Personal blog of Yzmir Ramirez

APIs make the world go round in tech, but that also makes them a very key target for bad actors: As doorways into huge data troves and services, malicious hackers spent a lot of time looking for ways to pick their locks or just force them open when they’re closed, in order to access that information. And a lot of recent security breaches stemming from API vulnerabilities (see here, here and here for just a few) show just how real and current the problem is.

Today, a company that’s building a network of services to help those using and producing APIs to identify and eradicate those risks is announcing a round of funding to meet a growing demand for its services. Salt Security, which provides AI-based technology to identify issues and stop attacks across the whole of your API library, has closed $70 million in funding, money that it will be using both to meet current demand but also continue building out its technology for a wider set of services and use cases for API management.

The funding is being led by Advent International, by way of Advent Tech, with Alkeon Capital, DFJ Growth and previous backers Sequoia Capital, Tenaya Capital, S Capital VC and Y Combinator all also participating.

Salt, founded in Israel and now active globally, is not disclosing valuation, but I understand from a reliable source that it is in the region of $600-700 million.

As with many of the funding rounds that seem to be getting announced these days, this one is coming on the heels of both another recent round, as well as strong growth. Salt has raised $131 million since 2016, but nearly all of that — $120 million, to be exact — has been raised in the last year.

Part of the reason for that is Salt’s performance: In the last 12 months, it’s seen revenue grow 400% (with customers including a range of Fortune 500 and other large businesses in the financial services, retail and SaaS sectors like Equinix, Finastra, TripActions, Armis and DeinDeal); headcount grow 160%; and, perhaps most importantly, API traffic on its network grow 380%.

That growth in API traffic underscores the issue that Salt is tackling. Companies these days use a variety of APIs — some private, some public — in their tech stack as a way to interface with other businesses and run their services. APIs are a huge part of how the internet and digital services operate, with Akamai estimating that as much as 83% of all IP traffic is API traffic.

The problem, Roey Eliyahu, CEO and co-founder of Salt Security, told me, is that this usage has outpaced how well many manage those APIs.

“How APIs have evolved is very different to how developers used APIs years ago,” he said. “Before, there were very few, and you could say they were more manageable, and they contained less-sensitive data, and there were very few changes and updates made to them,” he said. “Today with the pace of development, not only are they always getting updated, but you have thousands of them now touching crown jewels of the company.”

This has made them a prime target for malicious hackers. Eliyahu notes Gartner stats that predict that by 2022, APIs will make up the largest attack vector in cybercrime.

Salt’s approach starts with taking stock of a whole network and doing a kind of spring clean to find all the APIs that might be used or abused.

“Companies don’t know how many APIs they even have,” Eliyahu said, noting that some 40%-80% of the APIs in existence for a typical company’s data are not even in active operation, lying there as “shadow APIs” for someone to pick up and misuse.

It then looks at what vulnerabilities might inadvertently be contained in this mix and makes suggestions for how to alter them to fix that. After this, it also monitors how they are used in order to stop attacks as they happen. The third of these also involves remediation “insights”, but carrying out the remediation is done by third parties at the moment, Eliyahu said. All of this is done through Salt’s automated, AI-based, flagship Salt Security API Protection Platform.

There are a number of competitors in the same space as Salt, including Ping, and newer players like Imvision and 42Crunch (which raised funding earlier this month), and the list is likely to grow as not just other API management companies get deeper into this huge space, but cybersecurity companies do, too.

“The rapid proliferation of APIs has dramatically altered the attack surface of applications, creating a major challenge for large enterprises since existing security mechanisms cannot protect against this new threat,” said Bryan Taylor, managing partner and head of Advent’s technology team, in a statement. “We continue to see API security incidents make the news headlines and cause significant reputational risk for companies. As we investigated the API security market, Salt stood out for its multi-year technical lead, significant customer traction and references, and talented team. We look forward to drawing on our deep experience in this sector to partner with Salt in this exciting new chapter.”

