6 AI Cybersecurity Startups to Watch in 2018
If 2017 has taught us anything, it’s that nothing is safe. Some poor MBA home alone for the holidays is probably still crunching the final numbers, but this year will likely turn out to be one of the worst in terms of cybersecurity breaches. Almost two billion records were lost or stolen globally in the first half of 2017. The Equifax breach was probably the most infamous, but there were plenty of other headline-grabbing cyber attacks, including the use of hacking tools developed by the National Security Agency. Storing private data on post-it notes taped around a computer monitor seems like a more secure choice these days. It’s little wonder that cryptocurrencies and blockchain are quickly gaining relevance, even if the average person doesn’t know a bitcoin from two bits.
Not all is lost. More and more cybersecurity startups are turning to artificial intelligence to fend off attacks, a trend we’ve covered throughout the year, including special features on predictive analytics, mobile security, and secure communications. That brings us to the bright minds at CB Insights, which finally revealed their AI 100 for 2018. The bad news is that we’ve already covered about two-thirds of the companies, leaving us only about 36 to track down in the coming year. The good news is that six of them are cybersecurity startups, giving us a good reason to take our first crack at the AI 100 list.
The Next Unicorn
Boston-based Cybereason, founded in 2008, is knocking on the door of the Unicorn Club—private companies worth at least $1 billion or more. Like just about every tech company on the planet, Cybereason was the beneficiary of a huge investment from SoftBank. The Japanese telecommunications giant invested $100 million in Cybereason in June, bringing total funding to nearly $190 million. Softbank had previously sunk $59 million into Cybereason back in 2015. Other backers include Lockheed Martin and Spark Capital, which has about $2 billion under management with a portfolio that has names on it like Twitter, Tumblr, and Oculus. CB Insights estimates the company’s new value at around $900 million.
The company’s AI cybersecurity technology seems to subscribe to the theory that the best defense is a good offense when it comes to endpoint security. An endpoint is generally a user device, such as laptop or mobile device, as well as servers. Its platform is based on behavioral analytics, meaning it correlates data to understand what the attacker is doing. Sensors on every endpoint help monitor the system. The Cybereason Hunting Engine collects all that data, detecting patterns between past and present activities, learning to be more effective as more data come in. At the heart of the system is what Cybereason calls its in-memory graph, which acts like a six-year-old child by asking each endpoint eight million questions per second, every second of the day, to detect malicious attacks or intentions.
Update 08/06/2019: Cybereason has raised $200 million to accelerate sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous. This brings the company’s total funding to $388.6 million to date.
Military Efficiency
Found in 2008, Arlington, Va.-based Endgame also goes on the hunt for endpoint cybersecurity protection. The company itself has hunted down about $111 million in funding. The AI cybersecurity startup initially made its money from government contracts, including helping to ensure the Department of Defense doesn’t give away any more of its own hacking tools. Now, more than half of Endpoint’s business comes from commercial customers, according to a feature on the company in Bloomberg Businessweek. One of those clients is Texas A&M University, with its nearly 150,000 students surfing porn doing research online. Physical inspections of suspected infected computers can now happen remotely. That’s thanks to Endgame’s AI cybersecurity platform that can detect, isolate and fix an endpoint before an attack can succeed.
The company’s CEO, Nate Flick, knows a little something about hunting down bad guys. He led Marine Corps infantry and reconnaissance units in combat in Afghanistan and Iraq. And he’s also an operating partner at Bessemer Venture Partners, one of Endgame’s high-profile investors.
You Shall Not Pass
Founded in 2011, Shape Security has wrangled $106 million, including from investors like Google and a host of well-known venture firms. That’s not too surprising given that its management team consists of cybersecurity experts from the defense industry, Google and some other high-tech companies. Shape claims to have deflected more than $1 billion in fraud in various industries, including retail, finance, and government.
The company offers two products. Shape Defense protects against cyberattacks targeting large-scale fraud, account takeover, content scraping and denial of service. It uses machine learning, a form of AI, to improve defenses over time. AI also powers its newest product, Blackfish, which is designed to prevent attackers from using stolen passwords to access accounts. The platform leverages Shape’s machine learning abilities to detect automatically what’s called stuffing attacks, where criminals use software to test millions of usernames and passwords at one time. Blackfish identifies the credentials and invalidates them across a customer network. Shape protects more than 25 percent of all U.S. deposits, stopping more than 100,000 account takeover attempts per day.
Update 09/13/2019: Shape Security has raised $51 million in new funding for international expansion and product development, particularly in respect to their AI capabilities. This brings the company’s total funding to $183 million to date.
An Expert Hack
Founded in 2012, Seattle-based Versive (formerly known as Context Relevant) rebranded this year after taking in $12.7 million in August, bringing total funding to $57 million. That’s also around the time that it released its Versive Security Engine for the commercial masses. Before then, it had been doing custom jobs for sophisticated customers, according to a story in eWeek. Its AI platform gets deep inside a customer’s network, like a good proctologist, to identify what is normal and what looks suspicious. It’s able to cut through the background noise and connect the abnormal behaviors into a report called a Threat Case. It claims its AI gets to know a network so intimately, like a good proctologist, that it can even root out internal threats by someone with certified credentials to a network. The Versive Security Engine was built with knowledge from Peiter “Mudge” Zatko, an expert hacker who has worked for the shadowy U.S. government agency DARPA.
Stop the Bots
Founded in 2014, Silicon Valley’s PerimeterX has raised $34.5 million, including a $23 million Series B in June, to stop bot attacks with its AI cybersecurity platform. Don’t worry, we’re not talking about Terminator robots. Bots are simply software applications that run automated tasks, or scripts, over the internet. The malicious forms are like releasing gremlins in a China shop, and they’re becoming ever more sophisticated to carry out acts such as checkout abuse and online fraud. The latest generation of bots impersonate real users:
PerimeterX uses machine learning to identify non-human behaviors, such as landing a mouse directly on a button rather than scrolling towards it up or down the screen. The company made headlines this holiday season when bots went all Grinch on a popular child’s toy called a Fingerling that was literally disappearing from customers’ online shopping carts, highlighting the need for bot protection.
Update 09/04/2019: PerimeterX has raised $43 million in Series C funding and another $14 million as an extension with the money going into sales and marketing to push the revenue pedal and scale the company. This brings the company’s total funding to $91.5 million to date.
Big Names
Founded just this year, Obsidian Security out of Newport Beach, California, has raised $9.5 million from top VC firm Greylock Partners. The founders include veterans from cybersecurity startups Cylance and Carbon Black, as well as the NSA. The company appears to be just ramping up, and doesn’t seem to have gotten much past the tagline of being at the “intersection of security, artificial intelligence, and hybrid-cloud technology”. Still, it has some heavy hitters on the leadership team and appears to be focused on hiring at the moment.
Update 02/27/2019: Obsidian has raised $20 million in Series B funding for product development and to grow sales and marketing teams. This brings the company’s total funding to $29.5 million to date.
Conclusion
It seems like it’s just a matter of time before cybersecurity becomes a war fought solely by machines, as AI cybersecurity startups proliferate. Capital markets data firm Pitchbook predicted that 2017 would be a record year for investments into cybersecurity startups. We have to think that AI cybersecurity startups are a big reason behind that trend.