Scroll Top

Recent Posts

Inky – Human Centered Phishing Protection

Inky Technology Corporation is a cybersecurity startup focused on defeating email phishing attacks on cloud-based corporate email networks using Google GSuite, Microsoft Office 365, and Microsoft Exchange.  The firm has developed a platform utilizing artificial intelligence (AI), machine learning (ML), computer vision, and visualizations to quarantine and flag phishing threats with their chief product Phish Fence.  Computer vision, in brief, refers to analyzing landing pages, logos and images, color palates, font sizes, and form layouts using algorithms to determination their legitimacy.  

The team is a combination of former ITA and Tenable employees who know each other well.  All of the forty-five members of the team like building things, solving hard practical problems, and making in impact.  CEO/Founder Dave Baggett, who also founded ITA and sold it to Google in 2011 for $700 million, joked during our interview that he got the band back together.

Phishing attacks come in a several forms and have grown in both number and sophistication, with approximately 1.5 million new phishing sites going live every month.  Email remains the overwhelming vehicle of choice for delivering any type of malware, exceeding 90% according to Verizon’s latest 2020 DBIR report.   Verizon’s 2019 report highlighted 32% of breaches were phishing attacks.  In 2020, these attacks have tripled to take advantage of those now working from home due to the COVID-19 pandemic.  People have proven susceptible to attacks given the uncertainty and stress of changing routines.  

To highlight, phishing attacks take several primary forms:

  1. Whaling – targeting C-level executives and their email networks
  2. Cloning – using previously legitimate emails and repurposing them
  3. Spearing – customizing target messages
  4. Brand forgery – spoofing logos and correspondence

Protecting approximately one billion email addresses are competing products offering two factor authentication (2FA), web application firewalls, filters, policy gateways, personal images, augmented passwords and other approaches.  These solutions offer protection and are an important layer of security, each focusing on bad signals that are defined, known, and updated on a consistent basis.  But a lot of phishing attacks are not caught by secure email gateways (SEG), so existing solutions often struggle to, for example, identify an incident where an attacker has established partial credibility with a busy employee who has been urged to approve a financial payment using similar language of their boss.

Broad based competitors abound in the email security space including:  ImpervaMimecastCyrenForcepointRetrusterDuoCircleCoFenseVipreIronscalesAgariArea 1, and others.  Each firm has an approach to email security to protect against general, social, network, and web attacks.  A number highlight their integration of AI, ML, natural language processing (NLP), deep URL analysis, and other techniques to protect email users from assault.  However, many position themselves in traditional ways and sell fear.  

Similar to Inky, competing startup Abormal Security looks to graph communication patterns between users, analyze the content of each email message, build identity models, and understand what is being communicated in real time.  They also provide end users with actionable natural language advice.  Their team is talented and funding comes from Greylock Partners.  However, Abnormal Security’s messaging is more technical and they appear focused on security operations center (SOC) teams in the financial services, healthcare, oil and gas, and utility domains.

The mid-market has been the mainstay of Inky’s success thus far and they expect further growth in this segment.  The firm’s whitepapers and other educational content have connected the firm to their present customer base and their proof-of-concept demonstrations have a 50% conversion rate – which is impressive.  Inky raised a further $20 million dollars in June 2020 in a deal led by Insight Partners, the venture and private equity firm with $30 billion dollars under management.  An earlier round of $6 million, raised in November 2019, was funded by ClearSky and GulaTech Adventures.  All told, Inky has raised $31.8 million to-date.  The new funding will allow the team to focus on Fortune 500 customers, expand into Europe, build partnerships, and scale their go-to-market staff.  CEO Baggett expects their headcount to triple.    

As a strategist, I find Inky compelling for several reasons.  First, the firm cares deeply about email users and puts their needs front and center.  Like Amazon, which starts with their customers and works backwards, Inky has the same first principles approach and designed Phish Fence to protect users.  Many cybersecurity products expect users to leap through hoops as-needed to ensure security.  

Instead, Inky comes to customers with clear written guidance embedded in an email.  Message alerts come in three forms:  gray banners reflecting Inky’s Phish Fence has not found anything amiss, yellow banners suggesting caution as Inky’s software has found something of concern, and red banners indicating something dangerous has arrived.  A user can then take appropriate action and feel confident they are solving a problem.  Having a virtual cybersecurity specialist sitting next to every user is organizationally empowering.

Second, Inky’s solution does not require any fine tuning.  Their API based software is easy to install – despite having more than four million lines of code – and begins identifying potential threats quickly.  For cybersecurity professionals – from the CISO down to the newest intern – overwork due to constant systems monitoring, patch updates, and integration challenges means there is one less item to worry about no matter where users are in the world.

Finally, the firm chose to focus on mid-market customers as a beach head.  This segment is often ignored by cybersecurity vendors outright or when addressed are required to adapt solutions meant for much larger networks in compromised ways.  Mid-sized firms often lack the resources of large cyber teams and are more vulnerable to attack as a result.  Therefore, Inky’s focus on self selected companies interested in a forward looking cybersecurity posture makes for an excellent fit.  While their latest funding round will expand their efforts towards large firms, there remains significant market potential in this mid-sized space that the company will continue to pursue.

When asked about the startups two biggest challenges, CEO Baggett said scaling intelligently and maintaining the firm’s culture.  These are often at the top of the tree when I talk with founders – and for good reason.  When a team that works well together doubles or triples, maintaining that special cohesive glue and trust around the firm’s mission gets more and more challenging.  As Inky is not the team’s first rodeo, lessons learned from their ITA (and Tenable) days should prove invaluable as the firm grows rapidly to meet new geographic and corporate markets.

Final Thoughts

Inky’s logo and mascot is an Octopus, a creature that eats fish, dispenses ink to confuse opponents, and uses tools, such as discarded coconut shells, to build shelter and protect itself.  Octopuses are highly intelligent, having two brains and three hearts, and can replace limbs.  In short, they are resourceful creatures of the sea.  The team at Inky seeks to stop email phishing attacks in adaptable ways that empower overburdened email users with tools, communication, and action choices that are simple to use.  Like an Octopus that can distinguish the polarization of light, Inky’s Phish Fence identifies fraudulent email messages to protect against a wide variety of attacks and thus implement actual security.

I look forward to following Inky over the next eighteen months as they achieve greater market traction and getting back in touch for an update.  Stay tuned.