Arlington, VA

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1812 N. Moore Street in Rosslyn.

After several years of quietly building, a local IT management company — temporarily leaning into cybersecurity — is enjoying huge gains.

C3 Integrated Solutions, which helps government contractors use Microsoft cloud solutions, saw 172% growth over the last two years. According to the company, located in Rosslyn, those numbers make C3 the fastest-growing IT management company in Arlington.

Inc. Magazine ranked it the 69th fastest-growing company in the D.C. region for 2020 and ranked it among the top 2,000 companies nationally.

“I’ve been joking that it’s an overnight success 13 years in the making,” co-founder and president Bill Wootton said. And those numbers are for growth in 2019.

“2020 ended up being an even better year for us,” Wootton said. “Even with COVID-19, we had our best year ever last year, and this year, with some of the new services and solutions we’re about ready to roll out, we’re going to keep going in the same direction — up and up.”

C3 Integrated Solutions started a decade ago while Wootton and co-founder Kevin Lucier, an Arlington native, worked for cable and telecommunications company RCN. They wanted to give clients outside-the-box solutions and decided to start a company that would do just that.

When they took the plunge, however, they struggled to stay afloat in a mature industry crowded with similar companies. Three years in, Microsoft cloud services went online, which they saw as a lifeline.

Listening to some clients talk about the cloud, Wootton and Lucier saw a new opportunity and decided to jump ship. But there was one problem: neither had IT experience.

The duo hired people with the right expertise, including Kevin’s brother James — as well as long-time IT veteran Jason Tierney — and C3 Integrated Solutions was (re)born.

C3 focused on providing IT services to nearby companies, which, in Arlington, meant many of their clientele were defense contractors. That incidental relationship proved a huge boon to C3 a decade later when it found a new market to enter: cybersecurity.

Today, the company also helps government contractors keep their companies secure while meeting changing cybersecurity regulations. C3 is taking advantage of new cybersecurity regulations for defense contractors that the government codified in November, which Wootton and Lucier saw coming four years ago.

“We’ve been a mover in this particular solution set for three to four years now, and it’s just now starting to get mainstream recognition,” Wootton said. “We have a track record in an area where people are just realizing there’s a market shift.”

These regulations will take five years to roll out just for the defense industry, he said. The government is looking to expand these requirements to other departments, which means C3 is poised to ride this wave for a while.

Read More

0 Comments

As early as mid-spring, light poles along Wilson Blvd in Clarendon will be outfitted with new fixtures that monitor crowds and identify potential emergencies.

The technology will be installed sometime this spring as part of a pilot project involving multiple Arlington County departments as well as Comcast, the Commonwealth Cyber Initiative and US Ignite — a nonprofit focused on community innovation. The initiative is dubbed the “Safety and Innovation Zone demonstration project.”

During its recessed meeting yesterday (Tuesday), the County Board voted 4-1, with Takis Karantonis dissenting, in favor of the pilot project. US Ignite is donating $90,000 to buy the light fixtures, which Comcast will provide, along with a three-month trial of public Wi-Fi in the area.

Karantonis said his vote should not be interpreted as a vote of no-confidence, but rather, it should signal that he is still skeptical and would like to see more public engagement.

The primary use for the fixtures, to be installed along the 2900 block of Wilson Blvd, will be “people counting,” said Holly Hartell, who presented the project on behalf of the Department of Technology Services. In other words, the light fixtures will monitor crowd sizes and flow to recognize unexpected movements that could indicate a potential threat or emergency situation.

“This is an effort to speed things up where seconds and minutes count,” said Arlington County Fire Chief David Povlitz. “If we could gain information to send the right resource to the right place in a timely fashion that could really accelerate us operationally and also safety-wise.”

The light fixtures do not have the capacity to videotape people, capture images or provide identifying information, Hartell said. They can pick up the presence or absence of an event they have been programmed to detect, such as a large crowd moving quickly. This data will be converted into text and sent to a dashboard in the county’s Emergency Communications Center.

“Everything will be anonymous,” Hartell said. “You will never be able to identify an individual person.”

