Many large enterprises now rely on hundreds of third-party SaaS applications to do business, but their security organizations can barely keep pace. Right now, the state of the art for SaaS enterprise security are cloud access security brokers (CASBs) that act as intermediaries between users and the actual service. But they don’t provide the kind of visibility that enterprises want since employees will often route around their IT departments. Tel Aviv-based Grip Security aims to make this a lot easier by providing enterprises with full visibility into their SaaS portfolios through enforceable endpoint-centric access controls and new data governance capabilities that work across devices and locations.
Grip Security today announced that it has raised a $6 million seed round led by cybersecurity-focused YL Ventures, with participation from CrowdStrike CEO and co-founder George Kurtz and a group of other angel investors with deep roots in the cybersecurity industry. These include the likes of former Akamai CSO Andy Ellis, former Zscaler CISO Michael Sutton, former Bank of America Chief Security Scientist Sounil Yu and Amazon Whole Foods CISO Sameer Sait.
“The founding team at Grip Security brings deep technical acumen to disrupt the SaaS security market,” said Ofer Schreiber, partner at YL Ventures. “Grip will not only upend antiquated SaaS security solutions, but they’ll also help enterprises implement much needed automated and granular security for SaaS, the fastest growing segment in information technology.”
Before starting Grip Security, co-founder and CEO Lior Yaari actually spent some time as the CTO of YL Ventures (though he says he still had to go through the firm’s standard vetting procedure to get funding). In that role, he talked to a lot of CISOs, and, again and again, they talked to him about the problems with current SaaS security solutions. Like his co-founders, Idan Fast (CTO) and Alon Shenkler (VP R&D), Yaari also has a deep cybersecurity background. But it was during his time YL Ventures that the idea for Grip Security was born.
“Within YL Ventures, we were always looking for the next interesting sub-market and we knew from our conversation with CISOs […] that people know SaaS is a problem and they did not like the existing solutions — many of them being CASBs,” Yaari told me. “From this view of an investment team that not only talks with customers but also sees some technical teams that try to solve this problem and then go back and look for other solutions because they didn’t find a good fit within the market, I eventually wanted to do it myself. Last July, I actually told [YL Ventures partner Ofer Schreiber] that if no one solved this until October, I will. That was a joke back then — and then, three or four months later, it became reality. It’s hard to look at hard and interesting problems without trying to solve them.”
Most of the popular CASBs today were founded around 2013 and 2014 and then later acquired by other major players like Microsoft, Cisco and Proofpoint. But Yaari argues that the problems with protecting SaaS today is fundamentally different from those 10 years ago. These solutions, he argues, worked for protecting a dozen applications or so.
The promise of Grip Security is that after a quick installation, enterprises get full visibility into which applications their employees actually use. Yaari wasn’t quite ready to give away the secret sauce of how Grip does this, though. But he noted that this is a non-intrusive solution. “We do not install anything on user devices or corporate networks, but we follow the footprints left by SaaS applications and use this data to identify with extreme accuracy what applications were used.” He noted that Grip Security’s solution travels with the users, no matter which device they use.
Grip Security currently has about 15 employees and plans to use the new funding to build out its platform with additional capabilities, especially around providing access governance and data governance to applications. The plan is to grow to 20 to 25 employees within the next year.
Bring CISOs into the C-suite to bake cybersecurity into company culture
Comment