Pivotal has kind of a strange role for a company. On one hand its part of the EMC federation companies that Dell acquired in 2016 for a cool $67 billion, but it’s also an independently operated entity within that broader Dell family of companies — and that has to be a fine line to walk.
Whatever the challenges, the company went public yesterday and joined VMware as a separately traded company within Dell. CEO Rob Mee says the company took the step of IPOing because it wanted additional capital.
“I think we can definitely use the capital to invest in marketing and R&D. The wider technology ecosystem is moving quickly. It does take additional investment to keep up,” Mee told TechCrunch just a few hours after his company rang the bell at the New York Stock Exchange.
As for that relationship of being a Dell company, he said that Michael Dell let him know early on after the EMC acquisition that he understood the company’s position. “From the time Dell acquired EMC, Michael was clear with me: You run the company. I’m just here to help. Dell is our largest shareholder, but we run independently. There have been opportunities to test that [since the acquisition] and it has held true,” Mee said.
Mee says that independence is essential because Pivotal has to remain technology-agnostic and it can’t favor Dell products and services over that mission. “It’s necessary because our core product is a cloud-agnostic platform. Our core value proposition is independence from any provider — and Dell and VMware are infrastructure providers,” he said.
That said, Mee also can play both sides because he can build products and services that do align with Dell and VMware offerings. “Certainly the companies inside the Dell family are customers of ours. Michael Dell has encouraged the IT group to adopt our methods and they are doing so,” he said. They have also started working more closely with VMware, announcing a container partnership last year.
Photo: Ron Miller
Overall though he sees his company’s mission in much broader terms, doing nothing less than helping the world’s largest companies transform their organizations. “Our mission is to transform how the world builds software. We are focused on the largest organizations in the world. What is a tailwind for us is that the reality is these large companies are at a tipping point of adopting how they digitize and develop software for strategic advantage,” Mee said.
The stock closed up 5 percent last night, but Mee says this isn’t about a single day. “We do very much focus on the long term. We have been executing to a quarterly cadence and have behaved like a public company inside Pivotal [even before the IPO]. We know how to do that while keeping an eye on the long term,” he said.
While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world’s biggest banks and financial services companies are located there, it would certainly make sense for security startups to concentrate on such a huge potential market — and it turns out, that’s the case.
There is a reason such a broad-based ecosystem is based in a single place. The companies who want to discuss these kinds of solutions aren’t based in Silicon Valley. This isn’t typically a case of startups selling to other startups. It’s startups who have been established in New York because that’s where their primary customers are most likely to be.
In this article, we are looking at a few promising early-stage security startups based in Manhattan
Hypr: Decentralizing identity
Hypr is looking at decentralizing identity with the goal of making it much more difficult to steal credentials. As company co-founder and CEO George Avetisov puts it, the idea is to get rid of that credentials honeypot sitting on the servers at most large organizations, and moving the identity processing to the device.
Hypr lets organizations remove stored credentials from the logon process. Photo: Hypr
“The goal of these companies in moving to decentralized authentication is to isolate account breaches to one person,” Avetisov explained. When you get rid of that centralized store, and move identity to the devices, you no longer have to worry about an Equifax scenario because the only thing hackers can get is the credentials on a single device — and that’s not typically worth the time and effort.
At its core, Hypr is an SDK. Developers can tap into the technology in their mobile app or website to force the authorization to the device. This could be using the fingerprint sensor on a phone or a security key like a Yubikey. Secondary authentication could include taking a picture. Over time, customers can delete the centralized storage as they shift to the Hypr method.
The company has raised $15 million and has 35 employees based in New York City.
Uplevel Security: Making connections with graph data
Uplevel’s founder Liz Maida began her career at Akamai where she learned about the value of large data sets and correlating that data to events to help customers understand what was going on behind the scenes. She took those lessons with her when she launched Uplevel Security in 2014. She had a vision of using a graph database to help analysts with differing skill sets understand the underlying connections between events.
“Let’s build a system that allows for correlation between machine intelligence and human intelligence,” she said. If the analyst agrees or disagrees, that information gets fed back into the graph, and the system learns over time the security events that most concern a given organization.
