I am excited to announce ValiMail’s emergence from stealth mode as the world’s first Email Authentication as a Service (EaaS). We co-led ValiMail’s seed round late in 2015 alongside our friends at Bloomberg Beta.
Valimail, with headquarters in San Francisco, is doing something that has never been done before: authenticate the world’s email. If successful, the result will be the elimination of phishing attacks, much higher deliverability rates, and a restoration of consumer’s trust in email. ValiMail offers CIOs and CISOs the visibility and control they need for their ever-expanding sets of cloud services.They are off to a great start, with leaders in their industries such as Uber, HBO and Fenwick & West relying on ValiMail to authenticate all of their email to the tune of 1.5B+ emails/month.
I was introduced to Alex (ValiMail’s CEO) last summer through a good friend who’s been a successful entrepreneur in the Internet infrastructure business. We had an intense courtship, because it was late in their process, but I LOVED the idea and was immediately won over by the team’s background, progress, and momentum. We discovered that Alex had previously worked at BCG with our very own Jeff Bussgang years ago, which made it easy for both parties to get acquainted. Before we invested, we introduced customers and prospects to test out ValiMail’s solution, and received incredibly positive responses in how ValiMail fought off phishing attacks. We turned on ValiMail for Flybridge.com and also saw immediate success in stopping attacks, with 16,000 suspicious emails blocked in the first month alone.
How is ValiMail solving this problem?
Many companies utilize a legacy technology know as Secure Email Gateways (SEGs). SEGs have been used for many years as protection against simple phishing attacks, scanning content to try and identify fraudulent and spam emails, bad URLs, malware and other untrustworthy attachments. SEGs do a decent job of filtering out bad incoming emails with known tactics, but they fail to stop complex attacks that appear, for all intents and purposes, to be legitimate – otherwise known as impersonation attacks (W2, wire-fraud, or CEO to CFO attacks, are recent examples). These are the REALLY bad hacks, the phishing that you read about in the news, the phishing that can destroy a company.
Email authentication (EA) has the potential to be the most efficient approach to anti-phishing. It does not attempt to analyze an email and determine whether or not its contents are “bad.” Instead, it does one better. It protects your domain, or your brand, considering your domain is your brand these days. ValiMail’s software not only stops phishing attacks, but also provides visibility and control over your company’s email services. This has become a critical issue for CIOs as companies sign up for services that send emails on their behalf – think Salesforce, Marketo, Zendesk, etc. In fact, most companies have dozens of cloud services in place, yet the CIO/CISO has nearly zero visibility nor control, leading to major security and operational concerns. And all of this happens automatically. Before a user can even open an email, ValiMail verifies if it is from a legitimate entity or an imposter. If the email is not true to its original source, it is automatically rejected and filtered out before you have the chance to see it. Gmail, Hotmail, Office 365, AOL, and Yahoo!, all support EA.
How does ValiMail work?
ValiMail is the only company to offer fully-managed email authentication as a cloud service. It requires a simple one-time update to a configuration record, then ValiMail handles all email authentication for the client. No manual configuration or maintenance is required by customers. Once activated, ValiMail will dynamically authenticate any email claiming to be you globally, providing real-time instructions to the email receiver on how to process your email, rejecting the unauthenticated email and letting the legitimate email through. This results in a global “shield” protecting your employees, brand, and consumers, while requiring no software installation or change in user behavior. If desired, customers can be alerted when an attack is detected, and view the details on their ValiMail dashboard.
We truly believe in ValiMail co-founders Alexander Garcia-Tobar and Peter Goldstein. Alexander, ValiMail’s CEO, was previously the VP of Business Development at Agari, a SaaS solution for email security used by the some of the largest banks and brands in the world. Earlier in his career, he worked at Forrester Research and was VP Global Sales at security company ValiCert, a leading digital certificate authentication vendor, which IPO’d in 2000. Peter, ValiMail’s CTO, was previously in senior development positions at Swapt, Enthuse, Tout.com, RSA, and is responsible for creating ValiMail’s patent-pending technology. Both Alexander and Peter have the experience and knowledge in email security to build and grow this groundbreaking company.
