Endpoint

5/22/2018
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Valimail Raises $25 Million in Series B Funding

SAN FRANCISCO, May 22, 2018 /PRNewswire/ -- Valimail, the world's leader in automating email authentication, announced it has raised a $25 million round of funding to accelerate its global growth and expand its portfolio of trust-based anti-impersonation services. Valimail provides the only automated email trust platform. Many leading organizations, including Yelp, Uber, Fannie Mae, Manulife, WeWork, and others, use Valimail to stop fraud, brand abuse, and data theft.

The Series B investment is led by Tenaya Capital, with participation from existing venture investors Shasta Ventures, Flybridge Capital Partners, and Bloomberg Beta.

"Valimail was founded to bring trust to the world's communications, starting with email. In a world of first-generation solutions with failure rates over 70 percent, we believed total automation was a necessary approach," said Alexander García-Tobar, co-founder and CEO of Valimail. "The past three years have proven our thesis that the market both needs and values automated authentication. Now we're prepared to make our platform available worldwide." 

Impersonation-based email attacks are the #1 vector for cyberattacks of all kinds. Valimail's Identity-Driven Email Anti-impersonation (IDEA)™ platform stops these attacks by automating implementation and ongoing management of email authentication. Leveraging open standards, such as SPF, DKIM, and DMARC, the platform ensures that unauthorized senders using an organization's domains in email messages are automatically blocked globally.

"Valimail's technology represents the perfect convergence of a huge need (stopping impersonation and restoring trust to email), a rapidly growing market, and a revolutionary technology led by an experienced, disciplined team," said Brian Melton, managing director at Tenaya Capital. "Valimail's automation platform is a best-in-class solution that's already found a substantial market and widespread recognition for its technical superiority. It will have wide application in the years to come," he added.

A Growing Global Trend

Both the private and public sectors now recognize email authentication as critical in preventing so called email "spoofing" or impersonation attacks. The Department of Homeland Security, for example, mandated in late 2017 that all federal agencies not only adopt email authentication based on DMARC, but implement it fully to prevent such attacks.

Email authentication based on DMARC has hit an inflection point, although companies still struggle to implement it fully:

·       DMARC is now supported by over 5 billion email inboxes worldwide. (Valimail's Email Fraud Landscape, Q1 2018)

·       More domain owners have published DMARC records in the past six months than in the five previous years combined. (DMARC.org)

·       However, successful deployment is extremely challenging: An analysis of one million DNS records shows that regardless of company size or vertical, about 80 percent of DMARC implementations fail to achieve enforcement. (Valimail's Email Fraud Landscape 2017)

·       DMARC is recommended for all companies by the Federal Trade Commission, the Online Trust Alliance, the Global Cyber Alliance, and many other organizations.

Automation Guarantees the Benefits of Authentication

Gartner Inc. recommends that security and risk management leaders involved in fraud prevention should work with brand stakeholders to "Implement domain-level email authentication protocols (SPF, DKIM and DMARC) as the strongest technical protection against exact-domain spoofing of domains owned or controlled by their enterprise." [Gartner: "Fighting Phishing: Protect Your Brand," November 2017, refreshed December 2017]

Most companies deploying DMARC don't make it to enforcement, however. Valimail's enforcement guarantee ensures that customers get the benefits of authentication quickly and effortlessly so they can stop impersonation attacks right away.

"After attempting email authentication with other solutions, I was amazed at the level of automation Valimail provides," said JJ Agha, VP of information security at WeWork. "It eliminates the need for two FTEs, so my staff can focus on other key priorities. I consider it a 'set it and forget it' solution for ensuring that our employees and executives can't be impersonated and that our email is trusted."

As it expands, Valimail will be hiring multiple positions across a number of different departments, including engineering, sales, customer success, and marketing. For information on career opportunities at Valimail, visit https://www.valimail.com/careers/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.