1Mby1M Deal Radar 2015: Pwnie Express, Boston, MA

About 90% of workers in the United States use their personal smartphones for work purposes without knowing the potential security threats they bring to the enterprise and themselves. According to the Identity Theft Resource Center, there were 783 data breaches in 2014, a 27.5% increase over the same period the previous year. As wireless and Bring Your Own Device become even more prevalent, detecting rogue and unauthorized devices within the enterprise will become a necessary part of an organization’s information security system. Pwnie Express is focused on this fast-growing, emerging problem.

While working as the IT Security Director at Vermont Mutual Insurance Group, Dave Porcello developed the original Pwn Plug to fulfill his own penetration testing needs. The Pwn Plug sold on Dave’s blog became an instant hit with security practitioners, and Dave went on to start Pwnie Express in 2010.

Through its enterprise-class Pwn Pulse platform and its long-trusted Pwn Plug, Pwn Phone, and Pwn Pad devices, Pwnie Express provides continuous visibility throughout the wired, WiFi and Bluetooth spectrum spectrum, across all physical locations including remote sites and branch offices, detecting “known-bad”, unauthorized, vulnerable, and suspicious devices. Pwn Pulse enables central management from a single cloud dashboard for scalable, continuous intelligence across the enterprise, as well as remote and branch locations.

Since its founding, Pwnie Express has become the world leader in remote security assessment. It is the first company to empower organizations of all sizes with a full visibility and threat detection platform that discovers unknown or high-risk devices and gives alerts about potential threats on their network.

CEO Paul Paget joined Founder and current CTO Dave Porcello because they shared a vision for how remote penetration testing tools could be used in a much more substantial way. Paul has more than 30 years of leadership experience in the technology and information security markets. Previously, he was CEO of Savant Protection and Core Security Technologies. He also held key executive positions at Baltimore Technologies and was VP of Sales and Marketing at CyberTrust.

When the original Pwn Plug was developed, the market had both open source tools like Metasploit and Open VAS, and commercial vulnerability scanning and penetration testing software, services, and products like Qualys, Tenable, Rapid7, Core Security Technologies, and Trustwave.  However, these services, products and tools were generally limited to operating as centralized systems and focused primarily on devices and vulnerabilities within the wired network. By combining established open source tools and cost-effective hardware, Dave Porcello’s commercialization of the Pwn Plug gave understaffed security departments the ability to conduct remote assessments and penetration testing.

Pwnie Express is uniquely positioned to help organizations assess security across a distributed enterprise because of its range of coverage across wires, cost structure, and its ease of use and functionality. Current competitors in security assessment would include scanning companies like Qualys and other consulting services which are labor-intensive, such as Trustwave.

According to a Juniper Networks report, 69% of IT executives are concerned about the potential threats from BYOD policies. By 2018, 1 billion devices will be brought into businesses and the issue is proliferated further when you include BYOD to non-headquarters locations with no security staff on site and generally less security infrastructure.

Subscriptions to its Pwn Pulse offering start at $995 per year/sensor. Pwn Pro sensors are sold for $1,995 each and Pwn Plug R3s are $995 each. Pwnie Express mobile products Pwn Phone and Pwn Pad 3 are sold at $1295 and $1095, respectively. As with most SaaS systems, the profitability is realized over a period of years as large accounts scale into multimillion dollar accounts over time.

According to Pwnie Express’ calculations, there are approximately 5 million remote locations of businesses and organizations. Pwnie Express is focused on the organizations with the highest risk, specifically the top 20% of organizations. Its SaaS system requires at least one sensor per location, which translates to approximately 1 million locations. At an average pricing of $1000, the TAM would be about $1 billion.

For a bottom-up example from the financial industry, there are currently about 93,000 bank branches in the US, according to the Wall Street Journal, all of which would require Pwn Pulse.

Pwnie Express’ top target segments are organizations in need of robust device detection services and testing tools, in particular, mid to large organizations with a large number of distributed locations and critical infrastructure, such as financial services, manufacturing, utilities, transportation, health, government and defense sectors. Remote and branch office locations include manufacturers with distribution/payment processing centers throughout the world, pharmaceutical companies with research labs in many different countries, and government agencies with military installations in thousands of locations.

Pwnie Express has sold more than $2.5 million worth of Pwnie sensors over the past few years, and in December 2014 launched its Pwn Pulse system. Within the first six months, it established 30 Pwn Pulse accounts with paid pilots, most of whom are already planning larger, enterprise-wide deployments. These companies are a mix of smaller to mid-sized companies and large, name brand enterprises. It is on track to triple the number of Pwn Pulse accounts in the second half of 2015, based on inbound interest and purchasing plans. Currently there are two office locations at Boston, MA and Burlington, VT.

Their revenue in 2014 was over $1 million and they expect revenue of over $1.5 million for 2015. Their current annual run rate is $1.5 million, up 50% since 2014.

Pwnie Express has begun to partner with Managed Security Service Providers (MSSPs), who handle hundreds of accounts. The MSSP channel can increase market penetration as these organizations have thousands of clients across all industries and are well-equipped to add Pwn Pulse to their businesses.

Dave originally financed the business on his own, and then took seed funding from the Vermont Seed Capital Fund. On July 30, 2013 Pwnie Express raised a $5.1 Million Series A round from three investors, led by .406 Ventures and including the Vermont Seed Capital Fund and Fairhaven Capital Partners.

Pwnie Express does not have an exit strategy, but rather sees an opportunity to provide industry leadership and develop a large, profitable, long-term business where the Pwn Pulse system is as widespread and commonly used as alarm or video surveillance systems.

This segment is a part in the series : 1Mby1M Deal Radar 2015