The world of cybersecurity has seen a huge proliferation of new technology and services over the years. But with the primary focus being on solutions for larger enterprises, it leaves a big gap in the market for small and medium businesses, not least because they are increasingly finding themselves to also be a focus of malicious hackers. Today, a startup called ActZero is coming out of stealth with a set of solutions aimed specifically at SMBs. Along with its public launch, it’s also announcing that it has raised a seed round of $40 million to get its business going.
“Our main focus is SMB security,” Sameer Bhalotra, the co-founder and CEO, said in an interview. The way he and the others at ActZero see it, many startups have emerged to target the security issues faced by big government and large enterprises. “But we want to help the small and medium businesses who we feel might need help the most. No one has stitched the products together the way SMBs need them to be.”
That solution is focused around monitoring, managed detection and response, he said, not just to discover but to contain cyber threats, which ActZero powers by way of a comprehensive, cloud-based AI platform. The AI in turn helps automate some of its services, bringing down the pricing and making it all something within the budgetary reach of a typical SMB. ActZero’s smallest customers have a few hundred employees, while the biggest have a headcount of around 3,500.
“We are bringing technology to bear to democratize access,” he said.
The funding is coming from a single investor, Point72 Hyperscale, a VC firm backed by Stephen Cohen, who may be most well known for his track record in private equity. That money was raised, Bhalotra said, “on day one” of ActZero being founded in 2019.
$40 million may sound like a lot for a seed round, especially for a company that had yet to launch a service or acquire a customer. But it’s money that has been put to work already.
Some of the funding was used to acquire IntelliGo, a security startup out of Canada, last year, to give the company a head start on training its AI models with IntelliGo’s data, and also to bring on the startup’s customers to be its first users.
Another reason for the large funding round and strong confidence in what was just a concept at the time is the track record of the startup’s executives.
A previous security company co-founded by Bhalotra, StackRox, was acquired by RedHat, and another, Impermium, where he was a key executive, was acquired by Google where he became a cybersecurity executive. He was also senior director for cybersecurity in the Obama White House, among many other critical roles.
Co-founder Ed Gardner was a longtime security architect and program manager first at Akamai, then Amazon and then Microsoft. ActZero’s COO Chris Finan also spent years at Impermium, Shape Security and in a number of security roles over many years in Washington.
The work that they and others on the ActZero team put into managing cybersecurity in years past saw their primary focus train on formidable opponents that came in the form of state actors or those financed by large entities intent on stealing state intelligence, intellectual property from major companies, money laundering and disrupting networks and normal activity for other motives. “Cyberdefense was mostly about big banks and government agencies,” Bhalotra said, speaking with just a little wistfulness in his voice, maybe because it was, relatively speaking, a lot simpler back then.
These are not exactly the same kinds of issues that SMBs have traditionally faced, but times are changing. In more recent years, the evolution of cybercrime has been swift and — ironically — democratized in the process, where not even the smallest companies are totally safe.
In some ways, the threat is proportionately worse for less well-equipped smaller companies not set up to weather risky financial events. Recent research from the Ponemon Institute and IBM found that the average cost of a breach can reach into the millions of dollars, which can cripple smaller businesses.
You can liken the situation in enterprise security somewhat to the offline world of organized crime, where there are higher levels of groups that are dealing with huge sums of money and engaging in major industries, while there are also lower levels involved in more localized and smaller activities, and even low runs working in petty crime.
A lot of the primary threat for SMBs in recent years has been around ransomware “and criminal organizations have innovated on their business models and they have now moved beyond ransomware to data extortion,” said Finan. “It’s actually been fascinating to see how vertically integrated these organizations have become. You might have accounts receivable arms, R&D arms.”
Sometimes malicious hackers will attack SMBs as part of their “testing” process, he added. Their arsenal of tools of course now also include artificial intelligence, giving them machine speed to fuel malicious human intent.
Meanwhile, the rise of COVID-19, which has led to so much more business and activity being carried out online, has led to a growing “opportunity” for them, Finan said. “I have been astounded by the level of sophistication, and COVID has accelerated that shift downmarket.”
The problem is that SMBs, even those with thousands of employees, may lack the knowledge, budget or human resources to hire the kinds of security teams they need to have to address all of this.
“I wish that these small businesses were still under the radar because they are not up to the challenge for dealing with these groups,” said Bhalotra. “It’s just not the case any longer that they’re being ignored. We want to democratize cyber defense because hackers target everyone. We see multiple attacks daily, and they vary tremendously.”
There have been tools built to address security for SMBs before, although traditionally the focus has been around antivirus, firewalls and other basics. The key with what ActZero is doing is that it’s conceiving of SMB solutions on par with what is being built for their larger counterparts. It’s a next-generation security approach being taken also by a few others, including BlueVoyant and Skout, both of which have also raised sizeable rounds of funding.
The bet is that the ActZero team’s track record and knowledge sets them up to be leaders in this area.
“ActZero has developed an elegant solution for addressing the most pressing security concerns of SMBs today with its unified, AI-powered platform,” said Dan Gwak, head of Point72 Hyperscale, in a statement. “ActZero is unique in its appreciation for and realization of a combined people and automation model. We believe that ActZero has the potential to transform how security solutions are delivered to help businesses achieve better security posture more affordably. We’re excited to partner with them on this critical journey.”