vArmour, a security startup that has been in stealth mode for the past three years, is today announcing not one but two more rounds of funding as it finally gears up for a launch later this year. The startup, based out of Mountain View, has raised $36 million in Series B and Series C rounds. The first of these, a $15 million tranche from December 2013, was led by Menlo Ventures (which has led on another enterprise investment being announced today), while the $21 million Series C comes from Columbus Nova Technology Partners (CNTP), Citi Ventures and Work-Bench Ventures.
vArmour has now raised a total of $42 million.
vArmour — a reference to “virtual armour,” its co-founder and CEO Tim Eades tells me — has yet to tell the world at large how, exactly, it is securing enterprises. More of those details will come in its formal launch. For now Eades has sketched out the basic idea to me in general terms.
As he describes it, the challenge today in enterprise security is that while there has been a focus on monitoring all traffic through designated “choke points”, today the perimeter of what an enterprise network even is has become a slippery slope with the rise of mobile devices, apps and the generally much wider range of hardware and software that people use to access work data. As a result, it has become increasingly difficult to distinguish between “suspicious and malicious”, in his words.
vArmour’s protection — which is entirely software-based, with no physical appliances as you often get with enterprise security offerings — aims to tackle this by literally looking at every single piece of data that comes into a network. Using big data analytics, it then begins a process of sifting through and organising this, to figure out what may not be legit, and tagging and then following that data as it sits in the network.
In practice, this means securing not just high-value assets like servers but also low-value hardware like mobile phones, tablets and laptops — monitoring the data passing through that hardware and how it evolves. As for what kinds of security issues vArmour specialises in, Eades gave me an interesting example by describing a situation at a business that became a customer of vArmour (after the fact):
“This business had a branch office in Far East where a person’s machine got infected,” he says. “That machine had restricted privileges, but the hacker figured out how to crack it. He started to speed up and slow down the machine. The employee got agitated and rang up customer support.
“Support comes in remotely and changes privileges in the machine to figure out what was wrong. [Monitoring those privileges results in] malware going all around the office.”
This highlights another interesting, but sad, evolution in IT. As sophisticated as we are becoming in computing, it’s also breeding more sophisticated crime, too.
“These attacks have become incredibly sophisticated. Hackers get navigational and directional support from dark web, and they can live in your machine for hundreds of days before doing something. Let’s just say that we are now helping this company.”
“If you’ve been in security for 10-15 years, it’s amazing to see how the hackers have gone from glory to greed,” adds Dave Stevens, a former CEO of Palo Alto Networks who is also an investor in vArmour and on the board, who was also sitting in on my interview with Eades. “As there is more and more money online, it’s incredible how sophisticated hackers have become.”
I didn’t get the specific customer name in question in the anecdote here, and in fact vArmour wouldn’t disclose any customer names. But I did get a rough outline of who is on client list: lots of financial services companies, service providers and healthcare providers are there, spanning all geographies. Healthcare, with the vast move of patient records, drugs information and more online, he says, “has turned into the wild west of enterprise networking” in terms of being a magnet for malicious activity.