Arlington cybersecurity start-up ThreatConnect said Tuesday that it has raised $16 million from investors, led by the corporate venture capital arm of SAP’s North American subsidiary in Rockville. The next morning just down the road in Sterling, Va., a similarly-named start-up called ThreatQuotient said it raised $10.2 million, led by prolific technology investor New Enterprise Associates. A few weeks ago Arlington-based Trustar announced a $2 million in seed funding.
What do they all have in common? Each wants to be the place where the world’s corporate cybersecurity professionals share data and compare notes.
“We’re like the quarterback – there are a bunch of players on the field and until we get there they are all running in different directions,” said ThreatConnect chief executive Adam Vincent.
So-called threat intelligence platforms operate as a central repository for information about cyber-threats – the type and frequency of currently-occurring threats, hackers’ IP addresses, which portions of a company’s network are being targeted. The challenge is analyzing threat data quickly enough for it to still be useful.
“In security it’s a very specialized form of information that requires a specialized form of analysis, and the worst part of it all is it’s very time-sensitive,” said Harry Weller, partner at New Enterprise Associates. “That’s why we’re seeing this proliferation.”
The concept of sharing cybersecurity information is not new. So-called ethical hackers have always collaborated informally at conferences and online. National cybersecurity companies like FireEye and Alienvault and software companies like HP have their own platforms. And a plethora of industry specific information-sharing and analysis centers (known as ISACS) have formalized information-sharing for decades at varying levels of sophistication.
But the concept of an automated, real-time database of cyber-threats – where analysts from competing companies work together and share sensitive data – is relatively new. Whichever platform wins acceptance in the market could cash in big-time.
ThreatConnect was founded in 2011 under the name Cyber Squared. Though it’s still very much in start-up mode, the company has been on a hiring tear over the past year. It increased its ranks from 25 full-time employees last year to a current count of nearly 100. And Vincent says almost half of Fortune-100 companies use his company’s platform, for which he charges more than $1 million annually for some of the larger enterprises.
The start-up made national headlines in February when it claimed it had traced a hack on healthcare organization Anthem back to researchers sponsored by the Chinese government.
For SAP, which is best-known for selling software to businesses, a cyber-security platform for enterprises is a natural fit.
“They enjoy us as an investor because we’re not a typical venture capital investor,” said Mark Testoni, president and chief executive of SAP NS2, SAP’s North American subsidiary. “We have a longer-term view.”
ThreatQuotient is plugging into more traditional venture capital streams, including prolific technology investor New Enterprise Associates, a $13 billion venture fund focusing on technology start-ups.A few months ago ThreatQuotient tapped industry icon John Czupak to run the company as CEO.
Czupak says he joined the company because he was impressed by its ability to add high-profile corporations to its client list. He wouldn’t say which ones.
“Despite the fact that it had very little funding, no real sales people, no marketing to speak of, they were closing Fortune-100, Fortune-50 accounts,” said Czupak.
Czupak made his name as an executive at Sourcefire, a local cyber-security company that was bought by Cisco in 2013 for $2.7 billion in one of the biggest acquisitions ever in the cyber-security space, six years after a successful IPO.
“Our aim is to create a multi-billion dollar company,” said Weller, partner at NEA, which was also an early investor in Sourcefire. Weller joins the company’s board of directors as part of the terms of the investment.