MixMode lands $45M for self-learning security platform that combats zero days

MixMode, which today announced a $45 million series B funding round, has a massive opportunity ahead to deploy its self-learning, “third-wave” AI system to proactively secure customers against previously unknown cyberattacks, CEO John Keister told VentureBeat.

A significant portion of the hundreds of billions of dollars spent each year on cybersecurity is focused on signature-based solutions, which only protect against the 20% of successful attacks that had previously been seen, Keister said. But the other 80% of cyberattacks (according to figures from the Ponemon Institute) are novel attacks — and identification of those requires advanced AI capabilities, he said. “The existing systems simply don’t address that 80%,” Keister said.

And thus, for MixMode’s approach, “we think it’s going to be a very large opportunity,” Keister said. “This issue of novel attacks — and of the threat landscape being completely different than it was five to 10 years ago — is something that every enterprise is thinking about.”

And given the shortage of talent in the cybersecurity field, enterprises “would prefer to figure out how to handle the issue without a lot of manual effort,” he said.

That’s where MixMode comes into play for customers. The company offers a security platform that leverages self-learning AI to spot all attacks — including novel attacks such as zero days — while also lowering the noise for security teams, reducing false positives by 97%, according to Keister.

Today, to drive the commercial expansion of the MixMode platform, the company announced its series B round led by growth equity firm PSG, and including an investment from Entrada Ventures.

‘Third wave’ AI

MixMode’s self-learning system is the first platform to meet the criteria for “third wave” AI, as defined by the Defense Advanced Research Projects Agency (DARPA), according to the company. That means the platform does not require training data, and does not require manual input of data or configuration, Keister said.

The benefits for customers of the system — which not only learns by itself, but also has predictive capabilities — is that the MixMode platform can spot attacks very early, he said.

“We can see the setup of an attack before the attack happens,” Keister said. “If you can see an attack coming, then you can react before there’s major damage that’s done.”

MixMode holds several patents for its self-learning AI technology, based upon the work surrounding dynamical systems by company CTO Igor Mezic, a professor at the University of California, Santa Barbara. Mezic has previously developed AI-based projects for the U.S. Department of Defense, Air Force, Army and Centers for Disease Control.

No training required

With the MixMode platform, the advantage is that humans are not required to be continually training the system on data, tuning the system or writing new rules, Keister said. When humans have to be involved with AI systems, “the speed is going to go down,” he said.

“Instead of putting that on the customer to write new rules or do new configurations in order for the system to work well, the system just watches, learns, sees what’s normal, sees what’s not — and then adjusts accordingly,” Keister said. “And makes the work burden on the SOC [security operations center] team much more manageable.”

MixMode’s system works by learning what the customer’s normal environment looks like, watching the communications that are happening between different nodes on a network and then detecting any anomalies. For instance, the system “generally knows the way those IP addresses are interacting, how large the packets are and how frequently they communicate,” Keister said. “It doesn’t require ongoing training data. It simply reacts to what it’s seeing in real-time.”

All in all, at MixMode, “we think the approach we’ve taken with third-wave AI is truly unique,” he said.

Sales growth

MixMode focuses on sales through indirect channel partners, and now works with more than 25 resellers and MSSPs (managed security services provider) partners. And many of those partners, which include Optiv, are now selling MixMode into end customers, Keister said.

The company did not disclose the total number of customers it now has, but said that customers include the city governments of Phoenix and San Diego. Along with government, other key verticals for MixMode include financial services, utilities and manufacturing.

With the company’s traction so far and new funding in hand, MixMode aims to double its revenue in 2022, Keister said.

MixMode did not disclose its total funding to date. The company raised a $4 million series A round in 2020.

Keister joined the company — formerly known as PacketSled — in 2017, and Mezic joined in 2018. PacketSled was originally founded in 2013 with a focus on data security analytics. Keister is a managing partner at Varenne Partners, who previously cofounded Marchex, and served in executive roles at the company including president.

Santa Barbara, Calif.-based MixMode currently employs 30, and expects to grow to a team of 60 or 70 by the end of the year.

Reducing human effort

In today’s varied customers environments, the way that MixMode might be used will depend on the specific customer’s needs, according to Keister. In some cases, SOC teams use MixMode to reduce the number of false positives that are being fed into their existing security tools — such as security orchestration, automation and response (SOAR) or security information and event management (SIEM).

In other cases, MixMode can actually be used to displace SOAR, SIEM or network detection and response (NDR) solutions, Keister said. The company does not market itself as one of those solutions, though because “we really think we’re in a different box,” he said.

Regardless of how its system is used, MixMode believes that many organizations are deploying staff members to do large amounts of manual work — in order to find actionable alerts — which in reality “can be done by AI effectively today,” Keister said.