The pace of malicious hacks and security breaches is showing no signs of slowing down, and spend among enterprises to guard against that is set to reach $124 billion this year. That’s also having a knock-on effect on the most innovative cybersecurity startups, which continue to raise big money to grow and meet that demand.
In the latest development, a New York startup called BlueVoyant — which provides managed security, professional services and, most recently, threat intelligence — has picked up $82.5 million in a Series B round of funding at a valuation in excess of $430 million.
The funding is coming from a range of new and existing investors that includes Fiserv, the fintech giant that’s acquiring First Data for $22 billion. (The startup is not disclosing any other names at this time, it said.) It has raised $207.5 million to date.
BlueVoyant has a notable pedigree that goes some way to explaining how the idea for the startup first germinated.
Co-founder and CEO Jim Rosenthal met his co-founder Tom Glocer (the former CEO of Thomson Reuters) when Rosenthal was COO of Morgan Stanley and Glocer was a director at the financial services giant (Glocer is still on the board). Glocer said that in 2012 and 2013, a fair amount of Rosenthal’s work involved cyber defense, and he came into close contact there with Glocer, who was chairing the operations and technology committee at the time.
“Here was an incredibly strategic, smart fellow in charge of operations,” he said of Rosenthal. “When it came time for him to retire, he told me he wanted to do one more big thing, but in a more entrepreneurial fashion. I suggested to him that the next step could be to work on [cybersecurity], which we were focusing on at Morgan Stanley.”
Glocer noted that the bank was spending some $300 million annually on cybersecurity at the time. It effectively had all the resources of the world at its disposal to invest in tackling the risks, but the two were all too aware of how even that could prove not to be enough — and of course for any company with fewer resources, or that wasn’t billed as a tech company or with technology as part of its DNA.
BlueVoyant was built with those kinds of challenges in mind.
The startup has amassed talent from the world of private enterprise, but also a number of government organizations such as the NSA, FBI, GCHQ and Unit 8200 — which are alternately renowned and somewhat notorious for their work in cybersecurity and hacking. Its offices span a multitude of geographies that speaks to the customers that it has picked up in its quiet growth to date (which also gives some color to its valuation, too). In addition to the U.S., it has operations in Israel, the United Kingdom, Spain and the Philippines.
Tapping that talent pool, the company focuses on three areas of service for its customers: threat intelligence, managed security and professional services (with the latter focused specifically on those related to security implementations and operations).
Within these, Rosenthal said in an interview that it both builds its own IP, and also brings in software from a range of trusted partners (which include many of the biggest security software companies around today). Key to the proposition, though, is also the implementation of that technology. The theory is that technology will only get a company so far: you need a multi-level strategy when it comes to cybersecurity, and part of that will involve people able to identify vulnerabilities and figuring out how to fix or defend around them.
BlueVoyant believes the opportunity for it is twofold: targeting small and medium enterprises — the pitch being that it can provide the same kind of software and level of services that large enterprises enjoy; and targeting larger enterprises that may already have large IT budgets and teams tasked with cybersecurity, but could still use supplementary work from a world-class team of experts that would be a challenge to amass directly.
“My view is that for firms with very good cyber defenses, external cyber intelligence is important because you can’t defend everything equally,” Rosenthal said. “Having good actionable defense makes it better.
“Then for firms that are unable to afford an excellent cyber defense instructed by themselves and may not be able to attract the talent necessary, a managed security service is the right and important answer,” he continued. “That kind of managed security now needs to be available to companies of all sizes, not just the big ones but small and medium organizations, too. We have created a tech stack and level of talent capable of providing those.”
The formula appears to be working. Since launching the first tranche of its offering, managed services, in 2018, BlueVoyant has picked up some 150 customers in verticals like financial services, manufacturing, municipal government and education.
Working with partners is one way that BlueVoyant plans to expand that customer base over time. Fiserv is backing the startup as a strategic investment and the two will collaborate on providing respective services to each other’s clients. Specifically, Glocer noted that many of the banks that Fiserv currently works with are typical targets: businesses that have a lot to lose in a breach, but may lack the size to ever adequately secure its infrastructure and other assets.
“The strategic alliance between Fiserv and BlueVoyant brings advanced cyber defense capabilities to banks and credit unions of all sizes,” said Byron Vielehr, chief administrative officer of Fiserv. “Our continued investment in BlueVoyant underscores the value these capabilities can bring to our clients.”
BlueVoyant is not the only big security startup to raise at a high valuation in recent times. Auth0 raised $103 million at a $1 billion valuation last week. In April, Bitglass closed a $70 million round. 2018 had seen a high-water mark for security funding, with startups raking in a record $5.3 billion in the year; it will be worth watching to see whether the ongoing march of breaches will see those figures rise again this year.