going to make a bold bet on the cloud. We think cloud is where the future of database adoption is, and so in the last year, […] we made all of our enterprise features free. If you want to test it yourself, you get the whole thing, but if you want a managed service, then we’re available to run it for you,” he said.

The community approach is working to attract users, with over 2 million monthly active databases, some of which the company is betting will convert to the cloud service over time. Timescale is based in New York City, but it’s a truly remote organization with 60 employees spread across 20 countries and every continent except Antarctica.

He says that as a global company, it creates new dimensions of diversity and different ways of thinking about it. “I think one thing that is actually kind of an interesting challenge for us is what does D&I mean in a totally global org. A lot of people focus on diversity and inclusion within the U.S., but we think we’re doing better than most tech companies in terms of racial diversity, gender diversity,” he said.

And being remote first isn’t going to change even when we get past the pandemic. “I think it may not work for every business, but I think like being remote first has been a real good thing for us,” he said.

Posted Under: Tech News
Cymulate nabs $45M to test and improve cybersecurity defenses via attack simulations

Posted by on 5 May, 2021

This post was originally published on this site

With cybercrime on course to be a $6 trillion problem this year, organizations are throwing ever more resources at the issue to avoid being a target. Now, a startup that’s built a platform to help them stress-test the investments that they have made into their security IT is announcing some funding on the back of strong demand from the market for its tools.

Cymulate, which lets organizations and their partners run machine-based attack simulations on their networks to determine vulnerabilities and then automatically receive guidance around how to fix what is not working well enough, has picked up $45 million, funding that the startup — co-headquartered in Israel and New York — will be using to continue investing in its platform and to ramp up its operations after doubling its revenues last year on the back of a customer list that now numbers 300 large enterprises and mid-market companies, including the Euronext stock exchange network as well as service providers such as NTT and Telit.

London-based One Peak Partners is leading this Series C, with previous investors Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital also participating.

According to Eyal Wachsman, the CEO and co-founder, Cymulate’s technology has been built not just to improve an organization’s security, but an automated, machine-learning-based system to better understand how to get the most out of the security investments that have already been made.

“Our vision is to be the largest cybersecurity ‘consulting firm’ without consultants,” he joked.

The valuation is not being disclosed but as some measure of what is going on, David Klein, managing partner at One Peak, said in an interview that that he expects Cymulate to hit a $1 billion valuation within two years at the rate it’s growing and bringing in revenue right now. The startup has now raised $71 million, so it’s likely the valuation is in the mid-hundreds of millions. (We’ll continue trying to get a better number to have a more specific data point here.)

Cymulate — pronounced “sigh-mulate”, like the “cy” in “cyber” and a pun of “simulate”) is cloud-based but works across both cloud and on-premises environments and the idea is that it complements work done by (human) security teams both inside and outside of an organization, as well as the security IT investments — in terms of software or hardware) that they have already made.

“We do not replace — we bring back the power of the expert by validating security controls and checking whether everything is working correctly to optimize a company’s security posture,” Wachsman said. “Most of the time, we find our customers are using only 20% of the capabilities that they have. The main idea is that we have become a standard.”

The company’s tools are based in part on the MITRE ATT&CK framework, a knowledge base of threats, tactics and techniques used by a number of other cybersecurity services, including a number of others building continuous validation services that compete with Cymulate. These include the likes of FireEye, Palo Alto Networks, Randori, Khosla-backed AttackIQ and many more.

Although Cymulate is optimized to help customers better use the security tools they already have, it is not meant to replace other security apps, Wachsman noted, even if the by-product might become buying less of those apps in the future.

“I believe my message every day when talking with security experts is to stop buying more security products,” he said in an interview. “They won’t help defend you from the next attack. You can use what you’ve already purchased as long as you configure it well.”

In his words, Cymulate acts as a “black box” on the network, where it integrates with security and other software (it can also work without integrating but integrations allow for a deeper analysis). After running its simulations, it produces a map of the network and its threat profile, an executive summary of the situation that can be presented to management and a more technical rundown, which includes recommendations for mitigations and remediations.

