Beyond anti-virus: Sentinel Labs raises $12M to bring predictive intelligence to the enterprise security game

By Michael Carney , written on April 23, 2014

From The News Desk

The enterprise computing landscape has changed dramatically in recent years, which means that the challenge of securing this environment has as well. Thanks to the emergence of trends like cloud computing, mobile devices, Internet-of-things, and bring your own device policies, enterprise networks are no-longer sterile, self-contained entities that can hide behind the shield of a firewall and an anti-virus package. Combine this with nation-state-level cyber-warfare and the emergence of groups like Anonymous and the picture only grows more dire.

Combatting these new age threats requires an entirely different type of cyber-security solution. Palo Alto and Tel Aviv-based Sentinel Labs aims to bear this torch with what it calls a multi-device endpoint and server advanced threat protection platform. The company recently entered general availability with its product and today announced $12 million in Series A financing led by Tiger Global – noteworthy, as the firm is typically a late stage investor – with participation from The Westly Group and existing investors, Accel Partners*, Data Collective (DCVC), and Granite Hill Capital Partners.

“The age of the antivirus is over,” says Sentinel Labs co-founder and CEO Tomer Weingarten in an interview with Pando. “The threat landscape is rapidly changing and the current security paradigms don't do a good enough job of protecting at the endpoints. Network-side solutions simply have too limited visibility into threats.”

Weingarten and his team team of founders and early employees include cyber security veterans from Intel, McAfee, and Checkpoint, as well as offensive minds from the Israeli Defense Forces. The firm began with the simple idea of bolstering traditional antivirus platforms with an endpoint solution utilizing a predictive modeling engine to look at the execution path of new files to dynamically identify intent, and thus prevent “zero day” or unknown threats without static signatures. The result is a using a patent-pending, real-time host-based solution that protects servers, workstations, and mobile devices running on Windows, Mac OSX, and Android (iOS and Linux to launch within 60 days) organization-wide.

Today, the company is working to take this early core technology and extend it into an entire next-gen endpoint protection suite that will include for policy management, application control, firewalls, and other complementary security features. The admittedly ambitious goal is to replace anti-virus entirely.

Sentinel recently exited a closed beta with a handful of large enterprises across the financial services, pharmaceutical, telecom, technology and other at risk industries, including Yahoo, Netflix, and Box. The platform has shown a near 90 percent detection rate of zero day threats, Weingarten claims, which is orders of magnitude greater than traditional antivirus technology.

The company is just seven months post-closing its $2.5 million seed round and has the majority of that cash still in the bank. But with its GA product now in the marketplace and early market validation goals already met and surpassed, today’s new financing is about seizing this enormous market as quickly as possible, Weingarten says. This means, in part, building out the remaining feature set to not just complement existing anti-virus solutions but to replace them entirely. It also means building out an enterprise-grade salesforce and educating the market as to what Sentinel sees as the future of cyber-security.

“If you asked me a year ago, I would have told you that CIOs and CISOs required lots of education and convincing as to why this is a better solution,” Weingarten says. “Today, that’s no longer the case. Enterprise security departments know that their endpoints are vulnerable and are actively looking for solutions. Fireeye acquiring Mandiant and Palo Alto Networks acquiring Cyvera tells you that the incumbents know it as well.”

Sentinel’s early clients are singing the company’s praises. Netflix VP of IT Operations Mike Kail said in a statement today:

“Signature-based endpoint security solutions were never a great solution, and the convergence of Cloud, Consumerization, and Always-Mobile means that endpoint protection is more important than ever. Sentinel's unique, light-weight agent-based solution, combined with the management console and global threat feed, is the solution that we've been waiting for.”
Yahoo CISO Alex Stamos echoed a similar message, saying:
“Targets of [advanced persistent threats (APTs)] that have deployed the leading centralized solutions are starting to deal with their serious downsides. Sentinel solves these problems by running on the targeted host and detecting successful compromise.”
Companies will pay Sentinel a per-device monthly subscription. Today the product is priced as a complement to anti-virus, but will eventually command a premium to traditional anti-virus rates, according to Weingarten.

“We believe that deploying Sentinel will actually translate to cost savings because it will allow enterprises to eliminate other costly security practices as a result,” he says. The company also estimates that its clients will benefit through increased CPU and memory utilization efficiency thanks to Sentinel’s ability to detect intent before APTs have an opportunity to execute and consume valuable computing resources.

With the company targeting the enterprise initially, there will be no freemium version of Sentinel for the foreseeable future. But long term, Weingarten adds that the company may eventually target the SMB market, which would mean introducing a “light-touch offering.”

Sentinel faces competition not only from the multi-billion dollar security incumbents like FireEye, Barracuda Networks, WildFire (Palo Alto Networks), and Failsafe (Damballa), but also from upstarts like Cyberreason, Shape Security, and Confer. But few, if any, of these companies have outlined plans to replace anti-virus entirely, and most are focused only on a single segment of the enterprise environment – such as Web-security or mobile device management and security.

There are new security threats emerging daily which means that each of these solutions tend to work, until the time they don’t. Sentinel, like its industry peers, is engaged in an arms race with well-funded and highly motivated attackers, including rogue private elements and nation-state-sponsored cyber-armies.

“Our biggest challenge going forward will be to remain at the cutting edge and predicting the next generation of security threats,” Weingarten says.

Enterprise security is difficult to put a price tag on, but with the combination of IP loss and overall productivity drain costing the global economy more than $300 billion per year, and the US economy alone north of $100 billion according to a July 2013 study by The Center for Strategic and International Studies, any price tag is likely cheap by comparison.

Thus, if Sentinel has in fact built a better mousetrap, it’s poised to become a massive company – and a massive target.

(*Accel Seed Fund is an investor in Pando.)

[Image via Saint Petersberg Museum]