Taking the Sting Out of Email Hacks Valued at $1.1 Billion
Remorseful CEOs have been lamenting that they hired too rapidly during the pandemic as a result of a growing wave of tech layoffs. Ryan Noon, the founder of Material Security, claims he hasn’t had any such issues; in fact, he believes he was hired “maybe a little slower” than he needed to be.
“I believe the previous couple of years in Silicon Valley will be recognized as a particularly wasteful period,” adds Noon, who is also the co-founder and CEO. “If you have the right people, you don’t need a lot of people to do a lot.”
Material Security has signed big customers including Mars, Stripe, and insurance giant Chubb for their security software that can protect emails even if they are hacked despite employing less than 40 employees. “We’re outnumbered by at least a binary order of magnitude or two by our customer count,” Noon says, adding that he hasn’t lost a single customer yet.
As others deal with bloated payrolls, Noon believes the moment has come to expand his team. Investors agree, pouring $100 million into the Redwood City, California-based business revealed on Wednesday. The $1.1 billion Series C financing was primarily an insider round, led by current investors Founders Fund, with participation from previous lead backers Andreessen Horowitz and solo investor Elad Gil.
During the outbreak, Russia-backed hackers hacked several US government institutions’ Microsoft Office 365 email accounts, while hackers suspected of being tied to China hacked the Gmail accounts of News Corp journalists.
The idea behind Material Security is that even if hackers get access to an organization’s email accounts, they will be prevented from stealing goods. Noon came up with the idea while on sabbatical in Berlin in 2016, following a term as an engineering manager at Dropbox.
Noon says he was particularly pulled to the email dump from Clinton campaign head John Podesta’s personal Gmail account because he was obsessed with the storylines of the US presidential race that year.
Noon came to the United States to work on the project alongside former Dropbox colleagues Abhishek Agrawal and Chris Park. They started their company in 2017 with an initial product that identifies key emails in an inbox—for example, a message containing a sensitive financial document—and obfuscates them so that if a hacker tries to download one, they won’t be able to view the sensitive information. For the legitimate user, an extra step, such as completing a multi-factor authentication prompt on Duo or Okta, reopens access to the email.
The creators made the economic decision to target large corporations rather than individuals after realizing that the same technology used for personal email accounts could be extended to their enterprise counterparts.
“A Google Workspace account is essentially a pretty pricey Gmail account,” explains Noon. “We have all the time in the world to go defend Grandma, but we’ve decided to focus on the businesses first.”
(According to Noon, customers include a few “VIP” persons such as billionaires and renowned athletes.)
Material Security has recently incorporated more capabilities, such as detecting efforts by hackers to gain access to a user’s non-email accounts by attempting to reset their passwords via email.
The company’s net revenue retention rate is over 150 percent, with users frequently spending more money over time to gain access to more products. The increased investment will be used to enhance technical efforts in order to develop more features related to email security, as well as services that go beyond email.
According to CTO Agrawal, some of the same principles that safeguard email documents can also be utilized to protect other content storage, such as Dropbox or Google Drive files. “All of our patents are fairly general,” Noon continues.
Nonetheless, Noon is certain that Material Security will be able to carve out a niche for itself in the cybersecurity industry. “In our field, there’s a lot of phony innovation and snake oil and all these things that are highly dislikeable,” he says. Customers of Material Security have complained to him about previous security software companies who promised new products but then sold their companies and cashed out before delivering.
“There haven’t been a lot of really big cybersecurity startups because entrepreneurs are cautious,” says Noon. “I’ve previously sold a business.” It’s not great; in fact, it’s really bad. As a result, I’d like to keep the commitment we made [to our customers]. It’s self-evident and deeply personal.”