Rethinking Software and Risk to Protect the Public Sector

We should build security into the foundation of programs.

Our current approach to cybersecurity, specifically within the public sector, is not working. We continue to spend more and more money on this issue across all industries, as evident in the fact that we have spent $173 billion on cybersecurity in 2020, twice the amount we spent just 10 years ago, while our losses continue to increase and currently surpass $1 trillion.

Rather than accept this trend as inevitable, we should rethink our approach to software and build security into the foundation of programs, instead of adding it in as an afterthought and subsequently risking the nation’s most sensitive data. The current approach of utilizing firewalls, antivirus and other mitigations, while important, does not substantially affect the economics of cybercrime. Therefore, we must focus on reducing the number of vulnerabilities in software if we are to defend federal agencies against potential attacks.

It’s best to think of malware as a business—whether it is implemented by criminals or state adversaries—with business-like incentives and disincentives. Budgets are always limited and there must be a return on the adversary’s investment.

To raise attacker costs, one must consider the lifecycle of malware: delivery, exploitation and finally, the attack. If any of these phases can be disrupted, we can have a greater chance of defending federal software and data. Delivery and attack are, however, largely at the discretion of the attacker, making them difficult for defenders to affect. That leaves exploitation, which involves the finding and exploiting of software or system weaknesses. This step is dependent on vulnerabilities, or rather, bugs in the security controls, which are under the complete control of the software developers.

Much of today’s efforts have been focused on threat mitigations which, while they do not remove bugs, attempt to make them unexploitable. It’s like treating the symptoms of a disease rather than the cause. This does provide some measure of protection but is not enough, for once an attacker learns how to bypass a mitigation, that same bypass can be reused repeatedly, increasing the attacker’s profit. Instead, we should focus on the architecture of today’s computer software systems, the majority of which are still based on decades-old software-development practices that leave too much open to attack.

One example of a critical systematic architectural flaw is known as ambient authority, a defect that greatly impacts user security and affects many, if not all software programs. Such a flaw can be explained in the case of running a program on a computer to view a PDF file. When a user runs a program to view a PDF, the program does not just receive permission to read the file. Rather, the program gains access to all of the user’s permissions, not just the few needed to view the document. If an attacker were to find a vulnerability within the PDF reader, the attacker could reprogram the software to perform any action the user could perform. This creates a tremendous security gap and exposes the user and agency to a plethora of potential risks.

It seems like a daunting task, but if we are to overcome today’s hostile threat environment, software systems must be written to isolate authority to a small part of the program. In the case of a PDF viewer, this would involve isolating the parts of the program that interact with the operating system from the parts that interpret a PDF. The PDF-specific code can then be run in a way that only has permissions to interact with the remaining parts of the program but not the operating system. This PDF-specific code will be the majority of code in the program. With the majority of code now isolated away from authority, there are far fewer bugs for attackers to abuse, drastically reducing the number of bugs that can be considered vulnerabilities.

As the world continues to increase in complexity, adversaries are taking advantage and extracting more value and becoming increasingly hostile against the public sector, putting the rest of the nation at tremendous risk and danger. Only when applications are written with security as the foundation of the platform, and not just as an accessory, will we stand a chance to reduce the attacker value and the endless threats.

Jonathan Moore is the chief technology officer at SpiderOak.

Ocient will enable much faster analysis of the world’s largest sets of data.

Ocient builds database and analytics software and services to enable rapid analysis of the world’s largest sets of data (trillions to quadrillions of rows of data). For users of Big Data, this will optimize the value of the capture and analysis of their data at unprecedented speed and scale. In simple terms, Ocient’s novel platform can bring in extremely large amounts of data and then inexpensively organize it so it can quickly be found and used. Metaphorically speaking, imagine Ocient can sit under Niagara Falls and catch all the water, bottle it, label it, and organize it. This is what Ocient can do for Big Data.

By fundamentally rethinking database architecture, Ocient can achieve performance levels that are significantly better and faster than competing solutions. Performance metrics include:

  • Benchmarks 10 to 1,000 times faster
  • Analytics that once took an hour now takes 10 seconds or less

Ocient’s speed allows for real-time loading which is necessary for companies such as in financial markets with constant bids, asks, and trades being executed, tech where multi-second analysis is necessary such as navigation systems, adtech, law enforcement, and network security. Ocient’s speed allows for more queries in a period of time. Ocient’s user-friendly technology was created with switching costs and market adoption in mind, making it an easy transition for any company.

How BayCare and Clearstep launched a COVID-19 screener in 9 days

On March 26, 2020 — less than two weeks after the World Health Organization declared the novel coronavirus outbreak a pandemic and one week after California became the first state in the U.S. to tell residents to stay home — MATTER startup member Clearstep and MATTER partner BayCare launched an online COVID-19 symptom screener.

The digital health startup and the Florida-based health system had connected earlier in 2020 at ACCESS, a MATTER program that helps industry partners connect to a curated group of startups through a series of one-on-one meetings. At the time, BayCare recognized that Clearstep’s digital triage and patient chat solution could improve how patients and providers navigate care and made plans to move forward together.