The market for email authentication is basically limitless; virtually every business on the planet needs ValiMail to ensure visibility, control, and anti-phishing protection for their growing set of cloud-based email services. Despite it’s age, e-mail continues to grow 6% annually. In 2015, e-commerce attributed to approximately $1.7 billion in sales worldwide. Account information and purchase confirmations are shared over email every day. Your identity, money, and business is at risk—but not for long. Though only a seed stage startup, ValiMail currently protects more than 2.7 billion inboxes for over a dozen clients.
ValiMail’s website provides a free service to check the current authentication status of any domain, allowing potential customers to discover the safety of their domain. You can check your domain here.
I’m looking forward to helping Alex and Peter as they scale ValiMail, bring trust to email, and help put an end to phishing once and for all.
BTW – ValiMail fits with my Control Plane investment thesis. More to follow on this in an upcoming blog post ….
My post a couple of days ago was an excerpt from a longer white paper I wrote on the state of the tech startup ecosystem in NYC. In order to conserve space and not make it TL;DR I eliminated some sections, including some more in-depth analysis of the startup funding scene and an exploration about NYC’s X-factor, our community. For this of you more interested in seeing the full monty, I am including links to download the white paper and a presentation based on it.
The full white paper can be found here: NYC is the Next Venture Capitol WHITE PAPER 3-14
The presentation can be found here: http://www.slideshare.net/dbaronoff/nyc-is-the-next-venture-capitol-presentation-3-14
I’d love to hear your thoughts!
This post is not about comparing Silicon Valley to NYC. That’s tired. Silicon Valley is the gold standard and there is no “next Silicon Valley.” What this post is about is how NYC has become a unique place to build multi billion-dollar startups. First, to frame the evaluation, it’s important to get the prevailing criticisms of the NY tech scene on the table:
- We lack talent, particularly technical resources.
- It is just too expensive to live and to build a startup in New York City.
- Seed rounds are easy to get funded in NY, but follow-on rounds are difficult.
- We’re deficient in terms of big exits and content to sell companies early.
- And finally, NYC is strong in traditional sectors like AdTech, FinTech, Fashion or Media, and nothing else.
While at one point there may have been truth to each of these points, they are simply no longer accurate. To address these topics in some detail, we’ve constructed the following graphic as a summary of the “state” of NYC’s startup ecosystem and why we conclude the city is on the rise as an important venture capital center: When you consider the growth of New York as a funding target for venture firms, it’s worth noting that the city has emerged as number 2 or 3 in the US – but more importantly, we’re the fastest growing region over the past decade for financings.
- More than $13.5B in venture financings in more than 2,700 transactions.
- More than 800 M&A transactions, including solid exits between $50M and $1B in the past two years. Notable companies include Admeld, Buddy Media, indeed, MakerBot, tumblr, among many others.
- Critically, we’re seeing the surge of very strong companies toward IPO in the $B+ range, such as AppNexus, mongdoDB and ZocDoc.
- NYC accounted for 7 or 9.3% of the total number of US VC-backed IPOs for 2013. Additionally, Shutterstock, the most the successful of 2013 NYC tech IPOs was not VC-backed, stands with a market cap of nearly $2.7b.
Sectors It is certainly true we have stars in what are considered NYC’s traditional sectors like Fashion and FinTech. But not as heralded are the world class companies emerging in more tech-heavy sectors such as Hardware and Enterprise Tech – not thought to be NY’s strength. Of note is that 27 of the Business Insider Digital 100 are NY companies.
- our community continues to demonstrate its special nature of support and collaboration, paying it forward to create new generations of founders,
- the focus of capital remains trained on our startups as a top three recipient of financings in the US, and
- most importantly, our terrific cohort of leading tech companies racing toward escape velocity, produces billion-dollar, thriving public companies.