“What is exciting about [our approach] is you get a new alert and build a mini graph, then merge that into the historical data, and based on the network topology, you can start to decide if it’s malicious or not,” she said.
The company hopes that by providing a graphical view of the security data, it can help all levels of security analysts figure out the nature of the problem, select a proper course of action, and further build the understanding and connections for future similar events.
Maida said they took their time creating all aspects of the product, making the front end attractive, the underlying graph database and machine learning algorithms as useful as possible and allowing companies to get up and running quickly. Making it “self serve” was a priority, partly because they wanted customers digging in quickly and partly with only 10 people, they didn’t have the staff to do a lot of hand holding.
Security Scorecard: Offering a way to measure security
The founders of Security Scorecard met while working at the NYC ecommerce site, Gilt. For a time ecommerce and adtech ruled the startup scene in New York, but in recent times enterprise startups have really started to come on. Part of the reason for that is many people started at these foundational startups and when they started their own companies, they were looking to solve the kinds of enterprise problems they had encountered along the way. In the case of Security Scorecard, it was how could a CISO reasonably measure how secure a company they were buying services from was.
Photo: Security Scorecard
“Companies were doing business with third-party partners. If one of those companies gets hacked, you lose. How do you vett the security of companies you do business with” company co-founder and CEO Aleksandr Yampolskiy asked when they were forming the company.
They created a scoring system based on publicly available information, which wouldn’t require the companies being evaluated to participate. Armed with this data, they could apply a letter grade from A-F. As a former CISO at Gilt, it was certainly a paint point he felt personally. They knew some companies did undertake serious vetting, but it was usually via a questionnaire.
Security Scorecard was offering a way to capture security signals in an automated way and see at a glance just how well their vendors were doing. It doesn’t stop with the simple letter grade though, allowing you to dig into the company’s strengths and weaknesses and see how they compare to other companies in their peer groups and how they have performed over time.
It also gives customers the ability to see how they compare to peers in their own industry and use the number to brag about their security position or conversely, they could use it to ask for more budget to improve it.
The company launched in 2013 and has raised over $62 million, according to Crunchbase. Today, they have 130 employees and 400 enterprise customers.
If you’re an enterprise security startup, you need to be where the biggest companies in the world do business. That’s in New York City, and that’s precisely why these three companies, and dozens of others have chosen to call it home.
When you think about critical infrastructure, DNS or domain naming services might not pop into your head, but what is more important than making sure your website opens quickly and efficiently for your users. NS1 is a New York City startup trying to bring software smarts and automation to the DNS space.
“We’re a DNS and [Internet] traffic management technology company. We sit in a critical path. Companies point domains at our platforms,” company CEO and co-founder Kris Beevers told TechCrunch. That means when you type in the domain name like Google.com, you go to Google and you go there fast. It’s basic internet plumbing, but it’s essential.
Beevers cut his teeth as head of engineering at Voxel, a cloud infrastructure company that was acquired by Internap in 2012 for $35 million. He and his NS1 co-founders saw an opening in the DNS space and launched the company in 2013 with a set of software-defined DNS services. The startup was able to take advantage of the New York startup ecosystem early on to drive some business, even before they went looking for funding, but one incident really helped put the company on the map and effectively double its business.
That event occurred in almost exactly two years ago in 2016. One of NS1’s primary competitors, Dyn, a New Hampshire-based DNS company was the victim of a massive DDoS attack that took down the service for hours. When critical infrastructure like your domain name server goes away, you see the consequences pretty starkly and suddenly customers realized they didn’t just need this service, they needed redundancy in case the primary service went down — and with that attack, NS1’s business effectively doubled overnight.
Suddenly everyone who owned one, needed another for redundancy. One competitor’s misfortune turned out to be highly beneficial for NS1, who turned out to be in the right place at the right time with the right solution. Dyn was actually acquired by Oracle later that year.
“DNS had been around since 1983. The first 20 years were very boring with no commercial ecosystem,” Beevers said. Even when it went commercial in the early 2000s, nobody was looking at this as a software problem. “We saw everyone in this space was a hardware or networking vendor. Nobody was a software company. Nobody had thought about automation or how automation fit into the stack. And nobody saw the big infrastructure trends,” Beevers explained.
