StoneMill Ventures

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

LimaCharlie is a developer of a security infrastructure platform that focuses on managing cloud security through a Security Infrastructure as a Service (SIaaS) model. The company's platform offers a comprehensive suite of endpoint-driven information security tools, telemetry storage, and a complete incident response pipeline. It also features a hunting platform and a range of pre-made services, allowing businesses to customize their own detection and response rules. By delivering these security solutions on-demand and at scale, LimaCharlie significantly reduces costs and operational efforts for organizations, enabling them to effectively run Managed Security Service Providers (MSSP) or Security Operations Centers (SOC). Additionally, LimaCharlie provides APIs that empower users to build and monetize their own security products.

Aim Security is a company that focuses on delivering comprehensive security solutions tailored for enterprises utilizing generative artificial intelligence (AI). The company's platform addresses the distinct security challenges associated with AI, such as data exposure, supply chain vulnerabilities, and malicious outputs. By providing guidance for secure AI adoption, Aim Security equips security leaders with the tools necessary to enhance business productivity while maintaining robust protections. The platform establishes essential guardrails and safeguards, allowing organizations to maximize the benefits of generative AI technology while ensuring enterprise-grade security for both internal operations and production applications.

Spera is an identity security posture management platform that acts as a force multiplier for identity teams - helping detect, prioritize, and remediate identity-driven breaches.

Rewst is a Robotic Process Automation (RPA) platform designed specifically for Managed Service Providers (MSPs), particularly targeting smaller firms in the sector. The platform employs low-code and no-code technology to simplify automation tasks, making it accessible for businesses that may lack extensive technical resources. By integrating with various tools such as CRM systems, ticketing systems, and accounting software, Rewst enables organizations to track performance metrics and identify opportunities for cost savings and efficiency improvements. This tailored approach helps MSPs optimize their operations and better serve their clients.

Valence Security is a specialized platform that addresses the security challenges posed by the complexity of Software as a Service (SaaS) environments and distributed management. It offers a comprehensive approach to SaaS security posture management, risk remediation, and identity threat detection and response. Valence provides critical visibility and remediation capabilities for essential SaaS applications, including Microsoft 365, Google Workspace, Salesforce, GitHub, and Slack. The platform employs zero trust principles to manage risks associated with third-party integrations and SaaS-to-SaaS connections. Its unique remediation by choice feature enables security teams to utilize a combination of manual remediation, automated workflows, and collaboration with business users, enhancing their ability to reduce risks and secure their SaaS environments effectively. Leading organizations utilize Valence to adopt SaaS solutions confidently while ensuring robust security measures are in place.

Tidal Cyber is a developer of a threat-informed defense platform that assists enterprise organizations in optimizing their cybersecurity defenses, operations, and investments. The company provides validated insights that enhance the ability to defend against significant threats, while also facilitating the assessment, organization, and optimization of security measures. By focusing on the behaviors of adversaries that are most relevant to its clients, Tidal Cyber enables organizations to define, measure, and improve their defense capabilities. This approach helps eliminate redundant mitigations and strengthens the overall security posture of its clients.

Opus Security is a developer of a cloud security orchestration and remediation platform that automates the identification and resolution of security findings. The company offers a comprehensive solution that integrates with existing cloud and security tools, allowing organizations to gain visibility and manage their security risks effectively. By connecting relevant stakeholders and streamlining response and remediation processes, Opus Security enables businesses to quickly address security vulnerabilities using established and easily deployable methodologies.

Binarly is a global company focused on firmware and software supply chain security, established in 2021 and headquartered in Los Angeles, California. The company offers the Binarly Transparency Platform, an AI-powered solution designed for device manufacturers, original equipment manufacturers, independent software vendors, and product security teams. This platform enables users to identify both known and unknown vulnerabilities, misconfigurations, and potential signs of malicious code within their firmware. By employing advanced machine learning and code analysis techniques, Binarly's platform provides in-depth introspection of firmware to detect threats that may arise below the operating system. The company’s validated remediation playbooks assist clients in significantly reducing the cost and time associated with addressing security exposures, ultimately aiming to protect businesses, critical infrastructure, and consumers globally.