Later on, the technology could be used to detect falls, blasts, shots, and distress cries, as well as sudden temperature changes or the presence of smoke.

The fire chief added that “this [pilot] is just a start and we hope to be able to build this out in the county in time.”

“We are aware of people who are concerned,” Hartell later told ARLnow, of questions raised about the project. “I understand their concerns, and I want to give them the confidence that what we’re looking at is not going to be in any way impacting their privacy.”

The partners in the project — CCI, US Ignite and Comcast — are all providing best practices on collecting data while respecting privacy, she said. The county has also developed a privacy framework to use as it goes about the project.

“We are protecting people’s privacy while improving our services,” she said.

The pilot project will be in place for about one year. The first few months will be spent refining the uses for the technology, followed by six months of data collection, and finally, an assessment period. Next spring, the county will decide if the project could be replicated elsewhere. At that time, there will be robust public engagement opportunities, Hartell said.

During the meeting, Hartell said the block was chosen because it has a vibrant business district and a “pretty active restaurant and pedestrian activity,” even now during the pandemic.

One incident the technology might have caught in that location, had it been in place a few years ago: the famous 2018 Cheesecake Factory incident, when a promotion for free cheesecake got out of control

The original proposal was to focus on social distancing and mask-wearing, according to the staff report. A small number of business members of the Clarendon Alliance were consulted on the idea, and their concern led to a shift away from coronavirus measures, staff said.

Photo 1 via Google Maps, photos 2-3 via Arlington County

0 Comments

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring Shirlington Gateway. The new 2800 Shirlington recently delivered a brand-new lobby and upgraded fitness center, and is adding spec suites with bright open plans and modern finishes. Experience a prime location and enjoy being steps from Shirlington Village.

Ballston-based cybersecurity startup GroupSense is helping governments fend off targeted attacks on COVID-19 vaccine distribution.

The vaccine action plan, a modified version of GroupSense’s 2020 election plans, is a pivot that CEO and founder Kurtis Minder never envisioned when he established the company in 2014.

“We didn’t go seeking this out — it came to us,” he said.

Today, GroupSense helps a handful of local governments combat vaccine misinformation and negotiate with hackers targeting manufacturers in the vaccine’s supply chain. The company anticipates working with these municipalities for one year, but could extend that work if the protections are still needed later on.

During the 2016 and 2020 elections, GroupSense worked with municipalities, website hosts and social media companies to take down misinformation. After the 2020 elections, Minder said local governments asked GroupSense to secure their vaccine rollouts.

“It occurred to us that you could use this technology on vaccines,” Minder said.

GroupSense reports “disinformation” to local governments, which decide whether to take down or refute the claims, he said.

“If someone on Reddit starts a thread, it gives City Hall the opportunity to get into that conversation and post links to debunk that particular narrative,” Minder said.

While rumors run rampant on Reddit, bad actors working for foreign governments or themselves are taking advantage of the increased cybersecurity risks of remote work, he said.

“The remote-work problem has actually made ransomware easier,” he said. “Eighty percent of the time, the way the bad guy gets in, it’s because the company did not secure the network properly for work-from home.”

Government-led attacks are originating from countries including Russia and Iran, he said. They are often aimed at stealing intellectual property related to vaccines, and are harder to detect and stop because they have more resources.

Meanwhile, hackers looking to make a buck are demanding ransoms of small-scale businesses, such as refrigeration companies, which keep the vaccines cold, Minder said.

These hackers, from Russia, Moldova or Belarus, get access to a network, shut it down and demand a ransom, Minder said. They target “low-hanging fruit,” or businesses that are less likely to be secured against cyber threats and more likely to pay a ransom because the vaccine is in high demand.

“It just reinforced something we already knew: The security of the supply chain is really important to the outcomes of an organization,” he said.

GroupSense keeps tracks of these reports in a dashboard that it developed, Minder said. Federal law enforcement agencies have access to this dashboard, and use it to track attack trends, he said.

The CEO advises companies and governments to secure their remote access, teach employees about phishing, and ensure they only use private emails to sign up for non-work-related accounts.