Then, COVID-19 changed everything.

In the wake of the pandemic, health systems began to focus on ways to keep patients out of hospitals who didn’t need to be there, but still provide guidance to the appropriate point of care for their needs. When BayCare was looking for a solution to help their patients navigate the questions brought up by COVID-19 — such as whether they should get tested, isolate themselves or go to the hospital — they remembered the startup they met through MATTER.

Derived from CDC guidelines and feedback from expert clinicians, Clearstep’s online screening tool gives people who are concerned about the virus a clear next step for care. Their screening tool also goes a step further than other COVID-19 screeners by incorporating clinical content used in more than 90 percent of nurse call centers in the country. In doing so, the solution ensures that individuals who report symptoms, but are deemed COVID-19 risk negative, are also pointed to their best next step for care.

To use the screening tool, users fill out a questionnaire and receive immediate triage results customized to connect them to the resources BayCare provides such as the emergency room, urgent care, or a telehealth visit through BayCare Anywhere.

BayCare-Clearstep-COVID-screener.png

Since the COVID-19 screening tool launched just under a month ago, it has been used more than 70,000 times by BayCare patients to identify the best next steps for care for symptomatic and concerned individuals.

“We saw incredible feedback from the users themselves almost immediately,” said Peter Garber, chief marketing and design officer at Clearstep. “In the past, the healthcare industry has lagged when it comes to user experience and design, so we knew we needed to nail it in a time when users are most concerned and fearful of what’s going on.”

“In the past, the healthcare industry has lagged when it comes to user experience and design, so we knew we needed to nail it in a time when users are most concerned and fearful of what’s going on.” —Peter Garber, CMO, Clearstep

How were BayCare and Clearstep able to move so quickly to deliver one of the first digital health solutions for COVID-19?

There are a few key ingredients.

BayCare has aggressive goals when it comes to innovation.

According to Craig Anderson — director of innovation at BayCare and co-founder of his own health tech company, HeadRehab LLC. — the health system has built a ‘buy, not build’ model. The innovation team’s mission is to find novel health tech solutions built by third party companies, identify how those solutions will benefit BayCare’s almost a million patients and nearly 6,000 providers, and work with them to quickly launch and scale solutions within the BayCare system.

That can sometimes involve partnering with large tech organizations, but according to Craig, they often choose to partner with smaller, more agile startups like Clearstep.

“Everything in innovation is about moving at speed.” said Craig, “A good idea now will, a year from now, probably still be a good idea, but won’t be considered innovative because by then it will be standard practice.”

“Everything in innovation is about moving at speed. A good idea now will, a year from now, probably still be a good idea, but won’t be considered innovative because by then it will be standard practice.” —Craig Anderson, Director of Innovation, BayCare

Craig’s team has nailed down a framework to work with startups like Clearstep — and to pivot quickly to solve the challenges COVID-19 presented to anxious customers.

“Whenever we have a time sensitive issue, especially one that’s affecting many or all our population, the C-suite will look to the innovation team to find solutions we’re aware of that BayCare may not be currently using,” said Craig. “What can we do that’s new to approach this problem differently, quicker and drive better results? Whether it’s COVID-19 or the hurricane season, innovation is asked to weigh in.”

BayCare found a complementary team in Clearstep.

When health systems look to partner with a startup, they look for both a solution that they believe in and a team they want to work with.

Clearstep checked both of those boxes for BayCare.

Launching a product quickly during an evolving crisis is no easy task, but Clearstep stepped up to the challenge. By the time BayCare reached out to work together on a COVID-19 solution, the Clearstep team had already realized that they were uniquely equipped to develop a powerful and comprehensive screener. They immediately jumped on the opportunity to work with BayCare and, nine days after Craig reached out, launched a solution.

“Staying on task towards fast development was a challenge,” said Bilal Naved, Clearstep’s chief operating officer. “We had to get adept at keeping every team aligned with one common vision and be willing to look at good ideas but say ‘ok, that’s part of v2 or v3.’”

According to Craig, Clearstep’s focus and drive impressed the BayCare team.

“Building something that a group of clinicians and senior leaders agree with quick enough and well enough that we have the confidence to launch it to our almost a million patients… that’s a rare combination to find,” said Craig.

“Building something that a group of clinicians and senior leaders agree with quick enough and well enough that we have the confidence to launch it to our almost a million patients… that’s a rare combination to find.” —Craig Anderson, Director of Innovation, BayCare

Since originally launching their screening tool, Clearstep and BayCare have improved and expanded their solution. They plan to continue to work together to solve the challenges COVID-19 presents, but also anticipate a longer partnership.

“While we were in the right place at the right time for the COVID-19 screening…it’s not just about us providing one solution [for BayCare],” said Bilal. “It’s an iterative process with them. Not just the product, but the process so that Clearstep can act as an agile arm to BayCare.”

Learn about corporate partnership or startup membership at MATTER.

