Stairwell: Rewriting the Rules for Cybersecurity
Bill Coughran on behalf of Team Sequoia
In early 2010, while I was serving as SVP of Engineering for Google, the company took the unusual step of publicly sharing information about a recent hacking attempt. Earlier we had discovered the attack known today as “Operation Aurora,” which targeted several U.S. companies. It appeared to have originated in China, and was apparently aimed at accessing the Gmail accounts of Chinese human rights activists.
In the days that followed, an information security engineer named Mike Wiacek stepped up with a lot of creative ideas about what to do next. Before Google, Mike had worked for the Department of Defense analyzing network exploitation and vulnerability. He understood well the playbook of not just hackers, but sophisticated and patient state actors.
Within days, Mike was asked to form Google’s Threat Analysis Group (TAG). Back then, such organizations mostly existed in government, but Mike’s vision would prove prescient; more than a decade later, commercial threat intelligence teams are now commonplace, and advanced hacking toolkits are more available.
Mike and I kept in touch after I joined Sequoia, as he moved from leading TAG to co-founding, within Alphabet, the enterprise cybersecurity startup Chronicle, and then to his current company, Stairwell. With each step in his career, he developed a deeper understanding of the patterns common in technical attacks. As he shared the ideas he was exploring, I found him extremely thoughtful about building technology that was not just difficult for bad actors to beat, but also very simple to use.
For traditional products in the security space, perhaps the biggest challenge is separating the signal from the noise. Of course the worst outcome is a false negative — failing to notice when something malicious has occurred. Often, though, security products actually do identify problems that eventually lead to breaches, but those signals get lost in a flood of other information. Recognizing them requires well-trained staff with deep knowledge of the domain, and that is difficult to find. What’s more, security teams are in a race against the clock. The program an attacker uses to access a system can disappear within hours, and the breach may not be detected for the better part of a year.
Traditional approaches also rely on a distinction between “inside” and “outside” that is increasingly outdated. Firewalls, for example, were originally conceived as moats around an organization’s resources. Today, enterprises recognize that their networks are permeable and that protecting key resources is the paramount concern.
Mike founded Stairwell with these challenges and more in mind, and in the two years since, he and his team have begun rewriting the rules for cybersecurity. Instead of a game of “retroactive whack-a-mole,” Stairwell proactively looks inward, applying the same techniques that power internet searches to scrutinize every file already in your organization, where the most concerning risks are often found. The platform’s recursive approach — analyzing those files again and again — allows it to detect novel activity more quickly, making it harder for hackers to cover their tracks. And because Stairwell creates a tailored defense that’s based in part on a customer’s own environment, attackers can’t simply reverse-engineer their way around it.
Stairwell is on a path to make it possible for every company — not just those with large, highly qualified security teams — to detect and stop attacks, and we at Sequoia are proud to have partnered with them at the seed and to now co-lead this Series A alongside Accel. With today’s launch of the new Inception platform, we are as excited as ever about being part of this team, and we encourage anyone interested in joining us to reach out. Just as Mike did years ago at Google, he and his team are poised to again reimagine the future of security.
