Fulton, Maryland-based cyber foundry DataTribe is adding a new portfolio company, as it invests $2.5 million in seed funding into Denver, Colorado-based Ntrinsec.
Along with the investment, Ntrinsec will receive mentorship, resources and access to the network of DataTribe, which works alongside the companies in its portfolio to make it an “unfair fight” as the company enters the market, as DataTribe Chief Innovation Officer Leo Scott put it.
DataTribe seeks to invest in startups building next-generation cybersecurity or data science tools. In the case of Ntrinsec, the focus is around the area of “secrets management” within enterprise companies, which is how organizations ensure security of authentication credentials like usernames, passwords and keys used to help machines communicate in digital environments. Attackers often seek to exploit these keys as they are looking to infliltrate a company’s systems and steal data, so they need to be protected. Ntrinsec aims to prevent what’s known in data security circles as key compromise.
“What they have is an over-the-horizon solution,” Scott said.
The keys are proliferating, as software development teams building the digital systems that power a company increasingly use microservices and DevOps tools, where the architecture is broken up into a lot of pieces and distributed into many cloud environments. This requires more credentials so that can talk to each other. But the process to protect these keys are typically done manually, and security teams can’t keep up, Scott said.
Ntrinsec works with companies to help identify the keys in a company’s systems, and automates the changing of these keys on a regular basis, so they can continue to be protected.
“It takes a complex, not-well-managed process for many organizations today and makes it much easier to have a well-managed process, which significantly increases your key hygiene,” Scott said.
As with many early-stage investors, DataTribe saw the team as an important factor in its decision to work with the company, alongside its tech. CEO Cam Williams and other members of Ntrinsec’s eight-member team have prior experience building a startup. They grew another cybersecurity startup in the identity and secrets management space, called OverWatchID, to its 2019 acquisition by SailPoint. Now, they are adapting what they learned to a different solution within that area of security.
“The potential for Ntrinsec is very large,” Scott said. “They have a relatively straightforward solution for a problem that is an across-the-board problem for every enterprise. That makes for a large market. It also makes for a business that can really scale.”
Ntrinsec will continue to be based in Denver, with more in-person interaction between the Maryland and Denver teams likely over the next year as more regular business travel resumes.
DataTribe has previously worked with companies that progressed to growth and acquisition, such as industrial cybersecurity company Dragos, homomorphic encryption company Enveil and IoT security company ReFirm Labs, which was recently acquired by Microsoft.
Over the last year, it has also added D.C.-based SightGain and Orlando-based BlackCloak to its portfolio.
###
In other enterprise security news, Frederick-based Fugue released a new version of Regula, its open source tool for infrastructure as code security.
Version 1.0 expands the open source policy engine, providing support for the infrastructure as code software tools Terraform and AWS CloudFormation. It also has libraries with policies that help to validate security of resources from Amazon Web Services, Microsoft Azure, and Google Cloud that are used on those tools, as well as new developer tooling.
As Fugue CEO Josh Stella told us when Regula first launched in January 2020, infrastructure as code describes the process that allows operations teams to manage and monitor data center resources that are available over the internet via the cloud. Rather than manual processes, developers write code to tell the machines what to do, similar to software. Regula is designed to ensure the cloud environments developers create are secure, and in compliance with regulations. The company decided to create an open source tool that could be built for and with the dev community, which operates separately from its SaaS platform.
“These new Regula capabilities and policies make it easier than ever for cloud teams to secure their IaC and apply policy consistently,” Stella said in a statement Tuesday.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!