Kitchener-based cybersecurity startup Cavelo has secured CDN$5 million in venture capital.

The raise was led by Canadian VC firm Inovia Capital with participation from existing investors, including Graphite Ventures. It follows a pre-seed raise of CDN$1.3 million back when the startup launched in early 2021.

The latest investment will support continued platform development, as well as sales and marketing efforts to meet growing demand across North America.

“Our success is a direct result of our customers’ trust and we’re grateful for their continued support,” James Mignacca, founder and CEO, said in a news release. “Every detail of the Cavelo platform was designed with their needs in mind. As organizations lose control of their data due to digitization and cloud service adoption, their cyber risk, exposure and cost of breach soars. The Cavelo platform is a turnkey product that allows customers and channel partners to identify sensitive data, where it resides, who has access to it, and where software vulnerability remediation efforts should be focused, ultimately mitigating risk and exposure.”

Taha Mubashir, Principal at Inovia Capital, said that Cavelo is succeeding despite broad challenges in the technology industry generally.

“Cavelo represents the future of cybersecurity investments,” he said. “Despite continued market headwinds, Cavelo is driving significant growth through its customer-first approach and commitment to attack surface management innovation. We’re thrilled to welcome Cavelo to our portfolio and look forward to continued success.”

Cavelo’s platform helps businesses discover, classify, track and manage sensitive data in alignment with industry and regulatory reporting requirements. This includes attack surface management (ASM) technology, which helps customers discover, monitor and protect all the "surfaces" or “vectors” within the organization that might be vulnerable to attack.

“The Cavelo platform helps organizations and managed service providers easily quantify risk and prioritize remediation, in alignment to industry and regulatory reporting requirements,” Mignacca said.

In a Q&A discussion, he asked the Chair of Cavelo’s advisory board – eSentire founder and cybersecurity veteran Eldon Sprickerhoff – why customers seem more focused these days on linking ASM with data security posture management (DSPM), which involves knowing where your data is, who has access to it, how it’s used and how it’s protected.

Sprickerhoff replied that it has to do with the ubiquity of smartphones and the growing remote-work phenomenon.

“Over ten years ago, when building infrastructure for security purposes, we were comfortable implementing based on the concept of ‘castle and moat’ with a very well-defined perimeter. Back then, we didn’t have to broadly build for scenarios of remote work from home, or mass cloud offerings to contend with. Mobile devices weren’t quite as embedded as they are in workplaces today. All those factors have exploded and essentially blown away the concept of perimeter security,” Sprickerhoff said. 

“Many companies today simply don’t know what data they have at any level of the business,” he added. “Technology categories change to reflect the trends, but at the end of the day DSPM and attack surface management both start with knowing what data you have and where it lives. It’s nice to see that Cavelo continues to evolve in this area and that it remains on the cutting edge of what the market is asking for.” 

Cavelo bolted out of the gate when it launched in early 2021. According to the startup, it has increased year-over-year annual recurring revenue by 272 per cent, recorded two-fold year-over-year new customer acquisition, and attributes approximately 50 per cent of its overall revenue to channel expansion.

Mignacca has deep experience in the network and cybersecurity sectors of the Waterloo Region tech ecosystem. After working with Sandvine and eSentire, he founded Root Cellar Technologies in 2013. He sold the data management business in 2018 and soon after launched RootSecure Corp., which provided cyber risk-assessment of networks and devices.

In January 2019, RootSecure was acquired by Arctic Wolf Networks, a U.S.-based cybersecurity company with a sizable facility and strong roots in Waterloo Region.