Thundra announces $4M Series A to secure and troubleshoot serverless workloads

Thundra, an early stage serverless tooling startup, announced a $4 million Series A today led by Battery Ventures. The company spun out from OpsGenie after it was sold to Atlassian for $295 million in 2018.

York IE, Scale X Ventures and Opsgenie founder Berkay Mollamustafaoglu also participated in the round. Battery’s Neeraj Agarwal is joining the company’s board under the terms of the agreement.

The startup also announced that it had recently hired Ken Cheney as CEO with technical founder Serkan Ozal becoming CTO.

Originally, Thundra helped run the serverless platform at OpsGenie. As a commercial company, it helps monitor, debug and secure serverless workloads on AWS Lambda. These three tasks could easily be separate tools, but Cheney says it makes sense to include them all because they are all related in some way.

“We bring all that together and provide an end-to-end view of what’s happening inside the application, and this is what really makes Thundra unique. We can actually provide a high-level distributed view of that constantly-changing application that shows all of the components of that application, and how they are interrelated and how they’re performing. It can also troubleshoot down to the local service, as well as go down into the runtime code to see where the problems are occurring and let you know very quickly,” Cheney explained.

He says that this enables developers to get this very detailed view of their serverless application that otherwise wouldn’t be possible, helping them concentrate less on the nuts and bolts of the infrastructure, the reason they went serverless in the first place, and more on writing code.

Serverless trace map in Thundra. Screenshot: Thundra

Thundra is able to do all of this in a serverless world, where there isn’t a fixed server and resources are ephemeral, making it difficult to identity and fix problems. It does this by installing an agent at the Lambda (AWS’ serverless offering) level on AWS, or at runtime on the container at the library level,” he said.

Battery’s Neeraj Agarwal says having invested in OpsGenie, he knew the engineering team and was confident in the team’s ability to take it from internal tool to more broadly applicable product.

“I think it has to do with the quality of the engineering team that built OpsGenie. These guys are very microservices oriented, very product oriented, so they’re very quick at iterating and developing products. Even though this was an internal tool I think of it as very much productized, and their ability to now sell it to the broader market is very exciting,” he said.

The company offers a free version, then tiered pricing based on usage, storage and data retention. The current product is a cloud service, but it plans to add an on prem version in the near future.

Intezer raises $15M for its DNA-style ‘genetic’ approach to identifying and tracking malware code

As the total cost of cybercrime reaches into trillions of dollars and continues to rise, a firm called Intezer — which  has built a way to analyse, identify and eradicate malware by way of an ordering system similar to what’s used when mapping out DNA — has raised $15 million to double down on growth.

The funding, a Series B, is being led by OpenView Partners, the VC with a focus on expansion rounds for enterprise software companies, with participation from previous investors Intel Capital (which led the Series A in 2017), Magma, Samsung NEXT, USAA, and Alon Cohen, the founder and former CEO of CyberArk, who is also a co-founder of Intezer. The company is not disclosing its funding; it has raised a relatively modest $25 million to date.

Itai Tevet, Intezer’s other co-founder and CEO who had previously run the Cyber Incident Response Team (CERT) in Israel’s IDF, notes that the startup’s customers include “Fortune 500 companies, late stage startups, and elite government agencies” (it doesn’t disclose any specific names). In an interview, he said Intezer will be using the funding both to expand that list — through two products it currently offers, Intezer Protect and Intezer Analyze (which comes without remediation) — and also to explore how to apply its model to other areas under threat from malicious cyberattacks not traditionally associated with malware.

“Because our technology deals with binary code in general, it’s applicable in many different ways,” he said. “Since any digital device runs binary code (even drones, medical devices, smart phones, …), our technology has the potential to create a big impact in numerous aspects of cyber security to provide visibility, control and protection from any unauthorized and malicious code.”

Intezer describes its technique as “genetic malware analysis”, and the basic premise is that “all software, whether legitimate or malicious, is comprised of previously written code,” Tevet said. (He said he first came up with this revelation at the IDF, where he was “dealing with the best cyber attackers in the world,” later working with Cohen and a third co-founder Roy Halevi, to perfect the idea.)

Intezer therefore has built software that can “map” out different malware, making connections by detecting code reuse and code similarities, which in turn can help it identify new threats, and help put a stop to them.

There is a reason why cybercriminals reuse code, and it has to do with economies of scale: they can reuse and work faster. Conversely, it also becomes “exponentially harder for them to launch a new attack campaign since they would need to start completely from scratch,” Tevet notes.

