Israel/US startup Silverfort takes a holistic view of identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new applications can all be targets and can be exploited at any of the many points where they interact with each other. So the best way to protect yourself from malicious exploits is to ensure authentication between any and all of them.
This thesis has been proven and tested by businesses, and the startup says it is now signing them up as customers at a rate of 100 per quarter. Revenue meanwhile is growing 100% annually with ARR in the tens of millions of dollars. All of this has caught the eye of investors, and now, Silverfort has raised $116 million to expand to a valuation that reliable sources tell me is “around” $1 billion.
“We think we can actually be that focused layer of identity security that cuts across all the silos,” CEO and co-founder Hed Kovetz said in an interview.
Brighton Park Capital is leading the all-equity round, with previous backers — a mix of strategic and financial investors — participating. They include Acrew Capital, Greenfield Partners, Citi Ventures, General Motors Ventures, Maor Investments, Vintage Investment Partners and Singtel Innov8.
As those familiar with security technology know, the space can be sliced and diced into many different areas and approaches. Identity has emerged as one of the most interesting of these in recent years, mainly due to the development of cloud architecture, which has made it possible to create not only more business software and applications, but also a whole new frontier of interaction between them. different products to make employees more dynamic and productive.
“Overall, we’re seeing an increase in identity in attacks,” Kovetz said. “I think every ransomware attack, which is a huge issue, leverages identity. Someone might call you and try to say they’re from the help desk or trick you into giving them your password. They are trying to get your credentials so they can log into the company network on your behalf. And then they use that identity to spread themselves through the network.” She added that her team has seen this route used “in almost every major data breach and with every ransomware attack.”
Silverfort, he said, only recently stopped what he described as a “massive attack” recently on a US Fortune 500 company, carried out by one of the dangerous groups out there, the one that carried out the attacks last year against MGM and other casinos. “Identity has really become the attack vehicle for hackers. They know this is the weak point.”
Every point of interaction essentially involves authentication between applications, and therein lies the challenge: Each of them can become a potential vulnerability. Since even more authentication is done in an automated way and vulnerabilities can be inadvertently created through even the most innocent code, this creates a large and difficult to monitor attack surface.
Ironically, often the most disruptive technologies are the products that are easy to use, asking few users to work. This is somewhat the case with Silverfort, which is designed to work with any current identity management products an organization may already be using. Silverfort essentially fits these, taking a snapshot of the larger network, which covers not only workers, but also machines and applications, and then provides observation around the larger landscape, monitoring unusual activity and responding to it, specifically detecting and threat response (ITDR ) and identity threat prevention (ITP) capabilities.
As we described earlier, the goal is not to create another ID platform to replace or compete with, say, Okta or whatever. It’s to “sit behind all other platforms” in Kovetz’s words.
“We believe the market has a disconnect between identity infrastructure and identity security, and we want to be the market leader in security,” he said in an interview this month.
The other platforms work or integrate by forwarding authentication notifications to Silverfort, which then provides “a second opinion” on the authentication of a user or machine. The all-in approach also critically covers legacy applications and endpoints, which is a harsh reality of the promise of “digital transformation”: Most businesses will not remove old systems and hardware, but replace them with as time went by.
“Silverfort is one of the rare companies that has successfully envisioned how a large market will need to transform to solve a difficult problem – in this case, identity security,” said Mike Gregoire, partner at Brighton Park Capital , in a statement. “The company has a track record of building innovative products at scale that exceed customer expectations, combined with outstanding market performance. Silverfort’s deep market expertise and vision for the identity security market, and their ability to build a winning team and culture, is second to none.” Gregoire is a former CEO of CA Technologies and Taleo and joins Silverfort’s board with this round.
