.406 Ventures secures $265M for fifth fund

When looking at startups within healthcare, data and AI and cybersecurity, the firm considers a number of factors like the plan for infrastructure, especially now that AI is everywhere.

© 2024 TechCrunch. All rights reserved. For personal use only.

Hear why so many cybersecurity companies call Boston home

TechCrunch Live took a virtual visit to Boston this week at our special City Spotlight: Boston event. During the special, extended event, influential Boston founders and investors spoke including Boston Robotics founder Marc Raibert and MassChallenge CEO Cait Brumme. The event started with Greg Dracon, of .406 Ventures, and Matt Caulfield, founder and CEO of Oort, with a conversation around cybersecurity companies in Boston.

Caulfield started Oort in 2018, and to date, raised $18.05m to support the company including from Dracon at .406 Ventures.

But why Boston, I asked in the video embedded here.

“I live out in the boonies,” Caulfield said, laughing while adding, “In the town over, there’s a prototype fusion reactor from Commonwealth Fusion, which is out of MIT, and you’re not going to find that anywhere in the country.”

Both Caulfield and Dracon made Boston home and started companies in the area. To them, the area’s rich history in deep tech explains why high-tech startups, from biotech to cybersecurity companies, find success in the region.

And the Boston area keeps growing. As explained in this TechCrunch article on Boston, success begets success. In 2022, the area was the fourth most active venture capital market in the United States, trailing just California’s Bay Area, New York City, and Los Angeles.

Greg pointed to the flywheel effect to explain the scene: “We [Boston] have companies that are exiting for nice amounts, and spitting out entrepreneurs. We were early investors in Carbon Black, and we’ve backed two companies that spun out of Carbon Black… There are probably five or six companies that spun out of Carbon Black alone.” He explains that it’s important for a region when people feel success together and points to other large Boston companies like Hubspot, Wayfair, and Klaviyo that saw projects turn into spun-out startups.”

The Boston area requires a specific type of entrepreneur, the two say. “You have to be networked into the tech communities and a bit of a combination of an introvert and extrovert,” Dracon said. “We find good founders who are introverted enough, often have a technical background, but they can get out there, build up networks, and turn it on when when they have to sell.”

“If you’re solving a hard technical problem,” Caulfield said, “I can’t think of a better place than Boston to do it.”

Hear why so many cybersecurity companies call Boston home by Matt Burns originally published on TechCrunch

Identity security platform Oort bags new cash to grow its product

Oort, an identity threat detection and response platform, today announced that it raised $11.5 million in a Series A round co-led by .406 Ventures and Energy Impact Partners with participation from Cisco Investments. The proceeds, which bring Oort’s total capital raised to $15 million, will be put toward supporting its go-to-market strategy, CEO Matt Caulfield tells TechCrunch.

Caulfield co-founded Oort after stints at Citi, Lockheed Martin and Cisco (hence Cisco’s involvement in the Series A), where he led their Boston-based product innovation team. Joined by Didi Dotan, the former chief architect of identity at EMC and director of identity services at Cisco, Caulfield set out to launch a service that could detect and respond to identity threats — e.g. social engineering, phishing and malware — at “enterprise scale.”

“From a technical perspective, identity is everything. Gone are the days of pervasive endpoint and network security,” Caulfield told TechCrunch in an email interview. “Identity is the only thing standing between attackers on the wide open internet and the assets and data of the enterprise. Investing in identity security is a must-have for enterprise security teams.”

There’s no question the market for identity security startups — startups that offer products to ID and authenticate people — is red-hot. VC firms poured $2.3 billion into identity vendors in 2021, up from $1.3 billion in 2020, according to Crunchbase data. Companies such as Socure, Transmit Security and Trulioo have raised hundreds of millions of dollars between them within the last few years, while others, like Auth0, have been snapped up by incumbents like Okta.


Image Credits: Oort

With the normalization of remote work giving rise to a raft of new identity security startups, including Illusive, Silverfort, Authomize, ConductorOne, Footprint and Silverfort, Oort has its sales work cut out for it. But Caulfield asserts that a factor in its favor is its “data-driven,” yet “human-centric” approach to orchestrating the user accounts employees use across their organization’s various digital services.

“The number of vendors and the noise created by security vendors is tremendous. This makes it difficult for chief information security officers and security teams to find and evaluate new solutions,” Caulfield said. “Rather than focusing on the securing machines and bits and bytes, we focus on the user — the human — behind the identity.”