This year, the company — located at 4040 Fairfax Drive, in the Marymount University building — reported 65% year-over-year growth, despite the pandemic.

0 Comments

Sponsored by Monday Properties and written by ARLnow, StartupMonday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. Monday Properties is proudly featuring Shirlington Gateway. Say hello to the new 2800 Shirlington, which recently delivered a brand-new lobby and upgraded fitness center. Experience a prime location and enjoy being steps from Shirlington Village, a large retail hub with a variety of unique restaurants and shopping options. Spec suites with bright open plans and modern finishes are under construction and will deliver soon!

Ballston startup HyperQube recently announced a new batch of funding that will help boost its growth efforts.

The startup specializes in taking a company’s digital infrastructure, cloning it, then throwing every hack and virus imaginable at the clone to see what gets through. Once those weaknesses are found, HyperQube helps companies review, document, and fix their code to be more secure.

HyperQube raised $2.5 million in seed funding, primarily from Leawood Venture Capital, a fairly small Kansas-based investment group that also recently financed Sorcero, a language intelligence startup based out of D.C.

Craig Stevenson, HyperQube’s founder and CEO, said that more companies moving towards working from home as a result of the pandemic will result in an increased necessity to maintain safe and stable online infrastructure.

“With the growing remote workforce necessitating a rush to the cloud, HyperQube is poised to accelerate and manage that process while simultaneously reducing costs and enhancing security,” Stevenson said in a press release.

Beyond cybersecurity, HyperQube’s cloned structures allow companies to test and alter code on their websites safely to see what the results look like without compromising their main website.

The press release said HyperQube plans to use the funding to expand the sales, marketing, and engineering teams.

Photo via HyperCube

0 Comments

Sponsored by Monday Properties and written by ARLnowStartup Monday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. Monday Properties remains firmly committed to the health, safety and well-being of its employees, tenants and community. This week, Monday Properties is proudly featuring 1000 and 1100 Wilson (The Rosslyn Towers).

Rosslyn startup Airside Mobile is rebranding to just Airside as part of a pivot from being a travel app developer to a company focused on securing data and privacy in online interactions.

“Airside was founded shortly after the first generation iPhone was launched,” the company said in its blog. “We hopped at the opportunity to develop ultra-secure mobile technology, including the award-winning Mobile Passport App. However, the ‘Airside Mobile’ label no longer applies to our broader set of capabilities and offerings that extend beyond mobile apps to SDKs, APIs, and more. Our new name maintains the continuity of our brand while also allowing more breadth and depth for our products and services.”

In an interview with the podcast State of Identity, Chief Commercial Officer Jessica Patel said that international changes brought about by COVID-19 have emphasized the need for secure online interactions.

“The world has changed so much in these last couple of months,” Patel said. “There are some industries in the short term that have gone fully virtual that people might not have expected, like technology supporting fully virtual education. Obviously virtual healthcare and the overall health-tech space has evolved and become a bigger need in these more recent weeks… There are some of these industries that were not nearly as virtual as they are today [and there is] a need for digital identity to play a major role.”

Patel said she doubted that many of the industries that had to shift to virtual interactions will ever go back to the level of in-person interaction before the pandemic.

“When I think about changes all kinds of industries will have to make there’s going to be moves to offering digital interactions instead of physical,” Patel said. “There’s going to be a real push to implement more contactless solutions. I think that’s where leveraging digital ID and biometric technologies are going to play a huge role in a lot of these verticals.”

Over the last few months, the company has offered its digital suite of products to organizations on the front lines of fighting the pandemic, free of charge.

“If your organization is on the frontlines of the fight against COVID-19 and you believe that a digital identity solution would support your cause, please contact us,” the company said in a press release. “We’re here to help. Airside is uniquely positioned to respond to this need because we can protect the data with best-in-class encryption, ensure a high level of privacy for the individual and the organization, and utilize our FedRAMP-certified environment to handle increased transactions for your fundamentally important cause.”

