Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Security Operations
Netcraft Snags $100M, Names Former DigiCert Executive as CEO
Ryan Woodley Doubles Down on US Growth, Real-Time Attack Identification, TakedownNetcraft landed a DigiCert and Progressive Leasing executive as its CEO to expand the company's footprint in the U.S. and better identify cyberattacks in real time.
See Also: Gartner Guide for Digital Forensics and Incident Response
The Bath, England-based cybercrime detection vendor tapped Ryan Woodley to capitalize on the $100 million raised from Boston-based Spectrum Equity by bringing more scalability to Netcraft's platform via automation and establishing a presence in the Salt Lake City area. Woodley succeeds Mike Prettejohn, who founded the company in 1995 and scaled it to block more than 170 million malicious websites (see: 2 Vulnerabilities Discovered in Apache HTTP Server).
"To this point, you only found out about Netcraft if you were referred to Netcraft or happened to come across Netcraft," Woodley told Information Security Media Group. "For the first time, we're investing in our market presence so more people can know about the strength of the offering."
The Power of Scaling Through Automation
From a technology standpoint, Woodley wants to strengthen and expand Netcraft's platform to identify and defend against a broader set of attack types, going beyond the more than 100 types it protects against today. With attacks growing in frequency and complexity, Woodley said Netcraft consistently leverages analytics to determine which abnormalities or observed irregular activity results in actual attacks.
Customers come to Netcraft with novel attack types such as JavaScript skimmers on e-commerce sites, and Woodley said Netcraft works with clients to develop innovative responses and countermeasures. Woodley wants to scale Netcraft's defenses around novel attack types and further strengthen the company's ability to take down malicious websites as quickly as possible.
"We have to constantly study the complexity of those attacks to refine the automation."
– Ryan Woodley, CEO, Netcraft
Woodley wants Netcraft to embed a higher level of rule automation logic to improve the performance of its system. Some 99% of Netcraft's takedowns of phishing websites today involve automation at some level, and Woodley said the company has been able to accomplish this with a false positive rate of less than 1%.
"You can have smart people, and you can have a lot of data," Woodley said. "But unless you have those smart people apply to studying that problem set over long periods of time, you won't have the refined approach that results in the level of accuracy and speed that we've accomplished."
Riding the U.S. Rocket Ship
Netcraft has added more client services and solutions engineering resources in the United States to better serve American organizations in their local time zone, Woodley said. Less than half of Netcraft's sales come from the U.S. today, and Woodley said the company has a significant opportunity to expand its presence in the region. Netcraft serves marquee tech, banking and social media firms in the U.S.
Woodley wants Netcraft to expand in verticals where the company already has a presence as well as in geographies where it is underpenetrated, such as the U.S. Netcraft today serves three of the world's four largest companies, 10 of the 12 largest banks in Europe, and the governments of five of the largest economies in the world, according to Woodley.
"We have grown every functional area of the company," Woodley said. "It was largely a development organization, and we've now created different functional leaders across the company to help support the internal scaling of the organization."
As far as finances are concerned, Woodley wants Netcraft to remain cash flow positive while growing revenue as well as the number of customers the company serves. Outside of that, Woodley said, Netcraft will track operational metrics such as attack volume and composition of attacks to assess the efficacy of the company's technology.
"You have to operate at the finest levels of automation and accuracy when you're dealing with that level of scale," Woodley said. "If the problem space was static, it would be an easy problem to solve. But because the problem space is dynamic, we have to constantly study the complexity of those attacks to refine the automation."