Phantom Cyber: Deep Dive
Three Challenges Making Cyber Security Automation Appealing:
- Shortage of high skilled workers
- A manual process limits the response time between detection and prevention
- The complexity and numerous vendors involved in the Security Infrastructure
Raised: $22.7mm | Series B
Category: Cyber Security, Continuous Network Visibility, and Autonomous Systems
Description: Phantom Cyber provides a platform which oversees all activity, assisting with decision making and coordination of multiple independent tasks. Phantom Cyber enables a company to leverage its existing security products to reduce the response and remediation gap caused by limited resources, increased threat surface and incidents, and the overwhelming complexity of technology infrastructure.
Phantom refers to the platform’s ability to oversee all activity as Security Automation and Orchestration (SA&O)
Due to the volume and sophistication of cyber-attacks, there are not enough security professionals to keep up with a growing demand. The goal of Phantom Cyber is to automate most of the activity and take humans out of the process unless it is necessary.
The company also provides Phantom Apps, an open source community which allows anyone to contribute with new apps to strengthen their security infrastructure.
There are two Editions of the product: Community and Enterprise. The Community Edition is a limited version of the Enterprise Edition.
Key Differences: The Action Volume of the Community Edition is limited to 100 maximum actions executed per day, limited case management, which drives the cross-functional incident lifecycle from creation to resolution, and Enterprise Support.
Phantom Cyber Protects from multiple scenarios, including:
- Phishing Investigations
- Indicator of Compromise (IOC) Hunting
- Vulnerability Management
- Insider Threat Mitigation
- Data Breaches
- Compromised Mobile Endpoint Remediation
Management Team: The team has deep experience in the security industry, with positions held at Cisco security, Sourcefire, IBM Cloud Security Solutions, and Symantec. The team also has a background in launching and exiting startups.
- Oliver Friedrichs, Founder: Oliver has solid industry experience. In 1996, Oliver Co-founded Secure Networks, Inc., acquired by McAfee in 1998. At McAfee, he spent two years managing the CyberCop Vulnerability Management Solutions, and founded COVERT, with the goal of researching and discovering new security vulnerabilities. Oliver left McAfee to launch SecurityFocus until the company’s acquisition by Symantec in 2002, building the industry’s first early warning technology for Internet attacks, the DeepSight Threat Management System. At Symantec, Oliver managed Advanced Threat Research and oversaw the delivery of new technologies to automate the generation of AntiVirus detections. He spent six years at Symantec, the producers of Norton AntiVirus, as Director of Emerging Technologies.
- Sourabh Satish, Co-Founder, and CTO: Sourabh has a strong technical background building security products and leading engineering teams. Sourabh spent nearly 14 years as an Engineer at Symantec. Here, Sourabh was a chief architect for ~12 projects with varying team size. These teams were focused on developing security engines, specializing in applying machine learning to tackle massive malware growth problem.
- Erich Baumgartner, VP of Field Operations: Erich has extensive experience with over 20 years leading teams in product sales, partner management, and business development at security companies. He spent nearly three years as VP of Public Sector Sales at Cisco’s Public Sector Security business, two years as Director of Security Sales at Cisco, and three years as VP of Federals Sales Operations at Q1 labs — an IBM Company.
- CP Morey, VP Marketing, and Products: CP spent two years as a Senior Manager of Product Marketing at Internet Security Systems. Once ISS was acquired by IBM, CP spent 4 years at the firm, two as Director of Industry Solutions, and two as a Business Development Executive in the Cloud Security Solutions group. Afterward, he left IBM to Co-found AuditMyBooks, an anti-virus for accounting systems. He was later recruited by the CMO of Sourcefire to lead product marketing for a malware product line. CP joined Cisco Security with the $2.7 Bn acquisition of Sourcefire as Senior Director of Product and Solutions Marketing.
- Thomas Noonan, Partner & Co-Founder at TechOperators
- Aditya Singh, Co-founder at NeoTribe Ventures
- Art Coviello, Former Executive Chairman at RSA
- Robert Rodriguez, Chairman, and Founder, Security innovation Network (SINET)
Total Equity Funding: $22.7mm | 3 Rds. | 10 Investors
Series B | $13.5 M Raised on Jan 10, 2017
Series A | $6.5M Raised on September 28, 2015
Seed |$2.7 M Raised on April 14, 2015
Notable Investors: Phantom Cyber has ten investors total
- John Thompson, Chairman of the Board of Directors at Microsoft
- Jay Leek, Former Managing Director and Chief Information Security Officer at Blackstone
- Kleiner Perkins, Legendary Venture Capital Fund
- Zach Nelson, President and CEO at NetSuite, and former GM at McAfee
- Thomas Noonan, Former CEO of Internet Security Systems
- John C. Becker, Former CEO of Sourcefire
Direct Competitors: These companies are similar to Phantom Cyber because they offer an Orchestration platform, which oversees all activity. This technology provides businesses with a friendly management system. With automation built underneath these platforms, people are able to respond faster to cyber threats.
Hexadite: With HP’s backing, Hexadite has access to a larger sales and marketing team. With this additional help, Hexadite will pursue longer term deals.
- Location: Boston
- Funding: $10.5M | 2Rds. | 4 Investors
- Recent Rd: $8M Series A on February 10, 2016
- Key Investors: YL Ventures, TenEleven Ventures, Moshe Lichtman, and Hewlett Packard Ventures
Uplevel: Uplevel is the new entrant into the space with two impressive co-founders: Roselle Safran and Elisabeth Maida. Roselle is the former branch chief for cybersecurity operations at the White House.
- Location: New York
- Funding: $2.5M | 1Rds. | 3 Investors
- Recent Rd: $2.5M Seed on October 25, 2016
- Key Investors: First Round, Aspect Ventures, and Antecedent Ventures
Indirect Competitors: Even though these companies are considered indirect competitors, they are included in this report due to the fact they leverage Artificial Intelligence to detect fraud through payments. Even though Phantom Cyber offers artificial intelligence to detect cyber attacks, they differ based on the products they offer. Phantom Cyber offers enterprise companies a platform to monitor the entire security operation.
Sift Science: Detects fraudulent behavior patterns through the use of artificial intelligence to alert customers before they or their customers are defrauded.
- Location: San Francisco
- Funding: $53.6 M | 4 Rds. | 17 Investors
- Recent Rd: $30M Series C on July 19, 2016
- Key Investors: Alexis Ohanian, Marc Benioff, SV Angel, Founder Collective, First Round, Insight Venture Partners, Union Square Ventures, and Y Combinator
Ravelin: Offers a fraud detection and prevention platform that allows organizations to monitor users activity through online payments in real time and identify fraud before there is damage.
- Location: London
- Funding: $5.64 M | 4 Rds. | 17 Investors
- Recent Rd: $3.66 M | 3 Rds. | 8 Investors
- Key Investors: Techstars (London), Passion Capital, and Playfair Capital and Amadeus Capital Partners
Conclusion: Phantom is a unique startup, automating the workflow from alerts to investigation and remediation. When Phantom launched, the company had a first-mover advantage. Now there are similar companies gaining credibility with the names on their cap table.
Phantom has a lot going for them for a company starting to scale: solid management team, knowledgeable advisors, and deep-pocketed investors. Time will tell if they can compete with the new players.