Amsterdam, March 30, 2021 – Hotmart Company, a leading global cloud-based platform that empowers creators to build, run, manage, and grow their digital businesses, announced today that it has raised US$130 million in a Series C funding round led by TCV. Alkeon Capital also participated in the round. Valuation has not been disclosed, but Hotmart continues to build on its previously secured unicorn status. The proceeds from this round will be used for growth initiatives including product innovation and international expansion, both organically and through mergers and acquisitions.
This financing comes as Hotmart continues to experience significant growth and advances in its international expansion strategy. Today Hotmart has active creators in over 100 countries, powering transactions of digital products and services to millions of consumers in more than 185 countries. In 2020, Hotmart entered into a business combination with Teachable, a New York-based company that is one of the category leaders in the U.S. The combined gross merchandise value (GMV) transacted on the platform more than doubled compared to the previous year.
“Hotmart is at the forefront of the passion economy, helping creators go beyond content monetization and actually building an online business. By providing the tools for creators to leverage their knowledge, we are fueling a new model of internet-powered entrepreneurship”, says João Pedro Resende, CEO and co-founder of Hotmart.
“We are pleased with the contribution from our existing shareholders, including Koolen & Partners, General Atlantic, GIC and Accomplice. Since our beginning, we have had the opportunity of drawing from the experience and business support of global long-term partners, and this transaction with TCV further strengthens our shareholder base”, continues João Pedro Resende. “TCV has supported technology companies that are leaders in their sectors, such as Netflix, Spotify, Airbnb, Facebook and Linkedin. We are excited to welcome the new shareholders and to learn from their experience to continue growing our business.”
“As one of the largest digital enablement platforms, Hotmart is mission-critical for creators around the world to thrive by doing what they love and sharing their knowledge with consumers,” said Neil Tolaney, General Partner at TCV. “We are absolutely thrilled to work with JP and team to best empower entrepreneurs globally to accomplish their dreams.”
About Hotmart Company Hotmart is one of the world’s leading digital enablement platforms with a diverse and fast-growing ecosystem of creators and consumers. Its all-in-one, cloud-based technology platform integrates the features and functionalities that creators of all sizes need to build, run, manage, and grow their digital businesses. Founded by João Pedro Resende and Mateus Bicalho in 2011, the company has around 1,300 employees in 12 offices around the world (Netherlands, U.S., Brazil, Spain, Mexico, Colombia and France), and many open positions available – especially in Product, Development, and Growth areas. If you want to learn more about Hotmart, and our exciting career opportunities, visit www.hotmart.com.
About TCV Founded in 1995, TCV provides capital to growth-stage private and public companies in the technology industry. Since its inception, TCV has invested over $14 billion in leading technology companies and has helped guide CEOs through more than 125 IPOs and strategic acquisitions. TCV investments include Airbnb, Believe Digital, Dollar Shave Club, EA, Expedia, Facebook, LegalZoom, Netflix, Peloton, Spotify, Zillow, and more. In addition, TCV has made significant investments in financial technology and payments companies throughout the world, including Klarna, Mambu, Mollie, Nubank, Payoneer, Revolut, Toast, Wealthsimple and WorldRemit. TCV is headquartered in Menlo Park, California, with offices in New York and London. For more information about TCV, including a complete list of TCV investments, visit https://www.tcv.com/.
Media Contacts: Hotmart – Mariana Rosa – firstname.lastname@example.org TCV – Katja Gagen – email@example.com
transformation is driving enterprises to rapidly enter the next chapter of
cloud adoption. Nearly half of current infrastructure-as-a-service Enterprise
users are running production applications on public cloud infrastructure. As
such, organizations are acutely focused on dynamic scaling, 24×7 availability,
streamlined management and development tools to make the migration
seamless…yet, security seems to be an afterthought or maybe just assumed to be
“locked down” given that the bulk of workloads are at Amazon Web Services,
Microsoft Azure or Google Cloud. Given the brands and heft of these mega tech
companies, how can these clouds possibly not be secure?
high-profile breaches demonstrate that there are inherent risks in the public
cloud. In fact, just moving workloads to these branded cloud providers does NOT
make them more secure at all. It’s clear
that enterprises must ensure their security stack is properly architected for
the cloud. The recent Capital One breach was a shock to the system.