** Many thanks to the inSITE Fellows Program and fellows Zak Schwarzman, Patrick Chang and David Lerman for helping to pull together data analysis for this article
1. Partnership for NYC
2. Building a Digital City: The Growth and Impact of New York City’s Tech/Information Center, p. 2
3. LinkedIn Research, Dec 2013
4. Startup Ecosytem Report Part 1, p. 35
5. H1 Base
6. Angel List Research, Jan 2014
8. NYEDC, p 4 Economic Research and Analysis, Tech Trends August 2013
9. NYC TechCity, p. 1
10. Meetup.com Research, Dec 2013
11. Meetup.com Research, Dec 2013
12. NY Tech Meetup Research, Dec 2013
13. Promoting Entrepreneurship in NYC, NYEDC p2
14. Mark Birch Research
15. Mark Birch Research
16. AON / Partnership for New York, p. 11
17. US News & World Report
18. AON / Partnership for New York, p. 11
19. Partnership for New York City, NYC Jobs Blueprint, p. 25
20. Academy for Software Engineering Bronx Academy for Software Engineering
21. The Computer Science Education Foundation of New York City 22. WNYC 23. NYC Real Estate Broker’s estimates, Jan 2014
24. Partnership for New York City, NYC Jobs Blueprint, p. 13
25. NYC TechCity, p. 8
26. NY VC Almanac, p. 7
27. The Atlantic / Martin Prosperity Institute
28. National Low Income Housing Coalition Report, March 2012 http://nlihc.org/sites/default/files/oor/2012-OOR.pdf
29. The Atlantic / Martin Prosperity Institute Updated with 2012 Data
30. NY VC Almanac, p. 7
31. PWC / NVCA Moneytree Report Feb 2014, data from Thomson Reuters
32. Wilmer Hale Research, Feb 2014.
33. PWC / NVCA Moneytree Report Feb 2014, data from Thomson Reuters
34. Thompson One
Education is very important to me and my family; My mother was a public school teacher for 50 years, my father Chairman of my town’s school board and I continue to serve on three charitable boards related to education – Lyndon Institute (my old high-school), The Rashi School (where our children attended) and the University of Vermont Foundation Leadership Council (my alma mater). My wife Jessica and I are convinced there’s no way have a greater impact on the future than finding ways to energize children and young adults through innovative education. And like many issues plaguing our society, the cost of education continues to grow exponentially and our public schools keep falling behind.
This is why we jumped at the chance to support a totally new and inspiring effort led by Fred and Joanne Wilson and my dear friend Evan Korth as they create a $5m seed fund to invest in computer science education in the NYC public school system called the . Fred discussed this amazing development last night at the NY Tech Meetup or CSNYC. CSNYC will be a great prototype for expansion across the country going forward. With skilled jobs demanding a strong technical orientation, an early and thoughtful education in computer science will help make our kids more excited about learning and ultimately our cities more competitive – which should create a virtuous cycle of revival.
As Brad Feld wrote yesterday, this is a prime example of how the community can step in to fill holes that government funding just can’t. If this is interesting to you, Joanne, Fred, and Evan are hosting an event at USV on Monday, November 18, 2013 for 6pm to 8pm for those who can consider making investments of $5,000 and above due to space constraints. Separately, there is a Crowdrise campaign to allow donations of between $50 and $4,999 for those who can’t participate at these levels.
If this is an important area to you, I encourage you to support this visionary effort. If you are willing to consider contributing at the $5,000 or greater level and can attend the event at USV on Monday, November 18th, register here. I will be attending and look forward to seeing you!
I’ve been an information security junkie since grad school at USC in 1987-88, when I studied under two of the most forward-thinking researchers on the topic, Dr. Len Adelman (the “A” in RSA) and Dr. Deborah Estrin (now at NYC Cornell Tech). Obsessed with what the future might hold for security on the Internet, I continued my focus as I left the operational world to join the venture capital industry, and was fortunate to work with great companies – some like Internet Security Systems, which nailed timing and execution, and others ahead of their time, like Mazu Networks, which pioneered DDOS detection and prevention.
Having seen the swarm of InfoSec startups that grew too vast too quickly at the end of the last century, I watched but did not invest in the sector after 2002, because I was concerned it was oversaturated. I was looking for something radically different and it took almost a decade to find it.
A little over two years ago, I made a seed investment in a stealth security startup based in Boston called BitSight. Founded by two MIT Sloan classmates, Stephen Boyer and Nagarjuna Venna, they sought to change the way information security was provided to meet the gathering storm of open cloud services, the expanding universe of data integration among businesses and the increasing sophistication of cyber criminals. They believed they could transform how companies manage information security risk with objective, evidence-based security ratings.
