Material Security Raises $100M to Protect Sensitive ContentCompany Will Extend Its Protection of Sensitive Data at Rest Beyond Email
Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email.
The Redwood City, California-based email security startup plans to take its patents for safeguarding sensitive content found in old emails and apply them to content stores for other SaaS applications such as Dropbox, Google Drive and Slack, says Material co-founder and CTO Abhishek Agrawal. The Series C round was led by Founders Fund and brings Material up to $162 million of outside funding.
"We don't want to forget about our core product," Agrawal tells Information Security Media Group. "But on the other hand, we see a ton of opportunity to expand past it."
Material Security was founded in 2017, employs fewer than 50 people today, and wants to at least double its headcount over the next year through aggressive hiring across engineering, product, sales, marketing and support, Agrawal says. The company closed a $40 million Series B funding round in May 2021 led by solo capitalist Elad Gil and a $22 million Series A funding round led by Andreessen Horowitz in June 2020.
Material today sells to both large enterprises with between 50,000 and 100,000 employees - such as Fox, Mars and Chubb - and very hot, fast-growing midmarket companies - such as Lyft, DoorDash, Databricks and Compass. Agrawal says the company is looking to expand its sales, marketing and support teams to engage in more traditional demand-generation activities and help companies evaluate the product.
"We've just been seeing a ton of traction," Agrawal says. "We have a pretty different approach to the email security space, which has been heating up a ton."
Safeguarding Sensitive Data Everywhere
Material today mitigates the consequences of an adversary getting into a user's inbox by redacting old sensitive content and making whoever is trying to access that content authenticate their identity through Okta or Duo before obtaining access, according to Agrawal (see: Abnormal Security Raises $210M to Push Beyond Email Defense).
The methodologies used to detect sensitive content in emails are applicable to other content stores such as Dropbox and Google Drive, Agrawal says. It will be far more challenging, he adds, to nail the end-user experience so that user productivity isn't negatively affected and customers have a seamless experience viewing and restoring redacted content or messages without having to go to a third-party website.
Material plans to hire more product engineers, detection engineers, product managers and designers to extend the sensitive data protection capabilities beyond email and build out a great experience for end users, Agrawal says.
Modern SaaS apps such as Dropbox and Google Drive are all cloud-hosted and have APIs and lots of permission models that make them easy for developers at Material or elsewhere to program in the interest of security, Agrawal says. What Material does in Gmail or Office 365 is possible because of rich APIs, and he says other SaaS apps have similar levels of programmability for their content stores.
"Nailing those same user-experience details for other apps is the long tail of tricky product and engineering design because you really have to think about the intricacies of each app and what ways people use those apps and where you can add security without adding friction," Agrawal says.
The Power of Infrastructure
Material also plans to better leverage the infrastructure it provides customers, arming client security teams with the tools needed to process vast amounts of data across email, Google Drive or Slack as part of their own investigations, he says. The infrastructure is a vital part of Material's value proposition, and Agrawal says he's looking to expand more into security analytics and data infrastructure use cases.
He says giving customers access to the infrastructure that their instance of Material runs on unlocks a lot of powerful use cases and allows customers to run a threat intelligence feed against their own email and scan email messages to parse out what applications are being used inside their own company. Security-conscious customers enjoy working with vendors who don't require them to turn over their data, Agrawal says.
Within email security, Agrawal says Material is hoping to move into adjacent markets such as traditional detection work, automating responses to phish reports, and phish simulations and security awareness training. Customers are looking to consolidate the number of tools they're using to supplement native Office 365 and Google security features, and having Material address more use cases would help.
Material often protects email content at rest alongside a legacy secure email gateway, such as Proofpoint, that's focused on blocking malicious messages, Agrawal says. Alternatively, a segment of Material's customers is becoming happier with the native security capabilities of Office 365 and Google as Microsoft strengthens its efficacy around inbound detection and both providers improve their speed to detection.
Customers who are satisfied with the native detection capabilities of Microsoft or Google sometimes opt to bring in a vendor such as Material that takes a completely different approach to email protection, Agrawal says. He says businesses almost never use Material as a replacement for their secure email gateway since each has a very different area of focus.
"We're not just a blocker," Agrawal says. "We're actually trying to protect the data where it is."