Semperis, a specialist in Active Directory security now worth more than $1B, raises $125M

by with No Comment Tech

Digital security padlock with encrypted binary code on abstract circuit board.

Image Credits: Yuichiro Chino (opens in a new window) / Getty Images

Active Directory, the Microsoft directory service for connecting users with network resources, is used by more than 90% of all Fortune 1000 companies and many more besides. So it’s no surprise that it’s a giant target for malicious hackers. 

That also means a lot of attention for the security companies that are building tools to protect and recover Active Directory (AD) services. On Thursday, Semperis, a Hoboken, New Jersey, startup focused on AD protection, said it had raised $125 million from J.P. Morgan and Hercules Capital, and will be using it for R&D and business development.

In addition to Active Directory, Semperis also provides threat detection, response, recovery and related services for users of Entra ID (formerly known as Azure Active ID) and Okta. Its customers include Lenovo, Prime Healthcare, Sanofi, United Airlines, Starbucks, Hertz and many others, covering some 100 million user identities in all. 

The funding has come almost exactly two years since Semperis raised a $200 million Series C. 

Unlike that round, this financing is a mix of equity and debt, and TechCrunch has confirmed the valuation of the company: It’s now worth over $1 billion. Or, in the words of Mickey Bresman, Semperis’ founder and CEO, “I have a horn.”

Alongside the financing, Semperis is also adding three executives that Bresman said will be critical for the company’s next steps as a business, which, he said, currently looks like an IPO. I’d say they could also be M&A in the right situation, given how much consolidation we’ve been witnessing in the cybersecurity market in the last few years.

Jeff Bray is coming on as a CFO; Mike DeGaetano is joining as its chief revenue officer, and Annabel Lewis is coming on as chief legal officer and corporate secretary. All three have extensive backgrounds with some of the more successful cyber companies of the last decade. 

Semperis has been around since 2013 (it started offering services in 2015), and Bresman says he likes to joke that the company was both too early and too late to the market. 

He feels it was early because cybersecurity simply was not as big of a deal just 10 years ago, and the conversation was not really about ID management (which is a huge theme today). And he thinks it was also late because actually AD was launched in 1999 and already being used ubiquitously, thus laying the groundwork for the extensive hacking that would eventually grip companies that use it. There have been waves upon waves of attacks exploiting vulnerabilities through the Active Directory architecture. 

And despite the beating drum of cloud services, on-premises services are still huge, and AD is how many of them are used at enterprises. One of the more recent and damaging AD-exploitations was NotPetya, which has been described as one of the “most devastating” attacks in cyber history. 

Since then, of course, a number of other companies focused on AD have emerged. They include Palo Alto Networks, Bitsight, BigID, Wiz and many others.

One of the problems with a lot of AD attacks is that across a distributed system, breaches can be complicated, costly and drawn out to fix. Semperis’ pitch is that it can cut that time by 90%. With downtime being typically even more costly to a business than the breach itself, lowering that downtime, if not avoiding it altogether, becomes a primary focus for cyber buyers.

“As CISOs shift their focus towards securing and building resiliency into their identity infrastructure, we see enormous demand for specialized hybrid AD and Entra ID protection,” said Bray in a statement.

“Semperis is a clear leader in the urgently needed area of identity system defense, with machine-learning-based attack prevention, detection and response,” added Scott Bluestein, CEO and CIO at Hercules Capital. “Leading organizations around the world depend on Semperis to safeguard their hybrid Active Directory environment, which is foundational to the IT infrastructure and heavily targeted by attackers.”

As for why the company took debt instead of equity, Bresman simply said that the company had multiple options, but it chose this one in part because it has the mix of investors on its cap table that it wants. (He didn’t say the following, but it also means that it has to give up less equity en route to an IPO.)

“Semperis, with new support from J.P. Morgan and Hercules Capital, and our existing team of world-class backers, KKR, Insight Partners, Ten Eleven Ventures, Paladin, Advocate Health and others, will continue to drive innovations to disrupt cyberattacks,” said Bray. “The growth financing complements an already strong balance sheet, allowing Semperis to accelerate the investment in R&D and expand our global footprint to meet market demand.”

