Redwood, California-based anti-phishing firm Area 1 Security has raised $25 million in a Series D funding round led by ForgePoint Capital and supported by existing investors Kleiner Perkins, Icon Ventures and Top Tier Capital. Area 1 describes itself as pre-emptive solution, able to detect attack attempts up to 24 days before the attack.
Area 1 Security claims to have stopped 42 million phish in 2019, and has thwarted $273 million in BEC fraud in the first five months of 2020. Technically, phishing and BEC are separate categories of scam (the former seeking to steal personal information and credentials with the latter seeking to steal money directly).Both, however, use somewhat similar largely email-based social engineering techniques.
There are many times more phishing attacks than BEC attacks; but the damage done to business is severe in both cases. The latest FBI/IC3 report has put the cost of BEC at approximately $1.7 billion in 2019 alone, while it is believed that 95% of breaches start with phishing.
“Email security is fundamentally broken, with phishing attacks consistently breaching defenses, leading to significant business losses for organizations large and small. The simple fact is that 95 percent of breaches begin with a phish disguised as an innocuous email,” comments CEO Patrick Sweeney. “By focusing on the earliest stages of an attack combined with the industry’s leading small pattern analytics technology, Area 1 is uniquely able to bring preemption to email security. We stop phishing campaigns prior to them inflicting any damage.”
Area 1 employs six primary techniques to find and block email scams before they can cause damage. The first is campaign source analytics. The firm crawls the entire web — over 6 billion pages and 6 petabytes of attack data every couple of weeks. Analysis of this data can often detect new attacks while they are still in the criminal planning stage.
Message sentiment analysis, a technique often used by marketers to understand customers attitudes towards products, and by campaign managers to understand how politicians are faring, is used by Area 1 to better understand the true purpose of an email.
It uses a partner social graph to better understand the relationships between people. It uses conversational context analysis, analyzing conversational variations through an entire thread. It has a universal message classification process, which surfaces categories of interest for secondary analysis. And finally, it provides rapid escalation of alerts for analyst review.
Area 1 has also introduced a unique pricing model — customers use the product on a pay-per-phish basis. Area 1 is the first and so far only performance-based, email security company: customers only pay per each phish caught.
Area 1 was founded in 2013 by Blake Darche (CSO), Oren J. Falkowitz (chairman), and Phil Syme (CTO). The first two were formerly NSA employees, while Syme was formerly chief engineer at Next Century Corporation. Patrick Sweeney recently joined the firm as CEO and president. Sweeney was formerly CEO at Talari Networks, which was acquired by Oracle in 2019.
The firm raised $8 million in a Series A funding round in 2014, $15 million in Series B in 2015, and $32 million in a Series C round in 2018. The total raised to date (with initial seed funding) now stands at $82.5 million.
Related: COVID-19 Fuels Phishing and Scams While BEC Attacks Evolve and Increase
Related: Anti-Phishing Firm INKY Raises $20 Million
Related: Netcraft Launches Anti-Phishing Mobile App
Related: AI-Facilitated Product Aims to Stop Spear-Phishing Attacks