In the case of Capital One, a combination of a tech savvy team and AWS were breached by vulnerabilities that were known and could have been avoided. Does that mean it’s inherently risky to migrate to the cloud? Probably not, but it is clear we need better tools and processes to make this migration secure, scalable and cost-effective.
In this podcast, TCV’s Tim McAdam and Vectra CEO, Hitesh Sheth, talk about what it takes to reduce business risk in the cloud – and keeping enterprises, consumers and their transactions/interactions secure – while capitalizing on the tremendous opportunities the cloud offers.
For these insights and more, settle back and press play.
Tim McAdam: Welcome to Growth Journeys, a podcast series
from TCV, focused on lessons from the field from entrepreneurs in the TCV
ecosystem. I’m Tim McAdam, General Partner at TCV, and I’m here with Hitesh
Sheth, CEO of Vectra, a leader in applying artificial intelligence to detect
and respond in real time to cyberattacks in the cloud, data center, and
enterprise infrastructures. Hitesh brings a wealth of experience from senior
roles at Aruba, Juniper, and Cisco, that affords him important lessons about
how enterprises can assess and address security as they migrate workloads to
the cloud. These lessons include views on encryption, 5G, and commingled log
data, to name a few. We’re covering all these topics today, but first, thanks
for joining me, Hitesh, and welcome to Growth Journeys.
Hitesh Sheth: Great to be here, Tim. Thank you for having
Tim McAdam: So, let’s start with a relatively simple one,
but probably complicated in its scope. What’s the general state of cloud
Hitesh Sheth: Cloud security today is, in my view, where
Windows used to be circa 1990s. If you go back in time a couple of decades when
Windows started to proliferate, security was really not the first thing that
Microsoft thought about. And at that time, it looked like a pretty complex
setup with multiple operating system versions, different devices on which
Windows was getting deployed, and it felt like it was an endless opportunity
for attackers to leverage.
Now, fast forward to today, and if you look at the cloud
environment, whether you’re dealing with serverless computing, whether you’re
looking at Kubernetes, none of the technologies that are being built for the
cloud have had security at the front end, and by comparison we have a thousand-fold
more complex scenario than we had when Windows started prevailing from a
security point of view.
So, I think the scenario we have right now is that while cloud is
taking off exponentially, the security holes that we are facing are indeed very
Tim McAdam: And how do you think enterprises should
approach assessing their security vulnerabilities as they migrate these
workloads to the cloud?
Hitesh Sheth: One of the most important things that they
should think about very carefully is that whatever strategy they had in place
in their traditional on-prem networks is not the strategy they should deploy
into the cloud. And a good example would be – you think of perimeters when you
think of on-prem networks. So traditional firewalls tend to be the way you
think about security. That already is disappearing in traditional networks, and
that certainly cannot apply when you’re looking at cloud infrastructure.
Now, I think Gartner has come out with a very good synthesis of
how to think about building visibility for next-generation SOCs and they’ve got
this thing called the Triad, and the Triad has three components to it. There is
a SIEM in it. There is NDR, which is network detect and response. And there is
endpoint detect and response, EDR. And logically, if you have those three
technologies in place, then you have the best shot at delivering comprehensive
visibility for the SOC. And the good news there, is that it is independent of
whether you’re in the cloud or on on-prem networks as well.
Tim McAdam: Right. And just for the audience, could you
define what a SIEM is?
Hitesh Sheth: Absolutely. SIEM is security information and event management systems. A vendor example here would be Splunk. When you’re looking at EDR, a vendor example would be CrowdStrike. And then certainly when it comes to NDR, Vectra would be the example in mind.
Tim McAdam: Perfect. So, talk about encryption for a
second and what role encryption will play in securing workloads. And I think
there are probably some schools of thought that say, “Why do you need any
of this stuff if our data’s encrypted?”
