We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Hunters, which provides a cloud-based security operations center (SOC) platform, now ingests and correlates data from 70 other vendors — enabling customers to prioritize the biggest cyber threats across their different tools. Achieving this “critical mass” of integrations positions the company well for meeting customer needs and for achieving accelerated growth going forward, Hunters cofounder and CEO Uri May told VentureBeat.
Using cloud connectors and machine learning technologies, the platform brings together threat signals from around a customer’s environment, performs analytics on the data, gives a score to potential threats, and automatically contextualizes the findings. This ultimately enables security analysts to focus on the real threats and expedite their response times, May said.
In other words, the platform helps to address many of the most-pressing challenges in cybersecurity currently —including alert overload, talent shortages, and the vast amount of data coming in from security tools. Hunters aims to displace security information and event management (SIEM) tools that have not adequately solved these problems for customers, May said.
The push by Hunters to accelerate its growth will also get a boost from its $68 million series C funding round, announced today, which is the company’s second round of funding in five months.
Founded in 2018, Hunters brings some architectural advantages not shared by the more-established vendors in the space, according to May. Those include its cloud-native, multitenant architecture and ability to leverage top data platforms — Snowflake currently, with the addition of Databricks by the end of the second quarter.
“We didn’t try to build our own data layer. We’re sitting on top of battle-tested data platforms,” May said in an interview. “That capability is something that is very new in the market. And it’s differentiating us from our competitors because we’re basically saying, ‘There is a separation between the analytical brain and the place to store the data.'”
That aspect is “very important for customers, because it gives them flexibility. It gives them data ownership,” he said. “It gives them the ability to get software that is mission-critical from a vendor that is [built for cloud], but that leverages mission-critical, battle-tested components like Snowflake.”
The fact that Hunters was architected to be multitenant from the start is also critical, as multitenancy “gives us a lot of power — the ability to monitor everything, to observe everything, to reduce a lot of the operational overhead that our customers have,” May said.
Hunters is the “first” vendor with a SOC platform that’s “designed ground-up to natively leverage cloud,” according to Alex Ferrara, partner at Bessemer Venture Partners, an investor in the round. A cloud-driven approach to security operations is “critical to SOC teams as they operationalize growing volumes of security data,” in the effort to stay ahead of “increasingly sophisticated” cyber threats, Ferrara said in a news release.
Notably, in connection with today’s announcement, Hunters has decided to shift away from describing its platform as XDR (extended detection and response). Hunters had previously described its offering as an open XDR platform—with the term “open” referring to the platform’s integrations with security tools from other vendors, rather than just native tools.
While the term XDR has been embraced by several vendors, customers have found it to be confusing, May said. However, “when we talk about a SOC platform, it’s very clear,” he said.
Thus, May said, Hunters hasn’t shifted away from the core concept behind XDR — combining signals from different parts of the attack surface for improved detection and response. But shifting to describe the platform as a SOC platform shows the startup is placing a greater emphasis on customer needs over marketing, he said.
“All in all, I think that it’s another step in our maturity level—toward representing ourselves in a way that is thinking about the customers first,” May said.
The Hunters platform collects data on suspicious behaviors and potential threats from numerous parts of the customer’s environment — including endpoint, cloud, network, identity, and email.
Since the platform connects to many tools from third-party vendors, Hunters then normalizes data from the different sources so that it can be analyzed, correlated, and scored. Hunters uses unsupervised machine learning to correlate alerts and threat signals across different parts of the attack surface — displaying suspicious activity on an interactive graph — and also uses ML to award alerts and threat signals a score from zero to 100.
Security analysts can then look at the score — as well as at the associated context provided by the platform—to help with triaging their response efforts, May said. The context is “really important because all parts of the environment are hyper-connected to each other,” he said.
“That’s also key in our ability to highlight behaviors that bypass existing security controls. Because sometimes, attackers look very similar to IT,” May said. “When you start to intersect all of those signals together, you’ll start seeing the maliciousness. So each one of those independent signals isn’t malicious on its own, but the fact that they’re getting connected on the graph creates the situation where it’s actually interesting.”
Overall, the platform’s “ability to amplify the interesting things, and also the ability to contextualize everything” are central to how Hunters is helping to secure customer environments, he said.
While Hunters integrates with 70 other vendors currently, the number of tools that the platform connects with is higher, since some of those vendors have multiple tools integrated, May noted.
The integrations include many of the largest vendors in cybersecurity as well as tools from a number of fast-growing security startups. Additionally, Hunters integrates with the top public cloud platforms and collaboration apps. Key partnerships cited by the company include Amazon Web Services, CrowdStrike, and Snowflake.
Up to this point, Hunters has largely been integrating new tools in response to specific customer requests — but reaching this level of integrations means the platform can now serve the needs of a large proportion of customers out-of-the-box, May said.
As a result, “now we’re starting to be proactive—we can say, ‘OK, what do we want to integrate next?'” he said. “We can do that because we’ve gotten to a point where what we already have fulfills a lot of the needs that we’re facing when we’re meeting new customers.”
Along with allowing customers to leverage their existing security tool investments, the platform’s ability to integrate with other products offers the potential to help startups to scale up their offerings, May said.
“We are able to be the infrastructure that makes stuff like that really scalable,” he said.
Hunters said that its annual recurring revenue grew by more than four times in 2021, though the company is not disclosing how many customers it has currently. May said that the company is now serving “some of the biggest brands — Fortune 500 and Global 2000 organizations.”
Disclosed customers include Booking.com, Snowflake, Netgear, Cimpress, TripActions, and Sika.
In a comment featured on the Hunters website, Mario Duarte, vice president of security at Snowflake, said that he recommends to every chief information security officer — “because they’re probably experiencing the same things as I am: they’re probably using the same tools as we are, and I recognize the challenges behind that.”
“I know that Hunters can unify all the data generated from those tools and make sense out of it to help us in our fight with the intruders,” Duarte said.
The series C round of funding for Hunters was led by growth equity investor Stripes and included backing from YL Ventures, Bessemer Venture Partners, U.S. Venture Partners, Blumberg Capital, and DTCP — along with investments from a number of security and data platform vendors. Snowflake Ventures, Databricks, M12 (Microsoft’s venture fund), Cisco Investments, and Okta Ventures all participated in the round.
Mony Hassid, managing director and head of EMEA for M12, said in a statement that “since our initial investment in Hunters in June 2020, we’ve seen the outstanding progress made by the Hunters team in becoming a leading SOC platform.” Hunters is ultimately enabling security teams to “identify and respond to the incidents that matter,” Hassid said.
John Brennan, partner at YL Ventures, said in a statement that Hunters has “boldly plunged into a huge and established market that was ripe for disruption.” The company’s platform is “transforming the heart of enterprises’ security operations,” Brennan said.
The series C funding will go toward product development, expansion of sales efforts in North America and EMEA, and hiring, according to Hunters. The company — which has offices in Tel Aviv, Israel, and Newton, Mass. — currently employs 110 and expects to more than double its teams “in key regions and business areas” over the next year, the company said.
Hunters has now raised a total of $118 million to date, with the new round following the company’s $30 million series B funding announced in August.
May founded Hunters with chief technology officer Tomer Kazaz, and the platform originally focused on offering autonomous threat hunting. The company “soon realized that the technology has a broader scope than threat hunting,” and went on to expand its offering into a security operations platform, May said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.