Home / Why Greylock invested in Awake Security

Why Greylock invested in Awake Security

Why we invested in

See the collection
Why Greylock invested in Awake Security

About Greylock

Greylock Partners invests in entrepreneurs that focus on consumer and enterprise software companies.

  • 📌 Menlo Park, California, United States
  • 👥 101-250
  • 📊 Venture Capital
  • 🌟 Early Stage Venture, Late Stage Venture, Private Equity, Seed, Venture
  • 🌐 www.greylock.com

Our Investment in Awake Security

Greylock has a long history of working with exceptional entrepreneurs to incubate companies in spaces where we together have deep conviction and domain expertise.

Some examples include Palo Alto Networks, TellApart, and Sumo Logic.

The Next Incubation Story for Greylock

 The next incubation story for Greylock is Awake Security.

Michael Callahan is a former Rhodes Scholar who was charging down the path towards becoming a young math professor — but chose a different path when he discovered his love of building software.

As a prior Greylock-backed founder with a background in distributed systems, algorithms and big data, Michael joined us as an Entrepreneur-in-Residence, to explore new areas together.

The result of this exploration is Awake Security, an advanced security analytics offering, which improves security operations productivity by delivering unprecedented visibility into enterprise environments — for breach detection, investigation and hunting.

Today, Awake Security is officially launching their product, and announcing their funding.

We are proud to announce that Greylock led a Series A financing in Awake Security, and we are thrilled to have partnered with Bain Capital who led the Series B.

In conjunction with the Series A, three of us at Greylock — Asheem Chandna, Jerry Chen, and Sarah Guo — became part of the early board group to work with Michael and the Awake Security co-founders.

The Unmet Need of Security Analysts

We talked with a significant number of enterprise customers and discovered some shared insights around a big emerging opportunity in enterprise security:

  • As attackers become better at better at breaching our defenses, security analysts are increasingly the heart of security organization.
  • These analysts are responsible for detecting, investigating and remediating potential breaches before they progress into brand, customer, financial and IP damage.
  • Yet these analysts suffer from low effectiveness, high turnover and burnout.
  • They pursue a large number of low-confidence alerts, and thus are forced to piece together low-level data in incomplete tools — often wasting hours chasing dead ends.
  • Expert security analysts want overall environment visibility in their investigations, but rarely have it.
  • Logs, directories and asset databases offer an incomplete picture — analysts need network ground truth. Existing naive network recording systems built in the on-prem era now have outdated architectures and are attached to expensive, proprietary storage.
  • They are unreliable, unmanageable and unscalable, they keep traffic for days and weeks when attackers lurked for months.
  • Networks have become so large, complex and dynamic that understanding who owns what devices, where they are, and if they are doing something malicious, has become insurmountable without new tools.
  • Expert analysts don’t have enough time, and organizations don’t have enough experts.
  • The tribal knowledge of an enterprise environment — and the skills to do successful security investigation and forensics in that environment — are hard to acquire.
  • Network data is massive and difficult to work with, and storing the data isn’t enough — analysts are already drowning in data.
  • The raw data itself is deeply insufficient — we need 1) to provide usable, rich visibility into the environment and 2) to do more work for the analyst.

Security operations teams are like understaffed police and fire departments, given a mandate to protect neighborhoods with no map and only a flashlight, where every house is smoking and in the dark.

Building a World Class Early Team

Greylock core talent partner Dan Portillo helped us find and recruit Michael’s co-founders — Gary Golomb, Debabrata Dash, and Keith Amidon.

Gary is a military veteran (Marine Force Recon and Anti-Terrorism), multi-time founder in network security, and former network defender.

He has worked on some of the highest profile cybersecurity investigations of the last decade against nation-state actors.

He is a constant innovator, having built early IDS (Enterasys), network forensics (NetWitness) and machine-learning based endpoint security (Cylance).

He is the “expert analyst” we hope to bring inside every security organization via software.

Debabrata Dash is a rare combination of modern data infrastructure, analytics and security chops.

A Carnegie Mellon databases PhD, he was formerly a distinguished technologist at HP, a key architect of the ArcSight correlation engine, and the VP Technology and Engineering at CipherCloud.

He has led our team to the cutting edge analytics pipeline that supports the analytics we envisioned.

Finally, Keith Amidon completed the founding team with expertise in high performance network processing and protocol analysis.

Formerly part of the founding team at IntruVert (IDS engine, acquired by McAfee), and engineering leader at Nicira/VMware in software-defined networking, he understood how to capture and handle the data we needed in a modern way.

We also recruited advisors in strategic areas, including Gerhard Eschelbeck (VP of Security Engineering at Google and former CTO of Qualys); Ameet Patel (independent, former CTO at LabMorgan/JP Morgan Chase); DJ Patil (former Chief Data Scientist of the United States, VP Product at RelateIQ, and Chief Scientist & Security Officer at LinkedIn); and Dev Ittycheria (CEO of MongoDB, former President of BMC and cofounder/CEO of BladeLogic).