Hitesh Sheth: Correct. So, I think there’s good news and bad news in encryption. Let me start with the good news. The good news is that you can indeed encrypt the traffic from say, the endpoint to the edge of the infrastructure, or to the SaaS application. And so, in theory, you are reducing the opportunities for a hacker to break into that workload or into the payload and initiate a cyberattack. So that’s the good news.
However, the reality is that whether you’re dealing with data
centers or you’re dealing with cloud infrastructure, the number of times where
the traffic’s going to get encrypted post the edge of the cloud or the data
center tends to be very, very limited. And therefore, you have the need to
still continuously monitor the inside of the data center or the inside of the
cloud for tracking advance attacks. That’s number one.
But number two what is also probably not fully appreciated is that
encryption is actually a friend for attackers. So, if your device is
compromised, Tim, and then your traffic is encrypted from your device to the
SaaS application, then if I’m the hacker, the chances that somebody’s going to
pick me up really get diminished. Therefore, you know, logically the only way
you can really find those attacks is by looking at the behavior of your device
and how you’re interacting with the application. Therefore, behavioral
approaches become really essential in this scenario.
Tim McAdam: Right. And that begs the question – that
might be a device-specific viewpoint. But how about the data itself? Obviously,
multi-tenant cloud applications have effectively commingled log data or log
data from multiple customers. Is that a limitation or security risk as
enterprises move their workloads to the cloud, and how do enterprises gain
comfort that the integrity of their data will remain intact as they move
workloads to the cloud?
Hitesh Sheth: The reason logs get commingled in the cloud environment – I’ll come back to the point I made earlier. Security is an afterthought in the scenario. The primary objective of doing that is to add efficiency to IT ops. That is the reason why they do that. For a customer, who is adopting cloud services, you have to reconsider the Triad that I described earlier. You have to have a SIEM. You can take this commingled log data and you can have this centralized in one place for analysis purposes.
But, what is really crucial is that you don’t rely on that by
itself. You have to use network detect and response. You have to use endpoint
detect and response. And so, the whole point of that Triad is to give you coverage
in scenarios like the one you just described.
Tim McAdam: Got it. That makes sense. How about trends
around next-gen communications like 5G, for example, and then this whole
mindset of zero trust? How do you see these newer trends enhancing, or frankly,
causing security issues?
Hitesh Sheth: The benefit of 5G is that we, as users, can bypass traditional networks, and with our devices – whether it’s a phone or a tablet – you can go straight to the cloud and order the SaaS application. You don’t have to worry about your traditional network and the security therein. Which is great.
Now, the challenge with that is that you have just now opened up a
direct path into the data without any intermediary layers. So, this is where
zero trust is supposed to come in.
Zero trust is supposed to introduce the notion that unless every
device is authenticated, it should not be trusted. But frankly, it’s a very
simplistic view of security because it essentially says, if Tim on Tim’s phone
is authenticated, then Tim and Tim’s device are now automatically safe. But
what if somebody stole your credentials? And that happens on a daily basis, as
we know. And, therefore, it is not enough to rely on something like zero trust.
You have got to have the right monitoring principles in place in
the cloud itself to ensure that if your credentials are stolen on one end,
you’ve got the right mechanisms to watch for the behavior of the privileged
user in the cloud.
Tim McAdam: Got it. So, let’s talk about responsibility
for a second. I recently read a Gartner report that was talking about degrees
of hand-off points from infrastructure as a service providers, to platform as a
service providers, to SaaS providers. How do you think about this shared responsibility
continuum, and do you see this security responsibility changing over time?
Hitesh Sheth: First of all, I think a lot of companies make the mistake of thinking that the security responsibility is solely the cloud provider’s responsibility. And I think that mistake originates from consumers of SaaS applications.
If you are consuming Salesforce, as an example, I think it’s very
reasonable to expect that Salesforce has taken care of your security
requirements. In theory, that’s generally true. However, if you are the entity
that is actually deploying your applications into the cloud environment, having
that expectation that AWS, Microsoft, Google, have done the same thing is
fundamentally not true.
