Breaking
NEW CEO Bill Robbins takes the helm at Menlo Security (Feb 2026) $100M ARR Menlo crosses nine-figure recurring revenue VOTIRO ACQUIRED Content Disarm & Reconstruction joins the browser 8 OF 10 largest global banks run Menlo isolation $270.5M RAISED across five rounds; Series E led by Vista Equity DoD CONTRACT U.S. Department of Defense deploys cloud browser NEW CEO Bill Robbins takes the helm at Menlo Security (Feb 2026) $100M ARR Menlo crosses nine-figure recurring revenue VOTIRO ACQUIRED Content Disarm & Reconstruction joins the browser 8 OF 10 largest global banks run Menlo isolation $270.5M RAISED across five rounds; Series E led by Vista Equity DoD CONTRACT U.S. Department of Defense deploys cloud browser
Menlo Security logo
Filed: Mountain View, CA — the wordmark, mid-pivot
YesPress / Company Profile / Cybersecurity

Menlo Security: the browser is the new endpoint

A Mountain View security company that decided the safest way to handle the internet was to never let it touch the laptop. Twelve years and $270 million later, eight of the world's ten largest banks agree.

Founded 2013 ~440 employees $100M+ ARR Series E
Share - LinkedIn Twitter / X Facebook Instagram
01 / Who They Are Now

The quiet company keeping the internet at arm's length

On any given Tuesday, an analyst at one of the largest banks in the world clicks a link in an email. The link is bad - it has been for weeks, in an ongoing campaign that has chewed through other companies. Nothing happens. No alert, no quarantine, no incident bridge. The bad page renders, the analyst skims it, decides it is junk, and moves on. The page never ran on her laptop. It ran in Menlo Security's cloud, two thousand miles away, and only the rendered pixels reached her screen.

That is the entire pitch. Menlo Security, headquartered in Mountain View, has spent twelve years building a system that treats the open web the way a chemistry lab treats unknown samples - inside a fume hood, with the sash down. The company calls it isolation. Customers call it "the thing that finally let us let employees click."

$100M+
Annual Recurring Revenue
$350M
Total Contract Value
440
Employees
8/10
Largest banks as customers
"The browser is where work happens. So the browser is where security has to live." — Menlo Security, marketing line that turned out to be a strategy
02 / The Problem They Saw

"Don't click suspicious links" is not a security policy

For two decades the cybersecurity industry sold a comforting fiction: that with enough training, employees could be trusted to recognize a bad link. Phishing simulators were ordered by the gross. Mandatory videos were watched at 2x. And year after year, the breach reports came back the same - somebody clicked.

The founders of Menlo Security looked at this and concluded, with the lightly ironic patience of people who had spent careers in network security, that perhaps the issue was not user education. Perhaps the issue was that any web page, anywhere, could execute code on a corporate laptop the second it loaded. Solve that, and you do not need the employee to be a security expert. You just need them to do their job.

"Phishing training is the cybersecurity equivalent of telling people to drive carefully. True at all times. Useless at the moment of impact." — A reasonable summary of why isolation exists
03 / The Founders' Bet

Four veterans, one heretical idea

In 2013, four people in Palo Alto - Amir Ben-Efraim, Poornima DeBolle, Kowsik Guruswamy and Lior Drihem - placed a bet that sounded like a bad joke at security conferences: what if we just ran the entire web somewhere else? Not "scan it harder." Not "machine-learn the malware." Just move the execution off the endpoint entirely and stream back a safe rendering.

Ben-Efraim had been the VP of cloud security at Juniper Networks. He had seen enough perimeter products promise enough things to know that adding another filter to the laptop was not the answer. DeBolle, an engineering leader who would later be named twice to Inc.'s Female Founders list, owned the product side. Guruswamy ran the technology. Drihem rounded out a team that, taken together, had built and broken networks for most of their careers.

The first reaction from the industry was that isolation would be too slow, too expensive, and too weird. The second reaction, several years later, was that 8 of the 10 largest banks in the world had signed up.