The Oort platform, built on Snowflake’s security data lake architecture, ingests streaming event and identity data from different sources (including external sources like Webroot’s Brightcloud) to create statistical models that are then used to detect threats like social engineering. Oort works with existing systems such as Okta and Microsoft Azure AD and offers tools for performing common identity security tasks, like fixing vulnerable user accounts, investigating a user’s authentication history and risk factors, monitoring for potentially suspicious user behavior and removing accounts with unused access.

The tech evidently won over the business of Collibra and Avid Technology, who are among Oort’s 10 enterprise customers. Caulfield says that recent high-profile identity attacks like the breach of Uber’s internal network have driven interest in Oort’s platform, too, unsurprisingly, as have the digital transformations catalyzed by the pandemic.

“The broader slowdown has not, as of yet, affected security buying patterns,” Caulfield said, adding that Oort’s Series A extends the company’s runway “well into” 2024. “Enterprise security and the shift from old approaches based on devices and networks to Oort’s approach that centers on users, identities and the humans behind them, positions them to capture the shift that is already underway.”

Oort currently employs 18 people across the U.S., Israel and Uruguay. The company plans to grow to 25 people by the end of 2022.

Identity security platform Oort bags new cash to grow its product by Kyle Wiggers originally published on TechCrunch

ThreatX raises a fresh round of capital to protect APIs and web apps

ThreatX, a vendor selling API protection services to mainly enterprise clients, today announced that it raised $30 million in a Series B funding round led by Harbert Growth Partners with participation from Vistara Growth, .406 Ventures, Grotech Ventures and Access Venture Partners. With the new cash, which brings ThreatX’s total raised to $52 million, CEO Gene Fay tells TechCrunch that ThreatX will “accelerate” investments in platform development while scaling sales and marketing initiatives.

The raise highlights investors’ continued confidence in cybersecurity businesses to net returns, despite the current macroeconomic woes. While there’s some evidence that fundraising has begun to slow down, cybersecurity startups raised $2.4 billion between January and June, according to PitchBook. Companies that defend APIs from outside attack have been particularly fruitful, lately, with startups such as Ghost Security and Corsha raising tens of millions of dollars in capital.

ThreatX was co-founded in 2014 by Bret Settle and Andrius Useckas. Prior to starting ThreatX, Settle was VP of enterprise architecture at BMC; Useckas had worked with Bret at BMC, where he was an enterprise security architect. The two were also colleagues at Corporate Express, which was acquired by Staples in 2008, where Useckas came in as an external pen tester.

“Over the course of working together for several years, Settle and Andrius saw a massive gap in the market in terms of solutions to protect BMC’s application portfolio,” said Fay, who was appointed CEO of ThreatX in 2020. “The products available required endless tuning and rule-writing, and returned piles of false positives. Through all of this, the notion of innovating in the space — and ThreatX — was born.”

ThreatX offers API protection, bot and DDoS mitigation and traditional web application firewalls (WAF) for first and third-party web apps. The platform builds a profile of threat actors, leveraging a detection and correlation engine to show which actors are actively attacking and which might pose the greatest threat.


Image Credits: ThreatX

Fay sees ThreatX competing primarily with two categories of cybersecurity vendors. The first are newer API observability tools such as Salt Security and Noname. The second are bot management platforms like Cequence and WAF players such as Akamai, F5 and Imperva, which generally rely on applying rules-based protection to web apps and APIs.

Fay argues that the former group — the bot management and WAF vendors —  tend to offer capabilities that came together through acquisition, so they’re less integrated. As for the latter — the API observability tools — Fay asserts that they often don’t offer web app or bot protection and require offline analysis, which precludes the ability to block attacks in real time.

“The bottom line is that to protect APIs, you must be able to block attacks in real time,” Fay said. “Grabbing data through observation and analyzing it after the fact may be interesting, but it does little from an immediate security standpoint. For our customers, the number one priority is protection — in real time, all the time. That is the value proposition we offer to our customers.”

Real-time protection or no, it’s true that API attacks are a growing cyber threat. Gartner predicts that by 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web software.

“The COVID-19 pandemic accelerated use of APIs as companies looked at how they might provide new services to deliver value — and derive revenue — from customers,” Fay added. “As people — both as consumers and professionals — turned to technology to get more done, reliance on both APIs and web applications grew substantially. That, in turn, has increased the need for security in this context — which presents a ton of opportunity for ThreatX.

While Fay demurred when asked about financials, he said that ThreatX currently has “more than” 100 customers. He declined to name any names.

