We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn more about Transform 2022
Cybersecurity is full of conundrums, but here’s an especially big one at the moment: The growing complexity of security has helped to inspire a massive amount of innovation and venture investment — resulting in a huge number of new startups in security.
All of which leads to a different type of complexity for businesses to contend with: An over-abundance of vendors to choose from.
“You don’t need over 1,000 cybersecurity startups. That’s not what the industry needs,” said John Brennan, partner at security-focused venture capital firm YL Ventures.
And yet, within security, “there are massive problems that still remain to be solved,” Brennan told VentureBeat.
With this in mind, YL Ventures, which launched in 2007, has opted to take a very focused and selective approach when choosing which startups to fund. Along with only backing security companies, YL exclusively invests in startups founded in Israel — and only makes a few new seed investments per year. The firm also entirely focuses on funding startups that it had initially backed at the seed level.
This approach admittedly “means ignoring a lot of other great stuff that’s happening,” Brennan said.
‘Really big problems’
However, keeping this focus allows YL to devote all of its energy to uncovering the Israeli security startups “that are going after really big problems — and that can essentially justify building large companies,” he said.
To date, those companies have included cybersecurity asset management firm Axonius, whose $4 million seed round in 2017 was led by YL. The venture firm exited its investment in 2021 — selling its stake for $270 million — as Axonius raised new funding at a $1.2 billion valuation (the vendor has since moved up to a $2.6 billion valuation).
More recent seed investments led by YL Ventures have included Orca Security, which offers a cloud protection platform and was valued at $1.8 billion in October — despite having only been founded in 2019. Orca now has more than 300 employees, more than tripling its headcount and growing its customer base by 400% over the past year, the company says.
But what has this highly selective VC firm been investing in, lately? YL has made made investments in six seed-stage cyber firms since 2020, one of which has already exited (build.security, which was acquired by Elastic). The other five startups are Enso Security, Grip Security, Piiano, Valence and Eureka.
What follows are details on the five latest security startups backed by YL Ventures.
Seed round: 2020, $6 million
Product: Application Security Posture Management solution that provides application discovery, classification and management.
A “new category [for] the cybersecurity world,” Application Security Posture Management offers a “systematic process to holistically manage and execute AppSec,” Enso says.
The Enso solution offers “comprehensive application visibility, inventory and discovery of the organization’s entire environment; Workflow management and automation across AppSec and developer teams; Coverage from day one with out-of-the-box Application Security Testing; A contextualized and prioritized list of vulnerabilities and security gaps focusing on the assets which matter most to the business; and executive reporting and monitoring,” according to the company.
Differentiators: While many security programs focus “solely on managing defects,” Enso says it brings an “asset-first approach,” in which that management of defects is just on component. “It’s the first platform suitable for building true AppSec maturity by focusing on holistically operating and comprehensively measuring AppSec programs from beginning to end,” the company said. “Enso enables this by accommodating all AppSec workflows and tools to break the silos currently plaguing enterprise systems, allowing improvements to have a greater impact across entire application portfolios.”
Seed round: 2021, $6 million
Product: Platform for enabling visibility, governance and data security in order to secure software-as-a-service (SaaS) usage.
Grip is seeking to “revolutionize SaaS security” while displacing legacy cloud access security broker (CASB) solutions and “help enterprises implement much-needed automated and granular security for SaaS,” the company says.
“Grip’s unique architecture provides security teams with comprehensive visibility and control over every SaaS in use by the organization, including shadow applications, without resulting in performance degradation or interference,” Grip says.
Differentiators: In contrast to currently available solutions, Grip says it has “eliminated performance degradation” — allowing for zero friction or interference, while still ensuring that access controls and data governance are functioning
With the solution, “CISOs don’t need to police anyone,” Grip says. Meanwhile, unlike existing SaaS solutions, Grip’s platform covers all applications — and connections from anywhere — while offering simplified “zero touch” deployment, the company says.
Seed round: 2021, $9 million
Product: Platform for protection and management of personally identifiable information (PII) in cloud-native applications.
Piiano is a “pioneer of data privacy engineering for the cloud, offering the industry’s first personal data protection and management platform to transform how enterprises build privacy-forward architecture and operationalize privacy practices,” the company says.
The company offers “pre-built, developer-friendly infrastructure to dramatically ease the enterprise privacy engineering journeys,” the company says, including the “Piiano vault” for centralizing and protecting sensitive data.
Differentiators: Unlike current data protection solutions, Piiano “cuts straight to the root of privacy—the developer,” the company says. Using the Piiano platform, “developers can bridge security and privacy with C-level requirements for data protection and privacy at the architecture level,” according to the company.
Seed round: 2021, $7 million
Product: Platform that aims to help businesses manage the risks from third-party integrations and secure connectivity between apps.
Valence says it takes a zero-trust approach to securing the “Business Application Mesh” — the numerous applications and connections between them that businesses depend on.
The Valence platform “delivers comprehensive access visibility into the risk surface while identifying and mitigating the internal and third-party access risks associated with it,” the company says. “Providing quick, continuous and non-intrusive Business Application Mesh risk surface management, the Valence platform streamlines collaboration between business application teams and enterprise IT security teams.”
Differentiators: In contrast to current identity and access management solutions that “focus on the human-to-application interaction, Valence is the first company to focus on the non-human element driving interconnectivity between business applications,” the company says. “Unlike human identities, where you can enforce MFA and managed devices, non-human identities operate on a machine-to-machine basis, requiring a different set of security controls and governance.”
Seed round: 2022, $8 million
Product: Cloud Data Security Posture Management platform that aims to help security teams tackle the growth of cloud data.
Eureka has “pioneered Cloud Data Security Posture Management, a holistic approach to keeping all data residing in enterprise cloud data stores secure, regardless of where it is or how it got there — and without requiring deep expertise across how each data store operates,” the company says. “Eureka enables security teams to mitigate the risk of data loss and theft in multi-cloud environments by gaining control over their organization’s entire cloud data security posture and compliance.”
Differentiators: Eureka says it offers “a higher layer of security compared to point solutions and native tools by providing comprehensive and real time views of data stores and the risks associated with them, in addition to its data-centric policy translation engine.”
This engine “automatically translates data protection policies around privacy, risk, compliance and security into platform-specific controls that can be implemented into each cloud data store,” according to the company.