Alongside validating and optimising existing security apps and identifying vulnerabilities in the network, Cymulate also has built special tools to fit different kinds of use cases that are particularly relevant to how businesses are operation today. They include evaluating remote working deployments, the state of a network following an M&A process, the security landscape of an organization that links up with third parties in supply chain arrangements, how well an organization’s security architecture is meeting (or potentially conflicting) with privacy and other kinds of regulatory compliance requirements, and it has built a “purple team” deployment, where in cases where security teams do not have the resources for running separate “red teams” to stress test something, blue teams at the organization can use Cymulate to build a machine learning-based “team” to do this.

The fact that Cymulate has built the infrastructure to run all of these processes speaks to a lot of potential of what more it could build, especially as our threat landscape, and how we do business, both continue to evolve. Even as it is, though, opportunity today is a massive one, with Gartner estimating that some $170 billion will be spent on information security by enterprises in 2022. That’s one reason why investors are here, too.

“The increasing pace of global cyber security attacks has resulted in a crisis of trust in the security posture of enterprises and a realization that security testing needs to be continuous as opposed to periodic, particularly in the context of an ever-changing IT infrastructure and rapidly evolving threats. Companies understand that implementing security solutions is not enough to guarantee protection against cyber threats and need to regain control,” said Klein, in a statement. “We expect Cymulate to grow very fast,” he told me more directly.

Posted Under: Tech News
Evening Fund debuts with $2M micro fund focused on investments between $50K and $100K

Posted by on 4 May, 2021

This post was originally published on this site

We tend to think of venture capital in tens or hundreds of millions, even billions of dollars, so it’s refreshing to find Evening Fund, a new $2 million micro fund that focuses on small investments between $50,000 and $100,000 as it seeks to help young startups with early funding.

The new fund was launched by Kat Orekhova and Rapha Danilo. Orekhova, who started her career as a math professor, is a former Facebook data scientist who has been dabbling in angel investing and working with young startups for awhile now. They call it Evening Fund because they work as founders by day and investors by night.

She says that she wanted to create something more formal to help early-stage startups get off the ground and has help from limited partners that include Sarah Smith at Bain Capital, Lee Linden, general partner at Quiet Capital and a long list of tech industry luminaries.

Orekhova says she and her partner invest small sums of money in B2B SaaS companies, which are pre-seed, seed and occasionally A rounds. They will invest in consumer here and there as well. She says one of their key value propositions is that they can help with more than just the money. “One way in which I think Rapha and I can really help our founders is that we give very specific, practical advice, not just kind of super high level,” she told me.

That could be something like how to hire your first designer where the founders may not even know what a designer does. “You’re figuring out ‘how do I hire my first designer?’ and ‘what does the designer even do?’ because most founders have never hired a designer before. So we give them extremely practical hands-on stuff like ‘here are the competencies’ or ‘what’s the difference between a graphic designer, a visual designer, a UX designer and a researcher,’ ” she said. They go so far as to give them a list of candidates to help them get going.

She says that she realized while she was at Facebook that she wanted to eventually start a company, so she began volunteering her time to work with companies going through Y Combinator. “I think a lot of people don’t know where to start, but in my case I looked at the YC list, found a company that I thought I could be helpful to. I reached out cold and said ‘Hey, I don’t want money. I don’t want equity. I just want to try to be helpful to you and see where that goes,’ ” she said.

That lead to scouting for startups for some larger venture capital firms and eventually dabbling in financing some of these startups that she was helping. Today’s announcement is the culmination of these years of work and the groundwork she laid to make herself familiar with how the startup ecosystem works.

The new firm already has its first investment under its belt, Dala, an AI-powered internal search tool that helps connect users to workplace knowledge that’s often locked in applications like Google Suite, Slack and Notion.

As though Evening isn’t enough to keep her and Danilo busy, they are also each working on their own startups. Orekhova wasn’t ready to share much on that just yet as her company remains in stealth.