When reached for comment, Harbert Growth Partners general partner Tom Roberts said in a statement: “APIs are a strategic priority for businesses of all sizes and have become a primary target for threat actors. Organizations are now contending with constant threats and require API and web application protection capabilities that can identify and respond to attacks in real time. This need for ‘real-time attack protection’ is driving the API security market towards an aggressive pivot. Based on ThreatX’s strong customer traction and unique product capabilities, we believe the company is well-positioned to meet this shift head-on as a valuable partner to businesses looking to secure their attack surface.”

Employee talent predictor retrain.ai raised another $7M, adds Splunk as strategic investor

Automation will displace 85 million jobs while simultaneously creating 97 million new jobs by 2025, according to the World Economic Forum. Although that sounds like good news, the hard reality is that millions of people will have to retrain in the jobs of the future.

A number of startups are addressing these problems of employee skills, so looking at talent development, neuroscience-based assessments, and prediction technologies for staffing. These include Pymetrics (raised $56.6M), Eightfold (raised $396.8M) and EmPath (raised $1M). But this sector is by no means done yet.

retrain.ai bills itself as a ‘Talent Intelligence Platform’ and it’s now closed an additional $7 million from its current investors Square Peg, Hetz Ventures, TechAviv, .406 Ventures and Schusterman Family Investments. It’s also now added Splunk Ventures as a strategic investor. The new round of funding takes its total raised to $20 million.

retrain.ai says it uses AI and machine learning to help governments and organizations retrain and upskill talent for jobs of the future, enable diversity initiatives, and that it helps employees and jobseekers manage their careers.

Dr. Shay David, co-founder and CEO of retrain.ai said: “We are thrilled to have Splunk Ventures join us on this exciting journey as we use the power of data to solve the widening skills gap in the global labor markets.”

The company says it helps companies tackle future workforce strategies by “analyzing millions of data sources to understand the demand and supply of skill sets.”

retrain.ai new funding will be used for U.S. expansion, hiring talent and product development.

Israel’s Retrain.ai closes $13M to use AI to understand early signals in the changing jobs market

Israel’s retrain.ai, which uses AI and Machine Learning to read job boards at scale and to gain insight into where the job market is going, has closed $9M Series A led by Square Peg. Since retrain.ai’s $4M seed round last year was unannounced (led by Hetz Ventures, with TechAviv and .406 Ventures participating) that means it’s raised a total of $13 million. It’s competitors include Pymetrics which has raised $56.6M and Eightfold.ai which has raised $176.8M.

As well as the funding, the company has secured a first deal with the Israeli Department of Labor to look at the changing nature of the Israeli job market in light of the pandemic.

With technology eating into the traditional labour market, retrain.ai says its platform can look at what jobs are being advertised, which jobs are going down in popularity and see early-warning signals as to where new jobs are going to appear from. This can help form policy for large organiations and governments.

retrain.ai’s CEO is Dr. Shay David, who is best known for co-founding the video enterprise leader Kaltura, which first appeared at TehcCrunch’s first ever conference in 2007. Isabelle Bichler-Eliasaf is the company’s COO and Avi Simon, is retrain.ai’s CTO.

Dr. Shay David said: “What was once the regular tide of change in the workforce has evolved into a tsunami, especially pronounced by COVID-19 and its huge impact on the labor market– this has been a wake-up call. Unemployment and underemployment  is going to affect a billion people globally in the next few decades. Our vision is to help 10 million workers get the right jobs by 2025 and help organizations navigate efficiently through the wave of change.”
retrain.ai is the first investment by Square Peg’s new $450M fund. The VC previously invested in Canva, Stripe, Fiverr and Airwallex.

Top investors predict what’s ahead for Boston’s VC scene in Q1

Before the COVID-19 pandemic shook up the world and reshaped the economy, Boston was quietly setting records.

According to new venture data compiled by TechCrunch, the region set what was at least a local maximum in venture capital raised in the space of a single quarter in Q1 2020.

But while Boston’s startup market announced a number of huge rounds that bolstered its total venture dollars raised in the first quarter, there were signs of weakness: Deal volume was its best since Q2 2019, according to a set of data compiled and released by PwC and CB Insights, but was still a little under the pace set in 2018.

So Boston’s startups raised lots of money, but couldn’t match prior highs when it came to the number of checks written. And those results were largely recorded before COVID-19 shuttered the city. Since then, we’ve seen a number of area startups lay off staff, something we explored last week.

Now, with fresh data in hand, we can take a closer look at the city’s first quarter of 2020. To better understand what we’re unpacking, we asked a number of local venture capitalists to weigh in. Let’s look back at Boston’s Q1 as we stride into Q2 with the help of Venture Lane, .406 Ventures, Volition Capital and Flybridge Capital Partners.

