VC investment trends in the cybersecurity market suggest an industry in decline — at least in the context of recent months. According on Crunchbase, the number of cybersecurity deals fell in the third quarter to 153 deals from 181 in the second quarter. In a more detailed report, Crunchbase suggests that, with third quarter enterprise cybersecurity funding down 30% compared to last year’s period, investment in the category could fall to its lowest level since 2019.
However, some cybersecurity startups are escaping the industry downturn somehow Opal Security. Today, Opal, a vendor that takes an automated approach to identity access management, announced that it has raised $22 million in a Series B round led by Battery Ventures with participation from Greylock and Box Group.
Bringing Opal’s war chest to $32 million, the new tranche will go towards doubling Opal’s 30-person team by the end of 2024, scaling the business’ customer support organization and boosting product development, the founder and CEO said Umaimah Khan to TechCrunch in an email interview. . The product upgrade, he added, will include a new suite of visualization and artificial intelligence tools designed to remediate identity and access risk.
Khan founded Opal in 2020. Prior to that, she studied cryptography at MIT and worked in defense research as well as startups including Amplitude and Collective Health.
During her tenure in the private and public sectors, where Khan was responsible for building internal verification and authorization services, particularly at the policy level, Khan said she began to notice common issues around the visibility and lack of understanding of user access behavior.
“I’ve seen firsthand how a lack of good infrastructure and mundane issues like over-access lead to completely avoidable failures,” Khan told TechCrunch in an email interview. “The reality is that most top security engineering teams understand this and have built these systems in-house to the best of their ability — but it’s a huge advantage to scale and maintain these systems even for a large enterprise, and unrealistic for smaller organizations.’
To address what she saw as a need for a more scalable access and identity orchestration platform, Khan founded Opal, a suite that offers companies a unified view and control of employee access to internal tools, applications, platforms and environments. Using Opal, customers with over thousands of employees can create policy workflows to automate access policies and define approval flows for access requests that cannot be automated.
Opal does not stand alone in the access management market. In addition to the incumbents (eg Okta), vendors such as Veza, SailPoint, Cyber-Ark and Saviynt are among the competition. Some have raised significant venture capital. However, Khan claims that, unlike some of its rivals, Opal has laid the groundwork for more analytics and AI features aimed at preventing identity-based threats, which he believes will eventually attract more companies to the solution by Opal.
“Because we’re a data platform, we have an intuitive baseline understanding of system, user, and group policies, in addition to metadata about policy usage, approvals, denials, creation, and change over time — along with data logging from some end systems,” said Khan. “This gives us a unique and rich set of data to provide baselines for various forms of access-related risk, as well as to identify potentially anomalous actors and systems… We have put a lot of thought into how to create a generalized [access management] layer that is both read and write, and we prioritize enterprise readiness in terms of infrastructure and features.”
Customers agree, it seems. Opal’s annual recurring revenue has grown 4x since the company’s Series A in June 2022 across a customer base of around 40 brands, including Databricks, Scale AI and Figma. However, Khan would not say whether Opal was profitable.
“Our technology addresses the challenges of scaling information-constrained access management in complex, enterprise environments—a major pain point for technical decision makers across industries,” said Khan. “Large organizations have fragmented data and systems. Increasingly, these organizations need usable, scalable data and workflow processes to manage identity access… Our platform fits this need very well, giving CISOs and CSOs the tools they need to see and control their systems”.
Asked if he was concerned about challenges in cyber VC funding or the broader startup ecosystem, Khan pointed to the new US Securities and Exchange Commission rule requiring companies to more quickly disclose cybersecurity incidents and other related policy announcements as tailwinds for the Opal.
“Continued challenging market dynamics are forcing companies to become as efficient as possible. Our platform enables increased efficiency for security, compliance and IT teams,” said Khan. “Also, as more companies have digitally transformed in the wake of the pandemic, we’ve seen a parallel shift in the sophistication and scale of cyber breaches. Our platform is a layer of defense against these breaches and this bucket is pretty sticky… This latest round of funding will allow us to address ongoing market challenges while we invest substantially in growing our team and products.”