GreyNoise Intelligence Inc. is a cybersecurity company established in 2017 and headquartered in Washington, D.C. It specializes in developing a platform that collects, analyzes, and labels data on Internet-wide scanning and attack activities, often referred to as "internet noise." By filtering out irrelevant or harmless activity, GreyNoise enables security analysts to focus on more targeted and emerging threats. The platform is designed to help organizations streamline their threat analysis processes, reducing the burden of false alarms generated by common scanning behaviors. Additionally, GreyNoise offers GreyNoise Alerts, a complimentary service that notifies organizations of suspicious activity detected on their networks. The company's expertise is trusted by Global 2000 enterprises, government agencies, leading security vendors, and numerous threat researchers.

LimaCharlie is a developer of a security infrastructure platform that focuses on managing cloud security through a Security Infrastructure as a Service (SIaaS) model. The company's platform offers a comprehensive suite of endpoint-driven information security tools, telemetry storage, and a complete incident response pipeline. It also features a hunting platform and a range of pre-made services, allowing businesses to customize their own detection and response rules. By delivering these security solutions on-demand and at scale, LimaCharlie significantly reduces costs and operational efforts for organizations, enabling them to effectively run Managed Security Service Providers (MSSP) or Security Operations Centers (SOC). Additionally, LimaCharlie provides APIs that empower users to build and monetize their own security products.

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

Fleet is an open-source platform for IT and endpoint security teams with lots of computers (macOS, Windows, Linux, ChromeOS, OT, data centers). The company is dedicated to making IT more accessible with an open API for every endpoint, while maintaining privacy, transparency, and trust through open-source software. Organizations like Fastly and Gusto use Fleet for device management, device health ("zero trust"), posture assessment, endpoint operations, and more.

Gradient MSP operates an integration platform that streamlines business automation for the IT channel ecosystem. The company provides solutions that facilitate billing reconciliation and alert monitoring, allowing managed service providers (MSPs) to manage their operations more efficiently. By offering a single integration across nine professional services automation (PSA) platforms, Gradient enables clients to connect various solutions they resell and utilize, thereby simplifying the management of their service businesses. This approach not only saves time but also reduces costs for MSPs, enhancing their ability to focus on growth and client satisfaction.

Oxeye provides a cloud-native application security testing solution that is designed to overcome the challenges imposed by the complex nature of modern architectures. Oxeye disrupts traditional application security testing (AST) approaches by offering a contextual, effortless, and comprehensive solution to ensure no vulnerable code ever reaches production. Built for Dev and AppSec teams, Oxeye helps to shift-left security while accelerating development cycles, reducing friction, and eliminating risks. Leverage our advanced vulnerable-flow tracing technology to identify and resolve code vulnerabilities in your applications, services, APIs, and open-source libraries. Getting started with Oxeye is very simple, it only requires deploying one component into your cluster without changing any line of code.

Valence Security is a specialized platform that addresses the security challenges posed by the complexity of Software as a Service (SaaS) environments and distributed management. It offers a comprehensive approach to SaaS security posture management, risk remediation, and identity threat detection and response. Valence provides critical visibility and remediation capabilities for essential SaaS applications, including Microsoft 365, Google Workspace, Salesforce, GitHub, and Slack. The platform employs zero trust principles to manage risks associated with third-party integrations and SaaS-to-SaaS connections. Its unique remediation by choice feature enables security teams to utilize a combination of manual remediation, automated workflows, and collaboration with business users, enhancing their ability to reduce risks and secure their SaaS environments effectively. Leading organizations utilize Valence to adopt SaaS solutions confidently while ensuring robust security measures are in place.

VISO Trust is a SaaS third-party cyber risk management for the modern enterprise. VISO Trust puts reliable, comprehensive, actionable vendor security information directly in the hands of decision-makers who need to make informed risk assessments.

