Wing Security launches its end-to-end SaaS security platform, raises $26M

As businesses increasingly rely on an ever-growing number of SaaS products, it has become imperative for security teams to get a better understanding of which applications a company’s employees are actually using and the risks associated with those. It’s no surprise then that we’ve seen an increase in SaaS security solutions as well. Wing Security, which is launching out of stealth today and announcing its $20 million Series A funding round, aims to offer a comprehensive end-to-end SaaS security platform that can help businesses discover, monitor and — if needed — automatically remediate potential security issues with how their employees are using any of over 100,000 SaaS tools.

The company’s Series A round was led by GGV Capital, while its $6 million seed round, which the company hadn’t previously disclosed, was led by S-Capital. Harmony Partners, Silicon Valley CISO Investments Group and a number of angels, including Fireblocks CEO and co-Founder Michael Shaulov, Orca Security co-Founders Avi Shua and Gil Geron, former Kenna Security CEO Karim Toubba and Claroty co-Founder Galina Antova, also participated.

One thing that makes Wing stand out right away is its founding team. Led by Retired Brigadier General Noam Shaar, the former Chief Information Security Officer for the Israeli Defense Forces (IDF) and Retired Colonel Galit Lubitsky, the former head of the IDF’s Cyber Operations, you’ll be hard-pressed to find a more experienced set of founders, even in the Israeli security startup ecosystem that draws heavily from the IDF’s unit 8200. It’s also this leadership experience that put the founders on this path to launch Wing.

“We understand that people need a holistic solution — end-to-end. They don’t need one solution to take care of the unknown applications, one solution to make sure that Slack is running and is being used securely,” Shaar said. “As a former CISO of the biggest and most complicated organization in Israel, all I wanted from my security products is to perform and to be simple to use and to keep me covered. Not saying ‘ah, you had that incident? That’s because we don’t cover that.’ Then you have just a lot of different solutions that you try to integrate together and it never works.”

Wing then offers a platform that can discover all of the SaaS services being used inside a company — without having to install agents on users’ devices. To do this, the service integrates with some of the major SaaS applications in use in a given company (think Slack, Salesforce, Zoom etc.) and then looks at the activity happening there and the connections to those applications. That’s not easy but relatively straightforward and comparable to what some other vendors in this space do. In addition, though, Wing also integrates with endpoint security solutions to regularly query those endpoints to gather telemetry about SaaS applications that employees are using on those machines.

“Bringing those two methods together, that’s the only way to build a full picture,” explained Shaar, who also hinted that the team is looking at a solution that would work without these existing endpoint management services.

It’s worth noting that the Wing team stressed that the service only looks at metadata. It also doesn’t look at the content of employees’ inboxes.

As for remediation, Wing not only finds unsanctioned applications but also potential issues with the configuration of approved SaaS services that could create security issues. Simply providing alerts about potential security issues isn’t good enough, though, the company — and its investors — argue.

“When security professionals see another tool that is giving them alerts, they ask ‘and then what? What do I do with these alerts? I have alerts from here till indefinite.’ I think this platform approach that Wing is taking is really unique. They go and say ‘we’re not stopping here, we’re going to solve this problem for you,” GGV’s Oren Yunger said.

In practice, this means Wing provides playbooks for remediating common issues, but also some automated tools for remediating recurring issues as well.

“Wing’s holistic platform takes care of all your SaaS security needs. It identifies all SaaS apps, prioritizes the risks, and automates remediation,” said Coinbase’s Philip Martin, representing the Silicon Valley CISO Investments Group. “This allows security teams to cope with SaaS security challenges quickly and efficiently, making security an enabler for employees who want to use SaaS tools rather than a productivity blocker.”

Atera raises $77M at a $500M valuation to help SMBs manage their remote networks like enterprises do

When it comes to software to help IT manage workers’ devices wherever they happen to be, enterprises have long been spoiled for choice — a situation that has come in especially handy in the last 18 months, when many offices globally have gone remote and people have logged into their systems from home. But the same can’t really be said for small and medium enterprises: as with so many other aspects of tech, they’ve long been overlooked when it comes to building modern IT management solutions tailored to their size and needs.