The 25 small and midsize companies with the best CEOs in 2020, according to employees

  • Career site Comparably just released its annual list of the best CEOs at small and midsize companies.
  • The list is based on anonymous employee ratings over a 12-month period.
  • Jason Purcell, the CEO of e-commerce software company Salsify, ranked at the top of the small and midsize companies list.
  • View the full lists from Comparably here.
  • Visit Business Insider’s homepage for more stories.

Working at a company with a strong and thoughtful leader can be a very important thing to consider when looking for an employer, and one career site just published its annual list of the most highly ranked CEOs according to employees.

Career website Comparably just released its fourth annual ranking of companies with the best CEOs. To do this, Comparably anonymously asked employees across 60,000 US companies to rate their CEO from December 1, 2019 to December 1, 2020.

CEOs across different industries, from HR software to pharmaceutical healthcare, made the top 25 among small and midsize companies, defined by Comparably as having 500 or fewer employees.

Jason Purcell, the CEO of e-commerce software company Salsify ranked at the top of the list of small and midsize companies. These companies have 500 or fewer employees. Ellen Kullman, the CEO of Carbon, ranked No. 24 on this year’s list. She was also the former Chairman and CEO of DuPont and named one of the 50 most powerful women according to Fortune.

Iris Automation raises $13 million for visual drone object avoidance tech

It’s only a matter of time now before drones become a key component of everyday logistics infrastructure, but there are still significant barriers between where we are today and that future — particularly when it comes to regulation. Iris Automation is developing computer vision products that can help simplify the regulatory challenges involved in setting standards for pilotless flight, thanks to its detect-and-avoid technology that can run using a wide range of camera hardware. The company has raised a $13 million Series B funding round to improve and extend its tech, and to help provide demonstrations of its efficacy in partnership with regulators.

I spoke to Iris Automation CEO Jon Damush, and Iris Automation investor Tess Hatch, VP at Bessemer Venture Partners, about the round and the startup’s progress and goals. Damush, who took over as CEO earlier this year, talked about his experience at Boeing, his personal experience as a pilot and the impact on aviation of the advent of small, cheap and readily accessible electric motors, batteries and powerful computing modules, which have set the stage for an explosion in the commercial UAV industry.

“You’ve now shattered some of the barriers that have been in aerospace for the past 50 years, because you’re starting to really democratize the tools of production that allow people to make things that fly much easier than they could before,” Damush told me. “So with that, and the ability to take a human out of the cockpit, comes some interesting challenges — none more so than the regulatory environment.”

The U.S. Federal Aviation Administration (FAA), and most airspace regulators around the world, essentially divide into two spheres regulations around commercial flight, Damush explains. The first is around operations — what are you going to do while in flight, and are you doing that the right way. The second, however, is about the pilot, and that’s a much trickier thing to adapt to pilotless aircraft.

“One of the biggest challenges is the part of the regulations called 91.113b, and what that part of the regs states is that given weather conditions that permit, it’s the pilot on the airplane that has the ultimate responsibility to see and avoid other aircraft. That’s not a separation standard that says you’ve got to be three miles away, or five miles away or a mile away — that is a last line of defense, that is a safety net, so that when all the other mitigations that lead to a safe flight from A to B fail, the pilot is there to make sure you don’t collide into somebody.”

Iris comes in here, with an optical camera-based obstacle avoidance system that uses computer vision to effectively replace this last line of defense when there isn’t a pilot to do so. And what this unlocks is a key limiting factor in today’s commercial drone regulatory environment: The ability to fly aircraft beyond visual line of sight. All that means is that drones can operate without having to guarantee that an operator has eyes on them at all times. When you first hear that, you imagine that this factors in mostly to long-distance flight, but Damush points out that it’s actually more about volume — removing the constraints of having to keep a drone within visual line of sight at all times means you can go from having one operator per drone, to one operator managing a fleet of drones, which is when the economies of scale of commercial drone transportation really start to make sense.

Iris has made progress toward making this a reality, working with the FAA this year as part of its integrated pilot program to demonstrate the system in two different use cases. It also released the second version of its Casia system, which can handle significantly longer-range object detection. Hatch pointed out that these were key reasons why Bessemer upped its stake with this follow-on investment, and when I asked if COVID-19 has had any impact on industry appetite or confidence in the commercial drone market, she said that has been a significant factor, and it’s also changing the nature of the industry.

“The two largest industries [right now] are agriculture and public safety enforcement,” Hatch told me. “And public safety enforcement was not one of those last year, it was agriculture, construction and energy. That’s definitely become a really important vertical for the drone industry — one could imagine someone having a heart attack or an allergic reaction, an ambulance takes on average 14 minutes to get to that person, when a drone can be dispatched and deliver an AED or an epi pen within minutes, saving that person’s life. So I really hope that tailwind continues post COVID.”