Grip Security is a developer of security applications that enhances visibility and control over an enterprise's entire SaaS portfolio, encompassing both known and unknown applications. The company's innovative SaaS Security Control Plane (SSCP) solution provides organizations with comprehensive insights into user interactions and application usage, ensuring extreme accuracy and minimizing false positives. This enables security teams to effectively enforce security policies and prevent data loss while adapting to the evolving landscape of SaaS adoption. By modernizing security architecture, Grip Security supports businesses in implementing a secure and efficient IT strategy that aligns with their operational needs.

runZero is a company that specializes in providing network visibility and asset inventory solutions for modern enterprises. Its platform is designed to identify and manage IT networks effectively, enabling organizations to gain insights into both managed and unmanaged devices across various environments, including IT, operational technology, IoT, cloud, mobile, and remote assets. Driven by research, runZero employs a unique fingerprinting technology within its cyber asset attack surface management platform, which delivers actionable insights in a matter of minutes. The combination of active scanning, passive discovery, and seamless integrations allows runZero to provide comprehensive and accurate data to its customers, enhancing their understanding of their entire asset landscape.

Build.Security provides developers with easy deployment, ecosystem integrations, and code extensibility. The company is leveraging Open Policy Agent and the power of open-sourcing, which uses API-based data sources to help build and enforce enterprise-grade access controls across application portfolios. Build.Security was founded in 2020 and is based in Sunnyvale, California.

GreyNoise Intelligence Inc. is a cybersecurity company established in 2017 and headquartered in Washington, D.C. It specializes in developing a platform that collects, analyzes, and labels data on Internet-wide scanning and attack activities, often referred to as "internet noise." By filtering out irrelevant or harmless activity, GreyNoise enables security analysts to focus on more targeted and emerging threats. The platform is designed to help organizations streamline their threat analysis processes, reducing the burden of false alarms generated by common scanning behaviors. Additionally, GreyNoise offers GreyNoise Alerts, a complimentary service that notifies organizations of suspicious activity detected on their networks. The company's expertise is trusted by Global 2000 enterprises, government agencies, leading security vendors, and numerous threat researchers.

SecureCircle LLC is a cybersecurity company founded in 2015 and based in Santa Clara, California. It specializes in eliminating insider threats through a data-centric access control platform that provides persistent security for sensitive information. SecureCircle's offerings include its unique DASB solution, which encompasses access control, continuous protection, and visibility services. The company implements a SaaS-based approach that extends Zero Trust security to data on endpoints, ensuring that data remains secure during transit, at rest, and in use. By utilizing transparent file encryption technology, SecureCircle enables organizations to effectively share, protect, and manage sensitive files and intellectual property while maintaining visibility and control over unstructured data. This proactive methodology aims to mitigate risks associated with data breaches and insider threats, allowing end users to operate without disruption.

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

Attila provides visibility, control, and threat defense across physical, virtual, and cloud applications. Attila protects connected devices from the tidal wave of cyber activity estimated to cost the global economy more than $600 billion annually. Atilla was co-founded by Gregg Smith and Vesh Bhatt in 2018.

DeepSig Inc. is an innovative company based in Arlington, Virginia, specializing in artificial intelligence-based machine learning software for wireless technologies, including 5G and the Internet of Things (IoT). Founded in 2016, DeepSig focuses on transforming wireless communications by utilizing deep learning to enhance system performance, efficiency, and security in complex environments. Its product offerings include OmniSIG sensor software, which serves as a radio frequency sensing application, and the OmniSIG SDK, a comprehensive tool suite that allows customers to curate RF datasets and train advanced deep learning models for custom applications. Additionally, the company provides OmniPHY communications and OmniPHY-5G, which are designed to optimize radio access network capabilities. By leveraging machine learning to create optimized models from data, DeepSig enables clients to customize and enhance wireless systems effectively.

All-in-One Client-Side Risk Management Platform Feroot is the first way to manage and automate everything you need to protect your data assets on the client-side of your web applications and websites – from credit card data to login credentials, ePHI, and more. All in one, online platform.

Cybrary Inc. is a leading provider of online training services focused on information technology and cybersecurity, catering to a diverse audience that includes beginners, experienced professionals, and families. Founded in 2015 and based in College Park, Maryland, Cybrary offers a comprehensive range of courses in systems and network administration, project management, and various cybersecurity disciplines, such as ethical hacking, penetration testing, and malware analysis. The platform features instructional content, interactive labs, exam study guides, and enterprise training solutions, enabling organizations to enhance their employees' skills. Additionally, Cybrary collaborates with a community of instructors, industry experts, and cybersecurity firms to deliver relevant and high-quality learning materials. Its offerings include a "Teams" product for managing corporate training and providing practical challenges and skill assessments. Cybrary aims to serve unserved and underserved populations, helping individuals gain the necessary skills to enter or advance in the cybersecurity field.