The data

Starting with a programming note is counter-flow, but bear with us. TechCrunch is starting a regular, monthly series on Boston and its startup market. This is a second prelude of sorts. Normally we’d hold news and interviews for a later date so that we’d have plenty of material for a column. In the face of relentless change, however, we didn’t want to hold off on reporting and synthesizing new information. When things are more normal, our pace will follow.

Per PwC and CB Insights, here’s the last few quarters of data, along with a few yearly totals to draw you the picture we can now see:

Heartbeat Health raises $8.2M to improve cardiovascular care

While you’ve probably spent a lot of today thinking about the COVID-19 pandemic, it’s worth remembering that other health issues aren’t going away — and that heart disease remains the leading cause of death in the United States.

Heartbeat Health is a startup working to improve the way that cardiovascular care is delivered, and it announced today that it has raised $8.2 million in Series A funding.

Dr. Jeffrey Wessler, the startup’s co-founder and CEO, is a cardiologist himself, and he told he “stepped off the academic cardiology path” about three years ago because he “saw some of the work being done in digital health space and became incredibly enamored of doing this for heart health.”

Wessler said that the delivery methods for cardiovascular care remain largely unchanged. To a large extent because that’s because the existing model works, but there’s still room to do better.

“As of the last seven or so years, we’re in a new era where we’ve figured out how to treat people well once they get sick,” he said. “But we’re doing a very bad job of keeping them healthy.”

To address that, Heartbeat Health has created what Wessler described as a “digital first” layer, allowing patients to talk with experts via telemedicine, who can then direct them to the appropriate provider — who might be a “preferred Heartbeat partner” or not — for in-person care.

This initial interaction can help patients avoid “a lot of inefficiencies,” he said, because it ensures they don’t get sent to the wrong place, and “kick[s] things off right with evidence-based, guideline-based testing, so that they’re not just falling into the individual practice habits of random doctors.”

In addition, Heartbeat Health tries to collect all the relevant heart data (which might come from wearable consumer devices like an Apple Watch or Fitbit) in one place, and to track results about which treatments are most effective.

“Ultimately, we want to be the software, the technology powering it all, but we don’t want to leave any patient behind at the beginning,” Wessler said.

He added that the program works with most commercial insurance and is already involved in the care of 10,000 New York-area patients. And apparently it’s been embraced by the cardiologists, who Wessler said always tell him, “We’ve been waiting for that layer to come in and unify this incredibly fragmented system, as long as it works with us and not against us.”

The funding was led by .406 Ventures and Optum Ventures, with participation from Kindred Ventures, Lerer Hippeau, Designer Fund and Max Ventures.

Acting as the data integrator between hospitals and digital health apps brings Redox $33 million

Investors have forked over $33 million in a new round of funding for Redox, hoping that the company can execute on its bid to serve as the link between healthcare providers and the technology companies bringing new digital services to market.

The financing comes just two months after Redox sealed a deal with Microsoft to act as the integration partner connecting Microsoft’s Teams product to electronic health records through the Fast Healthcare Interoperability Resources standard.

Redox sits at a critically important crossroads in the modern healthcare industry. It’s founder, a former employee at the electronic health record software provider Epic, knows more than most about the central position that data occupies in U.S. healthcare at the moment.

What we’re doing we’re building the platform and connector to help health systems integrate with technologies in the cloud,” says chief executive, Luke Bonney. 

Bonney served as a team lead in various divisions at Epic before launching Redox and the Madison, Wis.-based company was crafted with the challenges other vendors faced when trying to integrate with legacy systems like the health record provider.

“The fundamental problem is helping a large health system use a third party tool that they want to use,” says Bonney. And the biggest obstacle is finding a way to organize the data coming from healthcare providers into a format that application developers can work with, he said. 

Investors including RRE Ventures, Intermountain Ventures, .406 Ventures joined new investor Battery Ventures in financing the $33 million round. As part of the deal, Battery Ventures general partner Chelsea Stoner will take a seat on the company’s board.

Application developers pay for the number of integrations they have with a health system, and Redox enables them to connect through a standard application programming interface, according to the company. 

Its approach allows secure messaging across any format associated with an organization’s electronic health record (EHR), the company said. 

Redox works with over 450 healthcare providers and hundreds of application developers, the company said.

High profile healthcare networks that work with the company include AdventHealth, Atrium Health, Brigham & Women’s, Clarify Health, Cleveland Clinic, Geisinger, HCA, Healthgrades, Intermountain Healthcare, Invitae, Fitbit, Memorial Sloan Kettering, Microsoft, Ochsner, OSF HealthCare, PointClickCare, R1, ResMed, Stryker, UCSF, University of Pennsylvania, and WellStar.