Endpoint

5/22/2018
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Valimail Raises $25 Million in Series B Funding

SAN FRANCISCO, May 22, 2018 /PRNewswire/ -- Valimail, the world's leader in automating email authentication, announced it has raised a $25 million round of funding to accelerate its global growth and expand its portfolio of trust-based anti-impersonation services. Valimail provides the only automated email trust platform. Many leading organizations, including Yelp, Uber, Fannie Mae, Manulife, WeWork, and others, use Valimail to stop fraud, brand abuse, and data theft.

The Series B investment is led by Tenaya Capital, with participation from existing venture investors Shasta Ventures, Flybridge Capital Partners, and Bloomberg Beta.

"Valimail was founded to bring trust to the world's communications, starting with email. In a world of first-generation solutions with failure rates over 70 percent, we believed total automation was a necessary approach," said Alexander García-Tobar, co-founder and CEO of Valimail. "The past three years have proven our thesis that the market both needs and values automated authentication. Now we're prepared to make our platform available worldwide." 

Impersonation-based email attacks are the #1 vector for cyberattacks of all kinds. Valimail's Identity-Driven Email Anti-impersonation (IDEA)™ platform stops these attacks by automating implementation and ongoing management of email authentication. Leveraging open standards, such as SPF, DKIM, and DMARC, the platform ensures that unauthorized senders using an organization's domains in email messages are automatically blocked globally.

"Valimail's technology represents the perfect convergence of a huge need (stopping impersonation and restoring trust to email), a rapidly growing market, and a revolutionary technology led by an experienced, disciplined team," said Brian Melton, managing director at Tenaya Capital. "Valimail's automation platform is a best-in-class solution that's already found a substantial market and widespread recognition for its technical superiority. It will have wide application in the years to come," he added.

A Growing Global Trend

Both the private and public sectors now recognize email authentication as critical in preventing so called email "spoofing" or impersonation attacks. The Department of Homeland Security, for example, mandated in late 2017 that all federal agencies not only adopt email authentication based on DMARC, but implement it fully to prevent such attacks.

Email authentication based on DMARC has hit an inflection point, although companies still struggle to implement it fully:

·       DMARC is now supported by over 5 billion email inboxes worldwide. (Valimail's Email Fraud Landscape, Q1 2018)

·       More domain owners have published DMARC records in the past six months than in the five previous years combined. (DMARC.org)

·       However, successful deployment is extremely challenging: An analysis of one million DNS records shows that regardless of company size or vertical, about 80 percent of DMARC implementations fail to achieve enforcement. (Valimail's Email Fraud Landscape 2017)

·       DMARC is recommended for all companies by the Federal Trade Commission, the Online Trust Alliance, the Global Cyber Alliance, and many other organizations.

Automation Guarantees the Benefits of Authentication

Gartner Inc. recommends that security and risk management leaders involved in fraud prevention should work with brand stakeholders to "Implement domain-level email authentication protocols (SPF, DKIM and DMARC) as the strongest technical protection against exact-domain spoofing of domains owned or controlled by their enterprise." [Gartner: "Fighting Phishing: Protect Your Brand," November 2017, refreshed December 2017]

Most companies deploying DMARC don't make it to enforcement, however. Valimail's enforcement guarantee ensures that customers get the benefits of authentication quickly and effortlessly so they can stop impersonation attacks right away.

"After attempting email authentication with other solutions, I was amazed at the level of automation Valimail provides," said JJ Agha, VP of information security at WeWork. "It eliminates the need for two FTEs, so my staff can focus on other key priorities. I consider it a 'set it and forget it' solution for ensuring that our employees and executives can't be impersonated and that our email is trusted."

As it expands, Valimail will be hiring multiple positions across a number of different departments, including engineering, sales, customer success, and marketing. For information on career opportunities at Valimail, visit https://www.valimail.com/careers/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.