StepStone Group (NASDAQ: STEP) has led a $US23 million Series C investment round in Australia-founded cybersecurity company Kasada.

The global private markets investor for high net-worth individuals became an investor in Kasada via its recent (APE&VCJ, Aug 2021) acquisition of US venture capital firm Greenspring Associates. Greenspring, which advises the Future Fund, had been in negotiations with Kasada prior to the acquisition.

Existing Kasada investors, Silicon Valley cybersecurity specialist Ten Eleven Ventures, Main Sequence Ventures, Westpac-backed Reinventure, Our Innovation Fund and former prime minister Malcom Turnbull’s investment firm Turnbull & Partners, supported the new investment round. Kasada has now raised a total of $US39 million.

An early investor in Kasada was In-Q-Tel, a US government agencies-backed not-for-profit that invests to develop technology support for the US and Australian national security communities.

Kasada founder Sam Crowther’s involvement with national security indirectly led to him establishing the company. As a Newcastle high school student, he responded to an Australian Defence Force advertisement for an outreach campaign aimed at young people interested in digital technologies. He had “always liked breaking things” and had experimented with breaking into computer systems. He applied and was given a role as an intern working on cybersecurity with the Australian Signals Directorate. That experience gained him a job at Macquarie Bank and while there he decided to set up his own cyber security business.

That was 2015 and Crowther was still only 19. Kasada gained initial customers in Australia before entering the US market in 2019 when it won a contract to provide cybersecurity for global hospitality company Hyatt. Crowther then spent two years at Hyatt’s Chicago headquarters, integrating Kasada’s technology. With the US rapidly becoming its major market, Kasada set up a New York office and the business is now run jointly from New York and Sydney. Crowther recently returned to Australia for the first time since the beginning of the pandemic but expects to be back leading the business from New York before long.

Since its Series B round in mid-2020, Kasada says it has grown its revenue by 230%, primarily driven by sales growth in the US. The company says it now protects more than $US20 billion in e-commerce transactions annually and each month stops more than five billion malicious requests which would not be detected by legacy systems. More than 85% of its customers have shifted to Kasada from other cybersecurity services.

After 18 months of research, a second version of Kasada’s platform, incorporating major defence updates, was recently launched.

Cybercriminals are increasingly using bots to launch automated threats against online businesses, using strategies such as credential stuffing, web scraping, carding and inventory hoarding. According to Kasada, these strategies easily evade first generation anti-bot defences.

Kasada has taken a fundamentally different approach to bot mitigation than earlier programs.

Most cybersecurity systems have evolved by setting up rules, risk scores and CAPTCHAs to identify whether those accessing computer systems are, first, human and second, do not have malicious intent. As hackers have become more sophisticated, extra layers of security have been added within systems.

Kasada has taken a different approach. Its technology checks out the internet address an approach is coming from and makes an initial real time decision whether to allow access to a website, mobile app or API. According to Crowther, that identifies most automated bot attacks with a very low false positive rate.

Interventions are progressively improved by data analysis and machine learning from billions of interactions with bots. The platform adapts to new types of malicious approaches as they are identified.

Crowther said: “Businesses are tired of bot mitigation solutions that are difficult to operate, time-consuming to maintain and cannot keep up with the latest tools bot operators use. At Kasada, we’ve set out to make application security much easier to implement and use, while also improving effectiveness. We’ve ensured that security does not get in the way of the customer experience, by eliminating friction such as CAPTCHAs that hurt online conversions – and your brand.”

The company plans to use the new capital to further accelerate sales in the US as well as to step up development, support and marketing. That will involve a substantial increase in employee headcount which currently stands at around 70 – 55 in Australia and 15 in the US.

Crowther expects internet fraudsters will continue to develop new ways to infiltrate computer systems and anticipates Kasada will have to keep allocating a large proportion of revenue to on-going research to keep ahead. But he believes identifying malicious actors before granting them access to computer systems will remain the key to providing the best security.

StepStone partner Hunter Somerville said: “Kasada has demonstrated impressive growth while expanding beyond Australia, with momentum among enterprise customers in the e-commerce, hospitality, travel, fintech, online gaming, and internet service industries. The effect bots have on an organisation’s profitability has become a C-level concern. Kasada has raised the expectations of what an anti-bot solution should be.”

Clients in Australia now include the Sydney Opera House.

Chief technology officer Nic Boling said: “Kasada’s services translate into a great experience for Sydney Opera House customers, without interrupting their experience, or introducing unnecessary friction. We have confidence that humans, not bots, are buying tickets to our events.”

Image: Kasada founder and chief executive Sam Crowther.