Technology

Security breaches are a disaster for corporate companies, but good news if you&re someone whooffers preventative solutions. Today in 2018, wide-ranging attacks on the likes of Equifax, Sony Pictures and Target have only added value to those charged with safeguarding companies.

Balbix, one such solutions provider, has pulled in a $20 million Series B to grow its business and try to prevent high-profile cybersecurity disasters using a predictive model of measuring and assessing threats.

The round is led bySingtel Innov8, the corporate fund of Singapore telco Singtel which owns Trustwave and is active in the security space,and Mubadala Ventures, theAbu Dhabi firm thatwell known forbackingSoftBank$100 billion Vision Fund. Existing Balbix investor Mayfield Fund also took part alongside angels including ex-Cisco CEO John Chambers, former Cisco EVPPankaj Patel andentrepreneurs BV Jagadeesh and Gary Gauba.

Balbix raised$8.6 million a year ago when it came out of stealth although the company was first founded 2.5 years ago by CEO Gaurav Banga (photographed above), who was a founder of Bromium, a fellow security company that has raised over $115 million from investors.

This time around with Balbix, Banga is turning predictive. The companyplatform uses a combination of smarts like artificial intelligence and machine learning to essentially map out all potential vulnerabilities within an organization. That could range from varying operating system version numbers to weak employee passwords, one employeepoorly-secured laptop and beyond. The Balbix system plugs into existing operational security products to offer reactive responses andto create a real-time view of an organizationsecurity health and any weaknesses.

&Atenterprise scale, keeping everything up to snuff is very hard,& CEO Gauba told TechCrunch in an interview. &Most organizations have little visibility into attack surfaces, the right decisions aren&t made and projects aren&t secured.&

&We started this company so that we could use cutting-edge machine learning algorithms to automatically and comprehensively measure the security and attack surface, and to produce relevant insights for all stakeholders,& he added. &You look at the numbers and you could easily have hundreds of millions or tens of billions of data points to watch forvulnerabilities — you have to make sure they are ok.&

The timing certainly seems opportune, with data breaches seemingly in the headlines on a regular basis. In particular, in the case of Equifax, the implications of the attack went to the C-level management and boardroom.

&2017 was special,&Gauba said. &Ask any CIO, CEO, or board member of a public company and that was the year that everyone woke up [and]figured their careers were at risk. Itshould have happened before but it took he Equifax breach…they realized this thing is real and it can have a career-altering impact on their work and personal life.&

&The CSO was always the fall guy before, but now it can go all the way up,& he added. &One of our challenges we face now is how do you answer a board member or CEOquestions on security. For us, the answer is simple:if you can&t measure something then you can&t improve it,the right decisions are based on data so go ahead and find that data.&

Unlike other solutions, Balbix doesn&t charge security companies by the event — aka attacks — so it remains invested in preventing those kinds of scenarios from happening.

For this round,Gauba said that the company was focused on raising &smart money& that goes beyond simply providing capital to offer strategic value, too. The company does have international reach in terms of customers — which include bothenterprise customers and global managed security service providers (MSSP) — and sales but for now its only office is San Jose.

Internationalization is certainly an area where Singtel Innov8 andMubadala Ventures — located in Southeast Asia and the Middle East, respectively — can lend a hand, and the company itself is weighing up international offices.

The rapid pace of technology innovation and applications in recent decades — you could argue that just about every kind of business is a &tech& business these days — has spawned a sea of tech startups and larger businesses that are focused on serving that market, and equally demanding consumers, on a daily basis. Today, a venture capital firm in the UK is announcing a fund aimed at helping to grow the technologies that will underpin a lot of those daily applications.

Cambridge-based IQ Capital is raising £125 million ($165 million) that it will use specifically to back UK startups that are building &deep tech& — the layer of research and development, and potentially commercialised technology, that is considered foundational to how a lot of technology will work in the years and decades to come. So far, some £92 million has been secured, and partner Kerry Baldwin said that the rest is coming &without question& — pointing to strong demand.