While there are literally hundreds of startups now on the market building ways to identify, mitigate and remediate the effects of malware on systems, Intezer claims to stand apart from the pack.

“The vast majority of security systems in the market today detect threats by looking for anomalies and other indicators of compromise,” usually using machine learning and AI, but Tevet adds that this “can be evaded by ‘blending in’ as normal activity.” One consequence of that is that these methods also drown security teams with vague and false-positive alerts, he added. “On the other hand, Intezer doesn’t look for the symptoms of the attack, but can actually uncover the origins of the root cause of nearly all cyber attacks — the code itself.”

The startup’s proof is in the pudding so to speak: it has scored some notable successes to date through its use. Intezer was the first to identify that WannaCry came out of North Korea; it built a code map that helped provide the links between the Democratic National Committee breach and Russian hackers; and most recently it identified a new malware family called “HiddenWasp” linked specifically to Linux systems.

Itai Tevet, the co-founder and CEO, says that “hands down,” Linux-focused threats are the biggest issue of the moment.

“Everybody’s talking about cloud security but it is rarely discussed that Linux malware is a thing,” he said in an interview. “Since the dawn of cloud and IoT, Linux has become the most common operating system and, in turn, the biggest prize for hackers.” He added that in the more traditional enterprise landscape, “banking trojans such as Emotet and Trickbot remain the most common malware families seen in the wild.”

“Itai, Roy and the team at Intezer possess a rare expertise in incident response, malware analysis, and reverse engineering having mitigated many nation-state sponsored threats in the past,” said Scott Maxwell, founder and managing partner of OpenView, in a statement. “The Genetic Malware Analysis technology they’ve developed represents the next-generation of cyber threat detection, classification, and remediation. We’re excited to support them as they build a category-defining company.”

Snyk snags $150M investment as its valuation surpasses $1B

Snyk, the company that wants to help developers secure their code as part of the development process, announced a $150 million investment today. The company indicated the investment brings its valuation to over $1 billion (although it did not share the exact figure).

Today’s round was led by Stripes, a New York City investment firm with Coatue, Tiger Global, BoldStart,Trend Forward, Amity and Salesforce Ventures also participating. The company reports it has now raised over $250 million.

The idea behind Snyk is to fit security firmly in the development process. Rather than offloading it to a separate team, something that can slow down a continuous development environment, Snyk builds in security as part of the code commit.

The company offers an open source tool helps developers find open source vulnerabilities when they commit their code to GitHub, Bitbucket, GitLab or any CI/CD tool. It has built up a community of over 400,000 developers with this approach.

Snyk makes money with a container security product, and by making the underlying vulnerability database they use in the open source product available to companies as a commercial product.

CEO Peter McKay, who came on board last year as the company was making a move to expand into the enterprise, says the open source product drives the revenue-producing products and helped attract this kind of investment. “Getting to [today’s] funding round was the momentum in the open source model from the community to freemium to [land] and expand — and that’s where we are today,” he told TechCrunch.

He said that the company wasn’t looking for this money, but investors came knocking and gave them a good offer, based on Snyk’s growing market momentum. “Investors said we want to take advantage of the market, and we want to make sure you can invest the way you want to invest and take advantage of what we all believe is this very large opportunity,” McKay said.

In fact, the company has been raising money at a rapid rate since it came out of the gate in 2016 with a $3 million seed round. A $7 million Series A and $22 million Series B followed in 2018 with a $70 million Series C last fall.

The company reports over 4X revenue growth in 2019 (without giving exact revenue figures), and some major customer wins including the likes of Google, Intuit, Nordstrom and Salesforce. It’s worth noting that Salesforce thought enough of the company that it also invested in this round through its Salesforce Ventures investment arm.

Israel’s cybersecurity startup scene spawned new entrants in 2019

As the global cybersecurity market becomes increasingly crowded, the Start Up Nation remains a bulwark of innovation and opportunity generation for investors and global cyber companies alike. It achieved this chiefly in 2019 by adapting to the industry’s competitive developments and pushing forward its most accomplished entrepreneurs in larger numbers to meet them.

New data illustrates how Israeli entrepreneurs have seized on the country’s reputation for building radically cutting-edge technologies as the number of new Israeli cybersecurity startups addressing nascent sectors eclipses its more traditional counterparts. Moreover, related findings highlight how cybersecurity companies looking to expand beyond their traditional offerings are entering Israel’s cybersecurity ecosystem in larger numbers through highly strategic acquisitions.