At the end of the day, the company that’s utilizing cloud
resources is responsible for the security of the network layer, the data on top
of that, the applications, and how people are interacting with those
applications. That responsibility solely resides with the entity that is using
those services. And I think even as cloud providers evolve their security
offerings, it would be a mistake for consumers of those offerings to relinquish
their responsibility back to the cloud provider.
Tim McAdam: So, Hitesh, you can’t pick up the paper today
without reading headlines about the shortage of qualified cybersecurity talent
relative to the size of the problem. This is a massive issue. Why haven’t more
cybersecurity companies adopted an AI/ML framework like Vectra’s given the
obvious dearth of humans in the sector?
Hitesh Sheth: I actually think, Tim, that a lot of security vendors are talking about AI today. It’s become one of the pain points for customers, where AI has evolved into a buzzword from vendors, and they talk about it all the time.
The issue fundamentally is that the vendors are approaching this
completely wrong, in my view. Even for investors, as they think about investing
in companies that are touting AI, the principle of generalized AI simply does
not work. Generalized AI equals a human being. And AI is not advanced enough,
from a software point of view, to repeat what a human being would do in
technology. So, the notion of applied AI is really key here. Applied AI does
work as evidenced from the work that we do at Vectra.
And I think the key there is you cannot just take AI by itself. If
it’s application-specific, then domain becomes very critical. And one of the
early epiphanies that we had in our journey here is that as we experimented
with generalized AI, and frankly we made mistakes with that. And what struck us
very quickly was that, “Hey, you need security domain, you’ve got to have
security domain paired up with AI for this to work.” If I’m a customer, I would
be testing for that every single day before accepting a vendor’s word that
their tech is actually going to work in my environment. Otherwise, it’s the
person behind the curtain actually doing the work, not the software.
Tim McAdam: Right. Well, thank you for making all those
generalized AI mistakes before we invested, Hitesh.
Hitesh Sheth: And, yes, we did that in the first few years, Tim, as you know well, but if you don’t make mistakes, you don’t learn. And we are much better off as a result.
Tim McAdam: So lastly, at a recent offsite, one of my
partners floated the concept of via negativa, or addition by subtraction, as it
related to our business model as investors. That is to say, focus on fewer,
more high-impact investment themes or investment types by not focusing on
others. Hitesh, should via negativa apply to streamlining the security posture
of enterprises as they think about moving to the cloud?
Hitesh Sheth: I think it’s an absolutely fantastic principle for how you think about where you invest in infrastructure broadly and certainly in security, because as we all know, security is rife with a plethora of technologies and vendors pitching the next-greatest tool to customers every single day. Yet, paradigms have evolved very, very rapidly.
So for example, if I am building something from ground up, a
customer should ask themselves, why do they really need a firewall? For what
purpose? If I have EDR on my endpoint, if I have the right setup for monitoring
my workloads in the cloud, what role does a firewall really play? What role
does a perimeter play? If you want to save your dollars, OpEx or CapEx, I’ll
put something bold out there and say, eliminate the firewall. I would challenge
somebody to do that. And then provided they are actually following the SOC
Triad – be religious about implementing the SOC Triad.
Do that first and then question the need for spend on anything
else next. That’s the approach – that’s how via negativa can apply to security
Tim McAdam: That is bold. I like it. Hitesh, thanks for
joining us today.
Hitesh Sheth: Thanks very much, Tim, really appreciate it.
Dublin, ROI, Sept. 04, 2019 (GLOBE NEWSWIRE) — Clio, the leader in cloud-based legal technology, announced today it has raised $250 million USD in Series D funding from TCV and JMI Equity. The investment marks one of the largest private transactions in legal technology and a definitive shift for the future of the legal industry.
As reported by the World Justice Project, 59% of individuals in the United Kingdom experienced a legal problem in the past two years, but only 28% were able to access help with many (48%) seeking advice from a friend or family member. Yet, there were over 138,000 practising solicitors as reported by the Law Society of England and Wales, with 63% of those residing in Dublin.