Semperis, a specialist in Active Directory security now worth more than $1B, raises $125M

by with No Comment Tech

Digital security padlock with encrypted binary code on abstract circuit board.

Image Credits: Yuichiro Chino (opens in a new window) / Getty Images

Active Directory – the Microsoft directory service for connecting users with network resources – is used by more than 90% of all Fortune 1000 companies and many more besides. So it’s no surprise that it’s a giant target for malicious hackers. 

That also means a lot of attention for security companies that are building tools to protect and recover AD services. 

Today, Semperis – a Hoboken, NJ, startup focused on AD protection – is announcing funding of $125 million from J. P. Morgan and Hercules Capital, money that it will be using for R&D and business development. In addition to Active Directory, these days Semperis also provides threat detection, response, recovery and related services for users of Entra ID (formerly known by the more wordy name Azure Active ID) and Okta in cases where customers are using these for some or all of their cloud services. Its customers include Lenovo, Prime Healthcare, Sanofi, United Airlines, Starbucks, Hertz and many others, covering some 100 million user identities in all. 

The funding is coming almost exactly two years since Semperis raised a $200 million Series C. 

Unlike that round, this financing is a mix of equity and debt – more on why it took debt below – and also unlike that round, TechCrunch has confirmed the valuation of the company: it’s now over $1 billion – or, in the words of Mickey Bresman, Semperis’ founder and CEO, “I have a horn.”

(The $651 million noted in PitchBook is inaccurate.)

Alongside the financing, Semperis is also adding three executives that Bresman said will be critical for it taking its next steps as a business, which he said currently looks like an IPO, but I’d say could also be M&A in the right situation, given how much consolidation we’ve been witnessing in the cybersecurity market in the last few years.

Jeff Bray is coming on as a CFO; Mike DeGaetano is joining as its chief revenue officer, and Annabel Lewis is coming on as chief legal officer and corporate secretary. All three have extensive backgrounds with some of the more successful cyber companies of the last decade. 

Semperis has been around since 2013 (with services formally launching in 2015), and Bresman says he likes to joke that the company was both too early and too late to the market. 

Early because cybersecurity simply was not as big of a deal just ten years ago, and the conversation was not really about ID management ( today that is a huge theme). Late because actually AD was launched in 1999 already being used very ubiquitously, thus laying the groundwork for the extensive hacking that would eventually grip AD-using organizations. There have been waves upon waves of attacks exploiting vulnerabilities through the Active Directory architecture. 

And despite the beating drum of cloud services (and more specifically the beating drum of the cloud services marketing machine), on premises services are still huge, and AD is the route to how many of them are used among enterprises. One of the more recent and damaging AD-exploitations was NotPetya, which has been described as one of the “most devastating” attacks in cyber history. 

Since then, of course, a number of others focused on AD have emerged. They include Palo Alto Networks, Bitsight, BigID, Wiz and many others.

One of the problems with a lot of AD attacks is that across a distributed system, breaches can be complicated, costly, and drawn out to fix. Semperis’ pitch is that it can cut that time by 90%. With downtime being typically even more costly to a business than the breach itself, bringing it down, if not avoiding it altogether, becomes a primary focus for cyber buyers.

“As CISOs shift their focus towards securing and building resiliency into their identity infrastructure, we see enormous demand for specialized hybrid AD and Entra ID protection,” said Bray in a statement.

“Semperis is a clear leader in the urgently needed area of identity system defense, with machine-learning-based attack prevention, detection, and response,” added Scott Bluestein, CEO and CIO at Hercules Capital. “Leading organizations around the world depend on Semperis to safeguard their hybrid Active Directory environment, which is foundational to the IT infrastructure and heavily targeted by attackers.”

As for why the company took debt instead of equity, Bresman simply said that the company had multiple options but it chose this one in part because it has the mix of investors on its cap table that it wants. (He didn’t say the following, but it also means that it has to give up less equity en route to an IPO.)

