Four years ago I met a recent Stanford grad named Isaac Madan. He had an impressive computer science background, had founded a startup in college, and was interested in venture capital. Though we usually look to hire folks with a bit more experience under their belt, Isaac was exceptionally bright and had strong references from people we trusted. Isaac joined Venrock and for the next two years immersed himself in all corners of technology, mostly gravitating towards enterprise software companies that were utilizing Artificial Intelligence and Machine Learning. Isaac packed his schedule morning, noon, and night meeting with entrepreneurs, developing a deep understanding of technologies, go-to-market strategies, and what makes great teams tick. Isaac was a careful listener, and when he spoke, his comments were always insightful, unique, and precise. Within a year, he sounded like he had been operating in enterprise software for over a decade.
After two years in venture, Isaac got the itch to found another startup. He paired up with a childhood friend, Rohan Sathe, who had been working at Uber. Rohan was the founding engineer of UberEats, which as we all know, grew exceptionally fast, and today generates over $8Bn in revenue. Rohan was responsible for the back-end systems, and saw firsthand how data was sprayed across hundreds of SaaS and data infrastructure systems. Rohan had observed that the combination of massive scale and rapid business change created significant challenges in managing and protecting sensitive data. As soon as they teamed up, Isaac and Rohan went on a “listening tour,” meeting with enterprise IT buyers asking about their business priorities and unsolved problems to see if Rohan’s observations held true in other enterprises. Isaac and I checked in regularly, and he proved to be an extraordinary networker, leveraging his contacts, his resume, and the tenacity to cold call, conducting well over 100 discovery interviews. Through these sessions, it was clear that Isaac and Rohan were onto something. They quietly raised a seed round last year from Pear, Bain Capital Ventures, and Venrock, and started building.
One of the broad themes that Isaac and I worked on together while at Venrock was looking for ways in which AI & ML could re-invent existing categories of software and/or solve previously unresolvable problems. Nightfall AI does both.
On the one hand, Nightfall (formerly known as Watchtower) is the next generation of DLP (Data Loss Prevention), which helps enterprises to detect and prevent data breaches, such as from insider threats–either intentional or inadvertent. DLPs can stop data exfiltration and help identify sensitive data that shows up in systems it should not. Vontu was one of the pioneers of this category, and happened to be a Venrock investment in 2002. The company was ultimately acquired by Symantec in 2007 at the time that our Nightfall co-investor from Bain, Enrique Salem, was the CEO of Symantec. The DLP category became must-have and enjoyed strong market adoption, but deploying first-generation DLP required extensive configuration and tuning of rules to determine what sensitive data to look for and what to do with it. Changes to DLP rules required much effort and constant maintenance, and false positives created significant operational overhead.
Enter Nightfall AI. Using advanced machine learning, Nightfall can automatically classify dozens of different types of sensitive data, such as Personally Identifiable Information (PII), without static rules or definitions. Nightfall’s false positive rate is exceptionally low, and their catch rate extremely high. The other thing about legacy DLPs is that they were conceived at a time when the vast majority of enterprise data was still in on-premise systems. Today, however, the SaaS revolution has meant that most modern businesses have a high percentage of their data on cloud platforms. Add to this the fact that the number of business applications and end-users has grown exponentially, and you have an environment where sensitive data shows up in a myriad of cloud environments, some of them expected, like your CRM, and some of them unexpected and inadvertent, like PII or patient health data showing up in Slack, log files, or long forgotten APIs. This is the unsolved problem that drew Isaac and Rohan to start Nightfall.
More than just a next-gen DLP, Nightfall is building the control plane for cloud data. By automatically discovering, classifying, and protecting sensitive data across cloud apps and data infrastructure, Nightfall not only secures data, but helps ensure regulatory compliance, data governance, safer cloud sharing and collaboration, and more. We believe the team’s impressive early traction, paired with their clarity of vision, will not only upend a stale legacy category in security but also usher in an entirely new way of thinking about data security and management in the cloud.This open ended opportunity is what really hooked Venrock on Nightfall.
Over the past year, Nightfall has scaled rapidly to a broad set of customers, ranging from hyper-growth tech startups to multiple Fortune 100 enterprises, across consumer-facing and highly-regulated industries like healthcare, insurance, and education. In our calls with customers we consistently heard that Nightfall’s product is super fast and easy to deploy, highly accurate, and uniquely easy to manage. Venrock is pleased to be co-leading Nightfall’s Series A with Bain and our friends at Pear. After 21 years in venture, the thing that I still enjoy most is working closely with entrepreneurs to solve hard problems. It is all the more meaningful when I can work with a high potential young founder, from essentially the beginning of their career, and see them develop into an experienced entrepreneur and leader. I am thrilled to be working with Isaac for a second time, and grateful to be part of Nightfall’s journey.