“It’s clear something needs to change when the majority of legal problems don’t receive legal assistance,” said Jack Newton, CEO and Co-founder of Clio. “Clio is committed to building the essential operating system for solicitors, one that focuses relentlessly on unlocking new efficiencies and entry points to legal services. This will allow legal professionals to easily deliver exceptional client experiences, increase their productivity, grow their firms, and make legal services more accessible. This investment will accelerate our ability to realize this vision.”
Founded in 2008, with their European headquarters based in Dublin, Clio will use these funds to amplify efforts to support access to legal services across Europe. Clio is the only legal case management software endorsed and approved by both the Law Society of England and Wales and the Law Society of Scotland due to their robust product, exceptional customer care, and commitment to helping law firms meet GDPR & SRA compliance responsibilities as data controllers.
“At TCV, we partner with innovative companies that are leaders in their industry and offer superior value propositions for their customers,” said Amol Helekar, Principal at TCV, and a member of Clio’s board of directors. “Clio has had long-standing success in transforming a vast industry that has been lagging in technology adoption and we are confident the company will continue to lead on a global scale. We are committed to supporting Clio with TCV’s resources and network in order to help them capitalize on their significant growth opportunities,” added Jake Reynolds, General Partner at TCV.
TCV and JMI have been investment partners to innovative technology companies such as Adaptive Insights, Airbnb, Eloqua, Expedia, Facebook, Netflix, PointClickCare, ServiceNow, and Spotify, and have helped these businesses achieve their growth objectives.
“We believe the legal software space presents significant opportunities for continued disruption, and Clio is the clear leader,” said Matt Emery, General Partner at JMI Equity who has joined Clio’s board of directors. “Clio is not only solving some of the biggest pain points for the legal profession, it is creating a platform for the future of legal services, and we look forward to partnering with the team in the company’s continued growth and success,” added Sureel Sheth, Principal at JMI.
Customers can expect to see ongoing investment in the depth and breadth of Clio’s offerings, with even more powerful and flexible tools for legal professionals to manage and grow their practices, making them more efficient and sustainable as businesses. Mark Britton, former Expedia executive and founder of legal marketplace Avvo.com, will also be joining Clio’s board of directors to provide his own industry experience as the company brings their vision for the future of legal to market.
Raymond James served as legal buyside advisor to TCV for this investment.
Clio (Themis Solutions Inc.), the leader in cloud-based legal technology, empowers legal professionals to be both client-centered and firm focused through cloud-based legal practice management software. Clio has been transforming the industry for over a decade with 150,000 customers spanning 100 countries, and the approval of over 66 bar associations and law societies globally. Clio continues to lead the industry with initiatives like the Legal Trends Report, the Clio Cloud Conference, and the Clio Academic Access Program. Learn more at clio.com/uk.
Founded in 1995, TCV provides capital to growth-stage private and public companies in the technology industry. TCV has invested over $12 billion in leading technology companies and has helped guide CEOs through more than 120 IPOs and strategic acquisitions.
TCV’s software and legal technology investments include Alarm.com, Altiris, Ariba, Avalara, Avetta, Avvo, AxiomSL, CCC Information Services, ExactTarget, ETQ, FinancialForce, Genesys, IQMS, LegalZoom, OpenText, OSIsoft, Rapid7, Rave Mobile Safety, RELEX Solutions, Sitecore, SiteMinder, SMT, Splunk, Toast, Xero, and more. TCV is headquartered in Menlo Park, California, with offices in New York and London. For more information about TCV, including a complete list of TCV investments, please visit tcv.com.
About JMI Equity
JMI Equity is a growth equity firm focused on investing in leading software companies. Founded in 1992, JMI has invested in over 145 businesses in its target markets, successfully completed over 95 exits and raised more than $4 billion of committed capital. JMI partners with exceptional management teams to help build their companies into industry leaders. For more information visit jmi.com.