“Semperis, with new support from J.P. Morgan and Hercules Capital, and our existing team of world-class backers, KKR, Insight Partners, Ten Eleven Partners, Paladin, Advocate Health and others, will continue to drive innovations to disrupt cyberattacks,” said Bray. “The growth financing complements an already strong balance sheet, allowing Semperis to accelerate the investment in R&D and expand our global footprint to meet market demand.”

Digital representation of machine with code and a futuristic keyboard in front of it.

Number of monthly active crypto devs fell 25% in 2023

by with No Comment Tech

Digital representation of machine with code and a futuristic keyboard in front of it.

Image Credits: Olemedia / Getty Images

The total number of monthly active crypto developers fell 25% year-over-year in 2023, but those who have been in the space long-term showed more resilience than before, according to a new developer report by Electric Capital.

Developers with more than two years of experience in crypto are at an all-time high after reaching 51% annualized growth over the past five years, according to the report. And developers who have been in crypto for at least one year grew 15% year-over-year and comprise 63% of all monthly active developers.

“Very quantitatively [long-term developers] matter because about 75% of code commits are written by developers who have been in crypto for over a year,” Maria Shen, general partner at Electric Capital, told TechCrunch+. “But there’s a clear qualitative reason as well. You want people in the industry to stick around. When you see devs stick around decorrelated from prices, there’s something fundamentally here that keeps them in the space.”

The number of developers working in crypto has matched what Shen has experienced since entering the space in 2018. “You have periods of frothiness, insanity, and a lot of people come in and leave, but through it all there’s a core group of people who stay through the mania.”

Meanwhile, so-called newcomers — developers who were in the crypto ecosystem for less than 12 months — dropped 53% year-over-year in 2023. “Newcomers are very correlated with prices,” Shen said. “Prices go up, more developers come, prices go down and more developers leave.”

But the reason why crypto has been able to grow, expand and push forward is because of a “devoted segment of developers that stick around, that are completely separate from the volatility in crypto,” Shen said.

The report focuses on “open source developers,” who push code to contribute to the crypto ecosystem, whether it’s a protocol, application, developer tool or other medium. This means engineers at places like Coinbase, a number of gaming companies and other private entities that have their own closed source code are not counted in the report, Shen said.

Closed source code is usually proprietary to a business so the public cannot view, vet or amend it. However, with the decentralized ethos of many crypto projects, there’s a desire to share code publicly for the benefit of the ecosystem so developers and other builders can use or try to improve the code.

As open source codes are often collaborative, there’s also a similar growth in the multichain world where builders are creating tools or applications that can work across multiple blockchains. “It’s a maturation of the space,” Shen said. “People used to build for specific chains; now they build for users and use cases and you see that trend growing over time.”

In 2023, the number of developers who supported three or more chains hit an all-time high. Around 30% of monthly active devs by the end of 2023 support more than one chain, which is up 10x from 3% in 2015.

“Crypto is very clearly multichain,” Shen said. “At this point, it’s pretty clear that [multichain] is not a fad or trend but looks like it’s here to stay.”

To be fair, for newcomers, the crypto space can be daunting and a “noisy” industry given there’s so much jargon, a handful of coding languages that are most popular, and hundreds of sectors and ecosystems to be explored. But there are only so many resources out there. “The barrier to entry for someone new in crypto is actually still quite high,” Shen said.

It’s also worth noting that crypto’s builder ecosystem is continuing to be distributed globally as 74% of developers are outside of North America, Shen said. As a result, the share of U.S. developers in the space is decreasing again. According to the report, the U.S.’s share of blockchain developers fell to 24% last year, down from 40% in 2017. This is also a decline of 5% from 2022.

The US is losing crypto talent as blockchain devs seek safer havens

There’s a circular benefit to developers sticking around in crypto: As they stay and build more, more users are engaged and more use cases supported. “That’s why developers are so important. They create applications that bring in users and developer tooling that make it easier for new developers.”

The progression and growth of crypto naturally occurs, Shen said. As crypto expanded from its early days to 2018 to today, there’s applications and use cases like DeFi, stablecoins and NFTs that some people use every day.

