Awake Security, a cybersecurity platform that analyzes network traffic to identify and assess internal and external threats, has raised $36 million in a series C round of funding led by Evolution Equity Partners.
The fresh cash injection comes amid a heightened threat landscape, with cybersecurity officials warning that state-backed hackers and online criminals are taking advantage of the COVID-19 crisis which has led millions more people to work from home — often using their own devices on insecure networks.
Prior to now, Awake Security had raised around $44 million, and with its latest investment — which included participation from Greylock Partners, Energize Ventures, Liberty Global Ventures, and Bain Capital Ventures — the company said that it will invest heavily in areas such as R&D, sales, and marketing.
Founded in 2014, Awake Security’s platform gives companies visibility into all the devices, users, and applications across its network, leaning on machine learning to spot anomalous behaviors based on historical activities. Its “sensors” can be placed anywhere on a network, but usually at the main “chokepoints” leading to and from servers, gateways, and so on.
Awake Security identifies all the devices on a network, and can even spot what type of device is connected, be it a phone, tablet, games console, security camera, or medical device — then it looks for anomalies in behaviors rather than searching for “signatures” of known threats.
“We live in an environment where attacks increasingly manifest as insider threats, even if the insider is simply an innocent conduit for external attackers,” Awake Security CEO Rahul Kashyap told VentureBeat. “Stolen insider credentials are far more effective than malware for the attacker. These threats cannot be discovered through the use of signatures, or even some of the early approaches to AI-based security that rely on unsupervised machine learning.”
One of the major arguments against platforms that use purely unsupervised machine learning is that they can lead to a deluge of alerts, many of which are false positives — this is impossible for human security personnel to manage, and it may also distract them from real critical security threats. Thus, Awake Security adopts a hybrid approach combining unsupervised, supervised, and federated machine learning — that is, a distributed learning approach that can train models using decentralized data.
Awake’s core selling point is that it can automatically detect and interpret “malicious intent” that may be hidden inside normal, day-to-day business activities, without throwing myriad alerts at security teams.
“This autonomous detection, investigation, and response all through a single, streamlined user experience, eliminates the need for human analysts to painstakingly pull this information together,” Kashyap added.
Not all suspicious behavior is necessarily malicious. An employee who logs on to a network from a remote location won’t necessarily trigger an alert in itself, as this could just mean that the individual is working from home or some other remote location. Instead, Awake looks at indicators such as whether the device connects to a specific database for the first time, or tries to connect to other devices in the network. Moreover, if similar anomalies are spotted on other devices in the network, this could be a sign that there has been a widespread compromise — or it could just mean that a company’s workforce is adapting to new policies or procedures that have been implemented.
To figure out what is actually going on, the Awake platform contacts Ava, which the company touts as a “security expert” that can deliver and triage actionable incidents rather than issuing alerts — this includes an incident report that helps security teams drill down into the nuts and bolts of the problem.
Additionally, Awake doesn’t just accept existing network activities as “normal” behavior. It can take a holistic look across multiple devices of a similar type, to see whether any of them are doing something the others aren’t — so if a single security camera has been connecting to a different network, this could still be flagged even if it was happening before Awake arrived on the scene. Indeed, this is exactly what happened with one of its customers, which learned that a contractor was using surveillance cameras to spy on colleagues in “sensitive locations.”
Although Awake Security wasn’t built specifically for a remote workforce, the current COVID-19 crisis could be a boon for platforms which promise to keep companies safe when all manner of “unusual activity” will be permeating their networks
“We see an increase in risk stemming from a few different sources,” Kashyap said. “Firstly, as more workers are remote, their home networks and devices are not always the most secure. This rapid move to work-from-home has also caused a significant change in network behaviors. For instance, we see a dramatic increase in the use of shadow IT tools [technology used by workers without knowledge of their company] such as file-sharing services and remote access software that are not part of the approved IT list.”
Combined with an evolving attack landscape which has seen cyber criminals double down on their phishing and malware efforts, this could spell trouble for companies that are not well set up for remote working. But the shift to remote-working could also lead to a “new normal,” which may present challenges for existing automated security tools that rely on a traditional enterprise network to baseline “normal” activity.
“Any assumptions from, let’s say, a month ago are completely invalid and any approaches to security that rely on those assumptions will see a dramatic impact in their efficacy,” Kashyap continued. “What might be worse is that as these devices are gradually reintroduced to the corporate network, malicious behavior picked up on an insecure home network will become the post-reintroduction baseline. This could result in anomalous activity not being flagged, and instead being ingrained in AI-based anomaly detection solutions as normal activity.”
In other words, home-working could wreak havoc with some threat detection tools that rely on machine learning.
The cybersecurity skills shortage is well documented, and the gap is seemingly growing. A cybersecurity workforce study last year found that while 2.8 million people currently work in cybersecurity roles, an additional 4 million were needed — a third more than the previous year.
As companies battle an arsenal of external and internal threats, AI and machine learning will play an increasingly prominent role in plugging that workforce gap. This has been evidenced across the investment landscape in recent years, long before COVID-19 came alone. U.K.-based AI cybersecurity company Darktrace, which operates in a similar space to Awake Security, has raised north of $230 million and is now valued at $1.7 billion. Elsewhere, BlackBerry doled out $1.4 billion back in 2019 for endpoint security platform Cylance, where Kashyap served as chief technology officer before jumping ship for Awake Security in 2018.
However, the speed at which companies embrace remote-working once the COVID-19 crisis passes might not only increase the demand for automated security tools, but it may also go some way toward addressing the skills gap if companies are more willing to hire from a widely distributed workforce.
“As more security teams become comfortable with themselves being remote, the focus will be on talent irrespective of where the individuals live,” Kashyap said. “This is something tech in general has already embraced, but security perhaps has been a little old-fashioned.”
Sign up for Funding Weekly to start your week with VB’s top funding stories.