Cybersecurity continues to be a pernicious and complex problem, for enterprises, and today a company that’s building a multi-faceted toolkit to help them address it better is announcing a big round of funding to continue its growth. BlueVoyant — which provides a mix of proprietary technology, third-party best-in-class tools and professional services to implement those solutions to manage both internal and external risks to an organization — has raised $250 million, funding that it will use to continue developing its technology, expanding its team, and breaking into new markets beyond the 50 where it is active today.
BlueVoyant is currently adding two countries each quarter, CEO and co-founder Jim Rosenthal said in an interview, and it has around 500 customers globally across some 16 different industries, a mix of large enterprises (with “tens of thousands of employees”) that use BlueVoyant to augment their own internal security teams, and smaller organizations that rely more completely on BlueVoyant to manage their wider cyberdefense strategy.
This is a Series D round, and it’s coming in at a “unicorn” valuation — although the company is not specifying an exact number beyond being over $1 billion. The last time we covered BlueVoyant, when it raised an $82.5 million in 2019, it was valued at $430 million.
BlueVoyant caught my attention previously in part because of its pedigree: the co-founders are Rosenthal and Tom Glocer, who respectively were previously the COO of Morgan Stanley and the CEO of Thomson Reuters (and later a director at the financial services giant). And that background,some of that has when Rosenthal was COO of Morgan Stanley and Glocer was a director at the financial services giant latest round is bringing in some high-profile names that speak to some of the company’s pedigree: it was led by Liberty Strategic Capital, the PE firm founded and run by Steven T. Mnuchin, the former U.S. Secretary of the Treasury, with Temasek-founded ISTARI and Eden Global Partners among the other investors in this round. (Mnuchin is joining BlueVoyant’s board with the round.)
Traction has undoubtedly also played a role here. Rosenthal notes that in this most recent period of Covid-fuelled digital transformation and heightened focus on cybersecurity has seen the startup grow annual recurring revenues over 100% annually — specifically 117% — on average in each of the last four years. Customers, meanwhile have grown by 80%.
The last couple of years in particular — fuelled in part by the rise of cloud computing and the new set of digital opportunities that presents (both to organizations and malicious hackers) — has seen the emergence of a huge profusion of cybersecurity startups and approaches. In that mix, what is somewhat unique about BlueVoyant is the approach it takes to knit much of that together.
“Covid or not our mission has been pretty constant,” Rosenthal said. “We provide great defenses for companies who need experts form outside, both to secure them and their supply chains. From the time I’ve founded, I’ve known first-hand that most enterprises don’t have the budget or talent to defend themselves effectively, some do but most don’t. And even with the best defenses, an attacker will resort to the supply chain to evade those. That is the classic operational pattern.”
The company’s core premise is to present a platform that addresses the security issue for organizations as a challenge of two parts, internal and external cyberdefense.
Internal covers managed detection and response for threats that have made it past an organization’s existing security walls and covers internal infrastructure, with specific MDR toolsets created by BlueVoyant and using third-party technology to cover Microsoft apps, Splunk and more generally endpoints across the network.
Externally, Rosenthal says that the company has built a system that develops an overview of a company’s wider supply chain — that is, any other company that works or integrates with an organization’s business in some way, which can add up to thousands of other organizations. Here, it has built real-time monitoring solutions that assess when and if those organization’s domains are seeing malicious activity — as Rosenthal describes it, all that BlueVoyant needs is a company’s name and domain, and its tech can do the rest — and when it does, it takes action to alert the organization and shut down or fix the issue so that those connections to BlueVoyant’s customer are not in turn exploited maliciously. The company’s professional services services team works across both of the product sets, to complement a lot of processes that are automated.
“BlueVoyant provides external cyberdefense — prevention not just observation and risk scoring,” Rosenthal said of the team and the tech that it uses.
Taken together, the company’s approach becomes a one-stop solution for companies whose core expertise might not be security, even if their businesses critically rely on getting it right. This plays into a bigger theme in enterprise these days, where organizations have made a shift to simplify their own operations with fewer partners, not just to make integration less painful but for reasons of cost. Creating a solution that is part utility and part technological innovation is what appealed to investors here.
“As cyber threats increase, BlueVoyant has positioned itself as a differentiated leader in managed detection and response, third-party cyber risk management, digital risk protection, and cybersecurity professional services,” said Secretary Mnuchin in a statement. “We’re thrilled to partner with BlueVoyant and its top-tier management team as they continue to drive growth in this critical and rapidly expanding market.”