This Series B round includes investment from Bee Partners, OCA Ventures and new strategic investors Sony Innovation Fund and Verizon Ventures (disclosure: TechCrunch is owned by Verizon Media Group, though we have no involvement, direct or otherwise, with their venture arm). Damush pointed out that Sony provides great potential strategic value because it develops so much of the imaging sensor stack used in the drone industry, and Sony also develops drones itself. For its part, Verizon offers key partner potential on the connectivity front, which is invaluable for managing large-scale drone operations.

Facebook Watch Sets Interactive AI Reality Series ‘Rival Peak’ With After-Show Hosted by Wil Wheaton

Facebook Watch is set to launch the first-ever interactive AI reality series, titled “Rival Peak,” on Dec. 2.

Hailing from dj2 Entertainment, Pipeworks Studios, and Genvid Technologies, the series places twelve AI contestants in the Pacific Northwest where they must survive elimination and solve the mystery that brought them together. Viewers can observe, help, or hinder one or more AI contestants via the 24/7 character-dedicated, interactive livestreams throughout the show’s initial 12-week season. Viewers’ voting will eliminate one contestant from the competition, but not the story, each week.

The characters represent a diverse array of cultural backgrounds, with each one voiced by an actor of the same background. They will interact in character with Wil Wheaton as part of the weekly live-action companion series “Rival Speak.” The show will feature key moments from the previous week, interviews, and clues to the Season 1 mystery.

“In under six months we went from generating a concept to shooting our first promos,” said dj2 Entertainment chief creative officer Stephan Bugaj. “It’s been the privilege of dj2 and the talented writing team we assembled to deliver enough content, not to fill every minute of the feed – that’d be unrealistic – but to keep the audience invested in each character’s story and in the overall meta-narrative regarding the mystery that brought them into this strange situation.”

Pipeworks and Genvid came together on the project to create the first-ever audience-influenced, persistent, global entertainment program. dj2 Entertainment came onboard to create the first-season’s storyline, the personas of the twelve diverse AI “contestants” along with their respective narratives, as well as to conceive and produce the weekly companion show.

This marks the latest announced project for dj2. The company had their first theatrical release in 2020, the highly-successful “Sonic the Hedgehog” movie. Currently under a first-look deal with Legendary Television, the company is also developing a number of TV shows based on video game properties, including “Disco Elysium” and “Life Is Strange.” The company is also producing a live-action theatrical adaptation of the game “Sleeping Dogs” with Donnie Yen, while a Sonic sequel has been announced.

Pipeworks focuses on things like cloud gaming, Radical AI, and interactive streaming. In addition to creating original IP games they are working with other game franchises and outside partners.

Genvid is working on advancing interactive streaming technology. The Genvid SDK is middleware capable of running on any streaming platform and infrastructure. The company was founded in 2016 by game industry veterans as is backed by Horizons Ventures, Makers Fund, March Capital Partners, and OCA Ventures, as well as strategic investments from Huya, NTT Docomo Ventures, and Samsung Ventures.

How Ubiq Security uses APIs to simplify data protection

As cyberthreats continue to multiply, startups with tools to protect data are in high demand. But companies are now facing the growing complexity of managing security across their various data sources.

San Diego-based Ubiq Security believes APIs could play a key role in simplifying this task. The company hopes to encourage more developers and enterprises to build security directly into applications rather than looking for other services to plug the holes.

“How do you take the messy and complicated world of encryption and distill it down to a consumable, bite-sized chunk?” Ubiq CEO Wias Issa asked. “We built an entirely API-based platform that enables any developer of any skill set to be able to integrate encryption directly into an application without having any prior cryptography experience.”

Issa is a security veteran and said companies have generally been focused on security for their data storage systems. When they start layering applications on top, many developers find they haven’t built security into those products. In addition, the underlying storage is becoming a thicket of legacy and cloud-based solutions.

“You could have an Oracle database, an SQL Server, AWS storage, and then a Snowflake data warehouse,” Issa said. “You’ve got to go buy five or six different tools to do encryption on each one of those because they’re all structured differently.”

Even when encryption is included in the application, it can be poorly designed. Issa said cryptographic errors have typically been among the top three vulnerabilities in software applications over the past decade.

“When you’re a developer in 2020, you’re expected to know multiple languages, do front end, back end, full-stack development,” Issa said. “And on top of that, someone comes along and says, ‘Hey, can you do cryptography?’ And so the developer thinks, ‘How do I just get past this so I can go back to building a fantastic product and focusing on my day job?’ So key management is an area where developers either don’t understand it or don’t want to deal with it because it’s so complicated and so burdensome and, frankly, it’s very expensive to do.”

To cut through those challenges, Ubiq’s API-based developer platform lets developers simply include three lines of code that make two API calls. By handling encryption at the application layer with an API, the security works across all underlying storage systems as well.

“The application will handle all the encryption and decryption and simply hand the data in an encrypted state to the storage layer,” Issa said. “That allows them to not only have a better security posture but improve their threat model and reduce the overall time it takes to roll out an encryption plan.”

Customers can then use a dashboard to monitor their encryption and adjust policies without having to update code or even know the developer jargon. This, in turn, simplifies the management of encryption keys.

