Several former Etsy employees have pulled off the ultimate cybersecurity startup dream: leaving to form their own company and then hiring their former employer as a client. The startup, Signal Sciences, produces a dashboard and firewall to help security teams and developers work together, and already counts companies like Etsy, Yelp/Eat24, Under Armour, Taser, and Shutterstock as clients.
Signal Sciences launched in 2014 and began marketing efforts for its software in early 2016; the company says they exited stealth mode on February 25. The company’s product is a dashboard that clients integrate into their web applications (both via desktop or mobile) and visualizes anomalous activity and possible intrusions. As CEO Andrew Peterson told Fast Company, the idea is "for the CSO of a major corporation, at 10 a.m. in the morning, to understand what hackers are doing on a website."
The bulk of Signal Sciences’ leadership is drawn from Etsy’s talent pool. Peterson is a former group product manager, CTO Nick Galbreath was director of engineering, and CSO Zane Lackey was Etsy’s director of security engineering. Although the company is best known as a crafts marketplace, it has also been one of the loudest voices for developer resources in the e-commerce world.
Lackey is tight-lipped about how the company managed to turn the leadership’s former employer into a client: "We were excited that Etsy were one of our first customers, and were excited about them coming on board." Regardless of the company’s reluctance to say more about that particular customer, one thing in particular is helping them get established in the security world: their backers.
At launch time, Signal Sciences’ advisory board includes the chief security officers of Facebook (Alex Stamos) and Adobe (Brad Arkin), alongside Etsy CEO Chad Dickerson and CTO John Allspaw, TripWire founder Gene Kim, and Facebook’s former director of security, Ryan McGeehan. With the cybersecurity market in 2016 flooded by a glut of smaller startups (many of whom will likely fetch a considerable sum when acquired by larger rivals) and a less favorable market environment, the names on Signal Science’s advisory board is impressive. The company also announced a $9.7 million Series A funding round last year.
When customers use the company’s dashboard, they are able to see visualizations and other metrics of both anomalous activity on their web applications and signs of potential attack. These range from HTTP 400, 404, and 500 errors to Tor traffic and data center traffic to out-and-out attempted attacks. Lackey says that the tool draws upon work done by its leadership team at Etsy to help developers and security teams collaborate more effectively.
"As we saw problems at Etsy, we wanted to give help to organizations solving them (similarly to) what we did at Etsy," says Peterson. One particular challenge that we dealt with there was unexpected activity by cybercriminals; rather than what the company expected—credit card fraud—they found themselves increasingly dealing with entirely separate technological issues.
Shardul Shah of Index Ventures, an investor in Signal Sciences, added that one of the big selling points for the software was that it made it much more easy for security teams to allocate resources. In his words, it helps with "prioritization around which sectors are most likely to penetrate your system."
Security teams always face an uphill battle at complex organizations due to the bureaucracy of most institutions. Protecting against outside threats means making the case to leadership for expenditure and resources, and security teams sometimes have trouble presenting the data to explain that. For companies like Signal Science and their rivals, visualizing cyberattacks can potentially be very profitable.