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cybersecurity industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organizations still use the same technological approaches they did 10 years ago. The world has changed, but cybersecurity hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cybersecurity industry must rethink its strategy to analyze how credentials are used and stop breaches before they become bigger problems.

It’s all about the credentials

Compromised credentials have long been a primary attack vector, but the problem has only grown worse in the midpandemic world. The acceleration of remote work has increased the attack footprint as organizations struggle to secure their network while employees work from unsecured connections. In April 2020, the FBI said that cybersecurity attacks reported to the organization grew by 400% compared to before the pandemic. Just imagine where that number is now in early 2021.

It only takes one compromised account for an attacker to enter the active directory and create their own credentials. In such an environment, all user accounts should be considered as potentially compromised.

Nearly all of the hundreds of breach reports I’ve read have involved compromised credentials. More than 80% of hacking breaches are now enabled by brute force or the use of lost or stolen credentials, according to the 2020 Data Breach Investigations Report. The most effective and commonly-used strategy is credential stuffing attacks, where digital adversaries break in, exploit the environment, then move laterally to gain higher-level access.

From COVID-19’s curve to election polls, public temperature checks to stimulus checks, 2020 was dominated by numbers — the guiding compass of any self-respecting venture capital investor.

As a VC exclusively focused on investments in Israeli cybersecurity, the numbers that guide us have become some of the most interesting to watch over the course of the past year.

The start of a new year presents the perfect opportunity to reflect on the annual performance of Israel’s cybersecurity ecosystem and prepare for what the next twelve months of innovation will bring. With the global cybersecurity market outperforming this year’s panic-stricken expectations, we carefully combed through the figures to see how Israel’s market, its strongest performer, compared — and predict what it has in store.

The “cyber nation” not only remained strong throughout the pandemic, but even saw a rise in fundraising, especially around application and cloud security, following the emergence of remote workflow security gaps brought on by social distancing. Encouraged by this, investors have demonstrated committed enthusiasm to its growth and M&A landscape.

Emboldened by the sector’s overall strength and new opportunities, today’s Israeli visionaries are developing stronger convictions to build larger companies; many of them, already successful entrepreneurs, are making their own bets in the industry as serial entrepreneurs and angel investors.

Image Credits: YL Ventures (opens in a new window)

The numbers also reveal how investors are increasingly concentrating their funds on larger seed rounds for serial entrepreneurs and the foremost industry trends. More than $2.75 billion was poured into the industry this year to back companies across all stages, a 97% increase from last year’s $1.39 billion. If its long-term slope is any indication, we can only expect it to continue to grow.

However, though they clearly indicate progress, the numbers still make the need for a demographic reset clear. Like the rest of the industry, Israel’s cybersecurity ecosystem must adapt to the pace of change set out by this year’s social movements, and the time has long passed for true diversity and gender representation in cybersecurity leadership.

Seed rounds reveal fascinating shifts

As the market’s biggest leaders garner experience and expertise, the bar for entry to Israel’s cybersecurity startup ecosystem has gradually risen over the years. However, this did not appear to impact this year’s entrepreneurial breakthroughs. 58% of Israel’s newly founded cybersecurity companies received seed rounds this year, totaling 64 seeded companies in 2020 compared with last year’s 61. The total number of newly founded companies increased by 5%, reversing last year’s downward trend.

The amount invested at seed hit an all-time high as average deal size in 2020 increased by 11%, amounting to an average of $5.2 million per deal. This continues an upward trend in average seed rounds, which have surged over the last four years due to sizable year-on-year increases. It also provides further support for a shift toward higher caliber seed rounds with a strategically focused and “all-in” approach. In other words, founders that meet the new bar for entry are raising bigger rounds for more ambitious visions.

Image Credits: YL Ventures

Where is the money going?