But there are signs of that changing. Today, a startup called Atera that has been building remote, and low-cost, predictive IT management solutions specifically for organizations with less than 1,000 employees, is announcing a funding round of $77 million — a sign of the demand in the market, and Atera’s own success in addressing it. The investment values Atera at $500 million, the company confirmed.

The Tel Aviv-based startup has amassed some 7,000 customers to date, managing millions of endpoints — computers and other devices connected to them — across some 90 countries, providing real-time diagnostics across the datapoints generated by those devices to predict problems with hardware, software and network, or with security issues.

Atera’s aim is to use the funding both to continue building out that customer footprint, and to expand its product — specifically adding more functionality to the AI that it currently uses (and for which Atera has been granted patents) to run predictive analytics, one of the technologies that today are part and parcel of solutions targeting larger enterprises but typically are absent from much of the software out there aimed at SMBs.

“We are in essence democratizing capabilities that exist for enterprises but not for the other half of the economy, SMBs,” said Gil Pekelman, Atera’s CEO, in an interview.

The funding is being led by General Atlantic, and it is notable for being only the second time that Atera has ever raised money — the first was earlier this year, a $25 million round from K1 Investment Management, which is also in this latest round. Before this year, Atera, which was founded in 2016, turned profitable in 2017 and then intentionally went out of profit in 2019 as it used cash from its balance sheet to grow. Through all of that, it was bootstrapped. (And it still has cash from that initial round earlier this year.)

As Pekelman — who co-founded the company with Oshri Moyal (CTO) — describes it, Atera’s approach to remote monitoring and management, as the space is typically called, starts first with software clients installed at the endpoints that connect into a network, which give IT managers the ability to monitor a network, regardless of the actual physical range, as if it’s located in a single office. Around that architecture, Atera essentially monitors and collects “datapoints” covering activity from those devices — currently taking in some 40,000 datapoints per second.

To be clear, these datapoints are not related to what a person is working on, or any content at all, but how the devices behave, and the diagnostics that Atera amasses and focuses on cover three main areas: hardware performance, networking and software performance and security. Through this, Atera’s system can predict when something might be about to go wrong with a machine, or why a network connection might not be working as it should, or if there is some suspicious behavior that might need a security-oriented response. It supplements its work in the third area with integrations with third-party security software — Bitdefender and Acronis among them — and by issuing updated security patches for devices on the network.

The whole system is built to be run in a self-service way. You buy Atera’s products online, and there are no salespeople involved — in fact most of its marketing today is done through Facebook and Google, Pekelman said, which is one area where it will continue to invest. This is one reason why it’s not really targeted larger enterprises (the others are the level of customization that would be needed; as well as more sophisticated service level agreements). But it is also the reason why Atera is so cheap: it costs $89 per month per IT technician, regardless of the number of endpoints that are being managed.

“Our constituencies are up to 1,000 employees, which is a world that was in essence quite neglected up to now,” Pekelman said. “The market we are targeting and that we care about are these smaller guys and they just don’t have tools like these today.” Since model is $89 dollars per month per technician using the software, it means that a company with 500 people with four technicians is paying $356 per month to manage their networks, peanuts in the greater scheme of IT services, and one reason why Atera has caught on as more and more employees have gone remote, and are looking like they will stay that way.

And the fact that this model is thriving is also one of the reason and investors are interested.

“Atera has developed a compelling all-in-one platform that provides immense value for its customer base, and we are thrilled to be supporting the company in this important moment of its growth trajectory,” said Alex Crisses, MD, Global Head of New Investment Sourcing and Co-Head of Emerging Growth at General Atlantic, in a statement. “We are excited to work with a category-defining Israeli company, extending General Atlantic’s presence in the country’s cutting-edge technology sector and marking our fifth investment in the region. We look forward to partnering with Gil, Oshri, and the Atera team to help the company realize its vision.”

5 questions every IT team should to be able to answer

Now more than ever, IT teams play a vital role in keeping their businesses running smoothly and securely. With all of the assets and data that are now broadly distributed, a CEO depends on their IT team to ensure employees remain connected and productive and that sensitive data remains protected.