After two years under a cloak of secrecy, BitSight is launching today, with the announcement of their first service, Partner SecurityRating, which helps solve the problem of risk management among businesses that share data over the Internet – which is obviously most businesses these days.
Companies have hundreds or more business partners with which they share sensitive data via various feeds and APIs. These companies are at risk of this important data being exposed via a breach on a partner network for which they have no control or insight. Prior to BitSight, the best they could do were periodic manual audits of their partners, based on intrusive methods such as interviews, questionnaires and on-premise penetration testing. BitSight quantifies security risk and helps them mitigate by providing continuous monitoring, ratings and alerts on the security effectiveness of partner networks. Similar to consumer credit scores, BitSight ratings are objective, automated and derived completely from externally available data – requiring no invasive acts. For the first time, security professionals and risk managers can get the insight they need to make proactive, data driven decisions to manage third-party security risk. This was a big idea more than two years ago, and since inception the team has developed its proprietary algorithms and service in concert with several leading customers.
While BitSight is the first company to harness the power of big data insights via a cloud service to attack information security problems, the core reason we invested was because of the team. Stephen and Nagarjuna have recruited an amazing ensemble, starting with their CEO, Shaun McConnon. I first met Shaun in 1996 when he was the founding CEO of Raptor Systems, one of the first firewall companies, which he led to a successful IPO and even more successful acquisition. Shaun then went on to build two other successful InfoSec startups, Okena – acquired by Cisco and Q1 Labs – acquired by IBM. I was fortunate to recruit Shaun to serve on a board with me, and thrilled that he saw such promise in BitSight that he asked to join as our CEO. This core team has added executives, researchers and developers possessing a rare combination of deep, successful InfoSec experience with advanced algorithms and data science expertise. I think this mixture gives BitSight a great edge in taking on the challenge of ever-increasing security risk in a cloud-centric world.
I think we’re at an inflection point for infrastructure to support the next generation of Internet services. The move to cloud-based topologies with compound architectures built from multiple vendors as well as mobile-first solutions means that legacy solutions for InfoSec just won’t work. When you retain responsibility for security integrity, but no longer own your infrastructure – instead renting it dynamically from disparate vendors, you cannot use traditional premise-based devices and software to protect your business. There simply is no “premise” any longer on which to install them, and with servers, connections and underlying components dynamically changing, approaches need to change. Security services need to match these new architectures and BitSight is among a handful of early leaders delivering cloud-based security services. I am convinced this approach will provide the next great opportunity to build very large, successful InfoSec businesses.
We are delighted to be investors in BitSight and look forward to the excitement to come.
Quick post – more to follow
Cisco announced today its intent to acquire JouleX – we’re very excited for Tom Noonan, Rene Seeber, Josef Brunner, Tim McCormick and the entire team. The press release is below –
Cisco Announces Intent to Acquire JouleX
Acquisition Enhances Cisco’s Software-as-a-Service Offerings with Energy Management for Enterprise Networks and Data Center Infrastructures
SAN JOSE, Calif. – May 29, 2013 – Cisco today announced its intent to acquire privately held JouleX, a leader in enterprise IT energy management for network-attached and data center assets. JouleX, with headquarters in Atlanta, GA, complements Cisco’s existing services portfolio by using the capabilities of the network to gain visibility into and control energy usage across global IT environments.
As the need for improved energy management increases, global companies are faced with a new set of energy-related challenges. Increasingly enterprises are focusing on network and IT energy efficiency and are seeking solutions to control energy consumption across their campuses and data centers. JouleX provides software for networked devices for enterprise and data center energy management, analytics, policy governance and compliance.
JouleX’s energy management solution, together with Cisco EnergyWise™, will provide customers with a simple way to measure, monitor and manage energy usage for network and IT systems across the enterprise, without the use of device-side agents, hardware meters or network configurations. JouleX’s software helps to reduce energy costs by monitoring, analyzing and managing energy usage of all network-connected devices and systems through a set of policies derived through analytics tailored for an enterprise’s needs.
“JouleX’s technology will strengthen Cisco Services’ Smart Offerings and complements our evolving services strategy. It extends our ‘Internet of Things’ capabilities and is a good alignment to Cisco EnergyWise,” said Faiyaz Shahpurwala, senior vice president, Industry Solutions. “With network-enabled devices increasing exponentially, our partners and customers are asking for this solution today to operationalize their energy management capabilities in the network and reduce cost. JouleX’s cloud-enabled, agent-less architecture will allow our partners and customers to quickly deploy this solution at scale in addressing their IT energy management needs.”
