Cybersecurity is a hot topic — and for good reason. There’s a hack attempt roughly every 39 seconds, according to a study conducted by the Clark School at the University of Maryland, and the SANS Institute reports that one in five businesses had serious unauthorized access to their cloud environment this past year alone. Breaches are costly, unsurprisingly: In 2020, it’s anticipated that costs stemming from data compromises will exceed $150 million.
That’s all to say that companies like San Jose, California-based Vectra, a provider of AI-powered network detection and response services, are in demand to the tune of $12.7 billion. Case in point? Vectra today announced that it’s closed a $100 million round led by growth equity firm TCV, with participation from existing investors Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures, DAG Ventures, Wipro Ventures, Atlantic Bridge, Ireland Strategic Investment Fund, and Nissho Electronics Corporation.
This latest round brings Vectra’s total raised to over $200 million, which president and CEO Hitesh Sheth said will fuel the company’s global market expansion, research and development efforts, and the growth of its workforce of over 100 people. Perhaps uncoincidentally, the newfound funds come after a year during which annual recurring revenue grew 104% year-over-year.
“The cloud has inherent security blind spots, making it imperative to eliminate cyber-risks as enterprises move their business to the cloud,” said Sheth, a Cisco and Juniper Networks veteran who cofounded Vectra with James Harlacher and noted information security expert and entrepreneur Mark Abene in 2010. “[Our] platform enables them to stop hidden cyberattacks in the cloud. We look forward to partnering with TCV and our existing investors as we continue our rapid growth.”
Vectra’s Cognito platform comprises three components: Cognito Stream, Cognito Detect, and Cognito Recall. Stream sends security-enriched metadata to data lakes (centralized repositories of structured and unstructured data) and security information and event management (SIEM) systems, while Recall stores and investigates threats in this enriched data. Meanwhile, Detect leverages AI and machine learning to quickly reveal and prioritize hidden and unknown attackers.
The metadata, speaking of, is wide-ranging and includes security patterns, precursors, account scores, saved searches, host scores, campaigns, and more. It’s scraped from sensors and custom-developed processing engines deployed across cloud environments, where they record relevant metrics from traffic and ingest DHCP logs and other external signals. Flows are deduplicated and the characteristics of every flow are attributed to a host and recorded, including the ebb and flow, timing, traffic direction, and size of packets.
AI is a fundamental component of Vectra’s product suite, according to Sheth. Proprietary algorithms suss out and alert IT teams to anomalous behavior from compromised devices in network traffic metadata and other sources, ultimately to automate the mitigation of cyberattacks targeting private, on-premises, and public cloud environments.
Specifically, Vectra uses supervised machine learning techniques to train its threat detection models and unsupervised techniques to identify attacks that haven’t been seen previously. An investigative workbench tailor-made for metadata-enriched network data helps admins and team members to derive insights from the models, or search their outputs in less than a second “at scale.”
It’s an ongoing process, said Sheth. Vectra’s data scientists and security researchers build and continually tune “scores” of self-learning AI systems that enrich the metadata with security information, and that isolate key signals. “[If customers] are looking for a real-time answer on what’s going on, the first curated piece of intelligence will come from us,” he told VentureBeat in a previous interview. “Because all the front-end work is automated, all the prioritization is automated.”
Vectra currently counts more than 400 enterprise customers among its customer base, including Ardagh Group, DZ Bank, Texas A&M University, Hydro Ottawa, and recognizable names like Riverbed and Tribune Media Group. About 60% are based in the U.S., with the rest coming in from overseas.
“TCV has an extensive track record of partnering with enterprise security companies, including Rapid7 and Splunk, from growth stage to public,” said TCV general partner and Vectra board member Tim McAdam. “In our research on the category, it became clear to us that Vectra was rapidly gaining momentum with customers by rethinking the way enterprises view both network and cloud security. The Vectra Cognito platform is poised to become requisite in the security infrastructure of multinational enterprises and midsize businesses alike.”