Upstart Orca Security Raises $210M In Google-Backed Funding

The latest infusion of cash from CapitalG and Redpoint Ventures brings Orca Security to $292.5 million of outside funding and a $1.2 billion valuation just two years after the cloud startup’s founding.


Rising star Orca Security has become the fastest cybersecurity company in history to achieve a $1 billion valuation after closing a monster Series C round.

The Los Angeles-based cloud security startup said its $210 million funding round was led by CapitalG, Alphabet’s independent growth fund, and Redpoint Ventures, and comes on the heels of 1,000 percent year-over-year sales growth. The latest infusion of cash brings Orca Security to $292.5 million of outside funding and a $1.2 billion valuation just two years after the company’s founding.

“Orca Security represents a revolutionary step forward in optimizing cloud environments,” CapitalG General Partner Gene Frantz said in a statement. “Their touchless SideScanning technology is best-in-class, as confirmed by our extensive interviews with their ecstatic customers and by the senior Google security leaders who were invited to evaluate it.”

Sponsored post

[Related: Startup Orca Security Raises $55M To Thwart Cloud Complexity]

The partnership with CapitalG should allow for better investment into Google and more opportunities with shared customers, Orca Co-Founder and CEO Avi Shua told CRN. Shua said Orca Security plans to use the proceeds to dramatically expand its identity and access management capabilities and bolster its alerting around attacks already in progress.

“We decided it was the right time to take this injection of capital and go even faster,” Shua said. “There’s a lot of demand in the market for cloud security that actually works.”

From an identity standpoint, Shua said Orca is focused on having its product natively spot essential risks from vulnerabilities, misconfigurations, and exposed data to identifying overprivileged users and incorrectly assigned permissions. The company additionally wants to move from its present focus on prevention to detecting attacks as they unfold by examining the risk around critical attack vectors.

As for go-to-market, Shua said Orca is looking to expand its presence both internationally as well as in the channel. Orca is adding a brick-and-mortar presence in London, Vienna, Australia and Japan, and Shua said the company wants to go from deriving 20 percent of its revenue internationally today to between 30 percent and 35 percent a year from now.

From a channel standpoint, Shua said Orca has signed 15 new solution providers just over the past week who have strong technical relationships with their customers and are able to add value. Orca hopes to go from having 25 percent of its revenue come from the channel today to 50 percent a year from now as it adds more SMB and mid-market customers as well as clients in non-English speaking places like Japan.

As for metrics, Shua said Orca is laser-focused on both the number of new customers it’s adding as well as customer satisfaction for both new and existing clients.

“Channel is an extremely high priority,” Shua said. “This is going to be a very big potential revenue stream for partners.”

Orca was founded in 2019 and has grown its headcount from 43 employees a year ago to 97 workers today. By the end of 2021, Orca plans to have nearly tripled its R&D and sales teams since its Series A round in May, and plans to expand its European sales office and open an office in Australia. The Series C funding comes three months after the firm closed a $55 million Series B round led by ICONIQ Growth.

As far as the channel’s concerned, Orca said it’s adding new partnerships in the United Kingdom and Germany as well as strengthening its traction with partners in the United States, Australia and Japan. Roughly a quarter of Orca’s sales went through the channel as of December 2020, and Shua told CRN the company works with MSSPs, SIs and consultants that can provide managed or professional services.

From a technology standpoint, Orca Security said the funding will allow for investment in agentless, workload-deep, context-aware security and compliance for Google Cloud, AWS and Microsoft Azure. The company said it prioritizes risks based on the underlying security issue combined with environmental context, including its accessibility and potential damage to the business.

Orca’s foundational SideScanning technology can detect vulnerabilities, malware, misconfigurations, lateral movement risk, authentication risk, secret keys, and unsecured personally identifiable information (PII). The company it’s the first cloud security provider to address these risks without agents or per asset integration, giving enterprises complete visibility and coverage within minutes.

“In the face of increasing threats and rapidly expanding cloud estates, organizations can’t be burdened with installing and maintaining agents and sidecars,” Orca Security CEO Avi Shua said in a statement. “We enable our customers to instantly protect their cloud environments, eliminate attack paths, fuel digital transformation, and meet compliance mandates.”