2020 proved an exceptional year for application security and cloud security startups. Perhaps the runaway successes of Snyk and Checkmarx left strong impressions. This year saw an explosive 140% increase in application security company seed investments (such as Enso Security, build.security and CloudEssence), as well as a whopping 200% increase in cloud security seed investments (like Solvo and DoControl), from last year.

Now more than ever, IT teams play a vital role in keeping their businesses running smoothly and securely. With all of the assets and data that are now broadly distributed, a CEO depends on their IT team to ensure employees remain connected and productive and that sensitive data remains protected.

CEOs often visualize and measure things in terms of dollars and cents, and in the face of continuing uncertainty, IT — along with most other parts of the business — is facing intense scrutiny and tightening of budgets. So, it is more important than ever to be able to demonstrate that they’ve made sound technology investments and have the agility needed to operate successfully in the face of continued uncertainty.

Here are five questions that IT teams should be ready to answer when their CEO comes calling:

What have we spent our money on?

Or, more specifically, exactly how many assets do we have? And, do we know where they are? While these seem like basic questions, they can be shockingly difficult to answer … much more difficult than people realize. The last several months in the wake of the COVID-19 outbreak have been the proof point.

With the mass exodus of machines leaving the building and disconnecting from the corporate network, many IT leaders found themselves guessing just how many devices had been released into the wild and gone home with employees.

One CIO we spoke to estimated they had “somewhere between 30,000 and 50,000 devices” that went home with employees, meaning there could have been up to 20,000 that were completely unaccounted for. The complexity was further compounded as old devices were pulled out of desk drawers and storage closets to get something into the hands of employees who were not equipped to work remotely. Companies had endpoints connecting to corporate network and systems that they hadn’t seen for years — meaning they were out-of-date from a security perspective as well.

This level of uncertainty is obviously unsustainable and introduces a tremendous amount of security risk. Every endpoint that goes unaccounted for not only means wasted spend but also increased vulnerability, greater potential for breach or compliance violation, and more. In order to mitigate these risks, there needs to be a permanent connection to every device that can tell you exactly how many assets you have deployed at any given time — whether they are in the building or out in the wild.

Are our devices and data protected?

Device and data security go hand in hand; without the ability to see every device that is deployed across an organization, it becomes next to impossible to know what data is living on those devices. When employees know they are leaving the building and going to be off network, they tend to engage in “data hoarding.”

IT security software company Ivanti has acquired two security companies: enterprise mobile security firm MobileIron, and corporate virtual network provider Pulse Secure.

In a statement on Tuesday, Ivanti said it bought MobileIron for $872 million in stock, with 91% of the shareholders voting in favor of the deal; and acquired Pulse Secure from its parent company Siris Capital Group, but did not disclose the buying price.

The deals have now closed.

Ivanti was founded in 2017 after Clearlake Capital, which owned Heat Software, bought Landesk from private equity firm Thoma Bravo, and merged the two companies to form Ivanti. The combined company, headquartered in Salt Lake City, focuses largely on enterprise IT security, including endpoint, asset, and supply chain management. Since its founding, Ivanti went on to acquire several other companies, including U.K.-based Concorde Solutions and RES Software.

If MobileIron and Pulse Secure seem familiar, both companies have faced their fair share of headlines this year after hackers began exploiting vulnerabilities found in their technologies.

Just last month, the U.K. government’s National Cyber Security Center published an alert that warned of a remotely executable bug in MobileIron, patched in June, allowing hackers to break into enterprise networks. U.S. Homeland Security’s cybersecurity advisory unit CISA said that the bug was being actively used by advanced persistent threat (APT) groups, typically associated with state-backed hackers.

Meanwhile, CISA also warned that Pulse Secure was one of several corporate VPN providers with vulnerabilities that have since become a favorite among hackers, particularly ransomware actors, who abuse the bugs to gain access to a network and deploy the file-encrypting ransomware.