Broadly, new findings also reveal the Israeli cybersecurity market’s overall coming of age, seasoned entrepreneurial dominance and greater appetite for longer-term visions and strategies — the latter of which received record-breaking investor backing in 2019.

Breaking records

TechCrunch’s Top 10 investigative reports from 2019

Facebook spying on teens, Twitter accounts hijacked by terrorists, and sexual abuse imagery found on Bing and Giphy were amongst the ugly truths revealed by TechCrunch’s investigating reporting in 2019. The tech industry needs more watchdogs than ever as its size enlargens the impact of safety failures and the abuse of power. Whether through malice, naivety, or greed, there was plenty of wrongdoing to sniff out.

Led by our security expert Zack Whittaker, TechCrunch undertook more long-form investigations this year to tackle these growing issues. Our coverage of fundraises, product launches, and glamorous exits only tell half the story. As perhaps the biggest and longest running news outlet dedicated to startups (and the giants they become), we’re responsible for keeping these companies honest and pushing for a more ethical and transparent approach to technology.

If you have a tip potentially worthy of an investigation, contact TechCrunch at [email protected] or by using our anonymous tip line’s form.

Image: Bryce Durbin/TechCrunch

Here are our top 10 investigations from 2019, and their impact:

Facebook pays teens to spy on their data

Josh Constine’s landmark investigation discovered that Facebook was paying teens and adults $20 in gift cards per month to install a VPN that sent Facebook all their sensitive mobile data for market research purposes. The laundry list of problems with Facebook Research included not informing 187,000 users the data would go to Facebook until they signed up for “Project Atlas”, not receiving proper parental consent for over 4300 minors, and threatening legal action if a user spoke publicly about the program. The program also abused Apple’s enterprise certificate program designed only for distribution of employee-only apps within companies to avoid the App Store review process.

The fallout was enormous. Lawmakers wrote angry letters to Facebook. TechCrunch soon discovered a similar market research program from Google called Screenwise Meter that the company promptly shut down. Apple punished both Google and Facebook by shutting down all their employee-only apps for a day, causing office disruptions since Facebookers couldn’t access their shuttle schedule or lunch menu. Facebook tried to claim the program was above board, but finally succumbed to the backlash and shut down Facebook Research and all paid data collection programs for users under 18. Most importantly, the investigation led Facebook to shut down its Onavo app, which offered a VPN but in reality sucked in tons of mobile usage data to figure out which competitors to copy. Onavo helped Facebook realize it should acquire messaging rival WhatsApp for $19 billion, and it’s now at the center of anti-trust investigations into the company. TechCrunch’s reporting weakened Facebook’s exploitative market surveillance, pitted tech’s giants against each other, and raised the bar for transparency and ethics in data collection.

Protecting The WannaCry Kill Switch

Zack Whittaker’s profile of the heroes who helped save the internet from the fast-spreading WannaCry ransomware reveals the precarious nature of cybersecurity. The gripping tale documenting Marcus Hutchins’ benevolent work establishing the WannaCry kill switch may have contributed to a judge’s decision to sentence him to just one year of supervised release instead of 10 years in prison for an unrelated charge of creating malware as a teenager.

The dangers of Elon Musk’s tunnel

TechCrunch contributor Mark Harris’ investigation discovered inadequate emergency exits and more problems with Elon Musk’s plan for his Boring Company to build a Washington D.C.-to-Baltimore tunnel. Consulting fire safety and tunnel engineering experts, Harris build a strong case for why state and local governments should be suspicious of technology disrupters cutting corners in public infrastructure.

Bing image search is full of child abuse

Josh Constine’s investigation exposed how Bing’s image search results both showed child sexual abuse imagery, but also suggested search terms to innocent users that would surface this illegal material. A tip led Constine to commission a report by anti-abuse startup AntiToxin (now L1ght), forcing Microsoft to commit to UK regulators that it would make significant changes to stop this from happening. However, a follow-up investigation by the New York Times citing TechCrunch’s report revealed Bing had made little progress.

Expelled despite exculpatory data

Zack Whittaker’s investigation surfaced contradictory evidence in a case of alleged grade tampering by Tufts student Tiffany Filler who was questionably expelled. The article casts significant doubt on the accusations, and that could help the student get a fair shot at future academic or professional endeavors.