Vulcan Cyber Ltd. is a cybersecurity company that operates a vulnerability remediation platform designed to manage and reduce organizational cyber risk. Founded in 2018 and based in Tel Aviv-Yafo, Israel, with an additional office in San Francisco, California, the company offers a software-as-a-service (SaaS) solution that integrates and automates existing security tools and processes. This platform allows security teams to gain valuable insights and take necessary actions to continuously eliminate exposed vulnerabilities within their production systems. By supporting the entire cybersecurity lifecycle across various environments, Vulcan Cyber enhances risk management processes, enabling organizations to prioritize and orchestrate their cybersecurity efforts effectively.

TrueFort Inc. is a cybersecurity company based in Weehawken, New Jersey, founded in 2015. It specializes in real-time application and cloud workload protection solutions, focusing on safeguarding critical applications and infrastructure. TrueFort's flagship product, Fortress, is a behavior-based security platform that employs advanced behavioral analysis, machine intelligence, and automation to create zero trust application environments. This platform addresses multiple security challenges by providing real-time application self-protection and enhanced visibility into enterprise applications. By leveraging existing agents and offering out-of-the-box analytics, TrueFort enables organizations to mitigate risks associated with excessive trust and cyber threats effectively.

Orca Security Ltd. is a provider of a cloud-native security platform designed to secure both modern and legacy applications transitioned to the cloud. Founded in 2019 and headquartered in Tel Aviv, Israel, the company offers a solution that integrates directly into the cloud infrastructure, allowing it to assess the security state of every asset without the need for agents. This platform provides visibility into compromised resources, vulnerable software, and misconfigurations across various cloud environments, including AWS, Azure, and Google Cloud Platform. By utilizing read-only access, Orca ensures that its security assessments do not impact performance or availability. The platform aims to simplify cloud security by delivering comprehensive visibility and compliance, enabling organizations to identify critical vulnerabilities and mitigate risks effectively without relying on multiple disparate tools.

GreyNoise Intelligence Inc. is a cybersecurity company established in 2017 and headquartered in Washington, D.C. It specializes in developing a platform that collects, analyzes, and labels data on Internet-wide scanning and attack activities, often referred to as "internet noise." By filtering out irrelevant or harmless activity, GreyNoise enables security analysts to focus on more targeted and emerging threats. The platform is designed to help organizations streamline their threat analysis processes, reducing the burden of false alarms generated by common scanning behaviors. Additionally, GreyNoise offers GreyNoise Alerts, a complimentary service that notifies organizations of suspicious activity detected on their networks. The company's expertise is trusted by Global 2000 enterprises, government agencies, leading security vendors, and numerous threat researchers.

NS8 Inc. is a fraud prevention and user experience protection company that offers a comprehensive platform designed to help online businesses minimize risk. Founded in 2016 and headquartered in Las Vegas, Nevada, with additional offices in Miami Beach and Amsterdam, NS8 utilizes machine learning, behavioral analytics, and real-time scoring to provide actionable insights into transaction quality and trustworthiness. Its platform enables users to monitor and analyze potential fraud, detect bot activity, and segment hidden sessions, thereby enhancing understanding of effective traffic sources. The technology allows businesses to automate their fraud management workflows, tailoring them to specific needs, while also providing consumer metrics for personalized content and sales techniques. In October 2020, NS8 filed for reorganization under Chapter 11 in the U.S. Bankruptcy Court for the District of Delaware.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

