The recent cyberattacks on Target, Sony, Anthem, eBay, JPMorgan and Home Depot all share a common trait: They overpowered the very technology designed to stop them. Same situation with the 2014 Heartbleed bug, a major security vulnerability that left numerous websites open to data theft.
Data breaches are a systemic problem, and now a father-son startup—backed by venture firm heavyweight Andreessen Horowitz—is hoping to change the cybersecurity paradigm.
Andreessen Horowitz has poured $142 million, including a $52 million investment announced earlier Tuesday, in Tanium, a Berkeley, California-based creation of David and Orion Hindawi. The venture firm values the little-known startup at around $1.75 billion.
Tanium’s strategy is simple. Companies broadly can’t build walls high enough to shield themselves from attacks. But businesses can dramatically reduce the damage bad guys can inflict once they’ve hurdled the virtual barriers.
“The best they can do is find out the attackers have come in as quickly as possible and prevent them from reaching the crown jewels of the organization,” said Tanium Chief Technical Officer Orion Hindawi, who founded the company with his dad, David, in 2007. With the old stuff, “you’re playing a game of whack-a-mole. You’re chasing somebody but you’re always three days behind.”
Tanium, which sells to half the Fortune 100 companies, has introduced new products and features, such as integrating more third-party tools to improve threat detection. Another addition is an incident response tool to help companies “hunt, contain and neutralize attacks at any scale in seconds.”
For Andreessen Horowitz, which has backed Bay Area high fliers such as Airbnb, Box, Instacart, Jawbone, Pinterest and Slack, Tanium is right up there with its biggest investments. The Menlo Park, California-based firm put in $90 million in May, Tanium’s first-ever funding round.
Steven Sinofsky, former president of Microsoft’s Windows division, led the investment for Andreessen. What got him so excited?
Large enterprises have been adding web-connected devices to their network much more rapidly than security systems have been evolving.
Information technology managers have no way of keeping track of all the various desktops, laptops, servers, printers, routers, phones and virtual machines within a network. And all of those devices serve as giant on-ramps for hackers to reach sensitive data.
High-profile data hacks also are getting more expensive to clean up. The average annual cost of a cybercrime in the U.S. last year was $12.7 million, up 96 percent from five years earlier, according to a report from the Ponemon Institute. While global spending on cybersecurity software topped $70 billion last year, existing technologies are designed to keep attackers out rather than squash them once they arrive.
And no matter how sophisticated the defense mechanisms, the breaches keep coming.
Tanium’s systems management tools and services are designed to get to work once barriers have been breached. After the cyberthieves have entered a network, the technology enables IT departments to quickly spot abnormalities and attack right away.
The Hindawis spent five years quietly building the technology without any outside funding before bringing it to market in 2012.
“The product is remarkable,” said investor Sinofsky, who worked at Microsoft from 1989 to 2012. “The moment they showed it to us was this breakthrough moment.”
It’s been a breakthrough for businesses, as well, with most of the banks, large retailers and federal institutions that Tanium counts as customers spending millions of dollars a year on their technology.
This is not the Hindawis’ first go-round in security. They started their previous company, BigFix, in 1997 to help businesses protect their networks and devices. IBM acquired BigFix in 2010 for about $400 million.
The younger Hindawi said he and his dad built Tanium because businesses, even back in 2007, were asking them to solve problems that existing technology couldn’t handle. While new security companies such as FireEye, Palo Alto Networks and Palantir were emerging to deal with increasingly sophisticated threats, they still were focused on protecting the network, not managing systems and devices, Hindawi said.
In fact, when asked about the competitive landscape, Hindawi said the only other companies he sees addressing the real problems are Google and Facebook, which have built the most sophisticated computing infrastructure on the planet.
“If somebody is going to fix this and it’s not us, it’s going to be a Google or a Facebook,” he said. “You really have to have the guts to say we’re going to throw away the whole road map, the whole template, and start over.”
Image credit: CC by Don Hankins