Lessons from the government

Among its more notable customers, Ubiq announced this year that it had signed deals with the United States Army and the U.S. Department of Homeland Security. While government buyers have their particular issues, in this case the military and civilian systems faced many of the same obstacles large enterprises encounter.

“The government is struggling with digital transformation,” Issa said. “They’re stuck on all these legacy systems, and they’re not able to innovate as fast as the adversaries. So you’re seeing the likes of Iran and Syria and China and Russia and other Eastern Bloc countries start to build these offensive cyber capabilities. All you need is an internet connection, a bunch of skilled, dedicated resources, and now an entire country’s military cyber capability can rapidly grow. We don’t want that to outpace the United States.”

Part of the obstacle here is systems that run across tangled legacy and cloud infrastructure and mix structured and unstructured data and a wide range of coding languages. While there have been big gains in terms of protecting the underlying storage, Issa said attackers have increasingly focused on vulnerabilities in the applications.

“Encryption is something that everybody knows they need to do, but applying it without tripping over yourself is hard to do,” Issa said. “They turned to us because they’ve got all these disparate data types and they have all these unique types of storage. The problem is how to apply a uniform encryption strategy across all those diverse datasets.”

Issa said the emergence of the API economy has made such solutions far more accepted among big enterprises. They see APIs in general as a faster, more efficient way to build in functionality. Issa said applying that philosophy to security seemed like a natural evolution that not only eases the task but improves overall security.

“One of the other traditional challenges with encryption is when you deploy it somewhere and it breaks something,” he said. “And then you can’t deploy it in some sectors because the system is old. So you just apply it in two areas and then realize you’ve only applied encryption to 30% of your infrastructure. We enable a much more uniform approach.”

Ubiq got a boost earlier this month with a $6.4 million seed round. Okapi Venture Capital led the round, which included investment from TenOneTen Ventures, Cove Fund, DLA Piper Venture, Volta Global, and Alexandria Venture Investments. Ubiq plans to use the money for product development, building relationships with developers, and marketing.

“Our core focus is going to be on growing the platform, getting customer input, and making sure that we’re making the changes that our customers are asking for so we can run a very resilient, useful platform,” he said.

Sign up for Funding Weekly to start your week with VB’s top funding stories.

The Top 20 Cybersecurity Startups To Watch In 2021 Based On Crunchbase

  • Cybersecurity, privacy and security startups have raised $10.7 billion so far this year, five times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today.
  • 22,156 startups who either compete in or rely on cybersecurity, security and privacy technologies and solutions as a core part of their business models today, 1.450 of which have received pre-seed or seed funding in the last twelve months based on a Crunchbase Pro query
  • From network and data security to I.T. governance, risk measurement and policy compliance, cybersecurity is a growing industry estimated to be worth over $300B by 2025, according to C.B. Insight’s Emerging Trends Cybersecurity Report.

Today, 797 cybersecurity, privacy and security startups have received a total of $10.73 billion so far this year, with $4.6 million being the median funding round and $17.5 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 25 cybersecurity startups are all based on Crunchbase Pro analysis done today.

New startups and established vendors are attracting record levels of investment as all organizations look to thwart increasingly complex, costly and unpredictable cyberattacks. There is an arms race going on between cyber attackers using A.I. and machine learning and the many startups and existing vendors whose goal is to contain them. CBInsights and PwC recently published their latest quarterly joint study of the venture capital landscape, MoneyTree™ Report, Q3, 2020. The study finds that monitoring and security deals grow more than double in Q3, 2020, as the heat map below shows:

The 20 Best Cybersecurity Startups To Watch In 2021

Based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets, the following are the top 20 cybersecurity startups to watch in 2020:

Axis Security – Axis Security’s Application Access Cloud™ is a purpose-built cloud-based solution that makes application access across networks scalable and secure. Built on zero-trust, Application Access Cloud offers a new agentless model that connects users online to any application, private or public, without touching the network or the apps themselves. Axis Security is a privately held company backed by Canaan Partners, Ten Eleven Ventures and Cyberstarts. Axis is headquartered in San Mateo, California, with research and development in Tel Aviv, Israel.

Bitglass – What makes Bitglass unique and worth watching is how they are evolving their Total Cloud Security Platform to combine cloud access security brokerage, on-device secure web gateways and zero-trust network access to secure endpoints across all devices. Its Polyscale Architecture is delivering uptimes of 99.99% in customer deployments. Bitglass’s 2020 Insider Threat Report has several interesting insights based on their recent interviews with a leading cybersecurity community. One interesting takeaway is 61% of those surveyed experienced an insider attack in the last 12 months (22% reported at least six).