They got their start in the adtech startup space that was booming in NYC when they launched in 2013. These companies were willing to take a chance with an unknown startup, partly because they were looking for any edge they could get, and partly because they knew Beevers from his days at Voxall so he wasn’t a completely unknown quantity.
“Our ability around dynamic traffic management and performance reliability gave those ad companies [an advantage].They were able to take a chance on us. If we have a bad day, a customer can’t operate. We had limited infrastructure. They placed a bet on us because of the [positive] impact we had on their business.”
Today the company is growing fast, has raised close to $50 million and has close to 100 employees. While the bulk of those folks are in NYC, they have also opened offices in San Francisco, Londonderry, NH, the UK and Singapore.
Beevers says the Dyn incident in many ways brought the industry closer together. While they compete, they still need to cooperate to keep the domain system up and running. “We compete and are comrades in the internet mess. We will all fall apart if we don’t work together,” he said. As it turned out, being part of the whole New York infrastructure community didn’t hurt either.
Every startup needs a little skill and a little luck. BigID, a NYC-based data governance solution has been blessed with both. The company, which helps customers identify sensitive data in big data stores, launched at just about the same time that the EU announced the GDPR data privacy regulations. Today, the company is having trouble keeping up with the business.
While you can’t discount that timing element, you have to have a product that actually solves a problem and BigID appears to meet that criteria. “This how the market is changing by having and demanding more technology-based controls over how data is being used,” company CEO and co-founder Dimitri Sirota told TechCrunch.
Sirota’s company enables customers to identify the most sensitive data from among vast stores of data. In fact, he says some customers have hundreds of millions of users, but their unique advantage is having built the solution more recently. That provides a modern architecture that can scale to meet these big data requirements, while identifying the data that requires your attention in a way that legacy systems just aren’t prepared to do.
“When we first started talking about this [in 2016] people didn’t grok it. They didn’t understand why you would need a privacy-centric approach. Even after 2016 when GDPR passed, most people didn’t see this. [Today] we are seeing a secular change. The assets they collect are valuable, but also incredibly toxic,” he said. It is the responsibility of the data owner to identify and protect the personal data under their purview under the GDPR rules, and that creates a data double-edged sword because you don’t want to be fined for failing to comply.
GDPR is a set of data privacy regulations that are set to take effect in the European Union at the end of May. Companies have to comply with these rules or could face stiff fines. The thing is GDPR could be just the beginning. The company is seeing similar data privacy regulations in Canada, Australia, China and Japan. Something akin go this could also be coming to the United States after Facebook CEO, Mark Zuckerberg appeared before Congress earlier this month. At the very least we could see state-level privacy laws in the US, Sirota said.
Sirota says there are challenges getting funded as a NYC startup because there hadn’t been a strong big enterprise ecosystem in place until recently, but that’s changing. “Starting an enterprise company in New York is challenging. Ed Sim from Boldstart [A New York City early stage VC firm that invests in enterprise startups] has helped educate through investment and partnerships. More challenging, but it’s reaching a new level now,” he said.
I’ll be helping build a larger meetup focused on pre-ICO companies in New York on April 23 and I’d love to see you there. It will be held at Knotel on April 23 at 7pm and will feature a pitch-off with eight startups — I will write about the best ones — and two panels with some yet-unnamed stars in the space.
I’d love to see you there, so please sign up here. The team is charging for tickets so we can get some beers and pizza for the attendees.
I am looking to fill out a panel so if you’d like to join me on stage and have done extensive ICO work email me at john@techcrunch .com.
The event will be held at 551 Fifth Avenue on the 9th Floor and you can sign up to pitch here. I’ll have more information as we get closer to the event. I’m notifying companies today if they will pitch.
Orchid Labs, a San Francisco-based startup that’s developing a a surveillance-free layer on top of the internet, has raised a bunch of funding, according to a newly processed SEC filing that shows the year-old startup has closed on $36.1 million. The money comes just five months after Orchid closed on a separate, $4.5 million in funding from investors, including Yes VC, cofounded by serial entrepreneurs Caterina Fake and Jyri Engeström.
Others of its earliest backers include Andreessen Horowitz, DFJ, MetaStable, Compound, Box Group, Blockchain Capital, and Sequoia Capital, according to its site.