Posted Under: Tech News
SAP CEO Christian Klein looks back on his first year

Posted by on 4 May, 2021

This post was originally published on this site

SAP CEO Christian Klein was appointed co-CEO with Jennifer Morgan last April just as the pandemic was hitting full force across the world. Within six months, Morgan was gone and he was sole CEO, put in charge of a storied company at 38 years old. By October, its stock price was down and revenue projections for the coming years were flat.

That is definitely not the way any CEO wants to start their tenure, but the pandemic forced Klein to make some decisions to move his customers to the cloud faster. That, in turn, had an impact on revenue until the transition was completed. While it makes sense to make this move now, investors weren’t happy with the news.

There was also the decision to spin out Qualtrics, the company his predecessor acquired for $8 billion in 2018. As he looked back on the one-year mark, Klein sat down with me to discuss all that has happened and the unique set of challenges he faced.

Just a pandemic, no biggie

Starting in the same month that a worldwide pandemic blows up presents unique challenges for a new leader. For starters, Klein couldn’t visit anyone in person and get to know the team. Instead, he went straight to Zoom and needed to make sure everything was still running.

The CEO says that the company kept chugging along in spite of the disruption. “When I took over this new role, I of course had some concerns about how to support 400,000 customers. After one year, I’ve been astonished. Our support centers are running without disruption and we are proud of that and continue to deliver value,” he said.

Taking over when he couldn’t meet in person with employees or customers has worked out better than he thought. “It was much better than I expected, and of course personally for me, it’s different. I’m the CEO, but I wasn’t able to travel and so I didn’t have the opportunity to go to the U.S., and this is something that I’m looking forward to now, meeting people and talking to them live,” he said.

That’s something he simply wasn’t able to do for his first year because of travel restrictions, so he says communication has been key, something a lot of executives have discussed during COVID. “I’m in regular contact with the employees, and we do it virtually. Still, it’s not the same as when you do it live, but it helps a lot these days. I would say you cannot over-communicate in such times,” he said.

Posted Under: Tech News
Starboard Value puts Box on notice that it’s looking to take over board

Posted by on 4 May, 2021

This post was originally published on this site

Activist investor Starboard Value is clearly. fed up with Box and it let the cloud content management know it in no uncertain terms in a letter published yesterday. The firm, which bought a 7.7% stake in Box two years ago claims the company is underperforming, executing poorly and making bad business decisions — and it wants to inject the board of directors with new blood.

While they couched the letter in mostly polite language, it’s quite clear Starboard is exasperated with Box. “While we appreciate the dialogue we have had with Box’s management team and Board of Directors (the “Board”) over the past two years, we have grown increasingly frustrated with continued poor results, questionable capital allocation decisions, and subpar shareholder returns,” Starboard wrote in its letter.

Box as you can imagine did not take kindly to the shot across its bow and responded in a press release that it has bent over backwards to accommodate Starboard including refreshing the board last year when they added several numbers, whom they point out were approved by Starboard.

“Box has a diverse and independent Board with directors who bring extensive technology experience across enterprise and consumer markets, enterprise IT, and global go-to-market strategy, as well as deep financial acumen and proven track records of helping public companies drive disciplined growth, profitability, and stockholder value. Furthermore, seven of the ten directors on the Box Board will have joined the Board within the last three years,” the company wrote in a statement. In other words, Box is saying it already has injected the new blood that Starboard claims it wants.

Box recently got a $500 million cash injection from KKR widely believed to be an attempt to bulk up cash reserves with the goal generating growth via acquisition. Starboard was particularly taken aback by this move, however. “The only viable explanation for this financing is a shameless and utterly transparent attempt to “buy the vote” and shows complete disregard for proper corporate governance and fiscal discipline,” Starboard wrote.

Alan Pelz-Sharpe, founder and principal analyst at Deep Analysis, a firm that closely tracks the content management market, says the two sides clearly aren’t aligned and that’s not likely to change. “Starboard targeted and gained a seat on the board at Box at a difficult time for the firm, thats the modus operandi for activist investors. Since that time there has clearly been a lot of improvements in terms of Box’s financial goals. However, there is and will remain a misalignment between Starboard’s goals, and Box led by Levie as a whole. Though both would like to see the share price rise, Starboard’s end goal is most likely to see Box acquired, sooner rather than later, and that is not Box’s goal,” he said.