CEOs often visualize and measure things in terms of dollars and cents, and in the face of continuing uncertainty, IT — along with most other parts of the business — is facing intense scrutiny and tightening of budgets. So, it is more important than ever to be able to demonstrate that they’ve made sound technology investments and have the agility needed to operate successfully in the face of continued uncertainty.

For a CEO to properly understand risk exposure and make the right investments, IT departments have to be able to confidently communicate what types of data are on any given device at any given time.

Here are five questions that IT teams should be ready to answer when their CEO comes calling:

What have we spent our money on?

Or, more specifically, exactly how many assets do we have? And, do we know where they are? While these seem like basic questions, they can be shockingly difficult to answer … much more difficult than people realize. The last several months in the wake of the COVID-19 outbreak have been the proof point.

With the mass exodus of machines leaving the building and disconnecting from the corporate network, many IT leaders found themselves guessing just how many devices had been released into the wild and gone home with employees.

One CIO we spoke to estimated they had “somewhere between 30,000 and 50,000 devices” that went home with employees, meaning there could have been up to 20,000 that were completely unaccounted for. The complexity was further compounded as old devices were pulled out of desk drawers and storage closets to get something into the hands of employees who were not equipped to work remotely. Companies had endpoints connecting to corporate network and systems that they hadn’t seen for years — meaning they were out-of-date from a security perspective as well.

This level of uncertainty is obviously unsustainable and introduces a tremendous amount of security risk. Every endpoint that goes unaccounted for not only means wasted spend but also increased vulnerability, greater potential for breach or compliance violation, and more. In order to mitigate these risks, there needs to be a permanent connection to every device that can tell you exactly how many assets you have deployed at any given time — whether they are in the building or out in the wild.

Are our devices and data protected?

Device and data security go hand in hand; without the ability to see every device that is deployed across an organization, it becomes next to impossible to know what data is living on those devices. When employees know they are leaving the building and going to be off network, they tend to engage in “data hoarding.”

SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation

This year, more than ever before because of the Covid-19 pandemic, huge droves of workers and consumers have been turning to the internet to communicate, get things done, and entertain themselves. That has created a huge bonanza for cybercriminals, but also companies that are building tools to combat them.

In the latest development, an Israel-hatched, Mountain View-based enterprise startup called SentinelOne — which has built a machine learning-based solution that it sells under the brand Singularity that works across the entire edge of the network to monitor and secure laptops, phones, containerised applications and the many other devices and services connected to a network — has closed $267 million in funding to continue expanding its business to meet demand, which has seen business boom this year. Its valuation is now over $3 billion.

Given the large sums the company has now raised — $430 million to date — the funding will likely be used for acquisitions (cyber is a very crowded market and will likely see some strong consolidation in the coming years) as well as more in-house development and sales and marketing. Earlier this year, CEO and founder Tomer Weingarten told me that an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he said at the time. “We have one to two years of growth left as a private company.”

SentinelOne contacted TechCrunch with the above details but said that an official press release was due only to be released at 3pm UK time. We’ll update with more details if they’re available when they are published. In the meantime, other outlets such as Calcalist in Israel (in Hebrew) have also published these details. And it should be noted that the round was rumored for almost a month ahead of this, although the sums raised were off by quite a bit: the reports had said $150-200 million.

(Sidenote: Why the pointless games with timings and exclusives? Who knows — I certainly don’t. )

This round included Tiger Global, Sequoia, Insight Partners, Third Point Ventures and Qualcomm Ventures. It looks like Sequoia — which is currently building up a new European operation to look more closely at opportunities on this side of the globe — is the only new name in that list. The others have all backed SentinelOne in previous rounds.

It was only in February of this year that SentinelOne had raised $200 million at a $1.1 billion valuation.

The rapid fundraising, from a top-shelf list of firms, is a notable aspect of this story.

In the world of startups, we are firmly living in a time when investors are looking for strong opportunities to back companies that are shining in a market that is particularly challenging. Covid-19 has all but decimated the travel industry and live in-person event industry, among others.