The stated goal of the Orchid is to provide anonymized internet access to people across the globe, particularly individuals who live in countries with excessive government oversight of their browsing and shopping.
Part of the point also seems to be to insulate users from the many companies that now harvest and sell their data, including walled gardens like Facebook and other giants like AT&T.
In a word where one assumes the Cambridge Analytica scandal is merely the tip of the iceberg when it comes to data abuse, it’s easy to see the project’s appeal. So far, judging by the filing, the company has raised that $36.1 million via a SAFT agreement, an investment contract offered by cryptocurrency developers to accredited investors.
The filing shows that 42 individuals have participated to date. It shows a target of $125,595,882 million, however, and judging by how hot particular blockchain ideas are getting, and how quickly (see the Basis deal earlier this week), you can imagine more money will flow to the company if it hasn’t already. (That’s also an awfully specific target on its filing.)
We’ve reached out to the company for more information. If you want to learn more, you can also check out its white paper.
Friday Night Lights, the football show that was never just about football (and one of the best shows on television), is now streaming on Hulu.
Say goodbye to the weekend is all I’m saying.
Hailed as one of the most honest depictions of a functioning adult relationship in its portrayal of the husband and wife duo of “Coach” Eric and Tammy Taylor, Friday Night Lights also worked wonders for showing the life and high school times of teens in a small Texas town.
The show is phenomenal. If you haven’t seen it, you should, and if you have (and if you’re me, you have many many many times), this weekend is as good a time as any to watch it again.
For Hulu, this is part of a clutch of shows from the ’90s and 2000s that are touchstones of popular culture. The streaming service already holds Will & Grace, Felicity, Dawson’s Creek and The O.C.
The series launched (or cemented) the careers of several actors, including Kyle Chandler, Connie Britton, Adrianne Palicki, (and a post-Wire,pre-Fruitvale Station, Creed and Black Panther)Michael B. Jordan, Minka Kelly, Jesse Plemons and Gaius Charles.
Hulu isn’t the only place you can see the Taylors struggle with life in Dillon, Texas. Amazon added the series (along with Parks & Recreation, House and Eureka) to its lineup, as well.
The U.S. government is following through on its promise to crack down on initial coin offering scams. On Friday, the SEC announced charges against Raymond Trapani, the third co-founder of Centra Tech Inc., which raised $32 million for a cryptocurrency debit card last year through a flashy ICO endorsed by DJ Khaled and boxer Floyd Mayweather. The company’s other two co-founders, Sam Sharma and Robert Farkas, were charged and arrested earlier this month.
“We allege that the Centra co-founders went to great lengths to create the false impression that they had developed a viable, cutting-edge technology,” the SEC’s Cyber Unit Chief Robert A. Cohen said of the ICO. “Investors should exercise caution about investments in digital assets, especially when they are marketed with claims that seem too good to be true.”
The SEC calls Trapani the “mastermind” of the fraudulent ICO scheme, which lured investors with claims of major credit card partnerships, misrepresentations about the company’s product, fake founder biographies and price manipulation of its Centra tokens (CTR).
According to SEC documents, these particular ICO fraud artists were caught red-handed:
Text messages among the defendants reveal their fraudulent intent. After receiving a cease-and-desist letter from a major bank directing him to remove any reference to the bank from Centra’s marketing materials, Sharma texted to Farkas and Trapani: “[w]e gotta get that s[***] removed everywhere and blame freelancers lol.” And, while trying to get the CTR Tokens listed on an exchange using phony credentials, Trapani texted Sharma to “cook me up” a false document, prompting Sharma to reply, “Don’t text me that s[***] lol. Delete.
The U.S. Attorney’s Office for the Southern District of New York also unsealed criminal securities and wire fraud charges against Trapani, who was arrested Friday morning. Trapani faces one count of conspiracy to commit securities fraud, one count of conspiracy to commit wire fraud, one count of securities fraud and one count of wire fraud. Three out of the four charges carry a maximum sentence of 20 years,
“As alleged, Raymond Trapani conspired with his co-defendants to lure investors with false claims about their product and about relationships they had with credible financial institutions,” Deputy U.S. Attorney Robert Khuzami said of the criminal charges.
“While investing in virtual currencies is legal, lying to deceive investors is not.”