Lumu, a startup that helps enterprises identify and isolate security compromises, today announced that it raised $30 million in a Series B round led by Forgepoint Capital, $6 million of which is debt.
Ricardo Villadiego, Lumu’s founder and CEO, says that the new cash will be put toward growing Lumu’s sales team in the U.S., supporting its go-to-market strategy and increasing the startup’s investments in R&D.
“Lumu‘s primary objective is to ensure that its … solution reaches more security teams that may have limited resources but require effective solutions to tackle the complexities of today’s threat landscape,” Villadiego told TechCrunch in an email interview.
Villadiego, previously IBM’s regional director covering internet security systems for Latin America, founded Lumu after studying the patterns of corporate data breaches for a number of years. He observed a common denominator in these data breaches: cybercriminals have to use a network.
So Villadiego developed technology to continuously look for signs of compromise in networks and respond to that compromise. The tech evolved into Lumu, which now offers a range of services to defend against possibly cyber breaches.
“Cybersecurity is a complex topic where it’s difficult to understand if the actions that have been taken are helping to increase resistance to cyberattacks,” Villadiego said. “Lumu simplifies this conversation at all levels within an organization, defining a clear north star.”
To this end, Lumu attempts to detect network threats and provide details about compromised assets, including when and how compromises occurred and recommendations for specific responses. With Lumu, customers can automate certain defense activities using their existing cybersecurity tools and review up to two years of network metadata for signs of suspect activity.
“Our interface is built for different levels of technical knowledge, so operators don’t need to be very senior analysts,” Villadiego said. “Lumu is also adaptable to [different] cybersecurity stack[s] regardless of how sophisticated or basic they may be, and grants operators the opportunity to respond in real-time to network threats on their existing infrastructure.”
Now, Lumu isn’t necessarily all that novel in this approach. Lots of other vendors accomplish what it does, more or less, including Ordr (which recently raised $40 million), Cyrebro, Darktrace and Vectra (which was last valued at $1.2 billion).
But Lumu has the good fortune of being in a market that’s seeing sustained — and even increasing — demand. In a Cisco survey published in September, 86% of organizations responding said that they plan to increase their cybersecurity budget by at least 10% over the next 12 months.
VC investments in security are becoming harder to come by, paradoxically, with data from Crunchbase showing that VC financing for cybersecurity dipped to just over $1.6 billion in Q2 2023 — down 63% year-over-year. But Villadiego pointed to Lumu’s customer momentum as evidence it might buck the trend: 881 live deployments as of September and 133% growth in annual recurring revenue year-over-year.
“[Organizations are facing] complexity in understanding how AI can work for them, and letting go of investments and legacy technologies that have proven to be ineffective,” Villadiego said. “The pandemic accelerated Lumu’s growth because organizations relied on many security controls that stayed in corporate offices while the network traffic was flowing from the houses of the employees to the cloud with little if any scrutiny, creating a massive opportunity for cybercriminals to cause harm.”