Burned by an educational laptop

Natasha Lomas’ chronicle of troubles at educational computer hardware startup pi-top, including a device malfunction that injured a U.S. student. An internal email revealed the student had suffered a “a very nasty finger burn” from a pi-top 3 laptop designed to be disassembled. Reliability issues swelled and layoffs ensued. The report highlights how startups operating in the physical world, especially around sensitive populations like students, must make safety a top priority.

Giphy fails to block child abuse imagery

Sarah Perez and Zack Whittaker teamed up with child protection startup L1ght to expose Giphy’s negligence in blocking sexual abuse imagery. The report revealed how criminals used the site to share illegal imagery, which was then accidentally indexed by search engines. TechCrunch’s investigation demonstrated that it’s not just public tech giants who need to be more vigilant about their content.

Airbnb’s weakness on anti-discrimination

Megan Rose Dickey explored a botched case of discrimination policy enforcement by Airbnb when a blind and deaf traveler’s reservation was cancelled because they have a guide dog. Airbnb tried to just “educate” the host who was accused of discrimination instead of levying any real punishment until Dickey’s reporting pushed it to suspend them for a month. The investigation reveals the lengths Airbnb goes to in order to protect its money-generating hosts, and how policy problems could mar its IPO.

Expired emails let terrorists tweet propaganda

Zack Whittaker discovered that Islamic State propaganda was being spread through hijacked Twitter accounts. His investigation revealed that if the email address associated with a Twitter account expired, attackers could re-register it to gain access and then receive password resets sent from Twitter. The article revealed the savvy but not necessarily sophisticated ways terrorist groups are exploiting big tech’s security shortcomings, and identified a dangerous loophole for all sites to close.

Porn & gambling apps slip past Apple

Josh Constine found dozens of pornography and real-money gambling apps had broken Apple’s rules but avoided App Store review by abusing its enterprise certificate program — many based in China. The report revealed the weak and easily defrauded requirements to receive an enterprise certificate. Seven months later, Apple revealed a spike in porn and gambling app takedown requests from China. The investigation could push Apple to tighten its enterprise certificate policies, and proved the company has plenty of its own problems to handle despite CEO Tim Cook’s frequent jabs at the policies of other tech giants.

Bonus: HQ Trivia employees fired for trying to remove CEO

This Game Of Thrones-worthy tale was too intriguing to leave out, even if the impact was more of a warning to all startup executives. Josh Constine’s look inside gaming startup HQ Trivia revealed a saga of employee revolt in response to its CEO’s ineptitude and inaction as the company nose-dived. Employees who organized a petition to the board to remove the CEO were fired, leading to further talent departures and stagnation. The investigation served to remind startup executives that they are responsible to their employees, who can exert power through collective action or their exodus.

If you have a tip for Josh Constine, you can reach him via encrypted Signal or text at (585)750-5674, joshc at TechCrunch dot com, or through Twitter DMs

Microsoft says it will fix an Internet Explorer security bug under active attack

Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix.

In a late-evening tweet, US-CERT, the division of Homeland Security tasked with reporting on major security flaws, tweeted a link to a security advisory detailing the bug, describing it as “being exploited in the wild.”

Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week no longer receives security updates.

The vulnerability was found in how Internet Explorer handles memory. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email.

It’s believed to be a similar vulnerability as one disclosed by Mozilla, the maker of the Firefox browser, earlier this week. Both Microsoft and Mozilla credited Qihoo 360, a China-based security research team, with finding flaws under active attack. Earlier in the week, Qihoo 360 reportedly deleted a tweet referencing a similar flaw in Internet Explorer.

Neither Qihoo, Microsoft, nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. The U.S. government’s cybersecurity advisory unit also issued a warning about current exploitation.

Microsoft told TechCrunch that it was was “aware of limited targeted attacks” and was “working on a fix,” but that it was unlikely to release a patch until its next round of monthly security fixes — scheduled for February 11.

Microsoft assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

When reached, a Microsoft spokesperson did not comment.

Microsoft says it will fix an Internet Explorer security bug under active attack

Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix.

In a late-evening tweet, US-CERT, the division of Homeland Security tasked with reporting on major security flaws, tweeted a link to a security advisory detailing the bug, describing it as “being exploited in the wild.”

Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week no longer receives security updates.

The vulnerability was found in how Internet Explorer handles memory. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email.

It’s believed to be a similar vulnerability as one disclosed by Mozilla, the maker of the Firefox browser, earlier this week. Both Microsoft and Mozilla credited Qihoo 360, a China-based security research team, with finding flaws under active attack. Earlier in the week, Qihoo 360 reportedly deleted a tweet referencing a similar flaw in Internet Explorer.

