PhishMe, a cybersecurity start-up based in Leesburg that helps other businesses deal with so-called spear-phishing email attacks, has been acquired by private equity firms BlackRock and Pamplona Capital Management in a deal that valued the firm at $400 million, company representatives said Monday.
The company also changed its name to Cofense in a re-branding meant to reflect a broader technology focus. In recent years the firm has been moving beyond its initial focus on phishing emails.
“This acquisition further strengthens the alignment between our management team, employees, and investors as we focus on building an enduring company,” co-founder Rohyt Belani said in a news release.
Since its founding in 2011, PhishMe has tried to differentiate itself in a crowded cybersecurity marketplace by focusing on helping organizations stop spear-phishing attacks, the spoofed emails that hackers use to trick employees into granting an entryway into a company’s network. Such attacks have remained a common entry point for hackers even as network technology has become more complex.
While other firms hawked fancy technology solutions designed to spot hackers inside the electronic noise, PhishMe was best known for a simple “report phishing” tab that appeared on workers’ Outlook email system. The firm expanded that to include phishing simulations that large businesses use to train their employees to spot attacks.
That focus helped propel the firm to an annual revenue growth rate of 80 percent over the past four years, the company disclosed Monday. The firm attracted the interest of some of Silicon Valley’s most prolific technology investors, including cybersecurity-focused venture fund Bessemer Venture Partners.
But as the firm grew its Rolodex of users, its technologists realized that all of that email traffic could be used to map and spot cyber vulnerabilities across customers’ networks.
“PhishMe was founded to challenge the cliche that people are the weakest link in security,” Belani said in the release. But “not only can their employees be conditioned to be less susceptible to cyberattacks, but, in fact, they can be turned into sensors that provide very timely intelligence.”
The firm is planning to release a new product it calls “Cofense Triage,” which is meant to help network security teams manage threat information and respond to email threats quickly.
“We’ve been moving in this direction for years, with solutions that accelerate incident response, fueled by employee-sourced phishing-attack intelligence,” the company’s chief technology officer and co-founder, Aaron Higbee, said in a blog post.