Agari Raises $22M in Series D Funding for Email Security

As business email compromise attacks continue to grow, the CEO of email security vendor Agari sees a real need for new technology.

email security

Email security vendor Agari is raising new funds to help it grow its reach and accelerate the development of technology that can combat increasingly sophisticated forms of email attacks and fraud.

The $22 million in Series D funding was led by Norwest Venture Partners and included the participation of Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners and Scale Venture Partners. Total funding to date for Agari now stands at $44.7 million.

Agari was founded in 2009 by CEO Patrick Peterson, who had previously worked for nearly a decade with email security appliance vendor IronPort, which Cisco acquired in 2007 for $830 million. Peterson left Cisco in 2009 to start Agari, with the basic idea of building a new approach for dealing with email security.

"Email is the bad guys' best friend today," Peterson said. "So we're on a mission to make sure that you can do business quickly and efficiently, while bad guys can't succeed with business email compromise fraud."

Peterson is raising Series D funding to accelerate the company's growth. The new money will be used for sales and marketing expansion globally, as well as for technology innovation efforts.

Agari makes extensive use of the DMARC (Domain-based Message Authentication, Reporting and Compliance) email authentication protocol to help protect users. The basic promise of DMARC is to limit fraudulent email by verifying senders. In addition to DMARC, Agari has contextual correlation technology that further helps to validate the integrity of an email.

"The core problem that we're trying to solve is about email trust. Is the email I just received really from JP Morgan or Ernst & Young or from my CEO?" Peterson said.

The approach many security professionals use to secure email is to use digitally signed emails, with technologies such as OpenPGP. The Agari approach doesn't require signed email, as Peterson doesn't see it as being Internet scalable.

"We can't require our law firm or our recruiting prospects to send email with PGP because we don't have a help desk to help everyone to install it," he said. "So we use our technology and DMARC for most of our conversations."

Peterson added that he does think OpenPGP is great technology; however, it's too hard for most people to use. In contrast, the Agari technology works through an email gateway, decreasing the complexity for end users.

"Massive multinational companies can deploy Agari at scale, without worrying what an end-user consumer is running on a desktop," he said.

The technology infrastructure that powers Agari has evolved over the last five years to be Amazon Web Services (AWS) cloud-enabled. Plus, it is fully configured and automatically deployed with Ansible, an open-source DevOps and infrastructure automation technology. Agari is also making use of Docker containers on its enterprise client to relay metadata to the AWS cloud instances.

"We use Apache Spark for much of the big data work, and the other key technology we use is a PostgreSQL-type database," Peterson said.

In some respects the journey that Peterson has been on with Agari is similar to what he went through with IronPort over a decade ago, with some notable differences. The early promise of IronPort was built on hardware appliances, while Agari is growing up in the cloud era.

"The cloud has destroyed security models. It used to be you could say an email originated from a certain network," Peterson said. "Today most email comes from a cloud service or a third party, so everyone is sending mail using someone else's cloud."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.