Battling Bots with Kasada
We’re privileged and excited to have led the recent AUD$6.5M round into Kasada, a fast-growing cyber-security company preventing automated “bot” attacks against enterprises. We co-invested with Westpac Reinventure, with support from existing investors, Our Innovation Fund and angels.
Background — The vast majority of traffic on the internet is actually non-human, with “bots”– automated computers and phones — clicking, scraping, probing and pretending to be people. These increasingly sophisticated bots are used to commit a wide range of fraud and other online attacks around the world, damaging brands and financial performance. Kasada has created Polyform, a browser-based service that helps businesses fight back against bots, stopping attacks cold, reducing fraud losses and infrastructure costs.
Founder — At Main Sequence, a key investment thesis anchors around a Company’s Founder, and Sam Crowther is no exception. Sam is a deep security expert who first worked at the Australian Signals Directorate (the Australian version of the US’s NSA) at the age of 15. He left university in late 2014 to start Kasada along with his father Greg, an experienced executive who handles business operations. Sam created the vision for Polyform and leads both the technical architecture and product engineering. He loves nothing more than spending time with CISO’s (Chief Information Security Officers) of customers to understand and solve their problems, and based on their traction and feedback from customers, Polyform is doing just that.
Problem Being Solved — Bots can be “good”, like those that refresh your Facebook page or figure out how useful your website might be to Google users. However, bots are also used to commit online fraud, steal valuable content, and overload servers to shut down websites. As much as 70% of traffic to e-commerce or financial websites is malicious bot traffic. This is now causing concerns in the C-suite and boardrooms due to fraud, data breaches and corporate brand damage. Despite in-house security teams at larger enterprises and a number of large vendors of Web Application Firewall (WAF) and other web-based threat prevention services today, attacks are still rampant and several acute pain points still exist in the enterprise:
- Sophistication of attacks are increasing, “upping the ante” as vendors and criminals attempt to outflank each other;
- Existing solutions like WAFs are complex to setup and maintain, and require constant updating and tuning of rules;
- Well-trained IT security professionals are expensive and hard to find, especially for mid-market enterprises.
“Pain Relief” Solution — In response to the pain points above, Kasada created Polyform, a web-based service which identifies and prevents malicious bot attacks on web applications, while still letting good bots and humans through. The SaaS application is sold on a monthly subscription basis, and immediately stops fraud /disruption in its tracks, decreases web infrastructure costs and requires very little ongoing management resources. Polyform is easily implemented by a customer re-routing client web traffic through the Polyform servers on Amazon Web Services. Polyform then detects and blocks malicious web traffic, letting the good bots and human traffic through to the customer website. Polyform uses a combination of device fingerprinting and behavioural techniques to distinguish automated vs. human behaviour and filters it in real-time. Polyform employs a novel “proof of work” challenge which requires the attacking computers to complete increasingly difficult calculations, sucking processing / memory resources and making it uneconomic to continue the attack. In other words, attackers must spend more money if they want to keep attacking Kasada clients.
In our due diligence, we spoke to large, sophisticated customers who described a common experience: Before Kasada, they had tried other solutions from well-known vendors, but continued to be impacted by attacks, and continued to need internal security teams to update the rules and parameters of these systems. We talked to one of Australia’s top retailers whose website was taken offline for a number of hours from a bot-driven denial of service attack. Kasada implemented Polyform in less than 3 hours, which immediately stopped the attacks without requiring ongoing involvement of security teams.
Traction — Kasada has been in the market with its current version of Polyform since early-2018. Between our first meeting with the team in December 2018 and the close of our financing in April, they doubled MRR (Note to Founders, don’t underinvest in sales while you’re raising…it’s very powerful to have good news to share while engaging with investors). They have a blue-chip list of customers in AU and increasingly, in the US.
Market Opportunity — The Bot mitigation market is growing rapidly, with a combined market in the billions and growth rates above 20%. As more of the world connects and does business online, cybercrime will continue to grow as well, especially with the ease and decreasing cost of deploying computing power for evil. The rise of IoT across industries means billions of devices as well as critical infrastructure networks will come online, facing the threat of these attacks as well. And the stark realities of cyber warfare between nations mean more than just criminals will be leveraging bots for their purposes. We believe Kasada’s solution can be a leader in these existing and emerging markets around the world.
Conclusion — We’re very excited about Kasada: they’re playing in a large, fast growing market, and have great traction. Sam is a terrific founder, and it will be exciting to see what’s possible with more resources around him.