Bit9 Adds $34.5M, Led by Sequoia, for Trust-Based Security Software

Waltham, MA-based security software firm Bit9 is announcing today that it has brought in $34.5 million in Series D funding, led by new investor Sequoia Capital. Return backers Atlas Venture, Highland Capital Partners, Kleiner Perkins Caufield & Byers, and .406 Ventures participated in the deal, which brings Bit9’s total raised to $82.5 million.

In April 2011 Bit9 announced a $12.5 million financing that it said it would go toward sales, product development, and expansion into Europe. Bit9 is putting the newest cash towards its global expansion in Asia and South America, as well as product strategy,” CEO Patrick Morley said in a phone call last week. The company also has big plans for staying and growing in Boston, he says.

Morley says his company, which was founded in 2002, has seen 100 percent year-over-year growth on its top-line bookings in each of the last two years. “The focus on security is much higher, and the recognition that the current solutions don’t work is much higher,” he says.

“Antivirus is a 20-year-old model,” he explains. “It’s, ‘Let’s look for all the bad things in the world, and I’m not going to allow you to run them.’ If it’s not on the list of bad things, it’s in. If you look at that model, it’s not the way we do anything in life. We basically try to make an assessment of trust.”

Bit9 works to prevent targeted attacks known as advanced persistent threats (APTs), by first vetting and verifying the trustworthiness of an application, and then providing that information to an enterprise. Companies can decide how tight or lenient they want to be with applications they let run on their system, and even set different security standards for different departments. Bit9 draws on the data it’s accumulated across all of its customers to help businesses decide the security parameters they want to set. It’s an approach Morley likens to Apple’s iTunes store and its verification process.

“All of those apps have been vetted at some level by Apple,” he says. “As a security person, I could argue that just by doing that vetting, they’ve reduced some of the bad stuff out there. We’re doing the exact same things for companies. We’re allowing a company to establish a view of what they want to allow inside their enterprise, what they view as trustworthy.”

Morley says this method enables Bit9’s product to stop threats that have never been seen before. It’s also what allowed Bit9 to block for a client the same attack that successfully hit Bedford, MA-based RSA Security last year, and last month, an attack by the malware known as Flame.

“The reason we were able to stop it was not because we knew that Flame was necessarily bad. Within this environment, we didn’t trust it, we didn’t know what it was, and it didn’t come from a trustworthy source,” Morley says.

Trending on Xconomy