When you think about enterprise security, the image of the RSA dongle or hardware token that generates random numbers and looks like a flash drive with a small led screen may come to mind (something you have). That’s one of the three popular elements of multi-factor authentication when it’s combined with a username or password (something you know). The third form of verification that’s growing in popularity is biometric verification like palm scanning, fingerprints, keystroke tracking, retinal scans, facial recognition (something that you are). While the first two types provide entrance through the front door, security erodes as a session grows longer in length. Twosense is a continuous authentication platform that uses invisible biometrics to provide unparalleled security through full sessions – beginning to end, providing heightened endpoint security. The company’s underlying technology creates a risk engine for fraud prevention based on behavioral traits and is versatile enough to be used across a range of industries and the company has deployed its passive biometric authentication platform for the defense industry, healthcare, and the enterprise.
AlleyWatch caught up with CEO & Cofounder Dawud Gordon, Ph.D. to learn more about the promise of continuous authentication, the company’s strategic plans, latest round of funding, which brings the total funding raised to $M, and much, much more.
Who were your investors and how much did you raise?
Twosense raised $3M to automate human effort, and human error, out of authentication with AI-driven, invisible, continuous biometrics. The Series Seed round was co-led by Atypical Ventures and Preface Ventures, with participation from Jonathan Cogley (LogicBoost Labs), Glasswing Ventures, Entrepreneurs Roundtable Accelerator follow-on fund, Brand New Matter Ventures, and strategic angels like Josh Lospinoso (Shift5), Marc Weiss, and others.
Tell us about the product or service that Twosense offers.
Identity security is failing us all. The problem is people: people hate doing the security work of logging in, logging out, remembering passwords, account lockouts, 2fa texts, multi-factor popups, password resets, and we all make mistakes that cause security to break down. Twosense is solving the most fundamental problem in identity security by creating a new software baselayer with invisible biometrics for continuous authentication. Twosense’s baselayer automates user effort out of identity security for far-greater security with a far better user experience. Our product automates 95% of two-factor challenges, flags unauthorized use on an open session in under a minute, and surfaces previously undetectable risks in the wild to the admin team.
Twosense is changing the paradigm of user authentication to a solution that relies on software and automation that’s available all the time, instead of people and effort at a point in time. The technology generates biometric trust on a user’s behalf by analyzing user behavior, such as how they type, move the mouse, interact with a touch screen, the way they walk, hold a device, etc. from phones to laptops, desktops, and virtual machines. The combination of every measurable aspect of behavior, modeled by highly personalized Deep Neural Networks, creates a new form of passive biometric authentication.
What market does Twosense target and how big is it?
The company is collaborating with leading IAM vendors with integrations for Microsoft Active Directory, Thycotic Secret Server, and has officially launched in the Okta Integration Network, with further IAM partners onboarding now. They are focused on solving for employee identity with customers in healthcare, finance, and critical infrastructure verticals. This market represents a $2.5Bn revenue opportunity, with unlimited upside potential as the company expands to Customer identity, and eventually D2C.
What’s your business model?
Our current product is licensed per user per month.
How has COVID-19 impacted the business??
The move to work-from-home has driven all industries to seek out solutions for the new problems of a distributed workforce. In security, that has created a massive push to Zero Trust Architectures, which require far more authentication challenges to end-users. With over-stressed employees, this has put admins in an untenable position, which is the fundamental problem that Twosense solves. Starting with the US Department of Defense, and now expanded to Enterprise customers like the leading orthopedic hospital in the US, AFGE, and more, our customers rely on us to solve a fundamental problem that has been exacerbated by the pandemic.
What was the funding process like?
Fundraising is always challenging. It takes perseverance and resilience and a lot of Zoom meetings, but it’s worth it in the end.
What are the biggest challenges that you faced while raising capital?
The security industry is by its nature a reactive and iterative one. Twosense’s vision and product are paradigm-breaking and revolutionary, so it doesn’t quite fit into the pattern matching systems of InfoSec Venture Capital.
The security industry is by its nature a reactive and iterative one. Twosense’s vision and product are paradigm-breaking and revolutionary, so it doesn’t quite fit into the pattern matching systems of InfoSec Venture Capital.
What factors about your business led your investors to write the check?
The same issue that was a challenge was our salvation. Finding a set of investors that already believed in the vision of a better future without the daily nightmare of identity friction was key. That combined with our customer traction in both Defense and Enterprise sealed the deal.
What are the milestones you plan to achieve in the next six months?
In the next 6 months, we’ll be expanding our set of Enterprise and Defense customers, as well as adding to the growing pool of collaborators and partners in the Identity and Access Management (IAM), Privileged Access Management (PAM) and Security Information and Event Management (SIEM). We’re also looking to create a free admin tier for their own use. We love admins, and admins love us.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
If you’re a pre-seed company, I recommend looking at NYC startup accelerators. Entrepreneurs Roundtable Accelerator is the best in breed in my opinion and was incredibly helpful for us (and still is).
Where do you see the company going now over the near term?
We see continuous authentication become a baselayer for identity, kind of like an OS. We link identities together with the user at the center of those linkings. As we add integration partners as apps to our baselayer, we remove more friction from the user experience and remove concern from the admin experience. Continuous authentication will be the foundation on which every identity-aware application runs.
What’s your favorite outdoor dining restaurant in NYC
Boran in Carroll Gardens is amazing.