Perception Point: Protecting communication and collaboration apps from cyber attacks

Why we invested in the Israeli cybersecurity company

Why a new breed of cybersecurity solutions is needed for securing enterprise communication and collaboration. And why we invested in the Israeli cybersecurity company Perception Point.

As COVID-19 unfolded in the first half of 2020, we set out to explore its long-term ramifications and imagine what the ‘New Normal’ could look like. Not only that, we also wanted to understand the non-obvious: what would be the second- or third-order effects of remote working and accelerated digitalization? Cybersecurity became one of the key areas of focus: as companies go through the cycle of upgrading their applications and architectures, security would have to follow in close sync. This opportunity was validated by hackers themselves: in the first few months of COVID-19, phishing attacks increased by more than 600% in under a month (Infosecurity Magazine, Jun-20).

The work led us to re-engage with Yoram Salinger, the CEO of Perception Point, whom we had originally met back in 2019 when they had just started commercializing the product. Perception Point is an Israeli cybersecurity company focusing on protecting communication and collaboration channels such as Outlook, Gmail, Teams, Dropbox, and Google Drive. We were impressed by the strong technology talent in the team, the broad vision of the company, and the simple, yet sophisticated, product. And now we are excited to announce our investment in their $28M Series B round, led by Red Dot Capital Partners and joined by existing investors Pitango Ventures and State of Mind Ventures.

Two trends are particularly relevant for understanding the background for our investment: 1) the proliferation of enterprise communication and collaboration tools, and 2) the ‘API-fication’ of software.

The proliferation of enterprise communication and collaboration tools calls for new security solutions

The role of email as the sole communication and collaboration tool for enterprises is long gone. Even before COVID-19 hit, an average enterprise used more than 6 different enterprise communication and collaboration (EC&C) applications (Perception Point study, 2019). The prevalence of these applications has since exploded, and usage has expanded from internal collaboration to include customers, partners, and subcontractors.

From the hacker’s perspective, EC&C apps are a dream: they are used for sharing content (i.e., text, files, and URLs), are perceived as safe by the users (unlike email), and typically have little to no built-in or even 3rd-party security. Platforms such as Dropbox are the perfect distribution channels for malicious files or URLs since any uploaded content is instantly propagated to all members of a shared folder.

The ‘API-fication’ of software will produce the next generation of significant software companies

Shifts in technology paradigms often disrupt existing, mature industries, and produce higher quality products and services at cheaper prices. When that disruption fuses with an opportunity to serve entirely new markets, it becomes particularly interesting.

We believe the next generation of significant software companies will be created through the ‘API-fication’ of software, where APIs (Application Programming Interfaces) are used for integrating pieces of software to others. APIs have existed for decades, but we believe their impact on the broader economy is still in the early days (for an in-depth analysis, see our Executive in Residence Markus Suomi’s article here).

API-fication impacts both the development and consumption of software. On the development side, APIs allow the software to be built modularly by stitching together both internally and externally built components. This leverages the comparative advantage of each company – why build a global telecommunications infrastructure yourself when you can integrate with Twilio? On the consumption side, API-based SaaS companies create value by abstracting a business capability, such as document data extraction, and provisioning it over an API, rather than providing a UI for a human to interface with.

API-based approaches have not yet been widely adopted in the cybersecurity industry – it is an industry that is dominated by incumbents with broad end-to-end platforms. In email security, for instance, Secure Email Gateways from the likes of Proofpoint and Cisco have been the gold standard. The issue is that these platforms are based on an old architecture – they struggle with detecting advanced attacks, they operate at the perimeter without any visibility into internal traffic, and typically, they can protect only email. Sophisticated attackers know how to use social engineering or other means to circumvent these incumbent security solutions.

Perception Point is bringing the power of APIs to securing communication and collaboration channels

This brings us to Perception Point. Perception Point is an API-based SaaS for securing any communication and collaboration channel against any type of attack, including phishing, malware, or business email compromise. The technology is based on 7 security layers for detecting malicious content, even in situations where the malicious payload is hidden deep behind a URL.

Perception Point’s cloud-native and API-based approach provide several key advantages. First, the beauty of the solution is in its simplicity for customers and end-users. The product can be deployed in a matter of minutes and there is no disruption to existing workflows or the end-user experience. Second, 100% of traffic is analyzed, and the analysis happens in seconds rather than minutes. Speed is particularly important in messaging applications, which are, by nature, real-time. Third, Perception Point covers any EC&C channel, from well-known software vendors such as Dropbox and Microsoft Teams to the proprietary applications of customers. Fourth, and most importantly, Perception Point provides a single pane of glass across all EC&C channels and offers detection as a service, where technology is complemented by human analysts.

SE Labs, an independent security analysis company, has validated Perception Point’s detection capabilities, scoring them at #1 in a test that included incumbents such as Mimecast, Microsoft, and Google. Ultimately, though, the proof is with customers, and after hearing their rave reviews, we were convinced that Perception Point had created something unique.

Onward and upward

Over the years, NGP Capital has backed many Israeli entrepreneurs either directly or through fund investments, such as with Team8. We typically find that the entrepreneurs in Israel possess a deep technology background and a great urgency to scale. We’ve been fortunate enough to be part of the journeys with companies such as Moovit (acquired by Intel for $900M in 2020) and Kaltura (filed S-1 in Mar-21).

We look forward to supporting Yoram, Michael, Shlomi, and the entire Perception Point team in their efforts to make communication and collaboration more secure.

Please feel free to reach out at ossi@ngpcap.com in case you have feedback on the post or wish to exchange thoughts on the industry.