There was a time when it was more challenging to raise money for very early stage companies working at the cusp of new technologies, even more so in smaller tech ecosystems like the UK&s. AsEd Stacey, another partner in the firm acknowledges, there is often a very high risk of failure at even more stages of the process, with the tech in some cases not even fully developed, let alone rolled out to see what kind of commercial interest there might be in the product.

However, there has been a clear shift in the last several years.

There a lot more money floating around in tech these days — so much so that itcreated a stronger demand for projects to invest in. (Another consequence of that is that when you do get a promising startup, funds are potentially giving them hundreds of millions and causing other disruptions in how they grow and exit, which is another story…)

And while there are definitely a lot of startups out there in the world today, a lot of them are what you might describe as &me too&, or at least making something that is easily replicated by another startup, making the returns and the wins harder to find among them.

A new focus that we are seeing on &deep tech& is a consequence of both of those trends.

&The low-hanging fruit has been discovered… Shallow tech is a solved problem,& Stacey said, in reference to areas like the basics of e-commerce services and mobile apps. &These are easy to build with open source components, for example. Itshallow when it can be copied very quickly.&

In contrast, deep tech is &by definition is something that can&t easily be copied,& he continued. &The underlying algorithm is deep, with computational complexity.&

But the challenges run deep in deep tech: not only might a product or technology never come together, or find a customer, but it might face problems scaling if it does take off. IQ Capitalfocus on deep tech is coupled with the company trying to determine which ideas will scale, not just work or find a customer. As we see more deep tech companies emerging and growing, I&m guessing scalability will become an ever more prominent factor in deciding whether a startup gets backing.

IQ Capitalinvestments to date span areas like security (Privitar), marketing tech (Grapeshot, which was acquired by Oracle earlier this year), AI (such as speech recognition API developer Speechmatics) and biotechnology (Fluidic Analytics, which measures protein concentrations), all areas that will be the focus of this fund, along with IoT and other emerging technologies and gaps in the current market.

IQ Capital is not the only fund starting to focus on deep tech, nor is its portfolio the only range of startups focusing on this (Allegro.AIand deep-learning chipmakerHailo are others, to name just two).

LPs in this latest fund includefamily offices, wealth managers, tech entrepreneurs and CEOs from IQprevious investments, as well as British Business Investments, the commercial arm of the British Business Bank, the firm said.

Twitter has announced a range of actions intended to bolster efforts to fight spam and &malicious automation& (aka bad bots) on its platform — including increased security measures around account verification and sign-up; running a historical audit to catch spammers who signed up when its systems were more lax; and taking a more proactive approach to identifying spam activity to reduce its ability to make an impact.

It says the new steps build on previously announcedmeasures to fight abuse and trolls, andnew policies on hateful conduct and violent extremism.

The companyhas also recently been publicly seekingnew technology and staff to fight spam and abuse.

All of which is attempting to turn around Twitterreputation for being awful at tackling abuse.

&Our focus is increasingly on proactively identifying problematic accounts and behavior rather than waiting until we receive a report,& Twitter&sYoel RothandDel Harvey write in the latest blog update. &We focus on developing machine learning tools that identify and take action on networks of spammy or automated accounts automatically. This lets us tackle attempts to manipulate conversations on Twitter at scale, across languages and time zones, without relying on reactive reports.&

&Platform manipulation and spam are challenges we continue to face and which continue to evolve, and we&re striving to be more transparent with you about our work,& they add, after giving a progress update on the performance of its anti-spambot systems, saying they picked up more than 9.9M &potentially spammy or automated accounts& per week in May, up from 6.4M in December 2017 and 3.2M in September.

Among the welcome — if VERY long overdue — changes is an incoming requirement for new accounts to confirm either an email address or phone number when they sign up, in order to make it harder for people to register spam accounts.

&This is an important change to defend against people who try to take advantage of our openness,& they write. &We will be working closely with our Trust - Safety Council and other expert NGOs to ensure this change does not hurt someone in a high-risk environment where anonymity is important. Look for this to roll out later this year.&

The company has also been wading into its own inglorious legacy of spam failure by conducting historical audits of some legacy sign-up systems to try to clear bad actors off the platform.

Well, better late than never as they say.

Twitter says italready identified &a large number& of suspected spam accounts as a result of investigating misuse of an old part of its signup flow — saying these are &primarily follow spammers&, i.e. spambots who automatically or bulk followed verified or other high-profile accounts at the point of sign up.

And it says it will be challenging these accounts to prove its ‘spammer& classification wrong.

As a result of this it warns that some users may see a drop in their follow counts.

&When we challenge an account, follows originating from that account are hidden until the account owner passes that challenge.This does not mean accounts appearing to lose followers did anything wrong;they were the targets of spam that we are now cleaning up,& it writes. &We&ve recently been taking more steps to clean up spam and automated activity and close the loopholes they&d exploited, and are working to be more transparent about these kinds of actions.&

&Our goal is to ensure that every account created on Twitter has passed some simple, automatic security checks designed to prevent automated signups. The new protections we&ve developed as a result of this audit have already helped us prevent more than 50,000 spammy signups per day,& it adds.

As part of this shift in approach to reduce the visibility and power of spambots by impacting their ability to bogusly influence genuine users, Twitter has also tweaked how it displays follower and like counts across its platform — saying itnow updating account metrics in &near-real time&.

So it warns users they may notice their accounts metrics changing more regularly.

&But we think this is an important shift in how we display Tweet and account information to ensure that malicious actors aren&t able to artificially boost an accountcredibility permanently by inflating metrics like the number of followers,& it adds — noting also that ittaking additional steps to reduce spammer visibility which it will have more to say about &in the coming weeks&.

Another change Twitter is flagging up now is an expansion of its malicious behavior detection systems. On this it says itautomating some processes where it seessuspicious account activity — such as &exceptionally high-volume tweeting with the same hashtag, or using the same@handlewithout a reply from the account you&re mentioning&.

And while thatclearly great news for anyone who hates high volume spam — and the damage spamming can very evidently do — italso a crying shame ittaken Twitter this longto take these kinds of obvious problems seriously.

Better late than never is pretty cold comfort when you consider the ugly social divisions that malicious entities have fueled by being so freely able to misappropriate the amplification power of social media. Because tech CEOs were essentially asleep at the wheel — and deaf to thewarnings being sounded about their tools for years.

Thereclearly a human cost to platforms prioritizing growth at the expense of wider societal responsibilities, as Facebook has also been realizing of late.

And while both these companies may be trying to clean house now they have no quick fixes for mending rips in the social fabric which were exacerbated as a consequence of the at-scale spreading of fake news and worse enabled by their own platforms.

Though, in March, Twitter CEO Jack Dorsey put out a call for ideas tohelp it capture, measure and evaluate healthy interactions on its platform and the health of public conversations generally — saying:&Ultimately we want to have a measurement of how it affects the broader society and public health, but also individual health, as well.&

So a differently stripped, more civically minded Twitter is seeking to emerge from the bushes.

Twitter users who fall foul of its new automated malicious behavior checks can expect to have to pass some sort of ‘no, actually I am human& test — which it says will &vary in intensity&, giving examples such as a simple reCAPTCHA process, at the lowest friction end, or a slightly more arduous password reset request.

&More complex cases are automatically passed to our team for review,& it adds.

Therealso anappeals processfor users who believe they have been incorrectly IDed by one of the automated spam detection systems — letting them request a case review.

Another welcome if tardy addition: Twitter has added support for stronger two-factor authentication as Twitter users will now be able to use a USB security key (using the U2F open authentication standard) for login verification when signing into Twitter.

It urges users to enable 2FA if they haven&t already, and regularly review third party apps attached to their account to revoke access they no longer wish to grant.

The company finishes by saying it will continue to invest &across the board& to try to tackle spam and malicious automated activity, including by &leveraging machine learning technology and partnerships with third parties& — saying:&These issues are felt around the world, from elections to emergency events and high-profile public conversations. As we have stated in recent announcements, the public health of the conversation on Twitter is a critical metric by which we will measure our success in these areas.&

The results of a Request for Proposals for public health metrics research which Twittercalled for earlier this year will be announced soon, it adds.