Cybersecurity remains a persistent and difficult problem for businesses, and today a company that is developing a multi-faceted toolset to assist them better address it is raising a large round of funding to help it continue to grow. BlueVoyant, which provides a mix of proprietary technology, third-party best-in-class tools, and professional services to implement those solutions to manage both internal and external risks to an organization, has raised $250 million in funding. The money will be used to further develop the company’s technology, expand its team, and expand into new markets beyond the 50 where it currently operates.
According to CEO and co-founder Jim Rosenthal, BlueVoyant is currently adding two countries every quarter, and it has around 500 customers globally across 16 industries, a mix of large enterprises (with “tens of thousands of employees”) that use BlueVoyant to supplement their own internal security teams and smaller organizations that rely more completely on BlueVoyant to manage their overall cyber defense strategy.
This is a Series D investment, and the company is valuing itself as a “unicorn” – though the company won’t say how much it’s worth above $1 billion. BlueVoyant was valued at $430 million the last time we covered it, when it raised $82.5 million in 2019. BlueVoyant had previously piqued my interest due to its pedigree: co-founders Rosenthal and Tom Glocer were previously the COO of Morgan Stanley and the CEO of Thomson Reuters, respectively (and later a director at the financial services giant).
And that background, which includes the time when Rosenthal was the COO of Morgan Stanley and Glocer was a director at the financial services giant, is bringing in some high-profile names that speak to some of the company’s pedigree: the round was led by Liberty Strategic Capital, the PE firm founded and run by Steven T. Mnuchin, the former US Secretary of the Treasury, with Temasek-founded ISTARI and Eden Global Partners among the other investors. (With this round, Mnuchin joins BlueVoyant’s board.)
Traction has probably played a part in this. According to Rosenthal, throughout this most recent period of Covid’s digital transformation and increased focus on cybersecurity, the startup’s annual recurring sales have increased by more than 100 percent on average – particularly 117 percent — in each of the last four years. Meanwhile, the number of customers has increased by 80%. The growth of a great profusion of cybersecurity firms and techniques in recent years has been fueled in part by the rise of cloud computing and the new set of digital opportunities it affords (both to organizations and criminal hackers). What makes BlueVoyant stand out in this crowd is the strategy it takes to bring it all together.
“Whether we’ve been covid or not, our objective has remained very consistent,” Rosenthal said. “We provide excellent protection for firms who require outside specialists to secure themselves and their supply networks.” Since the beginning of my company, I’ve understood firsthand that most businesses don’t have the budget or talent to properly protect themselves; some do, but the majority don’t. Even if you have the finest security, an attacker will use the supply chain to get around them. That’s a typical operational trend.” The company’s primary assumption is to deliver a platform that treats security as a two-part challenge for businesses: internal and external cyberdefense.
Internal covers managed detection and response for threats that have gotten past an organization’s existing security walls, as well as internal infrastructure, with BlueVoyant-developed MDR toolsets and third-party technology to cover Microsoft apps, Splunk, and endpoints across the network in general. Externally, Rosenthal claims that the company has developed a system that provides an overview of a company’s larger supply chain — that is, every other company that works or integrates with a company’s business in some way, which can number in the thousands.
Here, it has built real-time monitoring solutions that assess when and if those organizations’ domains are seeing malicious activity — as Rosenthal puts it, all BlueVoyant needs is a company’s name and domain, and its tech can handle the rest — and, if they are, it takes action to alert the organization and shut down or fix the issue so that those connections to BlueVoyant’s customers aren’t exploited maliciously. The company’s professional services services division works across both product lines to supplement many of the automated procedures.