RedOwl 2015 website

Exclusive: cybersecurity startup RedOwl raises $17 million series b

Jul 13, 2015

Sure, Guy Filippelli did a stint with the National Security Agency. As a member of that spy team, he helped re-architect how the agency disseminated intelligence to military officers. But that's not where Filippelli cut his teeth.

"Actually, the army was much more formative for me," the CEO and founder of cybersecurity startup RedOwl tells Fortune. In late 2001, Filippelli, by then a West Point grad with experience in computer science, had been gearing up for the United States' post-9/11 invasion of Afghanistan. The military's intelligence apparatus was technologically lacking at the time, he says, and so the top brass selected a few young army officers to run software engineering teams, to boost officers' decision-making capabilities. That's when Filippelli got his start.

"In the army, nobody is gathering intelligence just to gather intelligence," he says, hinting at an essential difference between the missions of his former employers. "An army intelligence team's goal is to quickly get data together and to turn that into information that can be actioned in support of a decision on the battlefield." The job entails gathering relevant details quickly, correctly, and serving them up to the leaders devising strategies. During conflict, lives depend on it.

Today, Filippelli is applying that insight at RedOwl, a cloud-based behavioral analytics software company he founded in 2011 after leaving the public sector. The Baltimore, Md.-based firm specializes in bringing together disparate streams of data within an organization. They could include activity on the IT network, email exchanges, and other sources of data, in order to help companies mitigate insider risk—which could manifest as a rogue, sloppy, or compromised employee, for example.

On Monday, RedOwl will announce that is has raised a $17 million Series B round of funding, bringing total funding to nearly $30 million so far. Participants in the latest round include Allegis Capital, a venture capital firm, which led the raise, as well as Blackstone Group (bx), the private equity firm, and angel investor Marc Benioff, the founder and CEO of sales-tool giant Salesforce (crm). The company already has a relationship with In-Q-Tel, the venture capital arm of the Central Intelligence Agency.

Soon after contractor and whistleblower Edward Snowden leaked a trove of NSA internal documents in 2013, Filippelli says that RedOwl's appeal leaped from a "nice to have" to a "need to have" among potential customers. The company's flagship product, "reveal," monitors users, spots anomalies, predicts malfeasance, and gives the operators a chance to stop data heists before they happen.

Post-Snowden, network custodians began to consider blocking compromises from within just as important as preventing external attacks. Information security specialists became suddenly introspective. Their newly heightened fears no doubt helped RedOwl to win the "most innovative company" award at the 2014 RSA Conference, one of the world's biggest information security confabs.

"Statistics show that between 70-and-80% of cyber breaches have an internal component to them," says Robert Ackerman, the lead investor at Allegis Capital and newly added board member at RedOwl, as he details his reasoning behind the investment. "All of a sudden, people have come to realize the critical need to understand what's going on inside their networks."

That threat is real. According to a 2015 insider threat report from Vormetric, 89% of the 800 business and IT managers surveyed by the San Jose, Calif.-based data security firm reported feeling that their organizations are vulnerable to insider attacks. Indeed, more than a third of the respondents said they felt "extremely vulnerable."

Jay Leek, Blackstone's chief information security officer and a RedOwl board member since April, sings the company's praises. On a call with Fortune, the customer-turned-investor says he spent 11 months reviewing 15 companies with similar cybersecurity offerings last year before giving RedOwl his endorsement. (He declined to name the other companies.)

RedOwl stole the show, he says. The tool "gives you the full context and allows you to pivot and investigate quickly," he waxes. Other tools, he says, simply would alert him to indicators of compromise.

"Investigating used to take days," he adds. "Now it takes 5 minutes or less. It's a tremendous time saver."

RedOwl isn't the only company operating in the space. Big data crunching companies like Palantir and Splunk (splk) help organizations dig through data and find trends that could unmask insider threats. (Just last week, Splunk bought cybersecurity startup Caspida for $190 million, giving it even better prospects in the security market.) And then there are others, such as Securonix and Gurucal, competing for a share of the pie, to name a couple.

Filippelli, who previously co-founded the data analytics firm Berico Technologies, says the bulk of RedOwl's latest funding injection will go toward product development. "This has been a very intense year for us," he says, mentioning that he has been pleased with several proof of concept tests of the technology. (He does not go into greater detail.) Some of the firm's customers so far include Blackstone and risk management firm K2 Intelligence.

"Really, 2015 is fundamentally about establishing these early beachheads, to use a military term, in these large organizations," Filippelli says. By end of year, he says he hopes to have 25 product level deployments, declining to reveal further information about customers or revenue. RedOwl will continue to focus for now on its tech, he says, primarily hiring engineers and data scientists. Since the middle of last year, the company's headcount has doubled to 35, and he hopes to bring that number to 50 by year end.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions