We are excited to bring back Transform 2022 in person on July 19 and virtually July 20-28. Join AI and data leaders for insightful talks and exciting networking opportunities. Sign up today!
Cybersecurity is full of puzzles, but here’s an especially big one right now: The growing complexity of security has helped inspire a lot of innovation and venture investment, resulting in a host of startups in security.
All of which leads to a different kind of complexity that companies must deal with: an overabundance of vendors to choose from.
“You don’t need 1,000+ cybersecurity startups. That’s not what the industry needs,” said John Brennan, a partner at a security-focused venture capital firm. YL Companies.
And yet, within security, “there are is it so massive problems that still need to be solved,” Brennan told VentureBeat.
With this in mind, YL Ventures, which launched in 2007, chose to take a very focused and selective approach when choosing which startups to fund. In addition to only supporting security companies, YL invests exclusively in Israeli-founded startups, making only a few new seed investments per year. The firm is also entirely focused on financing startups that it had initially backed at the seed level.
Admittedly, this approach “means ignoring a lot of other great things that are going on,” Brennan said.
‘Really big problems’
However, maintaining this focus allows YL to devote all of its energy to uncovering Israeli security startups “that are chasing really big problems, and that can essentially justify creating big companies,” he said.
To date, those companies have included cybersecurity asset management firm Axonius, whose $4 million seed round in 2017 was led by YL. The venture firm exited its investment in 2021, selling its stake for $270 million, as Axonius raised new funds at a valuation of $1.2 billion (the vendor has since risen to a valuation of $2.6 billion). .
More recent seed investments led by YL Ventures have included Orca Security, which offers a cloud protection platform and was valued at $1.8 billion in October, despite only being founded in 2019. Orca now has more than 300 employees, more than tripling its headcount and increasing its customer base by 400% over the past year, the company says.
But what has this highly selective venture capital firm been investing in lately? YL has disclosed investments in six early-stage cyber companies since 2020, one of which has already exited (build.security, which was acquired by Elastic). The other five startups are Enso Security, Grip Security, Piiano, Valence and Eureka.
What follows are details on the five security startups backed by YL Ventures.
seed round: 2020, $6 million
Product: Application security posture management solution that provides application discovery, classification, and management.
A “new category” [for] cybersecurity world,” Application Security Posture Management offers a “systematic process for managing and running AppSec holistically,” Enso says.
The Enso solution offers “comprehensive application visibility, inventory and discovery across the organization’s environment; Workflow management and automation in AppSec and developer teams; Coverage from day one with out-of-the-box application security testing; A contextualized and prioritized list of vulnerabilities and security gaps that focuses on the most important assets for the business; and reports and executive follow-up”, according to the company.
differentiators: While many security programs focus “solely on defect management,” Enso says it brings an “asset-first approach,” where defect management is component-only. “It is the first platform suitable for building true AppSec maturity by focusing on AppSec programs that operate holistically and measure comprehensively from start to finish,” the company said. “Enso enables this by accommodating all AppSec workflows and tools to break down the silos that currently plague enterprise systems, allowing enhancements to have a greater impact across application portfolios.”
seed round: 2021, $6 million
Product: Platform to enable data visibility, governance and security to secure the use of software as a service (SaaS).
Grip seeks to “revolutionize SaaS security” while displacing legacy cloud access security broker (CASB) solutions and “helping enterprises implement much-needed granular and automated security for SaaS,” it says. the company.
“Grip’s unique architecture gives security teams complete visibility and control over every SaaS in use by the organization, including shadow applications, without performance degradation or interference,” says Grip.
differentiators: Unlike currently available solutions, Grip says it has “eliminated performance degradation”, allowing for zero friction or interference, while ensuring access controls and data management work.
With the solution, “CISOs don’t need to watch anyone,” says Grip. Meanwhile, unlike existing SaaS solutions, Grip’s platform covers all apps and connections from anywhere, while offering simplified “zero-touch” deployment, the company says.
seed round: 2021, $9 million
Product: Platform for the protection and management of personally identifiable information (PII) in cloud-native applications.
Piiano is a “pioneer of data privacy engineering for the cloud, delivering the industry’s first personal data protection and management platform to transform the way enterprises build privacy-aware architecture and implement privacy practices,” the company says.
The company offers “developer-friendly, pre-built infrastructure to dramatically ease enterprise privacy engineering journeys,” the company says, including the “Piiano vault” to centralize and protect sensitive data.
differentiators: Unlike current data protection solutions, Piiano “goes straight to the root of privacy: the developer,” the company says. With the Piiano platform, “developers can marry security and privacy with C-level requirements for data protection and privacy at the architecture level,” according to the company.
seed round: 2021, $7 million
Product: platform that aims to help companies manage the risks of third-party integrations and protect connectivity between applications.
Valence says a zero-trust approach is needed to secure the “business application mesh,” the many applications and connections between them that businesses depend on.
The Valence platform “delivers end-to-end access visibility into the risk surface while identifying and mitigating internal and third-party access risks associated with it,” the company says. “By providing fast, continuous and non-intrusive Business Application Mesh risk surface management, the Valence platform streamlines collaboration between business application teams and enterprise IT security teams.”
differentiators: Unlike current identity and access management solutions that “focus on human-application interaction, Valence is the first company to focus on the non-human element that drives interconnectivity between business applications,” says company . “Unlike human identities, where you can apply MFA and managed devices, non-human identities operate on a machine-to-machine basis, which requires a different set of security and governance controls.”
seed round: 2022, $8 million
Product: Cloud data security posture management platform that aims to help security teams address cloud data growth.
Eureka has “pioneered cloud data security posture management, a holistic approach to keeping all data residing in enterprise cloud data stores secure, regardless of where it resides or how it arrived. there, and without the need for extensive experience in the operation of each data warehouse”. the company says. “Eureka enables security teams to mitigate the risk of data loss and theft in multi-cloud environments by gaining control over their entire organization’s cloud data security posture and compliance.”
differentiators: Eureka says it offers “a higher layer of security compared to point solutions and native tools by providing comprehensive, real-time views of data stores and the risks associated with them, in addition to its policy translation engine data-centric.
This engine “automatically translates data protection policies around privacy, risk, compliance, and security into platform-specific controls that can be implemented on each cloud data store,” according to the company.
The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.