But services that are helping people continue to live their lives, and those that are helping find a cure or at least solutions to minimise the impact, are very much in demand.

The cybersecurity market — in particular companies that are providing solutions that can immediately prove to be effective in what is an increasingly sophisticated threat landscape — is incredibly active right now, even more than it already was.

“Around 450 cybersecurity companies are operating in Israel, constituting 5% of the global cybersecurity market, in some cyber segments the two world leaders are by Israeli founders like CheckPoint and Palo Alto,” noted Avihai Michaeli, an advisor who scouts startups for corporate VCs.

Within that, endpoint security, the area where SentinelOne concentrates its efforts, is particularly strong. Last year, endpoint security solutions was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

While SentinelOne has a lot of competitors — they include Microsoft, CrowdStrike, Kaspersky, McAfee, and Symantec — it is also a strong player in the market. Relying on the advances of AI and with roots in the Israeli cyberintelligence community, its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said to me this year. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

As of February, it had 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. Those numbers will have likely grown significantly since then. (We’ll update as and when we learn more.)

Elastic adds endpoint security to its expanding toolset

Elastic acquired Endgame Security in June for $234 million, and as a result of that deal, today the company announced Elastic Endpoint security to help customers secure laptops and servers. It also announced the acquisition has officially closed.

Elastic CEO and co-founder Shay Banon says that the company has already been helping threat hunters inside organizations find security events via its security information and event management (SIEM) tool. With Endgame, the company it wanted to extend its security coverage to laptops and servers. It’s probably not a coincidence that Endpoint is built on top of Elastic technology.

The company announced that it’s going to offer an unusual pricing model for this tool. Banon says that instead of charging by the machine as is the industry norm, it’s going to charge based on the amount of data stored. He says it’s an essential change to carry the security and coverage across the range of tools.

“We deeply believe in order to converge segments like SIEM and endpoint, you not only want to have the same technology stack, but you also want to provide customers with the same packaging and pricing. This is a first in the endpoint market, and we think it’s a big deal when it comes to security users and CISOs and CIOs out there,” Banon told TechCrunch.

Elastic is at its heart a search tool, but it has been expanding what that search tool covers over the years beyond web and enterprise search to other areas like applications performance management, log management and security.

Today’s announcement is about expanding that security component to enable the company to offer more comprehensive coverage across an organization. Endpoint’s 150 employees, which are mostly engineers and data scientists, have joined Elastic and will be providing the company with a machine learning knowledge boost to help make sense of the growing amounts of data across the Elastic toolset.

Endgame is based in Arlington, Virginia and will keep its offices there. It raised over $111 million (according to Crunchbase data) before being acquired.

SentinelOne raises $120M for its fully-autonomous, AI-based endpoint security solution

Endpoint security — the branch of cybersecurity that focuses on data coming in from laptops, phones, and other devices connected to a network — is an $8 billion dollar market that, due to the onslaught of network breaches, is growing fast. To underscore that demand, one of the bigger startups in the space is announcing a sizeable funding round.

SentinelOne, which provides real-time endpoint protection on laptops, phones, containers, cloud services and most recently IoT devices on a network through a completely autonomous, AI-based platform, has raised $120 million in a Series D round — money that it will be using to continue expanding its current business as well as forge into new areas such as building more tools to automatically detect and patch software running on those endpoints, to keep them as secure as possible.

The funding was led by Insight Partners, with Samsung Venture Investment Corporation, NextEquity participating, alongside all of the company’s existing investors, which include the likes of Third Point Ventures, Redpoint Ventures, Data Collective, Sound Ventures and Ashton Kutcher, Tiger Global, Granite Hill and more.

SentinelOne is not disclosing its valuation with this round, but CEO and co-founder Tomer Weingarten confirmed it was up compared to its previous funding events. SentinelOne has now raised just shy of $130 million, and PitchBook notes that in its last round, it was valued at $210 post-money.

