On September 16, VMRay announced it has closed its Series B round of funding in the amount of $10 million (€9 million), led by Digital+ Partners, one of the leading technology growth equity firms in Europe. To mark this milestone, VMRay co-founder Dr. Carsten Willems sat down with Chad Loeven, VMRay’s Vice President of Sales & Marketing, to discuss the company’s successes to date and its plans for the future.
Loeven: Before we discuss the Series B funding let me ask how the original vision you and Ralf Hund laid out for the company has held up over the last six years.
Willems: I recently took a look at our initial pitch deck. On a very high level, nothing has changed.
Our early vision was to build a sandbox to solve what was the most complex malware challenge security teams were facing. We didn’t care about being the fastest sandbox or the cheapest or having the most features or making the most money. We wanted to solve the biggest problem, which was (and still is) detecting evasive malware, including targeted attacks and zero-day malware.
And that’s what we did when we created VMRay Analyzer. The underlying, hardcore technology engine we built has evolved, but it’s still the foundation of what we do today.
Loeven: How would you judge your success to date?
Willems: If you look at what we’ve achieved, given our limited resources and a very lean organization–and compare it to others, we’ve had spectacular success. We have a hundred-plus customers, most of them really big, global names. And the quality of our solution is much better than anything offered by our competitors.
Loeven: That’s a big claim. What’s the basis for saying that?
Willems: We excel in many dimensions. Our platform is unique in providing complete visibility into the behavior of even the most evasive malware. By layering new technologies on top of our core engine, we now deliver large-scale, fully automated threat detection. Our solution is faster and more effective; everyone else has to sacrifice one or the other, speed or effectiveness.
Loeven: What objectives have you set for the company in this next phase?
Willems: Our top goal is to scale our great technology so that many more people are using VMRay in many more use cases and at higher volumes. The new funding will allow us to recruit engineering talent to enhance our platform, ramp up our organization to support growth, and invest in innovation and research projects we have been deferring due to limited resources.
Loeven: What does scalability look like at the platform level?
Willems: Initially, we focused on incident response: one security analyst using our software once a day in the lab to do deep malware analysis. And that was all we did. Security analysts and researchers found our technology very effective, but they were a small user population.
The next step up was detecting malware attacks on a very large scale and automating how the results are shared with other security systems to enable protection. That’s where we are today.
Loeven: So what changes are being planned to scale the organization?
Willems: We want to evolve to a more mature sales structure. We plan to expand into new verticals and respond to opportunities in Asia, where our solution is well received. We also intend to expand our channel program worldwide to better support MSSP and VAR partners.
Loeven: Can you talk about innovation?
Willems: We have entire drawers full of plans and prototypes, some of which have huge potential. We’ve put aside these innovations over the last few years because we didn’t have the time or resources to work on them. It was always about filling gaps and maintaining feature parity with competitors. In the last few months alone we’ve added major features like macOS support, high-volume malware detection, and mapping VMRay to the MITRE ATT&CK framework.
The important thing is that all these capabilities are built on top of our core sandbox—which is superior in every way—and our Now, Near, Deep architecture, which extends the potential use cases for VMRay. So we start this next phase with a tremendous competitive advantage. We see the new funding as a springboard to bring many of our innovative ideas to life and turn them into viable products.
Loeven: What are some of the specific things you plan to address?
Willems: One is improved phishing detection using our unique URL analysis engine. Another is enhanced IOC scoring for better threat intelligence creation. We’re also working on improved malware family classification and generally ML-based detections for both static and sandbox analysis.
Loeven: Beyond supporting growth did you have other goals for the Series B round?
Willems: A top priority was to remain independent to a higher degree than many companies can manage at this stage of their development. The founders often end up owning a small minority of the total shares. So they have limited control over their company’s strategic direction.
The fact that VMRay already generates substantial revenue—combined with the lower cost structure that results from our being based in Germany—allowed us to comfortably accept a level of funding where we didn’t have to make that tradeoff.
Loeven: What qualities were you looking in your investors?
Willems: We wanted strong partners who would add significant value by sharing their network resources, insight and experience. We’re already benefiting from that. Digital+ Partners brought in advisors with a long track record of building sales teams and channel management capabilities. They introduced us to several potential prospects—all large public companies—and they connected us to a US reseller we had approached unsuccessfully on several occasions over the years.
And they’re very smart. They ask the right questions, which can sometimes make you feel uncomfortable. But, in the end, it leads to a better understanding of our strengths, weaknesses, and challenges.
Loeven: At the August Black Hat Conference, you joked about being sad because fewer people are using VMRay’s analysis reports. What was the larger point you were getting at?
Willems: Our reports are awesome in the level of detail and insight they can provide. But as we add high-volume use cases, as we automate analysis and detection, as we build more integrations for ease of use, people are less reliant on those in-depth reports, which is overall a good thing. So we hide the underlying complexity while making the details readily available when the experts—analysts, IR teams and researchers—need them.
Loeven: Those experts were the company’s first and most savvy users. Is VMRay’s relationship with them changing?
Willems: Not at all! Maintaining that connection is really important to our team and to me personally. We really enjoy working together. And because they’re dealing with evolving malware threats on a daily basis, they continue to be an important source of the insight and data we use to improve our products.