Announcing our investment in Panther‍

Earlier this year, Dow Jones suffered a profound data breach — 2.4 million records were leaked from their internal research on risky and high-profile individuals and corporations, connecting such entities to international sanctions lists, crime data, potential terrorist links, and more. You might guess that this breach stemmed from a technical flaw or bug that had been exploited by a hacker. It turned out that the cause was something much simpler: a misconfigured Elasticsearch database in their AWS cloud infrastructure deployment.

There is an increasing trend of cyber-attacks being driven by these types of internal errors, rather than due to any sort of zero-day exploit or fundamental software bug. For example, in the last two years, Verizon Wireless, Time Warner Cable, the Pentagon, and Accenture suffered breaches, each leaking tens of thousands of customer records, as a result of leaving an Amazon S3 bucket public. In fact, Gartner estimates that by 2023, 99% of all cloud security failures will be the customer’s fault.

The shift to the cloud has been the primary enabler of this dramatic change in the market. Twenty years ago, companies had a few, well-defined servers located on their premises and their network, hidden behind their network’s firewalls. Changes to server infrastructure were slow and highly centralized, meaning a small IT security team could easily keep track of the state of the world and the configuration of the system. It wasn’t too hard for such a team to ensure that their infrastructure was configured correctly.

Since then, the complexity of network architecture has increased exponentially, not only in terms of the raw number of resources but also in terms of the complexity of configuring those resources and the decentralized nature of managing them. Engineering teams now have the power to easily bring up an instance but lack the specialized knowledge to truly understand the intricacies of its configuration and the cybersecurity implications of that configuration.

Exacerbating this problem is the fact that traditional security tools are ineffective in this brave new world of AWS, Google Cloud, and Azure; they can’t handle the volume of data, the variety of data, nor the dynamic & rapidly changing nature of cloud environments, resulting in massive complexity to set-up and maintain as well as excessive false alerts. The static, inflexible nature of these legacy tools is partially due to the persona they were designed for — the IT security team of 20 years ago who didn’t have an engineering background.

Jack Naglieri witnessed these market shifts firsthand at one of the first truly cloud-native companies — Airbnb. As an early member of their incident response team, they realized the need for a new tool designed around the cloud and for the emerging “SecOps” persona — someone who blended both engineering and security skills to manage the complexities of security in a cloud environment. Jack then built and open-sourced StreamAlert, which quickly became one of the most popular open-source logs and infrastructure monitoring tools, adopted by companies like Duo.

Jack eventually realized the opportunity for a fully-managed, enterprise solution in this space, architected around the core learnings from his time working on StreamAlert. Incubated at S28 Capital, Jack pulled together a world-class team of security engineers and advisors who had witnessed these same problems at companies like Amazon, Uber, and PagerDuty and founded Panther to provide a next-generation, cloud-native alternative to traditional SIEM platforms.

We are thrilled to co-lead Panther’s seed round alongside Shvet Jain at S28. The team not only has a truly unique insight into this market and the needs of modern security teams but also has solved profound technical challenges around managing data at scale, creating a product that is effortless to deploy and use.

Having helped build Team8, Israel’s leading cyber think tank and company creation platform, this investment aligns with our continued focus on cybersecurity. If you’re an entrepreneur working on applying deeply technical solutions to the security industry, we’d love to hear from you. And if you’re a security engineer looking for better ways to monitor, alert, and remediate issues in your cloud infrastructure, we recommend talking to Jack.