Patel said the company’s experience in verifying identities while maintaining privacy is opening doors to expanding into a variety of financial, retail, and travel interactions. The company offers products like software development kits businesses can use for their own products or document scanning and chip reading products. Some of those, Patel said, are sold as monthly or annual licenses, while others are product sales.

“As we look to grow how we’re supporting consumers, we’ve grown beyond a customs application into a broader digital identity solution,” Patel said, “whether in banking, travel, insurance, education technology… we’re seeking to a be a ubiquitous form of digital identity that continues to put the control of sensitive information in the consumer’s hands.”

It’s a message that seems to have resonated with investors, with the Washington Business Journal reporting last week that Airside has raised $13.6 million in new funding.

Photo via Airside/Facebook

0 Comments

(Updated at 3:50 p.m.) Just a few months after moving into a larger office space in Courthouse, Arlington cybersecurity startup DivvyCloud is being acquired for $145 million by larger cybersecurity company Rapid7, Inc.

In the crowded cybersecurity marketplace in Arlington, DivvyCloud specializes as a cloud-focused security option that not only fixes gaps in security coverage but makes it easier for a company to see where its security is weakest.

The acquisition is expected to close during the second quarter of 2020, according to a spokesperson for the company. When it does, it will be a big payday for the company and any employee that received equity in it, as well as one of the Arlington startup scene’s bigger exits, alongside fellow Courthouse tech firm Opower’s 2016 acquisition.

“Through DivvyCloud’s platform, Rapid7 will enable customers to innovate more securely in the cloud and make infrastructure more accessible and manageable for both DevOps and security teams,” said Brian Johnson, CEO and co-founder of DivvyCloud.

As more companies using the cybersecurity services of Boston-based Rapid7 start to move more to cloud-based services, DivvyCloud will allow customers to innovate and safely move out of data centers, making their infrastructure more accessible.

“Joining forces with Rapid7 is a natural next step,” said Johnson. “Their commitment to customers, employees, and company culture is well-aligned with the values that have made DivvyCloud so successful. With the combined expertise of both Rapid7 and DivvyCloud, we are even better positioned to help enterprises accelerate innovation using cloud and containers without the loss of control.”

Despite the acquisition, Johnson tells ARLnow that the company is staying put.

“The DivvyCloud team will continue to be located and work out of our office in Arlington,” he said, “although we are all working from home these days.”

Photo courtesy DivvyCloud

0 Comments

Startup Monday header

Editor’s Note: Sponsored by Monday Properties and written by ARLnow.com, Startup Monday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. The Ground Floor, Monday’s office space for young companies in Rosslyn, is now open. The Metro-accessible space features a 5,000-square-foot common area that includes a kitchen, lounge area, collaborative meeting spaces, and a stage for formal presentations.

DivvyCloud, an Arlington startup specializing in cloud-based cybersecurity, is planning to more than double in size with a move into a new much larger new headquarters in Courthouse.

It’s is far from the only cybersecurity company working in Arlington, but DivvyCloud carved out a niche as a cloud-focused security option that not only fixes gaps in security coverage but makes it easier for a company to see where its security is weakest.

Today (Monday) the company moved into a new 13,000 square foot office at 2111 Wilson Blvd, an office over six-times larger than its old 2,000 square foot office in Rosslyn. In a press release, CEO and co-founder Brian Johnson said the office expansion is a result of adding new employees, with more expected down the road.

“[Since 2018] the company has grown from 20 to 55 local employees — an increase of 175 percent — and plans to reach at least 120 employees within the next year,” Johnson said.

The company has netted some sizable investments over the last year, along with new contracts with customers from Pizza Hut to Fannie Mae. In an email to ARLnow, Johnson said the expansion is justified by an increasing need in cloud-based coverage — particularly in light of recent major data breaches.

“In our recent report, we found that 77% percent of respondents reported having two or more clouds, yet less than half of respondents were able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments,” Johnson said. “Countless major data breaches, including Honda and Capital One, have been caused by misconfigurations just in 2019 alone. As a result, more and more companies are realizing the need for an effective solution to prevent misconfigurations and properly secure cloud and container infrastructure.”