The acquisition of JouleX exemplifies Cisco’s innovation framework and supports Cisco’s five foundational priorities by enhancing our software and service offering across all customer segments and advancing our business and technology architecture. The JouleX acquisition is aligned to Cisco’s goals of developing and delivering innovative energy management solutions that streamline data and work flow across a unified network.
JouleX was founded in Munich and currently has research and development operations in Kassel, Germany. Upon completion of the acquisition, JouleX employees will be integrated into the Connected Energy Solutions team within Cisco’s Industry Solutions Group, reporting to David Goddard, vice president and general manager. Under the terms of the agreement, Cisco will pay approximately $107 million in cash and retention-based incentives in exchange for all shares of JouleX. The acquisition of JouleX is expected to be complete in the fourth quarter of fiscal year 2013, subject to customary closing conditions.
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.
I think I am a very positive person. Having grown up in rural Vermont, my wife often times describes me as an “optimistic farm boy.” I love innovation, truly believe in the goodness of people and that the future will be better. So, why is it that I chose a profession that forces me to say “No” most of the time and moreover, encourages me to give critical feedback to energetic entrepreneurs that often verges on crapping all over their innovative ideas?
Few VCs would describe one of their main responsibilities as saying “No,” but in reality it is.In 2012 I reckon I officially said “No” to entrepreneurs about 99.8% of the time that they asked me for money (according to our internal deal log). And this doesn’t count the times at conferences, weddings, bar mitzvahs, soccer games and yes, sadly, even funerals, that I received informal pitches and wafted an air-biscuit of rejection in the idea’s general direction. I don’t want anyone to lament for me; as I know I have one of the best jobs on the planet, because everyday I get to meet with amazing people who seek to change the world, and I get to listen to their stories and plans. So in saying “No” so often, I want to make sure I say it well.
I think there are two critical elements to saying “No” well, while doing my job well:
- Being right most of the time when I say it, and more importantly when I don’t;
- Saying it in such a way that I show the respect due the receiving party.
First the easy part. As far as “No’s” go, it’s been a while since I looked at my own antiportfolio, but suffice it to say I have made some spectacular mistakes in “No’s” over the years. For the sake of illustration, I’d probably bookend my career at this point with Akamai and MakerBot as chief blunders. Saying “Yes” is harder than saying “No,” and for sure I have made a few mistakes on this dimension. (I’ll spare the details). Ultimately, Venture Capital is a game of numbers, and a VC’s performance – the right “No’s” and right “Yes’s” – needs to solve positively, or a VC no longer gets money to invest.
In part no doubt due to natural conflict aversion, the harder part for VCs appears to be saying “No” in a way that shows respect to an entrepreneur. The old way in VC was to never really say “No” at all, for fear of the repercussions: the entrepreneurs would become successful and hold the “No” against you in the future, or would tell their friends bad things about you. While I am sure there are many others, I have noticed two common strategies for delivering the “Soft No”:
- “the phone-tag game” – never actually connecting to deliver the news,
- “Dorothy and the Wizard of Oz” – creating a set of unattainable milestones only after which we’ll fund you,
What ever the meme, many VCs seem to do everything possible to avoid giving entrepreneurs the real reasons they’re turning them down. The rationale I have heard most often is that this avoids getting into a prolonged argument with the entrepreneur that could deteriorate and leave really hard feelings. I think this is baloney.
Personally, I feel that any entrepreneur who has the guts to present their idea out loud, whether primordial or well-formed, is taking the ultimate risk in putting themselves out there and deserves open feedback . I strive to respond to every single business idea pitched to me – with honest reasons for saying “No” if that’s the outcome. The feedback varies from the very light (“not a sector in which I am interested), to much more in-depth and specific to the particular business. It gets trickier when we pass on an investment because of unambiguous and confirmed negative feedback on personnel, as it is generally given under guarantee of non-attribution. Providing meaningful feedback without betraying confidential sources is quite difficult, especially if one doesn’t really know the entrepreneur well.
No one likes getting turned down.