Cyber breaches caused by people within businesses and organizations, both accidental and malicious leaks, continue to multiply. Now, a Boston security startup is arming itself with more cash and enhanced technology to try and stop these insider threats.
ObserveIT announced today it closed a $33 million Series B funding round from Bain Capital Ventures, Spring Lake Equity Partners, and NightDragon Security, the cybersecurity investment firm founded by Dave DeWalt, former CEO of cybersecurity firms McAfee and FireEye (NASDAQ: [[ticker:FEYE]]). DeWalt, who is also managing director of venture firm AllegisCyber, will join ObserveIT’s board.
ObserveIT said in April it had grabbed an initial chunk of the Series B round, but it wasn’t done fundraising. Its venture capital haul now totals $58 million.
ObserveIT (pronounced “observe it”) says the new cash will fuel an expansion of its sales and marketing teams, and help enhance its products and services. In the past, 12-year-old ObserveIT’s software tools were mostly geared toward investigating insider threats and helping customers comply with security policies, says CEO Mike McKee, who took the helm in 2016. The company’s approach involves software that monitors what users and employees are doing on their computers, educates them about risky behaviors, and either blocks them or suggests alternatives as necessary.
McKee (pictured above) says his 150-person company has been developing tools that are more proactive than reactive. That includes investing in data analytics capabilities, ideally helping customers catch insider threats before they cause damage, he says.
External cyber threats get much of the attention these days, whether it’s ransomware, phishing, or some other attack carried out by nation states or cyber criminals. Businesses are pouring money into tools to defend against outside threats, such as endpoint protection software from the likes of CrowdStrike and Carbon Black (NASDAQ: [[ticker:CBLK]]). But the number of cyber breaches originating from within organizations—perpetrated intentionally or unintentionally by employees, contractors, or partners with access to an organization’s IT systems—are growing, ObserveIT says. Although awareness is increasing, many organizations still “don’t have great visibility” of those threats, McKee says.
“It’s amazing—the last two years, I would say—how much insider threats have come onto the radar of [chief security officers] across all” industries, says McKee, a former National Hockey League player and veteran of local tech companies Rapid7 (NASDAQ: [[ticker:RPD]]) and PTC (NASDAQ: [[ticker:PTC]]). “It’s become more and more a necessity to speak to and be able to give context on what people are doing.”
ObserveIT has plenty of competition. Other security companies that sell products and services aimed at stopping insider threats include Forcepoint, CA Technologies (NASDAQ: [[ticker:CA]]), CyberArk (NASDAQ: [[ticker:CYBR]]), and AlienVault, to name a few.
ObserveIT says it has more than 1,700 customers in 87 countries, spanning financial services, healthcare, telecommunications, retail, manufacturing, technology, and other sectors, McKee says. He projects the company will generate more than $25 million in revenue this year. The business was cash-flow positive in the fourth quarter of 2017 and first quarter of this year, he says.
“We could be profitable, but we would rather invest that money,” McKee says.