Duo Security, the Ann Arbor, MI-based startup developing two-factor authentication tools to protect businesses from hackers, announced this week that it has raised $30 million in a Series C round led by Redpoint Ventures.
Duo co-founder and CTO Jon Oberheide said the round included follow-on participation from previous investors such as Google Ventures, Resonant Venture Partners, and Benchmark. The company has raised a total of $48 million since it was founded in 2010.
“One thing we observed in the market was growing investment in security and every organization dramatically increasing their security budget,” Oberheide said. He added that J.P. Morgan, for instance, has spent $500 million preventing cyber attacks—a level of spending he described as the one percent. Ninety-nine percent of organizations can’t afford to hire a staff to develop and deploy security products, he said, and cost isn’t the only prohibiting factor. He feels the talent required to build and maintain sophisticated security networks is “woefully undersupplied.”
Oberheide also said the current state of the industry is broken: “The security technology being employed is built on approaches that are not really relevant anymore.”
Duo’s flagship product is cloud-based, two-factor authentication technology that, once installed and activated on a smartphone, provides secondary authentication with the tap of a button. Two-step authentication is emerging as a way to add an additional layer of security to online communications by confirming that you are who you say you are, since passwords can be easy to guess and many people re-use them for multiple sites.
Duo’s system is designed to protect against identity theft attacks by delivering a private key to the user’s mobile device to authenticate the user’s credentials, while the public key verifies the signature on the server side. So, even if Duo’s database is compromised, an identity thief wouldn’t be able to bypass two-factor authentication and gain access to sensitive information.
Oberheide said in the age where the “bring your own device” approach is gaining traction in the workplace, incorporating cloud and mobile software in cyber security is vital.
“Products like firewalls just don’t apply in a model involving access to mobile and cloud technology,” he said. “If you’re trying to enable a bring-your-own-device environment, how do you ensure you’re not vulnerable to hackers, or you have the right level of security that allows access to the corporate environment?”
With that in mind, Duo just launched a new product called Platform, which Oberheide said allows IT administrators to define who gets access, automate enforcement of controls depending on risk factors, and get more insight into access-related threats and who’s on the other end of the devices trying to get in.
“All in all, the two-factor authentication method is wildly successful and a better lock on the door,” Oberheide said. “Our new Platform product is more like a home monitoring system.”
Oberheide also talked about the “security poverty line,” an analyst’s term that refers to the fact that companies often fail to meet the minimum bar to adequately protect themselves.
“J.P. Morgan can afford the best and brightest in security, but hundreds of thousands of organizations are below that poverty line with the same threats. It’s unfair, because hackers don’t discriminate. We’re trying to convince them to deploy our platform and we’re trying to make it affordable.”
Oberheide said Duo raised another round of funding mostly to keep up with customer demand. (Its customers already include Facebook, NASA, Paramount, Toyota, and WhatsApp.) It also recently opened a sales and marketing office in San Mateo, CA, and will soon open a third location in London, according to a blog posted this week by Duo CEO Dug Song.
In the blog post, Song wrote, “It’s time to end the suffering for the user. That’s our primary goal and we’re happy to say that our investors stand behind us in these efforts.”