Financial crime as a wider category of cybercrime continues to be one of the most potent of online threats, covering nefarious activities as diverse as fraud, money laundering and funding terrorism. Today, one of the startups that has been building data intelligence solutions to help combat that is announcing a fundraise to continue fueling its growth.

Ripjar, a U.K. company founded by five data scientists who previously worked together in British intelligence at the Government Communications Headquarters (GCHQ, the U.K.’s equivalent of the NSA), has raised $36.8 million (£28 million) in a Series B, money that it plans to use to continue expanding the scope of its AI platform — which it calls Labyrinth — and scaling the business.

Labyrinth, as Ripjar describes it, works with both structured and unstructured data, using natural language processing and an API-based platform that lets organizations incorporate any data source they would like to analyse and monitor for activity. It automatically and in real time checks these against other data sources like sanctions lists, politically exposed persons (PEPs) lists and transaction alerts.

Sources close to the company say that the funding values the startup in the region of £100 million, or about $127 million. Ripjar is currently profitable, the company confirmed.

The funding is being led by Long Ridge Equity Partners, a specialist fintech investor, with previous investors Winton Capital Ltd. and Accenture plc also participating. Accenture is a strategic partner: the consultancy/systems integrator uses Ripjar’s tech to work with a number of clients in the financial services sector. Ripjar also has government clients, where its platform is used for counterterrorism work. It declined to disclose any specific names, but it does note that its extensive partner list also includes the likes of PWC, BAE Systems, Dow Jones and more.

“We are excited to partner with Long Ridge who bring expertise and resources in scaling fast-growing software companies,” said Jeremy Annis, who is both the CEO and CTO of Ripjar and co-founded the company with Tom Griffin, Leigh Jones, Robert Biggs and Jeremy Laycock. “This investment signals enormous confidence in our world-leading data intelligence technology and ability to protect companies and governments from criminal behaviour which threatens their assets and prosperity. With this funding, we will accelerate the expansion of Ripjar worldwide to provide our customers with the most advanced financial crime solutions, as well as creating new iterations of the Labyrinth platform.”

The startup says that it’s had its biggest year yet — no surprise, given the circumstances. Not only has there been huge shift to online transactions in 2020 because of the rise of the COVID-19 global health pandemic, but a tightening of the world economy has led to more financial scrambling and new nefarious activity, as well as criminal acts to profit from the instability.

That’s led to inking deals with six new enterprise customers and expanding deals with four existing major clients, and Ripjar said that it now has some 20,000 clients globally.

And if you are curious about the name, as I was, it’s if anything a meta reference to some of the kind of work that Ripjar does.

“It doesn’t mean anything,” a spokesperson said. “It was created using technology to ensure a name was selected that had never been used before.”

London, as one of the world’s financial centers, has developed a strong reputation for hatching and growing interesting fintech startups, and that has also meant the U.K. — which also has a strong talent base in artificial intelligence — has become very fertile ground for startups building services to help protect those fintechs.

Ripjar’s raise, and rise, come within months of two other companies building AI to combat fraud and financial crime also raising money and growing. In July, ComplyAdvantage, which has also been building a database and platform to help combat financial crime, announced a $50 million raise. And a week before that, another U.K. company also building AI for financial and other cybercrime detection, Quantexa, raised $64.7 million.

Ripjar counts both of these, as well as bigger targets like Palantir, among its competitors. As is most likely, the big institutions that are grappling with financial crime are most likely using several companies’ technology at the same time.

It claims to have the more sophisticated approach. “We believe that Labyrinth is the most advanced solution in the market as we’ve developed it after decades of firsthand experience of fighting crime and terrorism within the national security community,” said David Balson, director of Intelligence at Ripjar, in answer to my question about competitors. “There is no silver bullet in the fight against crime. As such, we’ve had to come up with hundreds of innovations to increase the efficiency and effectiveness of the vital work that goes on in the financial sector and law enforcement. This includes our world-leading natural language processing (NLP) and identity resolution capabilities, which work over any global language and script, joining the dots automatically between structured data and unstructured text like documents, news reports, web pages and intelligence reports. It’s a vital tool to help analysts overcome the information overload that is so often associated with the sector.”

