Awake Security, a cybersecurity platform that analyzes network traffic to identify and assess internal and external threats, has raised $36 million in a series C round of funding led by Evolution Equity Partners.

The fresh cash injection comes as cybersecurity officials warn that state-backed hackers and online criminals are taking advantage of the COVID-19 crisis. The pandemic has led millions more people to work from home — often using their own devices on insecure networks.

Awake Security had previously raised around $44 million, and with its latest investment — which included participation from Greylock Partners, Energize Ventures, Liberty Global Ventures, and Bain Capital Ventures — the company said it will invest heavily in areas such as R&D, sales, and marketing.

Visibility

Founded in 2014, Awake Security gives companies visibility into all the devices, users, and applications across its network, leaning on machine learning to spot anomalous behaviors based on historical activity. Its “sensors” can be placed anywhere on a network, but usually at the main chokepoints leading to and from servers, gateways, and so on.

VB Transform 2020 Online - July 15-17. Join leading AI executives: Register for the free livestream.

Awake Security identifies all the devices on a network and can even spot what type of device is connected, be it a phone, tablet, game console, security camera, or medical device. Then it looks for anomalies in behaviors rather than searching for “signatures” of known threats.

“We live in an environment where attacks increasingly manifest as insider threats, even if the insider is simply an innocent conduit for external attackers,” Awake Security CEO Rahul Kashyap told VentureBeat. “Stolen insider credentials are far more effective than malware for the attacker. These threats cannot be discovered through the use of signatures, or even some of the early approaches to AI-based security that rely on unsupervised machine learning.”

One of the major arguments against platforms that use purely unsupervised machine learning is that they can lead to a deluge of alerts, many of which are false positives. This becomes impossible for human security personnel to manage, and it may distract them from critical security threats. Thus, Awake Security adopts a hybrid approach that combines unsupervised, supervised, and federated machine learning — that is, a distributed learning approach that can train models using decentralized data.

Awake’s core selling point is that it can automatically detect and interpret “malicious intent” that may be hidden inside normal, day-to-day business activities without throwing myriad alerts at security teams.

“This autonomous detection, investigation, and response all through a single, streamlined user experience eliminates the need for human analysts to painstakingly pull this information together,” Kashyap added.

Not all suspicious behavior is necessarily malicious. An employee who logs onto a network from a remote location won’t automatically trigger an alert, as this could just mean the individual is working from home or some other remote location. Instead, Awake looks at indicators such as whether the device connects to a specific database for the first time or tries to connect to other devices in the network. Moreover, if similar anomalies are spotted on other devices in the network, it could be a sign that there has been a widespread compromise — or it could just mean that a company’s workforce is adapting to new policies or procedures that have been implemented.

Above: Awake Security dashboard showing detected threats

To figure out what is actually going on, the Awake platform contacts Ava, which the company touts as a “security expert” that can deliver and triage actionable incidents rather than issuing alerts — this includes an incident report that helps security teams drill down into the nuts and bolts of the problem.

Additionally, Awake doesn’t just accept existing network activities as “normal” behavior. It can take a holistic look across multiple devices of a similar type to see whether any one of them is doing something the others aren’t. So if a single security camera has been connecting to a different network, this could be flagged even if it was happening before Awake arrived on the scene. Indeed, this is exactly what happened with one of its customers, which learned that a contractor was using surveillance cameras to spy on colleagues in “sensitive locations.”

Above: Awake identified an unusual network connection from a security camera

Although Awake Security wasn’t built specifically for a remote workforce, the current COVID-19 crisis could be a boon for platforms that promise to keep companies safe at a time when all manner of “unusual activity” will be permeating their networks

“We see an increase in risk stemming from a few different sources,” Kashyap said. “Firstly, as more workers are remote, their home networks and devices are not always the most secure. This rapid move to work from home has also caused a significant change in network behaviors. For instance, we see a dramatic increase in the use of shadow IT tools [technology used by workers without knowledge of their company], such as file-sharing services and remote access software that are not part of the approved IT list.”

Combined with an evolving attack landscape that has seen cybercriminals double down on their phishing and malware efforts, this could spell trouble for companies that are not well set up for remote working. And the shift to remote working could well become the new normal, which may present challenges for existing automated security tools that rely on a traditional enterprise network to baseline “normal” activity.

“Any assumptions from let’s say a month ago are completely invalid, and any approaches to security that rely on those assumptions will see a dramatic impact in their efficacy,” Kashyap continued. “What might be worse is that as these devices are gradually reintroduced to the corporate network, malicious behavior picked up on an insecure home network will become the post-reintroduction baseline. This could result in anomalous activity not being flagged and instead being ingrained in AI-based anomaly detection solutions as normal activity.”

In other words, home working could wreak havoc on some threat detection tools that rely on machine learning.

Skills

The cybersecurity skills shortage is well documented, and the gap is seemingly growing. A cybersecurity workforce study last year found that while 2.8 million people currently work in cybersecurity roles, an additional 4 million were needed — a third more than the previous year.

As companies battle an arsenal of external and internal threats, AI and machine learning will play an increasingly prominent role in plugging that workforce gap. This was evidenced across the investment landscape long before COVID-19 came along. U.K.-based AI cybersecurity company Darktrace, which operates in a space similar to Awake Security, has raised north of $230 million and is now valued at $1.7 billion. Elsewhere, BlackBerry shelled out $1.4 billion back in 2019 for endpoint security platform Cylance, where Kashyap served as chief technology officer before moving on to Awake Security in 2018.

However, a willingness to embrace remote working after the COVID-19 crisis passes might not only increase the demand for automated security tools but also go some way toward addressing the skills gap — assuming companies are more willing to hire from a widely distributed workforce.

“As more security teams become comfortable with themselves being remote, the focus will be on talent, irrespective of where the individuals live,” Kashyap said. “This is something tech in general has already embraced, but security perhaps has been a little old-fashioned.”

Sign up for Funding Weekly to start your week with VB's top funding stories.