Cybereason Brings Consumer-Tech, Defense Investors Aboard for $25M

In case you haven’t heard, cyber attacks have become a pretty big deal. Many different security approaches have emerged from big companies and startups alike—but in trying to protect customers, a lot of them still miss the point.

“The problem is usually you don’t see the magnitude of the attack, and you don’t have the manpower to understand the magnitude,” says Lior Div, co-founder and CEO of Boston-area startup Cybereason. “Basically, you don’t have a chance.”

Div (pictured) thinks more companies will have a chance, naturally, if they use his team’s software. Now his Israeli-born startup has a lot more money to get its product into customers’ hands.

Cybereason said today it has raised a $25 million Series B financing round led by Spark Capital. Previous venture investor CRV also participated, along with a new strategic investor, Lockheed Martin. The round brings Cybereason’s total raised to about $30 million.

The new investors are key to the story here. Spark is known for its big consumer-tech investments—in Twitter, Tumblr, Oculus VR, Wayfair, and others. The firm is not known for investing in security startups. And that’s just fine with Cybereason. “I need someone who can enable us to think a little bit differently,” Div says.

In particular, his company’s graphical user interface, which helps customers visualize the extent of cyber attacks and respond to them, is “different from what you see in the market,” he says, in that it has a consumer-tech feel that’s “more like the iPhone.” (Cybereason builds a graph showing relationships between different users, files, applications, and machines in an organization; then it looks for deviations from normal activity and tries to understand hackers’ intent.)


Cybereason's software displays the magnitude and timeline of a cyber attack.

Cybereason’s software displays the magnitude and timeline of a cyber attack.


Any startup can say it wants to be as user-friendly as Apple, of course. But with Spark’s Santo Politi joining the board, Cybereason may have found a VC who can bridge the enterprise and consumer-tech worlds. Politi, whose background is in engineering and finance, led Spark’s previous investments in Oculus, Admeld, Adap.TV, and other companies.

Meanwhile, Lockheed Martin makes for an interesting counterpoint. Lockheed (NYSE: LMT) has been expanding its business in cybersecurity, particularly in the commercial market; last year it acquired Industrial Defender, a company specializing in protecting critical infrastructure. The defense contractor is now a Cybereason customer, and says it will integrate the startup’s software into its own security products (in addition to investing in it). That seems like an unusual arrangement—and one that will give the startup a lot more distribution, while also bringing more defense-focused minds to bear on difficult and evolving problems in security.

“The solution will not come from the private sector,” says Div, who’s an Israeli intelligence veteran. “People who came from security companies simply don’t have the know-how and knowledge to solve this problem. The solution will come from more government and military know-how.” But at the same time, Div says, those players “don’t know how to sell to the private sector. There is a gap between technical or security knowledge and business knowledge.”

Cybereason hopes to fill that gap, of course, but it’s not the only notable player. Raytheon’s $1.9 billion acquisition of San Diego-born Websense is another recent example of a defense contractor teaming up with a security company to combat cyber attacks. That deal could enable Raytheon (NYSE: RTN) to “approach a segment in the market they don’t have access to,” Div says. “It’s a smart move from their point of view.”

Last October, U.K. defense giant BAE Systems (LSE: BA.L) acquired network security firm SilverSky for about $230 million. Going in the opposite direction, Fidelis Cybersecurity said this week it has spun out from defense contractor General Dynamics as an acquisition by private equity firm Marlin Equity Partners. General Dynamics (NYSE: GD) had bought Fidelis back in 2012.

More collaboration seems to be happening between government types, technologists, and security startups. “One of the key themes is the importance of information sharing—not only with law enforcement, but also other enterprise security teams and vendors,” Fidelis CEO Peter George wrote in a blog post.

In a similar vein, IBM Security recently opened its archive of threat intelligence data to customers, partners, and other members of the security community. And there has been plenty of other local activity in cybersecurity. This week, Boston-based Rapid7 acquired NT Objectives, a small app-security firm in California. Earlier this year, Indian IT security company Quick Heal Technologies opened its first office in North America in Boston. Meanwhile, CyberArk (NASDAQ: CYBR) has been publicly traded since September, and Bit9 and Veracode are waiting in the wings for their IPOs.

Around the country (including New England), related startups such as Area 1 Security, DB Networks, Duo Security, Dtex, EdgeWave, Elastica, E8 Security, Recorded Future, and Sqrrl all have raised venture funding in the past few months.

“The market has become very, very noisy,” Div says. “A lot of money is poured into marketing, and a lot of companies get funded in security. But companies that truly try to disrupt the industry, we don’t see a lot of. That’s a shame.” He insists Cybereason is different. “We want to shape what the future of security will look like, not add another layer,” he says. “We are trying to build the brain for cybersecurity.”

Div gave an example from one of his customers, which he describes as “a provider to defense contractors.” Cybereason was able to tell the organization that a cyber attack had occurred and showed its leaders the “full story of the attack,” which was that “the hackers had the usernames and passwords of the whole system,” he says. Given the national security implications, the customer got the FBI involved, shut down its entire environment (including 20,000 endpoints), changed all the passwords, and cleaned the system, he says.

The big goal for Cybereason, Div says, is to “build a machine that can think and have a hunch like a human being” when it comes to detecting and responding to such attacks. And then “connect the dots and let someone who’s not a cyber expert see the full magnitude of the attack, and give them something to stop it,” he says.

Cybereason currently has about 40 employees split between Cambridge, MA, and Tel Aviv, Israel. Div says he is looking to nearly double the staff by the end of 2015. The company is planning to move its local office from Cambridge to Boston in the next month.

Trending on Xconomy