RackTop Systems, Inc. specializes in designing and developing advanced data center solutions. The company offers a range of products, including BrickStor Iron, an enterprise storage platform known for its scalability and performance; BrickStor Titanium, tailored for private cloud environments; and BrickStor zFLASH, a flash storage solution that provides high input/output operations per second with low latency. Additionally, RackTop develops OSP, which facilitates OpenStack Swift Object storage, and FlexBox, a stackable appliance integrating networking, compute, and storage. The vBox solution simplifies the implementation of virtual desktop infrastructure. RackTop also provides MyRacktop, a secure multi-tenant cloud, alongside enterprise backup and recovery appliances. The company offers consulting services encompassing architecture design, data storage optimization, and IT project management. RackTop serves various sectors, including advertising, banking, education, and government. Founded in 2010 and based in Fulton, Maryland, RackTop is recognized for its innovative data security solutions, notably the BrickStor SP, which employs a Zero Trust model to protect against cyber threats, including ransomware and insider attacks, while aligning with the NIST cybersecurity framework.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

Huntress is a prominent cybersecurity provider focused on small and mid-sized businesses (SMBs) and the managed service providers that serve them. Established in 2015 by former National Security Agency operators, the company combines its Managed Security Platform with a fully operational 24/7 Security Operations Center to deliver essential technology, services, and expertise for cybersecurity challenges. Huntress employs a blend of automated detection and human-powered threat hunting to identify and neutralize threats that may bypass traditional security measures. With a commitment to affordability and comprehensive protection, Huntress safeguards critical business assets for over 4,300 partners and more than 105,000 organizations, collectively protecting over 2 million endpoints from various cyber threats.

Leveraging privacy-enabled AI, Anno’s ML-based Fusion product establishes ground truth for customers by correlating disparate data types from multiple sensor modalities. A multi-modal approach liberates customers from a reliance on facial recognition or license plate readers in order to find and track people, vehicles, or objects across sensors.

Lucata Corporation is a technology company that specializes in enhancing memory utilization through its innovative hardware and software solutions. Founded in 2008 and headquartered in New York City, with additional offices in South Bend, Indiana, Lucata develops motherboards, node cards, and memory servers tailored for various applications such as graph analysis, cyber security, data warehousing, machine learning, and risk analysis. Utilizing patented migrating thread technology, Lucata enables organizations to conduct high-performance analytics on extensive databases exceeding one trillion vertices, facilitating deeper insights into complex data relationships. Its solutions are designed for sectors including financial services, healthcare, telecommunications, and government, allowing for real-time analysis and scalable memory architecture without the need for additional software layers. Lucata's architecture supports energy-efficient processing and significant performance enhancements as hardware scales, positioning the company as a key player in the evolving landscape of big data and analytics.

SCYTHE Inc. is a cybersecurity company based in Arlington, Virginia, founded in 2017. It specializes in designing and developing an adversary emulation platform tailored for enterprises and cybersecurity consulting markets. The SCYTHE platform empowers organizations to construct and simulate a variety of adversarial campaigns swiftly, enabling Red, Blue, and Purple teams to assess and validate their security controls effectively. By allowing organizations to continuously evaluate their risk posture and exposure to cyber threats, SCYTHE helps enhance the performance of security teams and ensures that clients can implement appropriate cybersecurity measures and frameworks.

Vulcan Cyber Ltd. is a cybersecurity company that operates a vulnerability remediation platform designed to manage and reduce organizational cyber risk. Founded in 2018 and based in Tel Aviv-Yafo, Israel, with an additional office in San Francisco, California, the company offers a software-as-a-service (SaaS) solution that integrates and automates existing security tools and processes. This platform allows security teams to gain valuable insights and take necessary actions to continuously eliminate exposed vulnerabilities within their production systems. By supporting the entire cybersecurity lifecycle across various environments, Vulcan Cyber enhances risk management processes, enabling organizations to prioritize and orchestrate their cybersecurity efforts effectively.

CYR3CON predicts cyber-attacks through a suite of solutions using artificial intelligence. CYR3CON's methods leverage multiple sources of data from various online hacker communities to avoid many cyber incidents by quantifying and predicting hacker actions before they launch their attacks. The company was founded in 2018 and based in Tempe, Arizona.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

Powered by a distributed cryptographic key management infrastructure, HighSide’s suite of products enable businesses to engage securely in a remote first world. At HighSide we build technology to enable the modern business addressing challenges in productivity, sharing and engagement typically stymied by data security and data access requirements. Through our zero-trust technology, teams have access to a modern unified communications and file sharing platform including voice, video, text and files, reducing risk of shadow IT and reliance on dated and insecure communications channels.