Indeed, the silver bullet reference applies to more than just Ripjar’s technology. With the issue of money laundering alone a $2 trillion problem (with only 1-2% of that ever identified and recovered), you can see why, at least for right now, banks, governments and others might be willing to put multiple resources on the problem to try to tackle it.

“Financial institutions, corporates and government agencies face ever-increasing risks associated with financial crime and cyber threats” said Kevin Bhatt, a managing partner at Long Ridge, in a statement. “We believe Ripjar is well-positioned to provide artificial intelligence solutions that will allow its clients to reduce the cost of compliance, while uncovering new threats through automation. We are incredibly excited to partner with Ripjar to support their continued growth and look forward to working closely with the Ripjar team as they expand to new geographies, customers, and verticals.”

A newly discovered bug in a cloud system used to manage SonicWall firewalls could have allowed hackers to break into thousands of corporate networks.

Enterprise firewalls and virtual private network appliances are vital gatekeepers tasked with protecting corporate networks from hackers and cyberattacks while still letting in employees working from home during the pandemic. Even though most offices are empty, hackers frequently look for bugs in critical network gear in order to break into company networks to steal data or plant malware.

Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network.

But the bug, if exploited, meant any existing user with access to SonicWall’s GMS could create a user account with access to any other company’s network without permission.

From there, the newly created account could remotely manage the SonicWall gear of that company.

In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. Firstly, a would-be attacker would need an existing SonicWall GMS user account. The easiest way — and what Stykas did to independently test the bug — was to buy a SonicWall device.

The second issue was that the would-be attacker would also need to guess a unique seven-digit number associated with another company’s network. But Stykas said that this number appeared to be sequential and could be easily enumerated, one after the other.

Once inside a company’s network, the attacker could deliver ransomware directly to the internal systems of their victims, an increasingly popular tactic for financially driven hackers.

SonicWall confirmed the bug is now fixed. But Stykas criticized the company for taking more than two weeks to patch the vulnerability, which he described as “trivial” to exploit.

“Even car alarm vendors have fixed similar issues inside three days of us reporting,” he wrote.

A SonicWall spokesperson defended the decision to subject the fix to a “full” quality check before it was rolled out, and said it is “not aware” of any exploitation of the vulnerability.

A lot of enterprise cybersecurity efforts focus on malicious hackers that work on behalf of larger organizations, be they criminal groups or state actors — and for good reason, since the majority of incidents these days come from phishing and other malicious techniques that originate outside the enterprise itself.

But there has also been a persistent, and now growing, focus also on “insider threats” — that is, breaches that start from within organizations themselves. And today a startup that specialises in this area is announcing a round of growth funding to expand its reach.

Dtex, which uses machine learning to monitor network activity within the perimeter and around all endpoints to detect unusual patterns or behaviour around passwords, data movement and other network activities, is today announcing that it has raised $17.5 million in funding.

The round is being led by new investor Northgate Capital with Norwest Venture Partners and Four Rivers Group, both previous investors, also participating. Prior to this, the San Jose-based startup had raised $57.5 million, according to data from PitchBook, while CrunchBase puts the total raised at $40 million.

CEO Bahman Mahbod said the startup is not disclosing valuation except to say that it’s “very excited” about it.

For some context, the company works with hundreds of large enterprises, primarily in the financial, critical infrastructure, government and defence sectors. The plan is to now extend further into newer verticals where it’s started to see more activity more recently: pharmaceuticals, life sciences and manufacturing. Dtex says that over the past 12 months, 80% of its top customers have been increasing their level of engagement with the startup.

