Security Startup Malwarebytes Raises Another $50M From Fidelity

Malwarebytes, a security company that started when its cofounder was still a teenager fixing his parents’ infected computer, has come a long way from its bootstrapped roots. Today the startup’s software is used by millions of consumers and some 70,000 businesses to protect from and clean up computer viruses, worms, trojan horses and more. And now, to grow further, it is announcing that it has raised $50 million from Fidelity Management and Research Company.

Its newest investor, Fidelity, is well known in the startup world as a kingmaker — it has backed the likes of Uber, Snapchat, Airbnb and SpaceX with large rounds and ever-larger valuations. But Fidelity is also known as a potential breaker: its write-downs of some of the bigger valuations have been well documented and have caused ripple effects well beyond their portfolios’ boardrooms.

marcinInMarcin Kleczynski — the teenage cofounder who is now Malwarebytes’ 26-year-old CEO — says that Malwarebytes caught Fidelity’s attention in part because of its $100 million run rate. “Fidelity may be in the news because of those write-downs [of other companies in its portfolio] but that hasn’t been a problem for us,” Kleczynski said. “We are profitable, cashflow positive, and growing quickly.”

And as for that quick growth, Kleczynski told TechCrunch that the funding will be used to continue expanding the current business — hiring, product development and marketing — but also for acquisitions to add new products to the mix.

Today the company’s software covers Windows, Android and Mac products. In future he’d like to build more for all those platforms. And in particular, he said he’d like to move into the currently hot area of ad-blocking software — most likely by buying an existing startup to do so.

At a time when we are seeing a lot of overheated valuations for startups, and many speak of how easy it is to raise money, Malwarebytes provides an interesting counterpoint. The company started almost by accident, after Chicago-based Kleczynski met Boston resident Bruce Harrison- who is now the company’s VP Research — through a security forum where both were troubleshooting their own computer problems.

Together, they collaborated on the first version of Malwarebytes, which was released in 2008, while Kleczynski was a student at the University of Illinois. It went viral in the first year, he said: “The same community we came from started recommending this product.” The pair made $600,000 in their first year of selling the software, and they had never met in person.

While VCs caught wind of the growth and began to knock on their door, it was only in 2013 that the startup began to take their requests for coffee meetings. The startup ended up taking $30 million from Highland Capital in 2014 in its first (and up to now only) round of funding.

Since then it has been going from strength to strength. “We disinfected 250 million computers worldwide in 2015, of which about 20-25% were in a business environment,” Kleczynski said, with the business now evenly split between consumer and enterprise. “We get a lot of traction because other security solutions are failing to work well enough.” Another aspect is the freemium business model used by the startup: the initial use of the product is free, but signing up for extended service comes at a price, starting at $19.95/year to cover a single PC.

If you ever come across Kleczynski, be warned that he bristles a little if you refer to his product as an “antivirus” solution. “This is not ‘virus protection’,” he told TechCrunch. “Today most attacks are malware and trojan. When we started, we didn’t want to be thought of as antivirus because those companies did that but not much else, and weren’t very effective.”

Malwarebytes isn’t disclosing its valuation in this round — in the last one, we’d heard, it was under $300 million — but what Kleczynski does talk about is the fact that the company is trying to keep a lid on it from getting too out of control high. He said that the company rejected 10 figures, in fact.

“There was an opportunity to sign up for unreasonable expectations and get that billion dollar valuation,” he said, “but to do so you have to sign up for IPO guarantees, ratchets and more. We didn’t want that, and I think a lot of founders don’t understand the implications of driving that value up. So we settled for a lower valuation because I didn’t want to push liquidation preferences or IPO timelines. That just hurts you in the long term.”

Instead, what Fidelity gave Malwarebytes that it found attractive was “trust,” he says. “They trust entrepreneurs to drive the business,” he said. “We have Highland on the board already and I didn’t want to derail what we are already doing there.”

Indeed, going forward, even as the company takes more money and considers even more for the future, it’s trying to stick to its original ethos. “We still try to work like a bootstrapped company,” he said. The company is about half staffed by engineers, and “we’d rather build product that our customers buy rather than we sell to them something they may not need.” The company has made some acquisitions in the past, including hpHosts and ZeroVulnerabilityLabs, “but we still have a lot of hiring to do.”