The public cloud services market is expanding; some analysts peg it at $186.4 billion and project it’ll grow to $206.2 billion by the end of 2019. But coinciding with its rise is a climb in cybercrime — mostly of the data theft variety — orchestrated by individual hackers, state actors, and crime syndicates alike. According to RedLock, public cloud account break-ins cause 27 percent of organizations to have users whose accounts are potentially compromised. And in a recent Crowd Research Partners survey, 86 percent of organizations said they feared traditional security solutions won’t work in cloud environments.
That’s why eight years ago, former Juniper Networks senior architects Michael Shieh and Roger Lian cofounded vArmour, a Mountain View security company that provides a collection of APIs that apply controls across hybrid clouds. It today revealed that it has raised $44 million in series E financing contributed by cybersecurity venture firm AllegisCyber and NightDragon, which follows a $41 million series D round in May 2016 and $21 million series C in 2014.
The new round brings vArmour‘s total capital raised to $127 million.
“Security and IT pros are having a difficult time maintaining consistent security policy across their private and public cloud environments, so we’ve designed Conform to help these teams manage the numerous compliance requirements they have to deal with,” Tim Eades, CEO of vArmour, said. “By taming the cloud, vArmour brings peace of mind all the way to the board room, enabling further cloud adoption and aiding with regulatory compliance.”
vArmour takes an entirely software-based approach to cloud security (the “v” in its name stands for “virtual”). Its “distributed security system” solution analyzes data flowing into — and out of — multi-service, multi-app public and private cloud environments, and applies big data analytics to identify “clusters” of communications and determine whether they’re normal or worth a closer look. In addition to isolating suspicious events automatically, it tags and organizes them, and flags the entry points from which the threats originated, along with sensitive areas within the system they attempted to probe.
In this respect, vArmour’s platform is more holistic than most. It auto-discovers apps and generates intent-based security policies as it monitors data passing not only through servers, but through phones, laptops, and tablets. It furthermore lets network administrators simulate expected policy outcomes and create policies from templates, and compile reports with recommendations aligned with the Payment Card Industry Data Security Standard (a standard for companies that handle most branded credit cards), the Center for Internet Security’s secure configuration settings benchmarks, and others.
Those insights could mean the difference between preventing a breach and compromised data, the company claims — particularly considering that some attackers can live inside a network for 243 days before they’re found, according to research firm Gartner.
“Organizations are deploying multiple clouds for business agility and reduced cost, but the rapid adoption is making it a nightmare for security and IT pros to provide consistent security controls across cloud platforms,” Bob Ackerman, founder and managing director at AllegisCyber, said.
vArmour has a strategic partner in multinational Australian carrier Telstra, which tapped the startup’s expertise three years ago to sell data center security services in the Asia Pacific. (Other partners include HP, Amazon Web Services, and Cisco.) It’s cash-flow positive and has hundreds of customers in government, health care, financial, and retail sectors covering tens of thousands of virtual machines.
Other investors include Highland Capital Partners, Redline Capital, Citi Ventures, and Telstra.