Building Cybersecurity That’s Usable
Cybersecurity is critical to most organizations, but many still haven’t gotten the basics right. As Rahul Powar, CEO and co-founder of Red Sift, explains, “Companies know they need to protect their brand from being impersonated and prevent attackers from causing havoc by undermining the security of their public-facing servers. But most organizations either don’t know what to do to prevent these issues, or they don’t believe they have the skills needed to put the defenses in place.” For example, he notes that only about 55 percent of S&P 500 companies use DMARC, 1 an email security standard that prevents attackers from impersonating a company and defrauding customers.
“For small and midsize enterprises, as few as 2 or 3 percent of the companies may be enabling domain security measures,” Rahul adds. Part of the challenge for organizations today, Rahul acknowledges, is that there are hundreds of cybersecurity tasks in any organization’s queue, and it’s difficult to implement most of them.
Rahul founded Red Sift to help companies overcome this challenge. The firm aims to democratize security by designing products that make it easy for organizations to identify and implement the changes needed to protect their brand and internet-facing assets.
Red Sift’s approach complements but is wholly different from the products other cybersecurity companies offer. “We’re less focused on incident response or black-box penetration testing that can help enterprises determine how susceptible they are to sophisticated cyberattacks,” says Rahul. “We’re unique because we focus on helping companies implement the fundamental security protections that can prevent attacks from occurring in the first place.”
When companies get the basics right, he emphasizes, far fewer issues need to be handled downstream. “Given how few companies have implemented the basic protections relevant for them, there’s a big opportunity to help everyone level up,” says Rahul.
Making Security Defense Easier
Rahul and the team at Red Sift believe that the success of any security product depends largely on how easy it is to implement and use. “With cybersecurity, you’re trying to make it more difficult for the bad guys to mount an attack,” he says. “But the industry produces too many products that are overly complex. It’s a real challenge for the good guys to implement and use them.”
Usability has been a key focus for the Red Sift team from the outset. He explains, “If a security tool is complicated, it creates real problems. Administrators are reluctant to adopt it and less likely to update it over time often because they’re afraid of misconfiguring it or breaking something. Those delays and issues put the entire organization at greater risk,” says Rahul.
Usability is, of course, not the only consideration. “We also want to ensure that our tools will be integrated into an organization’s existing workflow,” says Rahul. “So we’ve developed tools that will easily integrate with organizations’ APIs [application programming interfaces] and their overall technology infrastructure.”
The team at Red Sift puts a premium on enabling self-service for their clients. “When we build software, we’re not designing it with the expectation clients will have to spend lots of time with our customer success teams,” says Rahul. “With our solutions, small and midsize enterprises can deploy critical solutions quickly and don’t have to hire consultants to make it work.” He adds, “Perhaps not surprisingly, we’ve found that even the IT experts at large organizations want applications that are easy to use.”
Disruptive Value with No Bluster
Mark McGovern, a partner at Sands Capital Ventures, says the approach Red Sift takes to cybersecurity immediately stood out to him and his colleagues. “Over the past 20-plus years, I’ve literally seen thousands of cybersecurity startups,” he says. “Many of them promote their capabilities with lots of bluster and bravado.”
From the outset, Rahul and his co-founder at Red Sift, Randal Pinto, made it clear they weren’t the types to overpromise and underdeliver. “At our first meeting, Rahul and Randal quietly told us they were building a suite of simple but effective SaaS-based cybersecurity tools, which they called ‘sifts,’” recalls Mark. “Each sift, they said, would solve a very specific but universal problem.”
“They told us they had already built a few sifts and were already generating seven-figure annual recurring revenue,” he says. “Only when questioned did they mention that they didn’t yet have any dedicated salespeople, and they still had more than 50 paying customers using the solutions they had in production at that time.”
After that initial meeting, Mark remembers thinking, “This is a truly unusual and disruptive company.” He adds, “And I still feel that way today. The vision they have for both building solutions and going to market is what gets me and their customers excited.”
Mark believes Red Sift has benefited from avoiding the typical sales approach used by other cybersecurity vendors. “These companies use a sales model that relies on getting in front of a chief information security officer (CISO) and convincing them to buy an expensive product.” As Mark notes, “The line in front of any CISO’s office is really, really long.”
Mark emphasizes, “A key element of our investment thesis at Sands Capital is that success in cybersecurity requires a nontraditional go-to-market strategy.”
Red Sift’s differentiated approach, Mark believes, has helped propel its growth. “They now have more than 1,000 customers, and their clients run the gamut from Fortune 500 companies to government agencies and small medical offices.” He adds, “With the exception of Microsoft, it’s hard to identify another cybersecurity company that has such a wide and diverse span of customers.”
Entrepreneurs See Opportunity
Approaching problems in new ways is not new for Rahul and Randal. They’re serial entrepreneurs. Before establishing Red Sift, they founded Apsmart, a firm later acquired by Thomson Reuters that built and designed iOS and Android applications for organizations like Just Giving, The Daily Beast, and Johnson & Johnson. Rahul was on the founding team of Shazam, and together he and Randal helped build the infrastructure for that music-identifying application. Randal and Rahul have been partners and worked together all along the way.
“I’ve always been interested in solving problems,” Rahul says. “Building a business happens to be an interesting way to do that. You can raise some capital if you have good ideas for addressing particular issues and then build a commercial engine that enables you to solve more problems.”
