Menlo Security raises $75 million for malware-blocking tools

Menlo Security, a provider of endpoint-free cloud solutions that protect organizations from cyberthreats, today announced that it has raised $75 million in series D funding led by unnamed clients advised by JP Morgan Chase. Existing investors General Catalyst, Sutter Hill Ventures, Osage University Partners, American Express Ventures, HSBC, JP Morgan Chase, and Engineering Capital also participated in the round, which follows on the heels of a $40 million series C in December and brings Menlo Security’s total raised to over $160 million.

CEO Amir Ben-Efraim said the fresh funds will be used to expand the company’s global sales team.

“Zero-trust internet changes the paradigm by never allowing attackers to reach their targets, while providing users the ability to access the internet as they always have,” said Ben-Efraim, a Juniper Networks veteran who cofounded Menlo Security in 2013 with fellow colleague Poornima DeBolle and University of California, Berkeley computer science graduate student Gautam Altekar. “Companies using internet isolation are completely protected against email and web attacks, which account for nearly all successful breaches in an enterprise.”

Enterprise-scale antimalware tools aren’t exactly novel, but what Menlo Security brings to the table is an air-gapped approach that cuts off networks from the public web without impeding internet usage. Email attachments and web requests are proxied through the cloud-hosted Menlo Security Isolation Platform (MSIP) rather than sent from local devices, and active content like ads, background trackers, and beacons are executed in a sandboxed remote environment. The company claims that this effectively shields machines from the sorts of sophisticated spyware, ransomware, and phishing attacks that bypass on-premises defenses.

Above: A diagram illustrating Menlo Security’s malware-blocking approach.

Image Credit: Menlo Security

Ben-Efraim rattles off sobering numbers from a recent Verizon study: In 2018, there were 41,686 reported security incidents and 2,013 confirmed breaches, and C-suite executives were 12 times more likely to be the victim of an email attack. “The legacy approach of identifying threats to block them or detecting threats after a breach occurs is failing,” he said.

Menlo Security claims that the bulk of customers see at least a 95% decline in credential loss and similar reductions in corporate data leakage. As for end users, they’re afforded an experience that’s “nearly indistinguishable” from a local browser, with native browser menus, extensions, copy and paste functionality, and find and print tools.

“Menlo Security’s innovative security solution protects against threats and attacks that bypass many advanced security products used by companies today,” said JP Morgan Asset Management portfolio manager and managing director Jonathan Ross, who intends to join Menlo Security’s board of directors. “Menlo Security’s solution works by mirroring content from a remote browser in the cloud to the desktop, delivering a better user experience compared to traditional internet security products.”

Menlo Security’s customers include “hundreds” of companies (including Macy’s and Fujitsu) with “millions” of users, for which it’s currently blocking about 500 million websites daily. The world’s 10 largest banks, four of the five largest credit card issuers, and major energy and transportation companies are among its other clients, along with the Defense Information Systems Agency, the U.S. Department of Defense’s IT combat support agency.

Comments are closed.