Qadium, a Peter Thiel-backed cybersecurity start-up from San Francisco, has raised a Series B of $40 million, as it expands its product that CEO and ex-CIA analyst Tim Junio claims can index almost every device connected to the public internet in just an hour.
First profiled by Forbes after it came out of stealth last year, Qadium’s platform is akin to a Google Street View for the Internet of Things, helping customers find devices on their network they never knew were there and close off any loopholes that hackers might find a way through. Founded by Junio and colleagues from their days doing cyberwarfare research for the Department of Defense’s research arm, Darpa, the company is now revealing a portion of its customer list, from major government deployments to big names in the private sector. They include a $500,000 contract with the Defense Information Systems Agency (DISA) and a sale to the U.S. Cyber Command, as well as deals with Dell, PayPal, CVS and Capitol One, amongst others.
Investment in the latest round was led by IVP, followed by TPG Growth, New Enterprise Associates (NEA), Thiel’s Founders Fund, Susa Ventures, and some unnamed angels. It takes the company’s total funding up to $66 million, $20 million from a Series A and $6 million from Thiel’s seed round. Thiel, whose previous investments include Palantir and Facebook, is not on the board of the company. Junio wouldn’t give the precise valuation of his company, but said it was in the hundreds of millions.
What Qadium does and doesn’t do
Right now, Qadium can reach every connected device in the IPv4 space — made up of the the millions on millions of IP addresses of web devices. Junio says Qadium isn’t focusing on the IPv6 space, which can contain many more IP addresses and should take over from IPv4, as the latter is running out of numbers to hand to new machines. But currently, the number of connected things in IPv6 is a tiny fraction of what’s on IPv4, says Junio.
That massive-scale scanning (or what Junio prefers to call web-scale sensing) can, thanks to improvements since last year, bring back results every hour, as the company aims to get as close to mapping the whole web in real time as possible. It’s comparable to Shodan, a search tool for connected devices, but turbo charged and closed to the general public, Junio’s previously said.
The ultimate aim of the service is to help companies determine if there are vulnerable devices on their network that could be exploited by malicious hackers, who could then pivot and compromise the whole organization. Customers are presented with a map to show what their network looks like, while custom notifications lets them decide what warnings they want about changes to their systems. Junio is particularly proud that none of his customers were infected with WannaCry, the ransomware that took advantage of vulnerabilities from NSA-leaked cyberweapons to spread across world. “We’ve had really good success with the latest internet-scale exploits,” Junio said.
Most of the $1 million up contracts are with government, Junio noted. Though such technology, which can cost anywhere from $250,000 to $1 million per year, could prove powerful for governments trying to find out what vulnerable devices are sitting on enemy networks, Junio reiterated that Qadium is for defense only. To prevent any malicious use, the platform only shows what devices are on the customer’s network, not others, though Qadium, of course, can see everything. “We do not do any offensive cyber operations,” Junio added.