From experience, he also believes having what seems like a breakthrough idea isn’t always enough. The market will dictate the required path to success. He recalls, “We had the code written for Shazam in 2000, but it took eight years and the advent of the iPhone and app store for people to know it even existed. The platform that would make this magical and entertaining experience accessible and easy to use was necessary for people to discover it.”
A Partnership That Goes Far Past Financing
Sands Capital was an early investor in Red Sift and also participated in its Series B round of financing in 2022. The teams at both firms value the working partnership they have developed.
“We’ve had a great relationship with Mark and Mike Graninger at Sands,” says Rahul. “They have helped us make many connections and go beyond our own networks so that we can talk to more organizations that might benefit from the support Red Sift can offer.”
Rahul says that he, Mark, and Mike share similar views about the world of cybersecurity. “We all agree it should be future facing,” says Rahul. “But there is a breed of cybersecurity vendors that feels more comfortable applying traditional approaches. That’s not us. We’re always looking at an issue by trying to understand what the next phase of the business will be.”
As the teams at Red Sift and Sands Capital discuss these matters, Rahul says, “There is a lot of idea sharing between the teams.” He adds, “Frankly, we spend more time with our friends at Sands Capital than we do with any of our other investors.”
Mark values the opportunity to share business insights. “One of the best parts of being an investor is that we get to help our portfolio companies in a variety of ways that go far beyond discussing finance options,” says Mark. “In our work with the team at Red Sift, we’ve helped think through product ideas, refine marketing strategies, identify new market opportunities, and introduced candidates we think could serve well as hires for key staff positions.”
The strength of that relationship and the added value of the insights the Sands Capital team has provided explain why Mike Graninger, a managing partner at Sands Capital Ventures, was named to Red Sift’s board of directors in 2022.
The Social Value of Democratizing Cybersecurity
Red Sift’s vision for democratizing cybersecurity has serious social value in addition to an immense business opportunity.
“Technology has enhanced the ways we live in so many ways, but trust is key,” says Rahul. “If people lose faith in the security and reliability of the data systems and networks they use, they will use them less. That’s why cybersecurity needs to be more democratized.”
In our view, usability is the key to enabling cybersecurity for companies. It doesn’t matter how large a company is; they all want solutions that are simple and fix meaningful problems.
“It sounds simple, but it’s not,” says Mark. “Building cybersecurity tools that can be adopted by any size company is hard. It takes a lot of focus and discipline to focus on what’s essential. Too many companies wind up with overly complex solutions that only highly trained people can understand or manage.”
We believe the market’s response has demonstrated the value of Red Sift’s approach. The firm’s product offerings, customer base, and revenue have expanded dramatically since Sands Capital Ventures first invested. “And that’s the benefit, really,” says Mark. “We invested in Red Sift because we believed in the team and their vision.”
As of March 7, 2023, Red Sift was held in the Global Ventures strategy.
Microsoft was held in the Global Leaders strategy. Johnson & Johnson is not held in any Sands Capital strategy.
The series, Partners for Growth, features profiles of founders of portfolio companies that represent a subset of Sands Capital holdings that illustrate the types of businesses in which we typically invest before they go public. The series uses rotation whereby companies are selected to highlight different sectors and growth industries. The founders featured in this series agreed to participate and have approved their stories prior to publishing. Compensation was not provided to participants; however, Rahul Powar can reuse the content with Sands Capital’s permission. Usage rights to the content featured is as of 3/12/2023 and is subject to change. As of February 28, 2023, Global Ventures II owned about 10.6 percent of Red Sift, having invested in both the Series B funding round. Mr. Powar has no other relationships or affiliations with Sands Capital and does not invest in its public or private strategies.
An investment in a private markets fund is only suitable for sophisticated investors for whom an investment does not constitute a complete investment program, who have experience with similar types of investments, and who understand, are willing to assume, and have the ﬁnancial resources necessary to withstand the signiﬁcant risks involved in the investment, including the potential for a complete loss of capital. Please review the risks outlined in the Private Placement Memorandum prior to investing.
The logos and website images used in this presentation are used for illustrative purposes only and were obtained directly from the relevant companies’ websites. The logo and website images are trademarks or registered trademarks of the companies and their use in this presentation does not imply any connection between us and the companies.
As of October 1, 2021, the firm was redefined to be the combination of Sands Capital Management, LLC and Sands Capital Ventures, LLC. Both firms are registered investment advisers with the United States Securities and Exchange Commission in accordance with the Investment Advisers Act of 1940. The two registered investment advisers are combined to be one firm and are doing business as Sands Capital. Sands Capital operates as a distinct business organization, retains discretion over the assets between the two registered investment advisers, and has autonomy over the total investment decision-making process.
The specific securities identified and described do not represent all of the securities purchased, sold, or recommended for advisory clients. There is no assurance that any securities discussed will remain in the portfolio or that securities sold have not been repurchased. You should not assume that any investment is or will be profitable.
The views expressed are the opinion of Sands Capital and are not intended as a forecast, a guarantee of future results, investment recommendations, or an offer to buy or sell any securities. The views expressed were current as of the date indicated and are subject to change. This material may contain forward-looking statements, which are subject to uncertainty and contingencies outside of Sands Capital’s control. Readers should not place undue reliance upon these forward-looking statements. There is no guarantee that Sands Capital will meet its stated goals. All investments are subject to market risk, including the possible loss of principal. Past performance is not indicative of future results. A company’s fundamentals or earnings growth is no guarantee that its share price will increase.