0 Comments

This article was written by Sindy Yeh, Senior Business Ambassador for Arlington Economic Development.

In the past few months, we’ve noticed a trend among Arlington’s security technology companies.

Several innovative, fast-growing Arlington companies in the cybersecurity, artificial intelligence and data analytics fields are being acquired by larger companies. In March, BluVector, a network security company applying artificial intelligence to detect cyber threats, became part of Comcast.

In the same month, Deep Learning Analytics, a data analytics company and winner of Arlington’s Fast Four competition three years in a row, was acquired by General Dynamics Mission Systems.

In May, eGlobalTech, a cybersecurity consulting and cloud security company, was acquired by Tetra Tech. In June, the pattern continued as Distil Networks, a leader in bot traffic detection and mitigation, became Imperva. And finally, Endgame, an endpoint security protection company, entered into an agreement with Elastic N.V., a data management firm from the Netherlands.

It comes as no surprise that so many of Arlington’s top cybersecurity firms were targeted for acquisition. These Arlington firms have developed niche products and services that are utilized by both government and commercial customers. Many of these companies are globally recognized leaders in their respective sectors.

By acquiring these firms, it allows the larger companies to further enhance their existing platforms by offering even more comprehensive and specialized solutions to their clients.

They also absorb the companies’ existing customers, often including government agencies whose mission it is to defend the nation from cyber threats, like the Department of Homeland Security and the Department of Defense.

Arlington is home to about 200 cybersecurity companies employing more than 5,000 people. These cyber-based acquisitions will most likely continue as more of Arlington’s cyber companies develop specialized products and solutions targeting industry needs.

It is a testament to Arlington that so many technology companies have not only chosen to locate in Arlington but have thrived and developed a rich ecosystem of innovative companies leveraging federal funding to create and develop new products and services with applications in the private sector.

0 Comments

(Updated at 5:20 p.m.) Arlington County has revealed a cyber attack that penetrated the county’s payroll system.

In a statement, the county says a number of employees were impacted by the intrusion, but did not specify the exact number or impacts. The intrusion appears to be the result of a “phishing” email targeting county employees and not a hack, the press release suggests.

Police are investigating.

Arlington’s cybersecurity division previously told ARLnow that it was staffing up and training county employees in light of the growing number of cyber attacks. The county budgeted $60,000 for the department to teach county employees how to avoid phishing emails, among other security best practices.

The full press release is below.

Arlington County Government recently discovered the existence of an intrusion into the Arlington County payroll system. This intrusion was limited in both the time of the compromise and the number of the employees who were impacted. No resident data was compromised during the intrusion.

All of the impacted employees have been identified, advised of the situation and steps are being taken to ensure the security of their personal data. Based on a joint review by the Arlington County Department of Technology Services and the Arlington County Police Department, the consensus belief is that the intrusion was likely the result of individual employees being targeted through a phishing email.

Since discovery of the intrusion, Arlington County has implemented enhanced cyber security features to safeguard email and other critical computing systems. As part of our education and crime prevention efforts, Arlington County is sharing cyber safety tips and reminding employees and the public not to open any emails from individuals they are unfamiliar with and to not click on links contained with any emails without first verifying their content.

The intrusion is currently being investigated by the Arlington County Police Department. Any information related to this ongoing investigation can be provided to Detective John Bamford of the Department’s Homeland Security Section at [email protected] Information may also be provided anonymously through the Arlington County Crime Solvers hotline at 866.411.TIPS (8477).

0 Comments

Sponsored by Monday Properties and written by ARLnow.com, Startup Monday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. The Ground Floor, Monday’s office space for young companies in Rosslyn, is now open. The Metro-accessible space features a 5,000-square-foot common area that includes a kitchen, lounge area, collaborative meeting spaces, and a stage for formal presentations.

Fueled by a recent investment, Courthouse-based startup DivvyCloud unveiled a new suite of features to help identify potential cybersecurity weak spots at a glance

The most high profile of the new features is a new “heat map” scorecard to help companies visualize where their cybersecurity defenses are strongest and where they are most vulnerable.