Neither Qihoo, Microsoft, nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. The U.S. government’s cybersecurity advisory unit also issued a warning about current exploitation.

Microsoft told TechCrunch that it was was “aware of limited targeted attacks” and was “working on a fix,” but that it was unlikely to release a patch until its next round of monthly security fixes — scheduled for February 11.

Microsoft assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

When reached, a Microsoft spokesperson did not comment.

Cyral announces $11M Series A to help protect data in cloud

Cyral, an early stage startup that helps protect data stored in cloud repositories, announced an $11 million Series A today. The company also revealed a previous undisclosed $4.1 million angel investment, making the total $15.1 million.

The Series A was led by Redpoint Ventures. A.Capital Ventures, Costanoa VC, Firebolt, SV Angel and Trifecta Capital also participated in on the round.

Cyral co-founder and CEO Manav Mital says the company’s product acts as a security layer on top of cloud data repositories — whether databases, data lakes, data warehouse or other data repository — helping identify issues like faulty configurations or anomalous activity.

Mital says that unlike most security data products of this ilk, Cyral doesn’t use an agent or watch points to try to detect signals that indicate something is happening to the data. Instead, he says that Cyral is a security layer attached directly to the data.

“The core innovation of Cyral is to put a layer of visibility attached right to the data endpoint, right to the interface where application services and users talk to the data endpoint, and in real time see the communication,” Mital explained.

As an example, he says that Cyral could detect that someone has suddenly started scanning rows of credit card data, or that someone was trying to connect to a database on an unencrypted connection. In each of these cases, Cyral would detect the problem, and depending on the configuration, send an alert to the customer’s security team to deal with the problem, or automatically shut down access to the database before informing the security team.

It’s still early days for Cyral with 15 employees and a handful of early access customers. Mital says for this round he’s working on building a product to market that’s well designed and easy to use.

He says that people get the problem he’s trying to solve. “We could walk into any company and they are all worried about this problem. So for us getting people interested has not been an issue. We just want to make sure we build an amazing product,” he said.

Cyral announces $11M Series A to help protect data in cloud

Cyral, an early stage startup that helps protect data stored in cloud repositories, announced an $11 million Series A today. The company also revealed a previous undisclosed $4.1 million angel investment, making the total $15.1 million.

The Series A was led by Redpoint Ventures. A.Capital Ventures, Costanoa VC, Firebolt, SV Angel and Trifecta Capital also participated in on the round.

Cyral co-founder and CEO Manav Mital says the company’s product acts as a security layer on top of cloud data repositories — whether databases, data lakes, data warehouse or other data repository — helping identify issues like faulty configurations or anomalous activity.

Mital says that unlike most security data products of this ilk, Cyral doesn’t use an agent or watch points to try to detect signals that indicate something is happening to the data. Instead, he says that Cyral is a security layer attached directly to the data.

“The core innovation of Cyral is to put a layer of visibility attached right to the data endpoint, right to the interface where application services and users talk to the data endpoint, and in real time see the communication,” Mital explained.

As an example, he says that Cyral could detect that someone has suddenly started scanning rows of credit card data, or that someone was trying to connect to a database on an unencrypted connection. In each of these cases, Cyral would detect the problem, and depending on the configuration, send an alert to the customer’s security team to deal with the problem, or automatically shut down access to the database before informing the security team.

It’s still early days for Cyral with 15 employees and a handful of early access customers. Mital says for this round he’s working on building a product to market that’s well designed and easy to use.

He says that people get the problem he’s trying to solve. “We could walk into any company and they are all worried about this problem. So for us getting people interested has not been an issue. We just want to make sure we build an amazing product,” he said.

The US government should stop demanding tech companies compromise on encryption

In a tweet late Tuesday, President Trump criticized Apple for refusing “to unlock phones used by killers, drug dealers and other violent criminal elements.” Trump was specifically referring to a locked iPhone that belonged to a Saudi airman who killed three U.S sailors in an attack on a Florida base in December.

It’s only the latest example of the government trying to gain access to a terror suspect’s device it claims it can’t access because of the encryption that scrambles the device’s data without the owner’s passcode.

The government spent the past week bartering for Apple’s help. Apple said it had given to investigators “gigabytes of information,” including “iCloud backups, account information and transactional data for multiple accounts.” In every instance it received a legal demand, Apple said it “responded with all of the information” it had. But U.S. Attorney General William Barr accused Apple of not giving investigators “any substantive assistance” in unlocking the phone.