Enterprises have been loading more of their operations into cloud — and, more often than not, multi-cloud — environments over the last year, creating vast networks of services that can be complex to manage. Today, vArmour, a startup that provides ways to manage in real time and ultimately secure how applications (and people) work in those fragmented environments, is announcing funding to capitalize on the demand for its services.
The Bay Area startup has picked up funding of $58 million in what it described as an oversubscribed round. Co-led by previous backers AllegisCyber Capital and NightDragon, existing investors Standard Chartered Ventures, Highland Capital Partners, Australian carrier Telstra, Redline Capital and EDBI also participated.
CEO Tim Eades said this round is likely to be its final fundraising ahead of an IPO for the company.
“We had one hell of a year in 2020 with companies rushing to the cloud,” he said in an interview, with net new annual recurring revenue doubling year over year in the last year. It started out, he noted, with perhaps 10% of business processes in the cloud, and ended at more like 50%. “Now the focus for us is to get to the public markets, maybe in two or 2.5 years from now.”
The company appointed a CFO last October as part of its go-public plan, he noted — Chris Dentiste, who previously had been the CFO of RSA. “His job is to help me find the right window. My job is to make sure we have enough fuel in the tank, and we do,” said Eades.
He added that the company is likely also to look at making some acquisitions in the meantime. A recent launch of an AI lab in Calgary, Canada, points to one area where we might see some activity.
The company is not disclosing its valuation, although Eades confirmed it was a significant up-round. It has raised $197 million to date.
For some context, in the last round of funding that we covered — a $44 million round in 2019 led by the same two investors — we mentioned a PitchBook estimate of $420 million from the previous round — a figure that the company did not dispute with us at the time.
VArmour, founded by Roger Lian and Michael Shieh, has been around for several years, with the first three spent in stealth mode, quietly building its technology, raising money and amassing early customers. Those customers, Eades said, fall into categories like telecommunications (strategic backer Telstra being one of them), and financial services.
Those industries speak largely to the challenges that vArmour is addressing in its business.
Legacy businesses in critical verticals often pre-date the modern era of business, and while many of them are going through what enterprise people like to refer to as “digital transformation”, the evolution is not a smooth one.
In many cases, adopting new technologies can be slow, and in almost every case, when you are talking about large enterprises, the changes are very piecemeal, affecting one particular service, or region, or department, or even a subsection of any of those.
All of this means that for malicious actors, there are a number of options to tackle when setting out to look for vulnerabilities in a business or its network, and for those on the inside, it makes for a very complicated and fragmented situation when it comes to monitoring those networks and the services running on them, finding vulnerabilities or suspicious activity, and doing something about that. VArmour’s term that it uses for this is “Application Relationship Management.”
Eades — whose background includes working for the likes of IBM but also leading a number of startups acquired by bigger technology giants — has first-hand understanding of how that complexity looks from both sides, from the end user end and from the service provider end. That is in essence what his company has identified and is trying to fix.
Having started out in managing application policies and providing insights to protect on that front, the company is expanding the range of tools that it provides with the recent launch of identity access management on top of that.
But that is likely to be just one of the product steps that it takes to tackle what remains a difficult problem to fix, as its growth is related not just to the growth of activity on a network, but further digital migration of services, and the rise of new technology within an organization’s stack.
(And that is also an area that vArmour is not alone in considering, or even the only approach to tackling it: consider yesterday’s news of Palo Alto Networks acquiring Bridgecrew to extend its own ability to provide automated security monitoring services to DevOps teams.)
“Managing risk and resiliency in the hybrid cloud is one of the most significant security challenges for enterprises,” said Bob Ackerman, founder and managing director at AllegisCyber Capital, in a statement. “vArmour’s platform provides the visibility, controls, and accountability necessary to actively manage these challenges and has done this for hundreds of customers. We are ecstatic to be part of their next stage of growth.”
“As applications become more complex, more distributed, and more targeted by attackers, the importance of full visibility into the relationships between applications becomes increasingly important,” added Dave DeWalt, founder of NightDragon. “vArmour’s approach to application relationship management ensures that enterprises of all sizes can continuously audit, respond, and control identity relationships to best protect their important IP, and mitigate risk to the business.”
Updated to correct the names of the founders.