Active Directory – Microsoft’s directory service for connecting users to network resources – is used by more than 90% of all Fortune 1000 companies and many more. So it’s no surprise that it’s a big target for malicious hackers.
This also means a lot of attention for security companies that build tools to protect and restore ad services.
today, always — a Hoboken, New Jersey, startup focused on ad protection — announces $125 million in funding from JP Morgan and Hercules Capital, money it will use for R&D and business development. In addition to Active Directory, these days Semperis also provides threat detection and response, recovery and related services to users of Entra ID (formerly known by the more euphemistic name Azure Active ID) and Okta in cases where customers use these services for some or all. for their cloud services. Its clients include Lenovo, Prime Healthcare, Sanofi, United Airlines, Starbucks, Hertz and many more, covering around 100 million user identities in total.
The funding comes nearly two years after Semperis raised a $200 million Series C.
Unlike that round, this funding is a mix of equity and debt — more on why it’s taking on less debt — and also unlike that round, TechCrunch confirmed the company’s valuation: It’s now more than $1 billion — or in the words of Mickey Pressman, founder and CEO of Semperis, “I have a horn.”
(The amount of $651 million was indicated in Pitch book inaccurate.)
Along with the funding, Semperis is also adding three executives that Pressman said will be crucial to taking its next steps as a company, which he said currently looks like an IPO, but I’d say it could also be mergers and acquisitions in the right situation, given how much consolidation we’ve seen. in the cybersecurity market in the past few years.
Jeff Bray comes in as CFO. Mike DeGaetano will join as Chief Revenue Officer, and Annabelle Lewis will serve as Chief Legal Officer and Corporate Secretary. All three have extensive backgrounds with some of the most successful e-commerce companies of the past decade.
Semperis has been around since 2013 (with services officially launching in 2015), and Pressman says he likes to joke that the company was too early and too late to get to market.
Early on because cybersecurity wasn’t a big deal just ten years ago, and the conversation wasn’t even about identity management (that’s a huge topic today). Belatedly, because AD was actually launched in 1999, it was already being used everywhere, laying the foundation for a large-scale hacking operation that would eventually take over organizations using AD. There have been successive waves of attacks exploiting vulnerabilities through the Active Directory architecture.
Despite the drumbeat of cloud services (more specifically the drumbeat of the cloud marketing machine), on-premises services are still huge, and advertising is the way to see how many services are being used among organizations. One of the most recent and damaging ad exploits was NotPetya, which was described As one of the “most destructive” attacks in Internet history.
Since then, of course, a number of other ideas have emerged focusing on Alzheimer’s disease. They include Palo Alto Networks, Bitsight, BigID, Wiz, and many more.
One problem with many AD attacks is that across a distributed system, breaches can be complex, expensive, and time-consuming to fix. Semperis’ idea is that it can reduce that time by 90%. Since downtime is usually more costly to a company than the hack itself, minimizing it, if not avoiding it altogether, becomes the primary focus of online buyers.
“As CISOs shift their focus toward securing and building resiliency into their identity infrastructure, we see tremendous demand for specialized hybrid AD and Entra ID protection,” Bray said in a statement.
“Semperis is a clear leader in much-needed identity system defense by preventing, detecting and responding to machine learning-based attacks,” added Scott Bluestein, CEO and CTO of Hercules Capital. “Leading organizations around the world rely on Semperis to protect their hybrid Active Directory environments, which are essential to their IT infrastructure and highly targeted by attackers.”
As for why the company would take on debt instead of equity, Pressman simply said that the company had multiple options but chose this option in part because it had the investor mix it wanted on its cap table. (He didn’t say that, but it also means she has to give up less equity on the way to the IPO.)
“Semperis, with new support from JP Morgan and Hercules Capital, and our existing team of global backers, KKR, Insight Partners, Ten Eleven Partners, Paladin, Advocate Health and others, will continue to drive innovations to disrupt cyberattacks,” he said. braying. “Funding growth complements an already strong balance sheet, allowing Semperis to accelerate investment in R&D and expand our global footprint to meet market demand.”