Cado Security – Cado Security’s cloud-native forensics and response platform helps organizations respond to security incidents in real-time, averting potential breaches and security incidents. The Cado Response platform is built on analytics components that perform thorough forensic analyses of compromised systems. Cado’s platform, Cado Response, is an agentless, cloud-native forensics solution that allows security professionals to quickly and comprehensively understand an incident’s impact across all environments, including cloud and containers as well as on-premise systems. “Finding the root cause of security incidents in cloud or container environments is incredibly difficult. Traditional tools don’t support these new environments and there is a shortage of people who know both forensics and cloud security,” said CEO James Campbell, formerly Director, Cyber Threat Detection and Response at PricewaterhouseCoopers. “Our Cado Response platform completely changes how security professionals can respond to incidents in the cloud.”

Confluera – Originally mentioned as one of the 20 Best Cybersecurity Startups To Watch In 2020, Confluera’s sustained innovation pace in the middle of a pandemic deserves special mention. They are one of the most resilient startups to watch in 2021. Confluera is a cybersecurity startup helping organizations find sophisticated security attacks going on inside of corporate infrastructures. The startup delivers autonomous infrastructure-wide cyber kill chain tracking and response by leveraging the ‘Continuous Attack Graph’ to stop and remediate cyber threats in real-time deterministically. Confluera’s platform is designed to detect and prevent attackers from navigating infrastructure. Confluera technology combines machine comprehended threat detection with accurately tracked activity trails to stop cyberattacks in real-time, allowing companies to simplify security operations radically. It frees up human security personnel to focus on more important work instead of spending hours trying to join the dots between the thousands of alerts they receive daily, many of which are false positives. The following is a video that explains how Confluera XDR for Cloud Infrastructure works:

DataFleets – DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics and automated compliance. The platform provides data scientists and developers with a “data fleet”​ that allows them to create analytics, ML models and applications on susceptible data sets without direct access to the data. Each data fleet has easy-to-use APIs and under-the-hood, they ensure data protection using advances in federated computation, transfer learning, encryption and differential privacy. DataFleets helps organizations overcome the struggle between data privacy and innovation by maintaining data protection standards for compliance while accelerating data science initiatives.

DefenseStorm – DefenseStorm’s unique approach to providing cybersecurity and cyber-compliance for the banking industry make them one of the top startups to watch in 2021.  Their DefenseStorm GRID is the only co-managed, cloud-based and compliance-automated solution of its kind for the banking industry. It monitors everything on a bank’s network. It matches it to defined policies for real-time, complete and proactive cyber exposure readiness, keeping security teams and executives updated on bank networks’ real-time security status. The company’s Threat Ready Active Compliance (TRAC) Team augments its bank customers’ internal teams to protect business continuity and skills availability while ensuring cost-effective coverage and management.

Enso Security – Enso is an application security posture management (ASPM) platform startup known for the depth of its insights and expertise in cybersecurity. With Enso, software security groups can scale and gain control over application security programs to protect applications systematically. The Enso ASPM platform discovers application inventory, ownership and risk to help security teams quickly build and enforce security policies and transform AppSec into an automated, systematic discipline.

Ethyca –  Ethyca is an infrastructure platform that provides developers and product teams with the ability to ensure consumer data privacy throughout applications and services design. It also provides your product, engineering and privacy teams with unmatched ease of use and functionality to better care about your user’s data. The company helps companies discover sensitive data and then provides a mechanism for customers to delete, see, or edit their data from the system. Ethyca’s mission is to increase trust in data-driven business by building automated data privacy infrastructure. Ethyca’s founder and CEO Cillian Kieran is a fascinating person to speak with on the topics of privacy, security, GDPR and CCPA compliance. He continues to set a quick pace of innovation in Ethyca, making this start-up one of the most interesting in data privacy today. Here’s an interview he did earlier this year with France 24 English:

Havoc Shield – Havoc Shield reduces the burden on small and medium businesses (SMBs) by giving them access to advanced security technology that protects against data breaches, phishing, dark web activity and other threats. The Havoc Shield platform offers comprehensive security and compliance features that meet the standards of Fortune 100 companies, making it easier for businesses working to win deals with those companies. “For a long time, cybersecurity technology has been virtually inaccessible to small businesses, who largely can’t afford those resources,” said Brian Fritton, CEO and co-founder of Havoc Shield. “We created Havoc Shield because we believe in democratizing cybersecurity for the little guy. Small businesses deserve the ability to protect what they’ve built, just as much as larger companies that have dedicated cybersecurity staff.” Since the end of Q2 2020, Havoc Shield has quadrupled its client list. In the coming months, the company aims to grow its team to help more small businesses protect themselves from threats and achieve customer trust.

Illumio – Widely considered the leader in micro-segmentation that prevents the spread of breaches inside data centers and cloud environments, Illumio is one of the most interesting cybersecurity startups to watch in 2021. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines and containers. The following video explains why Illumio Core is a better approach to segmentation.

Immuta – Immuta was founded in 2015 based on a mission within the U.S. Intelligence Community to build a platform that accelerates self-service access to and control sensitive data. The Immuta Automated Data Governance platform creates trust across data engineering, security, legal, compliance and business teams to ensure timely access to critical data with minimal risk while adhering to global data privacy regulations GDPR, CCPA and HIPAA. Immuta’s automated, scalable, no-code approach makes it easy for users to access the data they need when they need it while protecting sensitive information and ensuring customer privacy. Selected by Fast Company as one of the World’s 50 Most Innovative Companies, Immuta is headquartered in Boston, MA, with offices in College Park, MD and Columbus, OH.