Starboard believes the only way to resolve this situation is to inject the board with still more new blood, taking a swipe at the Box leadership team while it was at it. “There is no good reason that Box should be unable to deliver improved growth and profitability, at least in-line with better performing software companies, which, in turn, would create significant shareholder value,” Starboard wrote.

As such the firm indicated it would be putting up its own slate of board candidates at the company’s next board meeting. In the tit for tat that has been this exchange, Box indicated it would be doing the same.

Meanwhile Box vigorously defended its results. “In the past year, under the oversight of the Operating Committee, the company has made substantial progress across all facets of the business — strategic, operational and financial — as demonstrated by the strong results reported for the full year of fiscal 2021,” the company wrote, pointing to its revenue growth last fiscal year as proof of the progress with revenue of $771 million up 11% year over year.

It’s unclear how this standoff will play out, but clearly Starboard wants to take over the Board and have its way with Box, believing that it can perform better if it were in charge. That could result ultimately, as Pelz-Sharpe suggested, in Box being acquired.

We would appear to heading for a showdown, and when it’s over, Box could be a very different company, or the current leadership could assert control once and for all and we could proceed with Box’s current growth strategy still in place. Time will tell which is the case.

Posted Under: Tech News
Dell dumps another big asset moving Boomi to Francisco Partners and TPG for $4B

Posted by on 3 May, 2021

This post was originally published on this site

It’s widely known that Dell has a debt problem left over from its massive acquisition of EMC in 2016, and it seems to be moving this year to eliminate part of it in multi-billion chunks. The first step was spinning out VMware as a separate company last month, a move expected to net close to $10 billion.

The second, long expected, finally dropped last night when the company announced it was selling Boomi to a couple of private equity firms for $4 billion. Francisco Partners is joining forces with TPG to make the deal to buy the integration platform.

Boomi is not unlike Mulesoft, a company that Salesforce purchased in 2018 for $6.5 billion, although a bit longer in tooth. They both help companies with integration problems by creating connections between disparate systems. With so many pieces in place from various acquisitions over the years, it seems like a highly useful asset for Dell to help pull these pieces together and make them work, but the cash is trumping that need.

Providing integration services is a growing requirement as companies look for ways to make better use of data locked in siloed systems. Boomi could help and that’s one of the primary reasons for the acquisition, according to Francisco executives.

“The ability to integrate and connect data and workflows across any combination of applications or domains is a critical business capability, and we strongly believe that Boomi is well positioned to help companies of all sizes turn data into their most valuable asset,” Francisco CEO Dipanjan Deb and partner Brian Decker said in a statement.

As you would expect, Boomi’s CEO Chris McNabb put a positive spin on the deal about how his new bosses were going to fuel growth for his company. “By partnering with two tier-one investment firms like Francisco Partners and TPG, we can accelerate our ability for our customers to use data to drive competitive advantage. In this next phase of growth, Boomi will be in a position of strength to further advance our innovation and market trajectory while delivering even more value to our customers,” McNabb said in a statement.

All of this may have some truth to it, but the company goes from being part of a large amorphous corporation to getting absorbed in the machinery of two private equity firms. What happens next is hard to say.

The company was founded in 2000, and sold to Dell in 2010. Today, it has 15,000 customer, but Dell’s debt has been well documented, and when you string together a couple of multi-billion deals as Dell has recently, pretty soon you’re talking real money. While the company has not stated it will explicitly use the proceeds of this deal to pay off debt as it did with the VMware announcement, it stands to reason that this will be the case.

The deal is expected to close later this year, although it will have to pass the typical regulatory scrutiny prior to that.

Posted Under: Tech News

Social Media

Bulk Deals

Subscribe for exclusive Deals

Recent Post

Archives

Facebook

Twitter

Subscribe for exclusive Deals




Copyright 2015 - InnovatePC - All Rights Reserved

Site Design By Digital web avenue