UK cyber security startup Digital Shadows, which sells a SaaS service to businesses wanting to monitor and manage potential risks by keeping tabs on activity related to their digital footprint — has closed a $14 million Series B funding round, led by Trinity Ventures. As part of the investment, Trinity’s Fred Wang has joined the Digital Shadows board.
Existing investors Storm Ventures, TenEleven Ventures and Passion Capital also participated in the round, along with new investor Paladin Capital Group. It last raised about a year ago when it took in an $8 million Series A round. CEO Alastair Paterson told TechCrunch the new funding will be used “across the board” to keep growing the business.
“It’s not focused on a single area of the company. It’s across the board. So it’s more product and engineering in London. It’s a lot more sales and marketing in the US and some in Europe. And in addition to that we’ve got the service delivery team and the research that we do, on the security side, that we’re enhancing. So it’s everything really.”
“It’s all about scaling up for us because we’re seeing the demand’s there in the market so it’s about getting access to as much of that market as possible and then being able to deliver the service,” he adds.
Digital Shadows’ flagship product, SearchLight, is a continuous real-time scan of more than 100 million data sources online and on the deep and dark web — cross referencing customer specific data with the monitored sources to flag up instances where data might have inadvertently been posted online, for instance, or where a data breach or other unwanted disclosure might be occurring. The service also monitors any threat-related chatter about the company, such as potential hackers discussing specific attack vectors. It calls the service it offers “cyber situational awareness”.
“We found a folder of over 3,000 documents belonging to a financial institution that included designs to their ATM network that was accidentally shared,” says Paterson, giving some examples of the sorts of intel it turns up for customers. “One from only a week ago we found the admin passwords to a West Coast test firm’s database that was shared online on a coding site. So they were able to get that taken down, and change the passwords very quickly.
“On the threat side we dig up plenty of contextual data about adversaries. In one case we found an employee of a bank selling their customer data online on one of the Tor network forums. We’re sending multiple of these a day through.”
In order not to swamp its customers with too much data it has a team of analysts filtering and vetting the harvested intel to cut out any false positives. “We only send a handful of analyst-verified incidents to our clients,” he says. “Those are sent in real-time by email alert but the main delivery method is a SaaS portal that we have.”
How is Digital Shadows able to track down such particular needles amid such a massive and dynamic digital haystack (to borrow another oft-used metaphor in tech)? Firstly by having access to very specific customer data. Paterson notes that when it onboards new users it does so by setting up a customer configuration that includes core data such as keywords, subsidiaries, employees, and can even include uploading sample code. “It’s hugely customizable which really helps us find the right information,” he notes.
Then, on the sources side, it uses a combination of APIs, piggybacking on search engines, plus its own custom crawlers and bots. “It’s a real range of technologies we use,” he says.
Paterson claims the startup has no like-for-like competitors, although certain aspects of the business — such as helping to manage brand reputation — may overlap with other types of services. He describes the core IP of the business as the engineering effort that delivers a “huge” volume of data, coupled with the ability to intelligently filter this with its algorithms.
“It’s a huge amount of data collection from all of those sources in real-time, so it’s quite an engineering effort around that. But then being able to filter out all the noise is the key thing — so that’s a combination of natural language processing and machine-learning. So we have a data science team in London, that’s where all our engineering sits,” he explains.
Eileen Burbidge, partner at Passion Capital which invested in the startup at the seed stage, argues it has a “unique approach”. “Digital Shadows is a tremendous UK tech success story,” she says. “We first invested in Digital Shadows at its seed stage because of its unique approach to the market, providing truly relevant threat intelligence as part of a much broader offering that reduces the risk and burden of its customers.”
The startup was founded in 2011, but launched the first “true version” of its product (as Paterson puts it) in May 2014. It now has more than 50 enterprise customers, including financial services companies, supermarkets, TV stations, fashion companies, healthcare and energy businesses.
Typically its users are enterprises with more than 1,000 employees, although Paterson says it does have a customer on the West Coast US that’s much smaller (circa 200 employees). He says the service generally appeals to companies “that care about their data and their reputation”.
Now, flush with fresh funding its priority for the next 12 months is scaling up. “Last year we had the really ambitious goal of quadrupling our subscription clients and revenue and we more than achieved that. This year we’re looking to treble,” he adds.