Isovalent – Isovalent makes software that helps enterprises connect, monitor and secure mission-critical workloads in modern, cloud-native ways. Its flagship technology, Cilium, is the choice of leading global organizations including Adobe, Capital One, Datadog, GitLab and many more. Isovalent is headquartered in Mountain View, CA and is backed by Andreessen Horowitz, Google and Cisco Investments. Earlier this month, Isovalent announced that it had raised $29 million in Series A funding, led by Andreessen Horowitz and Google with participation from Cisco Investments.

JupiterOne – JupiterOne, Inc. reduces the cost and complexity of cloud security, replacing guesswork with granular data about cyber assets and configurations. The company’s software helps security operations teams shorten the path to security and compliance and improve their overall posture through continuous data aggregation and relationship modeling across all assets. JupiterOne customers include Reddit, Databricks, HashiCorp, Addepar, Auth0, LifeOmic and OhMD. Earlier this year, JupiterOne received $19 million in venture funding. The Series A round was led by Bain Capital Ventures, with additional investment from Rain Capital, LifeOmic and individual investors. “JupiterOne has developed a compelling product that integrates quickly, has applicability across enterprise segments and is highly reviewed by current customers,” said Enrique Salem, partner at Bain Capital Ventures and former CEO at Symantec. Salem now joins the JupiterOne board. “We see a multibillion-dollar market opportunity for this technology across mid-market and enterprise customers. Asset management is the first step in building a successful security program and it’s currently a tedious, imperfect process that’s well-suited for automation.”

Lightspin – Lightspin is a pioneer in contextual cloud security protecting native, Kubernetes and microservices from known and unknown risks and has recently announced a $4 million seed funding round on November 24th. They will use the proceeds of the round to finance continued R&D on how to secure cloud infrastructures. The financing round was led by Ibex Investors LLC, the firm’s first global investment from its new $100 million early-stage fund and also included participation from private angel investors. Lightspin’s technology uses graph-based tools and algorithms to provide rapid, in-depth visualizations of cloud stacks, analyze potential attack paths and detect the root causes, all of which are the most critical vulnerabilities that attackers can exploit.

Orca Security – Orca Security is noteworthy for its innovative approach to providing instant-on, workload-deep security for AWS, Azure and GCP without the gaps in agents’ coverage and operational costs. Orca integrates cloud platforms as an interconnected web of assets, prioritizing risk based on environmental context. Delivered as SaaS, Orca Security’s patent-pending SideScanning™ technology reads cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords and unsecured PII.

SECURITI.ai – SECURITI.ai is an AI-Powered PrivacyOps company that helps automate all significant functions needed for privacy compliance on a single platform. It enables enterprises to grant individual and group rights to data and comply with global privacy regulations like CCPA and bolster their brands. They collect and manage consent from multiple sources, including web properties, web forms and SaaS applications. Their AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. SECURITI.ai was founded in November 2018 and is headquartered in San Jose, California.

SecureStack – SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing them to become security experts. The results are faster time to business and a 60%-70% reduction in the app attack surface. The SecureStack platform’s intelligent automation manages security controls across distributed infrastructures using rules and profiles customizable by customers. SecureStack is noteworthy for its analytics and logging expertise in helping enterprises scale applications across cloud infrastructures.

Stairwell – What makes Stairwell one of the top startups to watch in 2021 is its unique approach to cybersecurity built around a vision that all security teams should be able to determine what alerts are threat-related or not and why. Mike Wiacek, the founder of Google’s Threat Analysis Group and co-founder and former Chief Security Officer of Alphabet moonshot Chronicle, leads the company as its CEO and founder. Wiacek is joined by Jan Kang, former Chief Legal Officer at Chronicle, as COO and General Counsel. Stairwell is backed by Accel Venture Partners, Sequoia Capital, Gradient Ventures and Allen & Company LLC.

Ubiq Security – What makes Ubiq Security one of the top cybersecurity startups to watch in 2021 is how rapidly their API-based developer platform is maturing while gaining traction in the market. Ubiq Security recently signed commercial agreements with the United States Army and the Department of Homeland Security. This month, the startup announced it had raised $6.4 million in a seed equity investment round. Okapi Venture Capital, an early investor in Crowdstrike, led the round with participation from TenOneTen Ventures, Cove Fund, DLA Piper Venture, Volta Global and Alexandria Venture Investments. Ubiq will use the funds to accelerate platform development, developer relations and customer acquisition.

