Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud

Secure web gateways, the network security services designed to help organizations enforce IT policies around internet usage by blocking (or letting through) certain traffic, are one of the most common investments that organizations make in their cybersecurity profiles. But this is a product that’s been around for decades, which means there remains a lot of room for innovation and improvement.

Today, an SWG startup called dope.security said it raised $16 million to fuel its efforts to do just that.

In contrast to being routed through the cloud and data centers or large and expensive on-premise network appliances (some the popular approaches for such services these days), Dope has designed a secure web gateway product that’s run on an organizations’ endpoints: computers and other devices connected to the company network. It believes this approach makes it easier to use, more secure, less prone to failures, significantly faster, and more privacy-friendly for users.

Dope plans to use the funding for hiring, business development, and to continue enhancing its product with more features. New features will include a Dope API later in the year, and a “zero-trust” layer for organizations that need that extra level of security, said Kunal Agarwal, Dope’s founder and CEO, in an interview from its HQ in Mountain View, CA.

The Series A round was led by GV (Google Ventures), with Boldstart Ventures and Preface, which backed the startup last year when it was still in stealth, also participating. The company has now raised $20 million. It did not disclose its valuation.

Agarwal said he first came up with Dope’s central premise when he was working at Symantec, where he started as an engineer working on SWG and worked his way up to product manager and eventually, general manager. Symantec is one of the world’s best-known purveyors of secure web gateways and other security products, so Agarwal saw firsthand just how long it took Symantec to make any changes to the product and the problems with how the product works today.

“I lived SWG day in and day out,” he said. “I heard how customers complained about how, when it doesn’t work properly, you don’t have web access at all.”

In his view, as computing has shifted wholesale to the cloud, moving security to the cloud to manage that change has been a misfire. Typical secure web gateway products built to work in the cloud essentially send all of their traffic to servers before letting it proceed or blocking it. This essentially causes delays and can even result in total failure when something doesn’t work correctly. The problem has been compounded by more traffic moving to the cloud and more people working from disparate locations.

Dope describes its approach as “fly direct”: The end point is where the traffic is evaluated before it is allowed through (or not, as the case may be). That reduced hop not only means less time spent in transit, it also lowers the chances of the whole system falling over.

Dope uses the cloud, but only for certain aspects of the service. Administrators manage white and black lists on the cloud, and that data is distributed to endpoints using guidance from Dope itself, which says that it’s crunching through some 700 terabytes of content to understand threats on the internet. Later, diagnostics and analytics are sent to the cloud so that network administrators can better understand usage and behavior on their networks.

That points to another important aspect of this and all secure web gateway products: The baseline of these services is that they are there to control how people go online, monitor what they do and see how (and what) data might come into or go out of a network.

But in the bigger scheme of a market that was worth $9 billion at the end of 2022 and predicted to grow to nearly $24 billion by 2028, it’s clear that this is only going to grow as an approach in the struggle of trying to secure organizations against ever-growing cybersecurity threats. Dope believes it’s offering a route to managing that containment in a potentially less invasive way that is more user-friendly than the other options out there.

“dope.security cares deeply about design and user experience in a way that is unique to the security industry. Its first goal when creating a product is simplicity — the simplicity of architecture, purchasing, deployment and management,” said Sangeen Zeb, a general partner at GV, in a statement. “dope.security is well positioned to reinvent traditional approaches to SWG, and we’re excited to work with the team to bring this modern approach to life.”

Zeb is joining the startup’s board with this round.

Pricing starts at $60 per device, per year for the service.