"We did not think the browser was broken. We thought it was working exactly as designed - and that was the problem." — Paraphrased from a decade of investor decks

A short, slightly dramatic timeline

2013
Founded in Palo Alto. Idea: render the web somewhere that is not the laptop.
2015
Series B of $25M. Forbes calls Menlo the hottest cybersecurity startup of the year.
2017
Series C of $40M from JP Morgan, American Express Ventures and HSBC - customers writing checks.
2019
Wins the U.S. Department of Defense contract for cloud-based browser isolation.
2020
$100M Series E led by Vista Equity Partners. Valuation reportedly approaches $800M.
2024
Crosses $100M ARR and $350M total contract value. 50% growth over the prior 24 months.
2025
Acquires Votiro to fold Content Disarm & Reconstruction into the Secure Enterprise Browser.
2026
Bill Robbins named CEO. Amir Ben-Efraim moves to Executive Chairman.
Twelve years compressed into eight rows. The middle five involved a lot of unglamorous Kubernetes work.
04 / The Product

One platform, four ways to use it

Menlo sells what it calls a Secure Enterprise Browser, which is less a single product than a stack of capabilities that all live in front of - and inside - the browser tab. The underlying engine, Isolation Core, runs every active web session in a cloud sandbox. The user's device receives only a rendered, sanitized stream. If the page tries to drop malware, the malware lands in the sandbox, which dies and gets replaced milliseconds later.

Secure Enterprise Browser

Managed isolated browser for any device, managed or unmanaged.

Remote Browser Isolation

The original cloud sandbox - every web session executed off-device.

HEAT Shield AI

AI detection for highly evasive adaptive threats, including zero-hour phishing.

Cloud SWG + Votiro CDR

Secure web gateway plus content disarm for files moving through the browser.

"It is a strange flex to sell a product whose entire pitch is that the customer's employees can stop being careful." — The Menlo paradox
05 / The Proof

The receipts

Cybersecurity is a market where it is very easy to talk and very hard to be picked. Menlo's customer roster reads like the spreadsheet of a financial systemic-risk analyst: 8 of the 10 largest banks in the world, 4 of the 5 largest credit card issuers, 24 Global Fortune 500 companies, and a list of energy and transportation companies whose names show up on the evening news when something goes wrong.

And then there is the U.S. Department of Defense. The DoD does not buy software because the deck was pretty. It buys software after multi-year evaluations that grind small companies into dust. Menlo passed. That contract sits in the background of every other deal the company closes.

Menlo's funding climb

USD millions raised per round - source: company press releases
$10.5MSeries A '14
$25MSeries B '15
$40MSeries C '17
$75MSeries D '19
$100MSeries E '20
Five rounds. $270.5M total. The vertical axis is dollars; the horizontal axis is patience.
"When JP Morgan, HSBC and American Express all invest in the same security company, somebody on Wall Street has done the math." — A polite way of saying the customers became the shareholders
06 / The Mission

Make the internet boring again

Strip away the marketing - which features words like "zero trust," "AI-powered" and "adaptive" in approximately the density of a Marketo email - and Menlo's mission is simple. Users should be able to click anything on the internet. Security teams should be able to sleep. The browser, which has quietly become the operating system most of us actually use, should stop being the soft underbelly of every enterprise on earth.

Co-founder Poornima DeBolle has spent considerable time outside Menlo championing women in technology, including through her recurring spot on Inc.'s Female Founders list (2023, then again in 2025). It is the kind of work that does not show up in a 10-K but tends to show up in the bench depth of an engineering org a decade later.

"The point is not to add another layer. The point is to remove the layer where the breach happens." — The shortest version of the Menlo thesis
07 / Why It Matters Tomorrow

The AI agents are also using browsers

The next wave of browser traffic will not be people. It will be AI agents - autonomous software pretending to be Chrome, signing into SaaS apps, downloading files, filling forms, occasionally hallucinating into a phishing kit. Every enterprise security team in the world is now staring at the same problem: how do you secure a browser that is being driven by a model you did not train?

Menlo's bet, made twelve years before this problem existed, turns out to look prescient. If the entire web session already runs in a controlled cloud environment, with policy enforced at the rendering layer, it does not particularly matter whether the driver is a human or a script. The fume hood does not care what put the sample inside it.

That is also why Bill Robbins, the new CEO appointed in February 2026, was hired. The story is no longer about pioneering isolation. The story is about turning a niche security primitive into the substrate underneath the AI-era enterprise. Same product, much bigger room.

08 / Back to the Beginning

Tuesday, somewhere on the trading floor

The analyst clicks the link. The bad page renders. Nothing happens. She goes back to her spreadsheet. Three floors up, the CISO is in a budget meeting and never finds out about it. Two thousand miles away, a container in Menlo's cloud finishes its job, dies, and is replaced. The internet remains, as ever, mostly hostile. The day remains, against all odds, mostly boring.

That is what Menlo Security sells. Not a feature. A Tuesday that does not end in an incident report.

Where to follow Menlo Security