Connect with us

Hi, what are you looking for?


Cybersecurity Funding

GreatHorn Secures $6.3 Million to Combat Spear-Phishing Attacks

Belmont, Mass-based start-up GreatHorn announced Wednesday completion of a $6.3 million Series A funding round led by Techstars Venture Capital Fund and .406 Ventures. 

Belmont, Mass-based start-up GreatHorn announced Wednesday completion of a $6.3 million Series A funding round led by Techstars Venture Capital Fund and .406 Ventures. 

The firm, one of Gartner’s ‘cool cloud vendors’, is bringing machine-learning technology to the continuing threat and problem of targeted spear phishing. Spear-phishing, and the related Business E-mail Compromise (BEC) scam, are two of today’s most pernicious threats — the former is the first stage of the majority of successful breaches; and the latter, according to the FBI in May 2016, is responsible for losses “now totaling over $3 billion.”

Both threats have proved resilient against traditional defenses because of their use of finely tuned and targeted, narrow-band social engineering. Effectively, each threat is new and unique, probably contains no payload to analyze, and is delivered before it can be recognized and blocked. The same problem exists for malware: new versions are delivered and get through signature-based anti-virus defenses before detection is added to the defense.

The solution against malware has been a shift of emphasis towards the recognition of malware behavior, using machine-learning to understand and detect that behavior. Conceptually, GreatHorn takes a similar approach to spear-phishing and BEC. It monitors email across the cloud both in metadata and content. It builds a behavioral graph that can detect anomalies in email behavior.

“We’re not looking for a single smoking gun, we do not rely on any single indicator,” CEO Kevin O’Brien told SecurityWeek. “What we do is plug into cloud email systems like Google and O365, and we look at all of the mail that gets sent and received. Then we build a social graph — we start to understand how, for example, a CFO receives messages from the CEO, what those messages look like, how often they come, are they a bi-directional flow or received only. And we look at all the mechanisms of authentication buried in the metadata. We develop a fingerprint that can be coupled with the social graph.

“When you start to do that, not just for a single company but globally for hundreds of thousands of mailboxes every minute you start to see patterns of how email communication works. From there we think of it in terms of anomaly detection, and we can begin to identify anomalous messages — things that could be spear-phishing or BEC attempts. We’re not looking for things that might match an out of date blacklist, we have a unique lens on how individuals inside of a company, or inside of an industry sector, or even around the world, send mail.”

It is this new application of machine-learning on big data to detect the anomalies in e-mail that could detect and prevent spear-phishing that has attracted the investors. “Advanced and targeted social engineering threats represent one of the most pernicious and dangerous challenges to organizations in both the public and private sector,” explained Techstars Ventures Partner Ari Newman. “GreatHorn brings fresh thinking and a cloud-native, intelligent platform that can protect these organizations. We’ve been thrilled with the progress and execution GreatHorn has shown over the last few years and are excited to step up our investment in the company.”

Advertisement. Scroll to continue reading.

“GreatHorn,” added .406 Ventures Partner Greg Dracon, “is at the forefront of next-generation cybersecurity, understanding that changing human behavior is difficult and that security awareness training is not nearly enough for employees faced with sophisticated phishing techniques that look real from presumably trusted contacts.” Both Newman and Dracon are joining GreatHorn’s board of directors.

Existing investors including ff Venture Capital, SoftTech Ventures and RRE Ventures also participated in the funding round.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.


Forty cybersecurity-related M&A deals were announced in January 2023.


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.