Valence Security, a company that secures the infrastructure of enterprise apps, today announced it has raised $25 million in a Series A round led by M12, the corporate venture arm of Microsoft, with participation from YL Ventures, Porsche Ventures, Akamai Technologies, Alumni Ventures and former Symantec CEO Michael Fey. The new capital brings the total company raised to $32 million, and co-founder Shlomi Matichin says it will be committed to product development and doubling Valence’s 25-strong workforce by the end of the year.
Matichin co-founded Valence Security in 2021 with Yoni Shohet. A two-time entrepreneur, Shohet previously launched SCADAfence, an industrial Internet of Things security startup. Matichin, for his part, was one of the founders of Capester, a platform for cataloging videos of civil violations.
“In recent years, malicious actors have focused on the interconnectivity between software-as-a-service (SaaS) applications, exploiting the potential for their attack campaigns, as we saw in the SolarWinds breach,” Matichin said. to londonbusinessblog.com in an email interview. “Organizations are struggling to secure this [app] mesh — a growing, complex, and interconnected environment of third-party SaaS apps, integrations, identities, privileges, and data.”
Matichin and Shohet built Valence to address these visibility challenges in the SaaS supply chain, including misconfigurations, risk prioritization, and remediation. The platform attempts to discover all of a company’s SaaS apps and contextualize them with vendor risk assessments, and provides tools to detect misconfigured security controls and deviations from established policies.
Valence can also help manage risky, inactive, and privileged authentication keys, third-party integrations, and low-code workflows, Matichin says, in addition to potentially insecure public files and emails forwarded externally. Identity security flows within Valence, meanwhile, focus on ensuring that users are managed by a central identity provider, using multi-factor authentication, and that they are properly locked out.
According to Matichin, the driving force behind demand for these services is the increasing threats faced by businesses – and the general proliferation of SaaS apps. The average enterprise uses about 80 SaaS apps, with BetterCloud estimate that companies with more than 1,000 employees use more than 150 apps. This opens up companies to attacks. According to a Dimensional Research questionnaire Commissioned by ReversingLabs, a cybersecurity provider, just over half (51%) of IT security teams report that they can protect their software from supply chain attacks.
The impact of such attacks can be devastating. In a recent article, Kaspersky estimated the cost of a supply chain software attack on a company at $1.4 million. This does not take into account the lost revenue due to additional downtime incurred during remediation, which can significantly increase costs (to the extent of thousands until millions of dollars) and damage a company’s reputation.
“Beyond security concerns, the impact of SaaS attacks on the supply chain is at the top of business priorities in light of the growing number of high-profile SaaS delivery breaches over the past two years,” Matichin said. “These breaches can expose multiple interconnected SaaS applications for a single organization and threaten the mission-critical data stored in those applications. This risk to business objectives, as well as business continuity and efficiency due to the significant impact these breaches have on SaaS usage, should be top-of-mind for the C-suite.”
Tel Aviv-based Valence competes with a number of vendors in the supply chain’s SaaS app security space, including Canonic Security, Atmosec (which raised $6 million), Astrix Security ($15 million), Wing Security ($26 million). million), AppOmni ($123 million), Obsidian Security ($119.5 million), and Adaptive Shield ($34 million). When asked if that worries him, Matichin responded by highlighting what he sees as a growing need for visibility and control over SaaS assets and remediation of the risks.
“As remote working conditions accelerated the adoption and adoption of SaaS applications, a unique and unaddressed risk surface revealed a growing need for SaaS security solutions targeting the vast SaaS mesh,” said Matichin. “In this regard, Valence was strongly positioned to address the unique security and business needs at the height of the pandemic, [and] Valence will continue to set the standard for SaaS security going forward.”
Matichin did not disclose the size of Valence’s customer base or projected revenue. But even if it’s lower than the company’s closest competitors, VCs seem ready and willing to throw their weight behind security vendors. In the first half of 2022, $12.5 billion of venture capital was invested in more than 530 deals, according to to a report from investment firm Momentum Cyber — in line with the $12.6 billion invested in H1 2021.