CyberFox Purchases Timus to Bring SASE Capabilities to SMBs

Governance & Risk Management , SASE , Zero Trust CyberFox Purchases Timus to Bring SASE Capabilities to SMBs CEO David Bellini Says Remote Work Drives Demand for Always-On Secure Connectivity Michael Novinson (MichaelNovinson) • June 29, 2026     Credit Eligible Get Permission David Bellini, CEO, CyberFox (Image: CyberFox) CyberFox purchased a SASE startup led by a serial entrepreneur to provide small and midsize businesses with security that follows users wherever they are. See Also: Edge Transformation: Top 5 SASE Predictions and Trends The Tampa, Florida-based SMB cybersecurity stalwart said its buy of Tampa-based Timus Networks will make it easier for resource-constrained organizations to replace hardware appliances with cloud-delivered security services that protect users regardless of location, said CEO David Bellini. He said SMB demand for SASE services will continue growing over the next five years amid modernization. "A lot of our SMB clients are wanting to have a full-featured SASE-type product because they work remote as much as they work under roof," Bellini told ISMG. "This is replacing that WatchGuard, replacing that SonicWall with software-based cloud products that can do the same thing and follow everyone everywhere." Timus, founded in 2021, employs 51 people and has raised seed funding from Metis Ventures, Log Ventures and TechOne Venture Capital. The company has been led since July 2025 by Polat, who co-founded Timus in 2021 and served as its chief technology officer between 2021 and 2025. Polat previously started unified threat management startup LOKI and full-stack software company Intranova (see: CyberFox Lands 9-Figure Backing to Grow SMB Cybersecurity). What Makes Timus's Take on SASE Different Than Cato Networks SASE products from companies such as Cato Networks provide extensive functionality but are priced for large enterprises with substantial IT budgets, Bellini said. CyberFox instead focuses on small manufacturers, auto dealerships and government agencies that require modern networking and security capabilities but need solutions that are significantly more affordable and easier to manage, he said. "We're selling to that car dealership, we're selling to those light manufacturing and they need these things now," Bellini said. "Everyone needs this. It's time to update their entire VPN stack." With Timus, Bellini said CyberFox wants to deliver "80% of the features for 90% of the discount." Rather than attempting to replicate every advanced enterprise capability, CyberFox prioritizes the security functions most SMBs actually use while keeping implementation and subscription costs low enough for organizations with limited budgets and small IT staffs, Bellini said. "Eighty percent of the features for 90% of the discount is kind of our concept," Bellini said. "That's what we feel is really necessary for everyone that's under the Fortune 5000. You've got to be able to be inexpensive. The prices of those bigger products are just too much for the people that we're selling to." The high number of publicly disclosed vulnerabilities affecting legacy VPN technologies such as SonicWall is one factor driving customers to reevaluate their remote access infrastructure, Bellini said. He also noted that rivals such as WatchGuard have responded by acquiring SASE capabilities, which is further evidence that companies are moving away from appliance-based networking toward fully cloud-native architectures. "The writing's on the wall," Bellini said. "The hardware is going away. You've got to start moving into this next layer where it's cloud-based." Why SMEs Increasingly Prefer SASE to VPN-Based Architecture About 27% of employees continue to work remotely, with these users routinely connecting from homes, hotels, airports and coffee shops, exposing organizations to networks they do not control. CyberFox believes organizations need persistent, always-on secure connectivity that protects users without requiring them to manually establish VPN sessions or troubleshoot connectivity issues. "You don't know if they go into a coffee shop and there's some malicious hacker in there that's trying to get in and do bad things because that's an easy point of access right there," Bellini said. "Or every time I get on, I go to a hotel, it says this network's unsecured, which is kind of uncomfortable for all of us. So, this allows that to go away." Forcing users to route traffic back through physical appliances introduces unnecessary latency, particularly for geographically dispersed organizations, Bellini said. In contrast, cloud-native platforms with distributed points of presence enable users to connect to nearby security infrastructure while maintaining consistent protection and better application performance, Bellini said. "One of the advantages of building inside that tunnel is you've already got a nice clean area," Bellini said. "It's your tunnel and it's secure, so now we can start augmenting that tunnel with additional features that allow us to keep the security all the way through." Once users are operating within an encrypted and trusted tunnel, Bellini said additional controls can be layered onto the platform, including application access restrictions, zero trust policies and more granular security controls. Because SMB employees often use many different business applications and perform multiple job functions, organizations increasingly want the ability to restrict unnecessary access, he said. "We're looking at that whole CIS controls framework," Bellini said. "We covered about three or four controls already, and this adds another two. We're just going down the ladder trying to cover all the different pieces."