Cyber firm ready for next step with new backing

Cyber firm RunSafe is entering the next phase of its strategy to offer software that works to immunize affected resources and leave the rest alone. The company now has the backing of Lockheed Martin's venture arm to help in that journey.

Cyber software provider RunSafe Security is ready to chart its next phase of growth with the help of $9.8 million in Series A funding raised over two rounds, including the most recent one that fetched $3.5 million.

The second round of fundraising announced Thursday saw two new notable investors enter the fold to back RunSafe: NextGen Venture Partners and Lockheed Martin Ventures -- the global defense giant’s investment arm that backs emerging startups with technology areas seen as disruptive both to the industry and company itself.

How did McLean, Virginia-based RunSafe get the attention of Lockheed Martin Ventures? Some of that may have preceded the investment.

“We were getting traction in the Department of Defense, both in protecting weapons programs and also making our tools available to developers for integration into the DevSecOps tool chains,” RunSafe CEO and co-founder Joe Saunders told me. “With that, a significant part of our go-to-market has been working with the program managers in the program offices, and including working with folks like Lockheed Martin.”

Saunders said that while RunSafe was technically founded in 2015, the company committed to its business plan in June 2018 and launched its core product two months later. RunSafe Chief Technology Officer Dou Britton is the other co-founder alongside Saunders. The company's flagship Alkemist software was born out of a project for the Defense Advanced Research Project Agency and works to immunize affected code but leave the rest alone.

RunSafe’s interest in public sector markets center around military systems in particular such as ground stations. Civilian agencies’ IT infrastructures also have potential use cases for the company’s software, Saunders said.

What RunSafe wants to gain more of a footprint in with the help of these latest investments is securing supply chains with the use of software. Saunders said the company sees demand for such an offering as customers work through issues such as alert fatigue for security problems, gaps in finding cyber talent and repeated patching to stop or prevent breaches.

The idea of offering such a product and scaling it also has an eye toward the fact that supply chains are getting more complex. Supply chain compromise was one of the first areas RunSafe worked on as part of its research, Saunders said.

“You have hundreds, if not thousands or tens of thousands of suppliers, and it’s not efficient to assess all the security across all those different suppliers in your ecosystem,” Saunders said. “It’s not efficient to issue a patch for every single software product that you’re managing across your infrastructure or in your products that you deliver to the government.”

Neither is it efficient to build defenses across the various different ways people have to breach a network, Saunders added. Software should function in the same manner regardless of where it is deployed, but one vulnerability changes the equation.

“The foundation of RunSafe is to fundamentally change the economics back to the defenders’ advantage, assume the bad actors still get in, but we still want to provide a level of protection, and we’re doing that by making each instance of software remain fundamentally identical but logically unique,” Saunders said.