Unit21 – Unit21 helps protect businesses against adversaries through a simple API and dashboard to detect and manage money laundering, fraud and other sophisticated risks across multiple industries. Former Affirm and Shape Security employees Trisha Kothari and Clarence Chio founded Unit21 in 2018 and work with customers like Intuit, Coinbase, Gusto and Line to create a powerful & customizable rules engine for risk and compliance teams. Unit21’s highly flexible, customizable and intelligent cloud-based system provides a configurable engine for transaction monitoring, identity verification, case management, operations management and analytics and reporting. On October 19th of this year, Unit21 announced a $13 million funding round led by A.Capital Ventures. Additional participation includes investors such as Gradient Ventures (Google’s A.I. venture fund), Core V.C., South Park Commons, Diane Greene (founder of VMWare), William Hockey (founder of Plaid), Chris Britt and Ryan King (founders of Chime), Sumit Agarwal (founder of Shape Security) and Michael Vaughan (former COO of Venmo). Unit21 will use the new capital to grow its product and distribution-focused management team, increase sales and marketing efforts and sell into new industries.

Balto raises $10 million to analyze call center conversations with AI

Balto, which is developing a conversational AI platform for call centers, today announced the close of a $10 million round. A spokesperson said the capital will enable Balto to triple the size of its go-to-market team while bolstering product development.

With customer representatives increasingly required to work from home in Manila, the U.S., and elsewhere, companies are turning to AI to bridge resulting gaps in service. The solutions aren’t perfect — humans are needed even when chatbots are deployed — but COVID-19 has accelerated the need for AI-powered contact center messaging.

Balto’s AI listens to both sides of a conversation and visually prompts agents what to say next. A smart checklist feature reminds agents of the prescribed conversational flow, with Balto automatically checking each point off a list. Balto also offers voice-trigged dynamic prompts, including rebuttals, compliance statements, and product knowledge. Notifications give agents feedback on keywords, soft skills, and other habits, while reminders can be delivered via digital sticky notes, along with team leaderboard rankings.

On the backend, Balto offers a range of management features, including an agent performance dashboard that swiftly converts all customer calls into data. This data funnels into a portal that shows metrics for agent and team performance, as well as snippets of call transcripts. An accompanying win rate analysis tool analyzes the effectiveness of phrases across different agents, while a trend analysis feature shows agent, customer, and competitor trends in real time. Balto also offers a playbook designer managers can use to send winning phrases, important points, reminders, and more to agents’ machines.

Balto says it encrypts all data in transit and at rest. The thin client, which starts when agents begin a call and sits to the side of agents’ screens, is designed to work with any system that relies on headsets plugged into a computer to place calls.

There’s no shortage of competition in the AI-driven call center analytics space. Gong offers an intelligence platform for enterprise sales teams and recently nabbed $200 million in funding at a $2.2 billion valuation. Observe.ai snagged $26 million in December for AI that monitors and coaches call center agents. AI call center startups Cogito and CallMiner have also staked claims alongside more established players like Amazon, Microsoft, and Google.

But Balto says business has been booming during the pandemic, with the addition of customers like Empire Today, eHealth, and National General Insurance. Balto claims it has seen a 90-second average improvement in handle time and a 35% increase in conversion rates.

“COVID-19 has ripped the carpet out from under sales managers across the country,” Balto CEO and cofounder Marc Bernstein told VentureBeat via email. “Balto provides the real-time call guidance they need to empower agents and sales executives to work remotely. It’s like having a coach at your side during every call to help agents say the right thing at the right time … Customers are seeing 35% higher sales conversion rates, 75% faster ramp time for new agents. One customer said their close rate was up 132%. We’re ready to roll out to new enterprises, and this funding will pave that path.”

Sierra Ventures led today’s series A, with participation from Jump Capital, OCA Ventures, Cultivation Capital, and others. The round brings the company’s total raised to over $14 million.

Health iPASS Featured In New Healthcare Payments Industry Research

Exciting news! Health iPASS features prominently in a recent report produced by Financial Technology Partners in conjunction with QED Investors entitled, “Healthcare Payments: Consumerization and Digitization Create a Massive FinTech Opportunity.” This in-depth report provides a well-researched and complete picture of the healthcare financial landscape, outlines challenges, and presents emerging technologies that address these challenges.

Highlights of the report include:

  • Defintion of key constituents in the healthcare industry and an explanation of the roles of each.
  • Spotlighting of significant trends driving improvements in healthcare payments. Health iPASS is featured as an emerging solution under Point-of-Care Intake and Receivables Financing.
  • A detailed breakdown of FinTech companies servicing the healthcare and health insurance industries.
  • Interviews with CEOs and top executives of companies driving innovations in Fintech, including one with our own Imran Ahmad on pages 159-163.
  • Updates on recent financing and M&A transactions among Fintech companies.
  • Profiles of 60 of the top companies in the Fintech space. Our Health iPASS profile can be found on page 228.

 

Health iPASS is honored to be included in this prestigious group of Fintech movers and shakers! Stay tuned for key takeaways from the report in the coming weeks as part of our blog series on what’s next for the healthcare finance industry.  If you’d like to schedule a deep-dive demo on our patient intake and payment solution, click below. We can’t wait to show you what we can do for your practice.

Schedule a Demo