That would imply that this round values SentinelOne at more than $330 million, likely significantly more: “We are one of the youngest companies working in endpoint security, but we also have well over 2,000 customers and 300% growth year-on-year,” Weingarten said. And working in the area of software-as-a-service with a fully-automated solution that doesn’t require humans to run any aspect of it, he added, “means we have high margins.”

The rise in cyberattacks resulting from malicious hackers exploiting human errors — such as clicking on phishing links; or bringing in and using devices from outside the network running software that might not have its security patches up to date — has resulted in a stronger focus on endpoint security and the companies that provide it.

Indeed, SentinelOne is not alone. Crowdstrike, another large startup in the same space as SentinelOne, is now looking at a market cap of at least $4 billion when it goes public. Carbon Black, which went public last year, is valued at just above $1 billion. Another competitor, Cylance, was snapped up by BlackBerry for $1.5 billion.

Weingarten — who cofounded the company with Almog Cohen (CTO) and Ehud Shamir (CSO) — says that SentinelOne differs from its competitors in the field because of its focus on being fully autonomous.

“We’re able to digest massive amounts of data and run machine learning to detect any type of anomaly in an automated manner,” he said, describing Crowdstrike as “tech augmented by services.” That’s not to say SentinelOne is completely without human options (options being the key word; they’re not required): it offers its own managed services under the brand name of Vigilance and works with system integrator partners to sell its products to enterprises.

There is another recurring issue with endpoint security solutions, which is that they are known to throw up a lot of false positives — items that are not recognized by the system that subsequently get blocked, which turn out actually to be safe. Weingarten admits that this is a by-product of all these systems, including SentinelOne’s.

“It’s a result of opting to use a heuristic rather than deterministic model,” he said, “but there is no other way to deal with anomalies and unknowns without heuristics, but yes with that comes false positives.” He pointed out that the company’s focus on machine learning as the basis of its platform helps it to more comprehensively ferret these out and make deductions on what might not otherwise have proper representation in its models. Working for a pilot period at each client also helps inform the algorithms to become more accurate ahead of a full rollout.

All this has helped bring down SentinelOne’s own false positive rate, which Weingarten said is around 0.04%, putting it in the bracket of lower mis-detectors in this breakdown of false positive rates by VirusTotal:

“Endpoint security is at a fascinating point of maturity, highlighting a massive market opportunity for SentinelOne’s technology and team,” said Teddie Wardi, Managing Director, Insight Partners, in a statement. “Attack methods grow more advanced by the day and customers demand innovative, autonomous technology to stay one step ahead. We recognize SentinelOne’s strong leadership team and vision to be unique in the market, as evidenced through the company’s explosive growth and highly differentiated business model from its peer cybersecurity companies.”

By virtue of digesting activity across millions of endpoints and billions of events among its customers, SentinelOne has an interesting vantage point when it comes to seeing the biggest problems of the moment.

Weingarten notes that one big trend is that the biggest attacks are now not always coming from state-sponsored entities.

“Right now we’re seeing how fast advanced techniques are funnelling down from government-sponsored attackers to any cyber criminal. Sophisticated malicious hacking can now come from anywhere,” he said.

When it comes to figuring out what is most commonly creating vulnerabilities at an organization, he said it was the challenge of keeping up to date with security patches. Unsurprisingly, it’s something that SentinelOne plans to tackle with a new product later this year — one reason for the large funding round this time around.

“Seamless patching is absolutely something that we are looking at,” he said. “We already do vulnerability assessments today and so we have the data to tell you what is out of date. The next logical step is to seamlessly track those apps and issue the patches automatically.”

Indeed it’s this longer term vision of how the platform will be developing, and how it’s moving in response to what the current threats are today, that attracted the backers. (Indeed the IoT element of the “endpoint” focus is a recent additions.

“SentinelOne’s combination of best-in-class EPP and EDR functionality is a magnet for engagement, but it’s the company’s ability to foresee the future of the endpoint market that attracted us as a technology partner,” a rep from Samsung Venture Investment Corporation said in a statement. “Extending tech stacks beyond EPP and EDR to include IoT is the clear next step, and we look forward to collaborating with SentinelOne on its groundbreaking work in this area.