Dug Song knows a good internet security thing when he sees it. And he thinks he has seen it in Ann Arbor-based Censys Inc., which spun off from the University of Michigan in October 2017 and formally launched in January.
Censys continuously monitors all of a company’s devices and equipment that connect to the internet or are part of the internet of things. IT staff at companies can use Censys to discover new threats and assess their possible impact.
Song has helped fund the launch of Censys and sits on its board of investor advisers, which also includes his co-founder at Duo, Jon Oberheid, and H.D. Moore, a nationally known IT researcher, programmer, entrepreneur and now venture capitalist.
Duo closed in October on its $2.35 billion sale to San Jose, Calif.-based Cisco Systems Inc.
In 2003, Moore created Metasploit, a network security tool that evolved into the Metasploit Framework, which tested computer systems for vulnerabilities and issued warnings about software vulnerability and the need for patches. It was bought in 2009 by Rapid7, a Boston-based publicly traded IT security company that provides vulnerability-management solutions.
Moore has been dubbed the computer industry’s “most important white-hat hacker.”
Having Song, Oberheid and Moore as investors and advisers is an important validation for Censys as it continues to raise what it calls seed funding, plans to go out for a much larger A-round of equity capital and gets the word out in the marketplace about its capabilities.
The company grew out of a previous software tool developed at UM called ZMap, which discovered or provided analysis of some of the most significant worldwide Internet vulnerabilities, including FREAK, Logjam, DROWN, Heartbleed and the Mirai botnet.
Song said Censys solves what is becoming an ever bigger problem as companies and their workers get ever more connected to ever more devices.
“To protect yourself, you have to know what to protect, but you often don’t know where all your data is. It’s a big problem,” said Song. “What they’ve done that differentiates them is they’ve brought academic rigor and created tools to scan on a much more scalable basis and at a much cheaper cost. There’s a lot of research around it.”
Zakir Durumeric, Censys’ chief technologist, was one of the researchers at UM who helped spin it off. He is now an assistant professor at Stanford University. The other academic co-founders are David Adrian, the principal engineer, who is a Ph.D. candidate at UM whose research focuses on computer security and cryptography; and J. Alex Halderman, the chief scientist, who is a professor of computer science at UM.
The CEO is Brian Kelly and the COO is David Corcoran, both serial tech entrepreneurs.
Both Kelly and Adrian worked for Duo Security. Kelly was Duo’s principal product marketing manager from 2012-2015, and Adrian was an intern at Duo in 2013.
After Kelly left Duo, he joined Nutshell CRM, an Ann Arbor company developing software for customer-relationship management, as vice president of product, then in 2016 co-founded Ann Arbor-based Third Rail Group Inc., a software consultant firm, with Corcoran.
Corcoran has been a principal at Fort Wayne-based Digital Cowboy/Big Throttle Ventures, a consulting and investment firm in tech startups, since 2013, and was a mentor for the Techstars incubator program in 2016 and 2017.
Kelly and Corcoran have been partners off and on since 2006. In 2006 they co-founded TrustBearer Labs, a Fort Wayne software security company, and ran it until 2010, when it was sold to VeriSign.
After starting Third Rail, Kelly said he and Corcoran wanted to find a company to focus on, invest in and run.
“We threw stuff against the wall. ‘What kind of company do we want to do?'” said Kelly.
Song introduced them to the UM team that became Censys’ co-founders.
Last summer, Kelly and Corcoran had a series of conversations with the technology transfer office at UM. “They said, ‘We think this can be big, but we don’t know what big is,'” Kelly said.
The two of them decided Censys would be their next thing — hopefully a next big thing.
“We wanted a company in Ann Arbor with a lot of technical differentiation, a company with real science behind it, not just a better way to do a spreadsheet,” said Kelly.
Drew Bennett is the associate director of software licensing in UM’s tech transfer office.
“The work these guys had done in the lab initially is what got us excited,” he said, referring to the three researchers.
“Alex [Halderman] has a very strong reputation as far as security is concerned. He’s got a very good reputation, especially, in voter security. The other thing that is very compelling is having a very experienced management team with significant business capability,” said Bennett, referring to Kelly and Corcoran. “The thing you have to worry about with startups is: Do you have the right guys driving it? Sometimes the technology is fantastic, but you really struggle to find people from a business standpoint to come in and run it. The management team has a good track record and knows what needs to be done.”
Bennett said that as the internet of things becomes ubiquitous, with nearly every electronic device in the home or office, from TVs to refrigerators to coffee makers, connected to the internet, “there are more access points for threats,” and consequently more need for technology like Censys.
Censys is on the radar of local venture capitalists.
“It has a team and advisers with great startup DNA,” said Jim Adox, managing director of the Ann Arbor office of Madison, Wis.-based Venture Investors LLC. Venture Investors invests in health care spinoffs from universities, so Censys isn’t a likely good fit for Adox, but he is impressed with its technology and management.
“Censys is building a really interesting analysis tool for enterprises. The company has been taking a very interesting and successful approach to showing what sort of exposure an enterprise might have and then walking in with solutions,” said Adrian Fortino, managing director of the Ann Arbor office of the Houston-based Mercury Fund. “In fact, anyone can check an IP address on the Censys website and see how bad things are.”
The IT world was well aware of Censys’ predecessor, ZMap, which launched in 2012. Censys made its evolving technology free to users after its search engine began operating in October 2015, and by 2017 it had about 50,000 registered free users. A lot of that was likely driven by a story posted on Dec. 4, 2015, in the online version of the Massachusetts Institute of Technology’s Technology Review.
The piece by Tom Simonite began:
“Early this week the Austrian security company SEC Consult found that more than three million routers, modems and other devices are vulnerable to being hijacked over the internet. Instead of giving each device a unique encryption key to secure its communications, manufacturers including Cisco and General Electric had lazily used a much smaller number of security keys over and over again.
“That security screwup was discovered with the help of Censys, a search engine aimed at helping security researchers find the internet’s dirty little secrets by tracking all the devices hooked up to it.”
The company has about 60 paying customers now and hopes to be at 100 by year’s end. Kelly said the company landed its first contract of $5,000 in December, a month before its formal launch.
The company moved into its newly renovated second-floor headquarters on Main Street in downtown Ann Arbor in early September. It now employs 14 and plans to add to head count by the end of the year.
Kelly said the company finished raising what he called a pre-seed round of capital in January and hopes to announce the closing of a seed round soon. He said the company had raised several hundred thousand dollars but declined to say how much of that was the pre-seed round or if any of that was part of the seed round. The pre-seed round included Song, Oberheid and Moore.
Kelly said he plans to begin raising a much larger Series A round later in 2019 or in 2020.
For Song, Censys’ spinoff, funding and quick customer adoption is particularly resonant as a regional success story. He raised many millions of dollars at Duo, much of it from Silicon Valley venture capitalists eager to have him move the company to California. An avowed fan of the Midwest and Ann Arbor, he repeatedly declined.
“Brian’s first company was created in Fort Wayne. He came here for Duo, and then he started his new company here. We’ve become a virtuous ecosystem here, and I hope to see a lot more things to come. At the end of the day, Duo is a great company to be at, as well as a great company to be from,” he said.
Site Search 360 Reports