Skip to content

Forging Resilient Cloud Email Security Amid Multiple, Evolving Challenges

June 29, 2020

  • Blog Post

Earlier this year, we wrote about ForgePoint’s belief that “well-capitalized companies with proven business models and customer traction will ride out the storm and prove successful.” The storm referred to is, of course, the vast economic uncertainty we now face against the backdrop of an unprecedented global health pandemic. We’ve also written about the phenomenal expansion of remote work—the vaunted “new normal.” The COVID-19 pandemic is propelling an urgent need to secure remote workers and the integrity of digital communication itself.

Even before the pandemic, cyberthreats were largely eclipsing efforts to contain them. As technology expands, the opportunities to exploit and degrade it grow exponentially. It’s the persistence of these threats that must drive vigorous investment in security infrastructure built on innovation, initiative, and vision.

Funding decisions are laden with risk of course—but when it comes to cybersecurity, the real risk is that of ceding power to criminals—imperiling the global economy and the safety of millions. Threats and uncertainty traditionally breed caution, but excessive caution is precisely the wrong choice for today. The challenges we face call for bold and reasoned action. ForgePoint is optimistic about the resilience of our economy and new security solutions that keep ahead of threats. And that optimism drives our search for companies with the wherewithal to rise to the challenge.

What does that wherewithal consist of? I’d like to share our rationale in deciding to invest substantially in Area 1 Security; in its technology, business, and leadership.

“It’s Always a Phish”

Despite billions spent each year on cybersecurity, massive breaches continue; not just as the headline fodder of Equifax, Capital One and Facebook exploits — but in thousands of smaller organizations under unrelenting attack from barrages of phish, hemorrhaging revenue and data every day to threat actors.

Area 1 has a motto that resonates with us: “it’s always a phish.” Because no matter how spectacular, wide-ranging and long-lasting the harm, chances are that the cyberattack started with a simple email. Phishing is the root cause of 95 percent of damages. Stopping these attacks is a critical priority.

Area 1 has thrived since its founding, and we’ve seen standout innovation fueled by a confident and pragmatic business plan. The evidence of this became clear when we spoke to Area 1’s enterprise customers (including several well-known Fortune 500 brands). Each customer spoke highly of Area 1’s performance and ability to solve real business and cybersecurity challenges. These CISOs reiterated how Area 1 reduces their cyber risk, provides a clear performance-driven ROI compared to other vendors, and continuously provides new features to meet fast-evolving needs. At ForgePoint, we believe the best indicator of whether a startup is built to last is their ability to build customer loyalty — which Area 1 delivers in spades.

Area 1: The Technology

Area 1’s preemptive approach to detecting and disabling phishing attacks prior to launch has rocked (in both senses!) the industry. Before Oren J. Falkowitz, Blake Darché and Phil Syme started Area 1, phishing defense consisted almost entirely of post-breach damage control. Companies were rarely lucky enough to stumble on and stop an attack before it got underway.

Staying ahead of threat actors calls for a whole new approach. Area 1’s enhanced detection models go into the wild and the weeds to detect and thwart Business Email Compromise, credential harvesting phish, Bitcoin phish and other highly targeted attacks that evade legacy defenses. The company also leads when it comes to spotting supply chain-based phishing, where threat actors use patient social engineering to insinuate themselves into trusted supply chain, vendor and business partner correspondence.

When even the most thorough employee anti-phishing education hits a ceiling at about 70 percent, the need for a paradigm shift in email security is imperative. That’s what Area 1 provides and what we have now invested in.

Area 1: The Company

Area 1 is rooted in the founders’ deep experience in national cybersecurity and helping defend our nation against cyber threat actors and campaigns prior to their strikes on us. This proactive approach, when applied to enterprise cybersecurity, shifts the industry paradigm.

Along with its technological innovation, Area 1 dares to originate the concept of financial accountability in cybersecurity. The company then went all-in by staking its revenue directly on its ability to stop attacks. Area 1 has made the leap to an accountable, performance-driven security model founded on value-based pricing similar to that used by such companies as AWS. The value of the offering to the customer is the determinant of revenue, rather than the recoup of investments via cost-plus pricing and continual, cost-ineffective tuning in the face of continued phishing attacks and financial loss.

This commitment showed us the right kind of risk-taking, which paid off in 2019 with 400%+ year-over-year growth. Tellingly, a slate of Fortune 500 enterprises and election-sensitive organizations have been seeking the protection of Area 1 from an unprecedented avalanche of phish attacks aimed at exploiting the COVID-19 pandemic, a presidential election year, and other endless challenges.

Area 1: The Leadership

To accelerate its scaling, Area 1 also welcomes new CEO Patrick Sweeney, who most recently facilitated the sale of Talari Networks to Oracle — and brings extensive revenue growth, go-to-market strategy and channel sales experience from his time at Dell Inc./SonicWall.

As we confront a world seemingly battered by pandemic, cybercrime, and financial uncertainty, I want to reiterate that the nature of our investment in Area 1 is essential to overcoming these tough adversaries. We can encourage disruptive progress, profit from experience, and emerge more cyber resilient, by investing in aggressive preemption and risk reduction, rather than on waiting for cybercriminals to carry the fight to us.