As cybersecurity breaches continue to pile up, a Seattle area startup says it knows what the problem is: too much software, not enough humans.
Critical Informatics, which pairs security software with analysts who review and investigate cyber intrusions, raised $1.1 million as it continues to grow. The funding is an extension of a $3.25 million round raised last year, led by Alan Frazier’s East Seattle Partners.
So far, the startup has focused on cybersecurity solutions for mid-sized companies in the financial services, healthcare and public sectors. But the cash infusion will help Critical Informatics expand to work with large enterprise companies.
Garrett Silver, CEO of Critical Informatics, told GeekWire in an interview that as hackers have devised more sophisticated ways to attack companies and institutions, much of the cybersecurity industry has responded by trying to create better software. Cyberattacks have started to include not just rogue hackers, but state-sponsored perpetrators, and as a result, the need for strong security teams, in addition to great software, has exploded.
“There is great software out there, but ultimately the adversaries are working on new and advanced ways of penetrating networks,” Silver said. “And even with machine learning and artificial intelligence, we are really just increasing the volume of noise that comes off of our software. Without humans to tune the software and respond to the list of potential threats and do the deep investigation, organizations just aren’t going to win.”
On the product front, Critical Informatics last month released a Continuous Vulnerability Identification service, an automated scan that detects and reports on vulnerabilities. These types of scans on most networks happen annually, or quarterly at best, Silver said. Doing it continuously makes it easier to identify vulnerabilities and patch them immediately, closing windows that hackers look to exploit.
New funding and products were part of a big 2017 for Critical Informatics. The startup also doubled its annual recurring revenue and workforce to about 30 people. Silver said he anticipates hiring another 10 or so people this year.
In 2017, Critical Informatics opened an office in Seattle, a new data center and upgraded its security operations center. The Seattle office is home to the company’s sales, marketing and engineering teams, and the security team is based in Bremerton, Wash. Proximity to a U.S. Navy base makes Bremerton a good spot to draw security talent.
Silver, a former executive with Capital One’s Seattle office and CEO in residence at Madrona Venture Labs who joined Critical Informatics last year, said the company’s expansion to enterprises will be an important focus going forward. But companies of all sizes are spending more time and resources on security, and the sheer volume of notifications and alerts from security software can be overwhelming at even the largest enterprises. That’s where Critical Informatics wants to help, by condensing all these alerts down to just a few that its analysts can parse.
“Those alerts can become highly numerous, with every piece of software saying, ‘hey look at me,’” Silver said. “The result is alert fatigue for a specific organization … We contact our customers (only) if there is a real problem,” Silver said.
