When it comes to cybersecurity firms in Boston, some names are the ones we all know about, such as Rapid7 and Carbon Black. There’s also a number of Israeli-founded cybersecurity firms operating in Boston, including CyberArk, Cybereason and Hexadite (which was recently acquired by Microsoft). In addition to the big names, there are a lot of early-stage ventures that we’re following closely.
Here’s the list of the 12 cybersecurity startups in Boston we’re watching, selected among the ones that made significant moves in the last 12 to 18 months.
The story of this malware protection company starts in 2013, when former OpenPages CEO Mike Duffy teamed up with former IBM executive Jack Danahy. At that time, Duffy wasn’t sure he was going to jump back in the game as a CEO, he told the Boston Business Journal. Just two days before he signed the agreement for OpenPages to be acquired by IBM in 2010, Duffy had been diagnosed with a form of cancer and was recovering from a successful operation. “I only wanted to do it if I found something I could get really passionate about,” Duffy said in an interview. “Jack presented this idea that he thought we could bring to market a capability that would make a dramatic impact on improving the business and people’s lives.” Located downtown Boston, the company raised $17 million in funding in less than a year (investors are New Enterprise Associates and Sigma Prime Ventures). Recently, Barkly added $6 million to its $12.5 million Series A round from 2015, according to a Form D filed in January.
Still in stealth mode, the company is working at the intersection of healthcare and cybersecurity, according to Keith Figlioli, a venture partner at Long River Ventures. Thanks to a recent Form D, we know that Censio has raised a $2 million equity round. The company’s CEO is listed as Ed Gaudet, who was most recently a CMO at iBoss Cybersecurity and a longtime executive at Imprivata.
Confirm.io provides software tools that help businesses to rapidly validate customer identity from a driver’s license or ID. Customers – including GasBuddy, the Federal Reserve Bank of Boston, the New York Department of Motor Vehicles and newly-added risk management and compliance vendor IdentityMind Global – are any business that requires remote proof of identity for a variety of reasons, including account creation, age verification, financial transactions and fraud detection. Launched in July 2015 with a $4 million seed round, the startup was founded by GasBuddy CEO and former PayPal executive Walt Doyle, Cava Capital managing partner Bob Geiman and Delfigo Security founder Ralph Rodriguez. Tom Wheeler, the former chairman of the Federal Communications Commission, joined the company’s advisory board in May.
Boston startup Cybric promises to develop the fastest way yet to find and fix security vulnerabilities. The technology runs continuously in the background, scanning the code for potential weaknesses every time a significant change is made. The company was founded in June 2015 and counts among its four co-founders Ernesto DiGiambattista, Mike Kail and two longtime executives at Waltham’s IT firm Actifio – Andrew Gilman and Sean Walter, who no longer work for the company. In July, the company hired its first VP of marketing.
The company, which officially exited stealth mode in July after being incorporated in April, provides an integrated co-processor that checks every instruction execution to make sure it’s safe and secure. Currently based in Waltham, this hardware company has been incubating at Draper Lab in Cambridge for around two years, where it developed an initial patent portfolio. While Draper will continue to serve government, military and nonprofit customers with its “cyber resilient embedded processor chip,” Dover will focus on selling the new technology to the commercial sector.
Although the company publicly announced itself in July, it can already count on an impressive collection of backers, including the CEOs of some of Massachusetts’s top cybersecurity companies. Threat Stack CEO Brian Ahern, Veracode CEO Bob Brennan, former Imprivata CEO Omar Hussein and Carbon Black CEO Patrick Morley all contributed to the company’s $7 million round. Based on machine learning, the technology provided by Edgewise Networks allows only trusted applications to communicate over pre-approved network paths. “Cybersecurity is a team sport,” Edgewise Networks CEO Harry Sverdlove, former CTO of Carbon Black, said in an interview. “We recognize that there’s not going to be one silver bullet in security.”
Michael Lu and Stephan Williams, two programmers and recent computer science graduates from Georgia Tech, brought their company Flare Technologies to Boston as part of the 2016 class of the Cybersecurity Factory, a summer program for security startups in collaboration with Highland Capital Partners. Flare tracks and analyzes the open source software that a software company brings in and utilizes in its final product. The search for vulnerabilities happens when the software development is still in progress, Lu explained in an interview. “While you’re writing the code, it will check stuff,” Lu said. “That makes things a lot cheaper.” Based in Mission Hill, the company raised a total of $65,000 from Highland Capital Partners, Rough Draft Ventures and Dorm Room Fund.
When I first profiled Krypt.co in May, I tried to explain that a private key is, essentially, the most important ingredient of public key cryptography, a data protection technique based on the combined use of a public and a private key. Thanks to the technology enabled by this MIT-born company, a private key is generated on the smartphone of the developer and never leaves it. In June, Krypt.co announced a $1.2 million seed round led by Rough Draft Ventures/General Catalyst with participation from Slow Ventures, SV Angel and Akamai Labs. In a follow-up interview, co-founder Alex Grinman said they’re working on a team version of their product, which will help the company start making revenue.
Among the family of Israeli cybersecurity startups with an office in Boston, there’s Namogoo Technologies, which closed its $8 million Series A in August. When the round was announced, Namogoo co-founder and CEO Chemi Katz declared to the Boston Business Journal that the Boston employee base is going to “expand rapidly in the coming year.” The company, which focuses on detecting and blocking malware in the ecommerce space, currently has six employees based in Boston and a second U.S. office in San Francisco.
The idea powering this startup is that simplifying encryption will result in more and more people using it. Based on this premise, the company offers an email service that allows professionals with no tech knowledge to send secure, encrypted emails. Co-founders are Randy Battat and Sanjeev Verma, who were former executives at Motorola and Apple, respectively. In an interview, PreVeil CEO Randy Battat said that the company is working on an encrypted file sharing application that should be publicly available in one to two months.
Emerged from stealth mode in 2016, this Westford cybersecurity startup is working on a threat management platform that promises to visualize, detect and eliminate cyber attacks in real time. Founded in 2014, the company took a $800,000 investment from Japan-based Information Development Co. in July, according to the Boston Business Journal, and it currently employs around 20 people in its Westford office, plus another 30 or so in India.
The more computers get powerful, the better chance they have to break the methods of data encryption. Boston-based Whitewood is trying to convince companies to adopt its quantum-safe encryption technology. In January, the U.S. Patent and Trademark awarded the company a patent for its “Quantum Key Management” system, Boston Business Journal reported. In fact, one of the core products of Whitewood is Entropy Engine – a quantum random number generator. In a previous interview, Moulds declared that Whitewood’s core offering is “making perfect randomness in large quantities.”
This is the fourth story in our “Cybersecurity in Boston” series, which is running several stories on cybersecurity the week of September 25.