According to a blog post:

This new feature delivers a visual representation of risk aligned with regulatory standards, industry standards, or your own corporate standards; through an interactive heat map.

With fast paced changes in infrastructure, and the need to have flexibility for deployments into cloud platforms, it has become increasingly challenging to remaining compliant to industry standards. DivvyCloud’s Compliance Scorecard helps you audit compliance and identify risks in your cloud environment in a simple, transparent way.

The accounts are listed on the y-axis, while insights — specific behaviors, conditions or characteristics of cybersecurity — are listed along the x-axis. Accounts with less than 85 percent compliance to security standards are listed in red.

In the sample scorecard above, “Bob” has stale Application Program Interface credentials — coding that allows communication between two applications — meaning Bob has access to a program but his credentials to do so may be out of date.

The feature is designed to assist teams, like auditors or security management, in identifying areas where there are potential gaps in cybersecurity coverage. The scorecard can also recommend guidance for potential problems and direct the viewer to the relevant resources.

Other improvements include a new threat detection system that utilizes machine learning and anomaly detection technologies. DivvyCloud listed cryptocurrency mining, credential compromise behavior, and calls from known malicious IPs as potential threats the technology helps to identify.

DivvyCloud recently announced that it had achieved $19 million in funding in a recent growth round, bringing the total capital raised to $29 million.

0 Comments

Sponsored by Monday Properties and written by ARLnow.comStartup Monday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. The Ground Floor, Monday’s office space for young companies in Rosslyn, is now open. The Metro-accessible space features a 5,000-square-foot common area that includes a kitchen, lounge area, collaborative meeting spaces, and a stage for formal presentations.

Updated 3:35 p.m. — Ballston-based ThreatConnect — a cybersecurity company helping other companies fend off hackers — is planning to ramp up its operations thanks to an investment from Providence Strategic Growth (PSG).

ThreatConnect specializes in cybersecurity “intelligence,” where the information on incoming threats is collected across member organizations and spread across the network, so information gained from an attack on one company can be used to defend the others.

The company started in Shirlington but has since moved to its current headquarters in Ballston. But while ThreatConnect’s location may have changed, CEO and Co-Founder Adam Vincent said its core strategy has not.

“We have had the same vision since we released the first version of the ThreatConnect Platform in 2013,” Vincent said in an email. “We were a step ahead of the market then, and I feel we are still in front of the market today. Our vision is, and was, to improve decision-making in cyber — giving the business the ability to make smarter, faster decisions and act on them quickly — all without adding additional personnel.”

Even though the mission hasn’t changed, the client base has expanded.

“While in the beginning, we were an obvious choice for large enterprises, we see more mid-size companies choosing ThreatConnect,” Vincent said. “We are seeing more verticals — for example, healthcare, utilities — in addition to all the financial and retail companies we have served for years. Given the current security climate, all organizations are realizing that a security program is not a ‘nice to have’ but a ‘need to have’ in order to grow their own business.”

The exact amount of the investment isn’t being disclosed — a common trend among recent investments — but Vincent said PSG is fully committed to the company’s strategic growth.

“We chose them as a strategic partner, not just another investor, because we know their support will be ongoing,” Vincent said. “PSG appreciates our value proposition — to change how businesses manage their security — which was a driver for them investing.”

After the investment, Vincent said ThreatConnect will begin accelerating its current strategy. In a blog post, the company said it will be making new investments in data sources to provide more information for operational and tactical decision making.

But as ThreatConnect grows, it has no plans to leave Arlington.

“We think Arlington is a great place to work, whether in cybersecurity or another vertical,” Vincent said. “It is close and very accessible to D.C., but not too close. And, though our business is worldwide, we choose to have our headquarters in Arlington. It’s our home. It seems like a great central location for most of the staff that comes into the office. The immediate area around the office has grown and changed a great deal in just the short time we have been here — and everyone appreciates the new food/drink options that have recently opened or are about to open.”

0 Comments
×

Subscribe to our mailing list