Dtex’s focus on “insider” threats sounds slightly sinister at first. Is the implication here that people are more dishonest and nefarious these days and thus need to be policed and monitored much more closely for wrongdoing? The answer is no. There are no more dishonest people today than there ever have been, but there are a lot more opportunities to make mistakes that result in security breaches.

The working world has been on a long-term trend of becoming increasingly digitised in all of its interactions, and bringing on a lot more devices onto those networks. Across both “knowledge” and front-line workers, we now have a vastly larger number of devices being used to help workers do their jobs or just keep in touch with the company as they work, with many of them being brought by the workers themselves rather than being provisioned by the companies. There has also been a huge increase in cloud services,

And in the realm of “knowledge” workers, we’re seeing a lot more remote or peripatetic working, where people don’t have fixed desks and often work outside the office altogether — something that has skyrocketed in recent times with stay-at-home orders put in place to mitigate the spread of COVID-19 cases.

All of this translates into a much wider threat “horizon” within organizations themselves, before even considering the sophistication of external malicious hackers.

And the current state of business has exacerbated that. Mahbod tells us that Dtex is currently seeing spikes in unusual activity from the rise in home workers, who sometimes circumvent VPNs and other security controls, thus committing policy violations; as well as more problems arising from the fact that home networks have been compromised and that is leaving work networks, accessed from home, more vulnerable. These started, he said, with COVID-19 phishing attacks but have progressed to undetected malware from drive-by downloads.

And, inevitably, he added that there has been a rise in intentional data theft and accidental loss arising in cases where organizations have had to lay people off or run a round of furloughs, but might still result from negligence rather than intentional actions.

There are a number of other cybersecurity companies that provide ways to detect insider threats — they include CloudKnox and Obsidian Security, along with a number of larger and established vendors. But Mabhod says that Dtex “is the only company with ‘next-generation’ capabilities that are cloud-first, AI/ML baked-in, and enterprise scalable to millions of users and devices, which it sells as DMAP+.

“Effectively, Next-Gen Insider Threat solutions must replace legacy Insider Threat point solutions which were borne out of the UAM, DLP and UEBA spaces,” he said.

Those providing legacy approaches of that kind include Forcepoint with its SureView product and Proofpoint with its ObserveIT product. Interestingly, CyberX, which is currently in the process of getting acquired by Microsoft (according to reports and also our sources), also includes insider threats in its services.

This is one reason why investors have been interested.

“Dtex has built a highly scalable platform that utilizes a cloud-first, lightweight endpoint architecture, offering clients a number of use cases including insider threat prevention and business operations intelligence,” said Thorsten Claus, partner, Northgate Capital, in a statement. Northgate has a long list of enterprise startups in its portfolio that represent potential customers but also a track record of experience in assessing the problem at hand and building products to address it. “With Dtex, we have found a fast-growing, long-term, investible operation that is not just a band-aid collection of tools, which would be short-lived and replaced.”

As cybercrime continues to evolve and expand, a startup that is building a business focused on endpoint security has raised a big round of funding. SentinelOne — which provides a machine learning-based solution for monitoring and securing laptops, phones, containerised applications and the many other devices and services connected to a network — has picked up $200 million, a Series E round of funding that it says catapults its valuation to $1.1 billion.

The funding is notable not just for its size but for its velocity: it comes just eight months after SentinelOne announced a Series D of $120 million, which at the time valued the company around $500 million. In other words, the company has more than doubled its valuation in less than a year — a sign of the cybersecurity times.

This latest round is being led by Insight Partners, with Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of Vista Equity Partners, Third Point Ventures and other undisclosed previous investors all participating.

Tomer Weingarten, CEO and co-founder of the company, said in an interview that while this round gives SentinelOne the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he added. “We have one to two years of growth left as a private company.”

While cybercrime is proving to be a very expensive business (or very lucrative, I guess, depending on which side of the equation you sit on), it has also meant that the market for cybersecurity has significantly expanded.

Endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

Driving it is the single biggest trend that has changed the world of work in the last decade. Everyone — whether a road warrior or a desk-based administrator or strategist, a contractor or full-time employee, a front-line sales assistant or back-end engineer or executive — is now connected to the company network, often with more than one device. And that’s before you consider the various other “endpoints” that might be connected to a network, including machines, containers and more. The result is a spaghetti of a problem. One survey from LogMeIn, disconcertingly, even found that some 30% of IT managers couldn’t identify just how many endpoints they managed.

“The proliferation of devices and the expanding network are the biggest issues today,” said Weingarten. “The landscape is expanding and it is getting very hard to monitor not just what your network looks like but what your attackers are looking for.”

This is where an AI-based solution like SentinelOne’s comes into play. The company has roots in the Israeli cyberintelligence community but is based out of Mountain View, and its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go — in a product that it calls its Singularity Platform that works across the entire edge of the network.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

SentinelOne is by no means the only company working in the space of endpoint protection. Others in the space include Microsoft, CrowdStrike, Kaspersky, McAfee, Symantec and many others.

But nonetheless, its product has seen strong uptake to date. It currently has some 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with what it says has been 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. It has 500 employees today and plans to hire up to 700 by the end of this year.

One of the key differentiators is the focus on using AI, and using it at scale to help mitigate an increasingly complex threat landscape, to take endpoint security to the next level.

“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, managing director of Insight Partners, in a statement. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”

Weingarten said that SentinelOne “gets approached every year” to be acquired, although he didn’t name any names. Nevertheless, that also points to the bigger consolidation trend that will be interesting to watch as the company grows. SentinelOne has never made an acquisition to date, but it’s hard to ignore that, as the company to expand its products and features, that it might tap into the wider market to bring in other kinds of technology into its stack.

“There are definitely a lot of security companies out there,” Weingarten noted. “Those that serve a very specific market are the targets for consolidation.”

The amount of data that most companies now store — and the places they store it — continues to increase rapidly. With that, the risk of the wrong people managing to get access to this data also increases, so it’s no surprise that we’re now seeing a number of startups that focus on protecting this data and how it flows between clouds and on-premises servers. Satori Cyber, which focuses on data protecting and governance, today announced that it has raised a $5.25 million seed round led by YL Ventures.

“We believe in the transformative power of data to drive innovation and competitive advantage for businesses,” the company says. “We are also aware of the security, privacy and operational challenges data-driven organizations face in their journey to enable broad and optimized data access for their teams, partners and customers. This is especially true for companies leveraging cloud data technologies.”

Satori is officially coming out of stealth mode today and launching its first product, the Satori Cyber Secure Data Access Cloud. This service provides enterprises with the tools to provide access controls for their data, but maybe just as importantly, it also offers these companies and their security teams visibility into their data flows across cloud and hybrid environments. The company argues that data is “a moving target” because it’s often hard to know how exactly it moves between services and who actually has access to it. With most companies now splitting their data between lots of different data stores, that problem only becomes more prevalent over time and continuous visibility becomes harder to come by.

“Until now, security teams have relied on a combination of highly segregated and restrictive data access and one-off technology-specific access controls within each data store, which has only slowed enterprises down,” said Satori Cyber CEO and co-founder Eldad Chai. “The Satori Cyber platform streamlines this process, accelerates data access and provides a holistic view across all organizational data flows, data stores and access, as well as granular access controls, to accelerate an organization’s data strategy without those constraints.”

Both co-founders (Chai and CTO Yoav Cohen) previously spent nine years building security solutions at Imperva and Incapsula (which acquired Imperva in 2014). Based on this experience, they understood that onboarding had to be as easy as possible and that operations would have to be transparent to the users. “We built Satori’s Secure Data Access Cloud with that in mind, and have designed the onboarding process to be just as quick, easy and painless. On-boarding Satori involves a simple host name change and does not require any changes in how your organizational data is accessed or used,” they explain.