Dragos raises $110M Series C as demand to secure industrial systems soars

Cybersecurity firm Dragos has raised $110 million in its Series C, almost triple the amount that it raised two years ago in its last round.

Dragos was founded in 2016 to detect and respond to threats facing industrial control systems (ICS), the devices critical to the continued operations of power plants, water and energy supplies, and other critical infrastructure. The company’s threat detection platform — its moneymaker — helps companies with industrial control systems defend against hackers trying to get into important operational systems. Its platform kicks out hackers that could shut down manufacturing lines or control energy supply systems, while its research arm keeps tabs on the hackers that can break into these highly complex and segmented industrial networks in the first place.

The startup’s latest round was led by National Grid Partners and Koch Disruptive Technologies, with both firms adding a member each to Dragos’ board. The round also saw participation from Saudi Aramco Energy Ventures and Hewlett Packard Enterprise, as well as return investors Allegis Cyber, Canaan Partners, DataTribe, Energy Impact Partners and Schweitzer Engineering Labs.

This latest round of funding will help the company with its go-to-market efforts, as well as growing its customer support team with 30 staff and building up its sales and marketing team. Lee said the company’s priority had been to work on its threat platform, and less selling it.

About one-third of the company’s employees work in software engineering to build its threat platform.

Dragos founder and chief executive Robert Lee said the pandemic, which forced vast swathes of the world to work remotely from home under lockdown restrictions, served as a wake-up call for companies with critical infrastructure.

“When you’re talking about critical infrastructure sites and people’s utilities, you need to put your best foot forward on the tech first,” he said.

Many companies were already trying to adapt with the digital age, but Lee said many companies realized they had underinvested in ICS security.

Dragos team picture

A team photo of Dragos employees. Image Credits: Dragos

Based just outside Washington D.C., Dragos now has over 220 employees and will be adding more, close to doubling its headcount since last year, and adding new offices in Melbourne, Dubai and in the United Kingdom.

Lee said the U.K.’s transition out of the European Union would all but ensure that the new U.K. office could not serve as an EU hub for the company, but that it was necessary to “to go where the problems are.”

Another one of those places is Saudi Arabia, one of the world’s largest oil and gas producers, where Dragos has an office and now draws an investment. Saudi oil and gas manufacturing plants have been the target of several cyberattacks, including the Trisis malware in 2017 that shut down one of the kingdom’s biggest petrochemical plants. But the country has faced extensive criticism for its human rights record by international rights groups. Lee said the company works to protect infrastructure that serves civilians and has actively rejected military contracts that would fall afoul of those values. “I don’t want to put asterisks on that mission,” he said.

Lee told TechCrunch that the company has grown at a rapid pace since it was founded four years ago.

“Our goal was never to get acquired,” he said. Echoing remarks he made last year, Lee said that the company’s plan was to continue growing and investing in the problems that Dragos sees — with an eventual goal to take the company public. “But we’re not rushed,” he said.

“The hallmark of Dragos being successful won’t be a successful IPO,” said Lee. “The hallmark will be having validated and built the market large enough that there can be other companies that come behind us serving the other more niche aspects of the ICS market and building out the community, and making sure our infrastructure is safer.”