the National Security Agency was harvesting basic information on most telephone calls in the United States. That metadata included the phone number originating the call, the number called, and the length of the conversation, according to the investigative reporting unit ProPublica.
Junio says Qadium provides clients information related only to their own networks, for the purpose of defending themselves against intrusions. The company’s software can detect when firewalls are down, for example, or when a device is inadvertently unprotected by a firewall.
Business clients can pay Qadium for similar information to assess the security of their franchisees, subsidiaries, vendors, and competitors, Junio says. Qadium provides only aggregate information about third parties, however—-not data at the level of specific Internet addresses, he says.
Junio says Qadium is the first security company doing Internet-scale scanning. Its technology can’t detect the locations of network devices, but it subscribes to a geolocation service so it can add that data to customers’ network profiles, he says. In another limitation, Qadium’s scans don’t pick up devices that are part of a properly configured virtual private network.
The startup competes in the growing sector of security risk-scoring companies such as New York-based SecurityScorecard and Cambridge, MA-based BitSight, and vulnerability scanning companies such as Redwood City, CA-based Qualys, he says.
Other companies are using various technical approaches to identify devices that share, or threaten, business and organizational networks. For example, Boston-based Pwnie Express uses sensors inside client locations to detect nearby wired or wireless devices that could attempt to siphon off data or infiltrate company networks. Cambridge, MA-based Lexumo keeps track of open source code components in connected devices that can provide entry points for hackers.
Qadium received early backing from DARPA, then raised $6 million in 2015 in a seed funding round led by Founders Fund, joined by OATV, Susa Ventures, and angel investors. Its $20 million Series A fundraising round was led by NEA managing partner Scott Sandell and joined by prior investors including Founders Fund.
Junio says the company will use its new capital to beef up its engineering unit, hire a sales staff, and improve its product. A key goal is to determine how frequently Qadium should conduct its global scans. Junio declined to specify how often the company scans now. But he said Qadium will build up infrastructure to increase the rate of alerts it can send clients to let them know when a new device enters their network, for example, or when an existing device makes contact with an unsecured WiFi connection.
Information from all the Qadium scans is being archived, and together they form a data resource that could be useful to device manufacturers and industry analysts, Junio says.
The technology can not only chronicle the appearance of new devices in the Internet constellation, but also takes note when devices disappear because they’ve died or been replaced.
“We can tell manufacturers where they’re losing market share, and what products are doing better or worse,” Junio says. “We are certainly thinking about [business] dimensions other than security.”