“The world has shifted and progressed for crypto and that is thanks to engineers, developers, and everyone in the space who are building,” Shen said. “The more people build in crypto, people will poke their heads in and see that and find a reason to stay.”

Digital representation of machine with code and a futuristic keyboard in front of it.

Number of monthly active crypto devs fell 25% in 2023

by with No Comment Tech

Digital representation of machine with code and a futuristic keyboard in front of it.

Image Credits: Olemedia / Getty Images

The total number of monthly active crypto developers fell 25% year-over-year in 2023, but those who have been in the space long-term showed more resilience than before, according to a new developer report by Electric Capital.

Developers with more than two years of experience in crypto are at an all-time high after reaching 51% annualized growth over the past five years, according to the report. And developers who have been in crypto for at least one year grew 15% year-over-year and comprise 63% of all monthly active developers.

“Very quantitatively [long-term developers] matter because about 75% of code commits are written by developers who have been in crypto for over a year,” Maria Shen, general partner at Electric Capital, told TechCrunch+. “But there’s a clear qualitative reason as well. You want people in the industry to stick around. When you see devs stick around decorrelated from prices, there’s something fundamentally here that keeps them in the space.”

The number of developers working in crypto has matched what Shen has experienced since entering the space in 2018. “You have periods of frothiness, insanity, and a lot of people come in and leave, but through it all there’s a core group of people who stay through the mania.”

Meanwhile, so-called newcomers — developers who were in the crypto ecosystem for less than 12 months — dropped 53% year-over-year in 2023. “Newcomers are very correlated with prices,” Shen said. “Prices go up, more developers come, prices go down and more developers leave.”

But the reason why crypto has been able to grow, expand and push forward is because of a “devoted segment of developers that stick around, that are completely separate from the volatility in crypto,” Shen said.

The report focuses on “open source developers,” who push code to contribute to the crypto ecosystem, whether it’s a protocol, application, developer tool or other medium. This means engineers at places like Coinbase, a number of gaming companies and other private entities that have their own closed source code are not counted in the report, Shen said.

Closed source code is usually proprietary to a business so the public cannot view, vet or amend it. However, with the decentralized ethos of many crypto projects, there’s a desire to share code publicly for the benefit of the ecosystem so developers and other builders can use or try to improve the code.

As open source codes are often collaborative, there’s also a similar growth in the multichain world where builders are creating tools or applications that can work across multiple blockchains. “It’s a maturation of the space,” Shen said. “People used to build for specific chains; now they build for users and use cases and you see that trend growing over time.”

In 2023, the number of developers who supported three or more chains hit an all-time high. Around 30% of monthly active devs by the end of 2023 support more than one chain, which is up 10x from 3% in 2015.

“Crypto is very clearly multichain,” Shen said. “At this point, it’s pretty clear that [multichain] is not a fad or trend but looks like it’s here to stay.”

To be fair, for newcomers, the crypto space can be daunting and a “noisy” industry given there’s so much jargon, a handful of coding languages that are most popular, and hundreds of sectors and ecosystems to be explored. But there are only so many resources out there. “The barrier to entry for someone new in crypto is actually still quite high,” Shen said.

It’s also worth noting that crypto’s builder ecosystem is continuing to be distributed globally as 74% of developers are outside of North America, Shen said. As a result, the share of U.S. developers in the space is decreasing again. According to the report, the U.S.’s share of blockchain developers fell to 24% last year, down from 40% in 2017. This is also a decline of 5% from 2022.

The US is losing crypto talent as blockchain devs seek safer havens

There’s a circular benefit to developers sticking around in crypto: As they stay and build more, more users are engaged and more use cases supported. “That’s why developers are so important. They create applications that bring in users and developer tooling that make it easier for new developers.”

The progression and growth of crypto naturally occurs, Shen said. As crypto expanded from its early days to 2018 to today, there’s applications and use cases like DeFi, stablecoins and NFTs that some people use every day.

“The world has shifted and progressed for crypto and that is thanks to engineers, developers, and everyone in the space who are building,” Shen said. “The more people build in crypto, people will poke their heads in and see that and find a reason to stay.”