Matt Hoffman is the CEO of Monarx, a company you've probably never heard of. And that's okay with Hoffman, who has spent the last few years helping to craft a solution he believes can transform the cybersecurity space, without getting too caught up in publicity. Today, that changes.
In 1997, Hoffman graduated from Stanford and helped build his first startup during the Internet boom. Things were nuts in Silicon Valley and over the course of the next few years, Hoffman needed a change.
“People were making piles of money, the IPO market was a total joke in retrospect," said Hoffman. "It just became this crazy culture of money, all anybody cared about was how much money they were making. It reminded me of the bad parts of Wall Street in the 80s and I just got burned out on it. San Francisco is awesome from a cultural perspective, the way people think about solving ambitious problems. But after awhile, I just couldn’t handle it.”
Hoffman loved skiing and alongside his then-girlfriend, looked at a map and chose a random place to move to: Utah. He arrived in 2003 and walked into the offices of now-defunct vSpring Capital searching for employment. He was hired and spent the next three years working under current Signal Peak Managing Director Scott Petty, seated next to current Kickstart Seed Fund Managing Partner Gavin Christensen.
“It was a great way to move into a new town because everybody calls you back," said Hoffman. "If you’re the person who is doling out cash in the community, it’s really easy to meet people. It was an awesome job for me and as an entrepreneur, really helpful to learn the other side of the table. Understanding how venture funds work, how they make money, how they drive IRR, what their worries are, what their investors want — all that stuff plays into their decision making, how they choose companies and what kind of outcomes they’re looking for.”
After leaving vSpring, Hoffman would spend the next decade building up an impressive entrepreneurial resume:
- Co-founder of Experticity.
- Managing Director at the Foundry, an incubator designed to teach anyone to run a business using open-source tools.
- Ran Panoptic Security, a Kickstart Fund 1 company that was eventually acquired by Sysnet.
- Chief Commerce Officer at Jamberry Nails, eventually sold to private equity.
In 2017, Hoffman was looking for his next venture. During his time at Jamberry, two brothers (Jon and Tom Gay) had approached him about a cybersecurity solution they had been working on. For 20 years, Jon and Tom had owned and operated Inetz, a data center and front-end dev shop. They had built third-party software for 100+ companies and during that time, come up with their own philosophy on how block intrusions. But they needed someone to help them commercialize their idea.
Enter Hoffman, who circled back post-Jamberry. He dove headfirst into the cybersecurity world, taking six months to research what was viable and what was not. His conclusion: the Gay brothers were onto something.
“I thought this was a really interesting opportunity,” said Hoffman. “They came up with this elegant, simple idea that works — a pretty cool way to stop very common cybersecurity problems.”
Pelion Ventures and Kickstart both agreed, providing $3.4 million in seed money in April 2017 that has been unannounced until today. This provided enough runway for Hoffman and his team to build out an enterprise level solution based on the Gay brothers idea: Application Security.
“This is a very esoteric world," said Hoffman. "I joke that if you want somebody to leave your party, start talking about web application security.”
He's right, I have left every party that delves into cybersecurity. I don't even hesitate, if somebody says "web shell" I immediately pack up my coat and go home. But this isn't a party, it's an article on Silicon Slopes and we can talk about cybersecurity if we damn well please.
Monarx is a solution built specifically for web servers. Today the company targets users of opensource CMS tools – you know, Wordpress, Joomla, Drupal – that makes up 30% of all the websites in the world. Traditional network security for the past 20 years has existed outside the application infrastructure: firewalls, web application firewalls, intrusion detection systems, manage detection and response.
“There are multi-billion dollar public companies in each of those spaces," said Hoffman. "What that represents is a castle wall — in order to keep something out of your network, you put something outside of your application infrastructure.”
The downside is that nobody can stop all possible threats from infiltrating the system and once inside the web server, these threats can basically do whatever they want. This leads to the next traditional strategy: cleanup and response, where a program alerts you to suspicious behavior and a system admin goes in and performs cleanup asap. This is time-consuming, expensive, and takes a highly-trained engineer to understand what's happening. Most companies will outsource this work because they don't have someone who can do it.
So, back to the Gay brothers. While running their data center, Jon and Tom became frustrated with the amount of infiltrations in their systems - the castle wall was continually breached, leading them to hire a full-time employee who did nothing but clean the system and analyze logs on a server to see what the hackers had done. Though neither are security experts, Jon and Tom began experimenting with an idea that would solve their problems, building out a piece of software they would use successfully for three years.
Let's say you're using a typical LAMP stack.. Users interact with Apache, the webserver, and almost everything inside the application uses a scripting language called PHP, which Hoffman describes as the "engine within the software." Rather than trying to stop all intrusions from happening - which no one can do - Jon and Tom wrote a solution directly into the PHP layer. In the cybersecurity world, this idea of imbedding security solutions inside the application is brand new.
“Everything goes through the scripting language — why don’t we just live within the scripting language and try to block intrusions from inside the application?” said Hoffman. "We don’t care if they get in, but once they’re in we block their ability to do anything damaging."
Monarx's solution doesn't require a signature or blacklisting, rare in the space. Hoffman explains it as a sort of tracking: if you quietly track every file in the infrastructure of a web application, when a new file is introduced it's immediately recognizable because it doesn’t belong.
“We just sit and watch the system, when foreign bodies appear we flag them in real time," said Hoffman. "That allows us to tell the system admin they were hacked and exactly how the file got in. We then watch the hacker attempt to use the files. We gather all that data and eventually sweep the files out of the system and send them to the cloud where we analyze and store them.”
Using the seed money provided by Pelion and Kickstart, Monarx has been building an enterprise-grade solution. Three months ago they launched Monarx Hunter, a free open-source tool that acts as a search engine. It helps system admins find bad files that have already been inserted into webservers, and tracks the damage those files may have already done.
Two weeks ago, Monarx Protect was unveiled, taking what Jon and Tom had built and expanding the basic functions of Application Security into enterprise-ready architecture.
“It’s almost like a sting operation, in cybersecurity it’s called a honeypot," said Hoffman. "Our whole philosophy is post-exploit prevention — after you’ve already been hacked, we will make sure nothing happens to you and tell you how it happened.”
Monarx is still incredibly young, but Hoffman is excited about the possibilities. With an 11-person team in downtown Salt Lake, Monarx is ready for the next stage: growth. With the backing of two local investment firms, Hoffman is confident that will happen.
“We’re super lucky to have these two investors," said Hoffman. "Pelion has deep experience in cybersecurity and Internet infrastructure, they’ve done great in that space. Carl Ledbetter, who sits on our board, understands what we’re doing inside and out...Kickstart is a great partner, I’ve worked with Gavin on a bunch of boards and I’m very comfortable with him. This stage is constant working together to try and solve problems, that’s what is really attractive to me about these two firms.”