Silverfort, the Israeli/U.S. startup, takes an all-in view when it comes to identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new apps can all be targets, and they can be exploited at any of the many points where they interact with each other. So the best way to protect against malicious exploits is to secure identity authentication between any and all of them.
That thesis has been getting proven out and tested by businesses, and the startup says it is now currently signing them up as customers at a rate of 100 per quarter. Revenues meanwhile are growing at 100% annually with ARR in the tens of millions of dollars. All that has caught the eye of investors, and now, Silverfort has raised $116 million to expand at a what reliable sources tell me is “around” a $1 billion valuation.
“We believe we can actually be that focused identity security layer that covers all the silos,” CEO and co-founder Hed Kovetz said in an interview.
Brighton Park Capital is leading the all-equity round, with previous backers — a mix of strategic and financial investors — participating. They include Acrew Capital, Greenfield Partners, Citi Ventures, General Motors Ventures, Maor Investments, Vintage Investment Partners and Singtel Innov8.
As those familiar with security technology know, the space can be sliced and diced into many different domains and approaches. Identity has emerged as one of the more interesting of these in recent years, not least because of the growth of cloud architecture, which has made it possible to build not only more business software and apps, but also a whole new frontier of interactivity between those different products to make them, and workers, more dynamic and productive.
“In general, we are seeing an increase in identity in attacks,” Kovetz said. “I think that every ransomware attack, which is you know a huge issue, is leveraging identity. Someone might call you and try to tell you that they are from the help desk, or fool you into giving them your password. They try to take your credentials, so that they can log in on your behalf to the company network. And then they’re using that identity to spread inside the network.” He added that its team has seen this route used “in almost every big data breach and with every ransomware attack.”
Silverfort, he said, just recently stopped what he described as a “huge attack” recently on a U.S. Fortune 500 company, carried out by one of the dangerous groups out there, the one that carried out the attacks last year against the MGM and other casinos. “Identity has really became the go-to attack vector for hackers. They know that this is the weak point.”
Each point of interactivity essentially involves authentication between apps and therein lies the challenge: Each of these can become a potential vulnerability. Given that even more authentication is carried out in an automated way, and that vulnerabilities can be created inadvertently even through the most innocent code ship, this creates a large, and difficult to monitor, attack surface.
Ironically, often the most disruptive technologies are the products that slip into usage easily, asking little of users to work. That is somewhat the case with Silverfort, which is designed to work with any current ID management products that an organization might already use. Silverfort essentially fits in around these, taking a snapshot of the bigger network, which covers not just workers but also machines and apps, and then provides observation around the bigger landscape, tracking unusual activity and responding to it, specifically threat detection and response (ITDR) and identity threat prevention (ITP) capabilities.
As we’ve described it previously, the aim is not to build another ID platform to replace or compete with, say, Okta, or anything else. It’s to “sit behind all the other platforms” in Kovetz’s words.
“We believe that the market is decoupling between identity infrastructure and identity security, and we want to be the market leader of security,” he said in an interview this month.
The other platforms work, or integrate, by forwarding authentication alerts to Silverfort, which then provides “a second opinion” in authenticating a user, or a machine. The all-in approach also, critically, covers legacy apps and end points, which is a hard reality of the promise of “digital transformation”: Most businesses will not be ripping old systems and hardware out, but replacing it over time.
“Silverfort is one of the rare companies that has successfully envisioned how a large market will need to transform to solve a tough problem — in this case, identity security,” said Mike Gregoire, a partner at Brighton Park Capital, in a statement. “The company has a track record of building innovative products at scale that exceed customer expectations, combined with excellent go-to-market execution. Silverfort’s deep market expertise and vision for the identity security market, as well as their ability to build a winning team and culture, are second to none.” Gregoire is a former CEO of CA Technologies and Taleo, and he is joining Silverfort’s board with this round.