Awake’s engineering team began to grow quickly with exceptional individuals who wanted to pursue the mission. Along the way, John Schmocker from Greylock’s core talent team who was helping Awake recruit, decided to join Awake full-time as their in-house recruiter.

With the help of Greylock executive talent partner Jeff Markowitz, we recruited functional leaders — head of product Manasa Chalasani, who managed product for the core NX line at FireEye; VP Engineering Brad Kingsbury, who hails from engineering leadership positions at McAfee, Symantec and BrightMail, where he delivered many first (and later) generations of dominant security products; and most recently VP Marketing Rudolph Araujo, who led product marketing at FireEye.

Last fall, Enrique Salem (former Symantec CEO and Managing Director at Bain Capital Ventures), led the Series B funding and joined the Awake board.

It’s a privilege to partner with Enrique — he brings a deep market understanding, coupled with strong operational expertise.

Unprecedented Visibility into Enterprise Environments

Using raw network traffic, Awake Security continuously identifies and tracks analyst-understandable, real-world entities (devices, domains and users) and assembles them into a high-fidelity, comprehensive map of the environment.

This map, the Security Knowledge Graph, contains rich profiles of each entity — for example security-relevant characteristics such as software versions on a device, clusters of similarly behaving devices, and suspicious device behavior.

Security analysts can interrogate the SKG using fast and intuitive behavioral queries and filters (even across billions of data points) either in real-time, or across months of historical activity.

Timeline views and pivots are native to the SKG, allowing investigators to rapidly resolve an alert or intuitively follow a cyber kill chain.

The Security Knowledge Graph is only possible because of Awake Security’s proprietary technology:

  • Rich, High Performance Traffic Parsers — Awake extracts a broader range of signals from the network than existing solutions, just as an expert investigator would painstakingly extract from individual packets, and does this at line-speed for enterprise-scale networks.
  • Entity Precorrelation Engine — Awake uses cutting-edge statistical, machine learning and deep learning techniques to associate these extracted signals at ingest-time with real-world, analyst-understandable entities (devices, domains, and users), continually creating and adding to entity profiles as they appear.
  • Environment-Wide IQ Analytics — Awake continually runs custom analytics to enrich the graph with deeper inferred relationships such as notability and similarity that analysts previously could not access.
  • Interactive-Speed Multi-Modal Environment Database and Query Engine — The SKG is stored and indexed in a proprietary, high-performance, scale-out database that supports graph, columnar, relational and unstructured data.
  • This database and query engine supports the serving of security-relevant mixed and complex query types to analysts at interactive speed.

Unlike other security products that burden the analyst with ever-more alerts, rely on lossy logs or out of date directories and asset databases, or force the analyst to painstakingly piece together a mountain of unintelligible sessions, packets and IPs without context, Awake offers the security analyst intuitive, comprehensive visibility in their environment and ongoing situational awareness.

Finally, security teams can know immediately what’s actually in their networks, and how it behaves.

Early results in customer environments have been strong.

Security practitioners have used Awake to rapidly resolve investigations with confidence; they have identified corporate and insider espionage, ferreted out unauthorized services, exposed lateral movement, and hunted for and found many other indicators of compromise.

Most promisingly, we see Awake emerging as a force multiplier — the Awake system is doing more of the thankless work to understand and expose the environment, enabling analysts to spend their time performing higher-value tasks.

While general availability of the Awake’s security analytics is an important milestone,

Conclusion

We are excited about the road and work ahead — the Awake Security team still has a lot of features on roadmap they want to build.

At Greylock, we think this is a large and important opportunity in security, and hope to see Awake deliver strong benefits to enterprise security teams over the coming years.

You can read the rest of “Why we invested in” collection here:

See the collection

Want to learn more?

    Get in the game

    Free tools and resources like this shipped to you as they happen.

    Comments (0)

    There are no comments yet :(

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Leave a Reply

    Consulting

    One-on-one consulting with Alexander. You can book an hour, or get monthly ongoing support.
    Book a call now

    Information

    Offerings

    Education

    Access all the content on this site. Click on what you are looking for.
    Education

    Start and Raise

    Growing

    Learning

    Models

    All the tools and financial models available on the site.
    Models

    Financial models

    Staff

    Other

    Resources

    Free resources available on this site.

    Collections

    Tools

    About

    About Alexander and how to contact.
    Report a bug

    About

    Contact

    Be social with me:
    Mobile Logo

    Consulting Icon

    Education Icon

    Models Icon

    Resources Icon

    About Icon

    Be social with me:

      Join Our Newsletter

      Get new posts delivered to your inbox