Monad emerges from stealth with $17M to solve the cybersecurity big data problem

Cloud security startup Monad, which offers a platform for extracting and connecting data from various security tools, has launched from stealth with $17 million in Series A funding led by Index Ventures. 

Monad was founded on the belief that enterprise cybersecurity is a growing data management challenge, as organizations try to understand and interpret the masses of information that’s siloed within disconnected logs and databases. Once an organization has extracted data from their security tools, Monad’s Security Data Platform enables them to centralize that data within a data warehouse of choice, and normalize and enrich the data so that security teams have the insights they need to secure their systems and data effectively.

“Security is fundamentally a big data problem,” said Christian Almenar, CEO and co-founder of Monad. “Customers are often unable to access their security data in the streamlined manner that DevOps and cloud engineering teams need to build their apps quickly while also addressing their most pressing security and compliance challenges. We founded Monad to solve this security data challenge and liberate customers’ security data from siloed tools to make it accessible via any data warehouse of choice.”

The startup’s Series A funding round, which was also backed by Sequoia Capital, brings its total amount of investment raised to  $19 million and comes 12 months after its Sequoia-led seed round. The funds will enable Monad to scale its development efforts for its security data cloud platform, the startup said.

Monad was founded in May 2020 by security veterans Christian Almenar and Jacolon Walker. Almenar previously co-founded serverless security startup Intrinsic which was acquired by VMware in 2019, while Walker served as CISO and security engineer at OpenDoor, Collective Health, and Palantir.

#big-data, #cloud-computing, #cloud-infrastructure, #computer-security, #computing, #data-management, #data-warehouse, #devops, #funding, #information-technology, #intrinsic, #opendoor, #palantir, #security, #security-tools, #sequoia-capital, #serverless-computing, #technology, #vmware

Insider hacks to streamline your SOC 3 certification application

If you’re a tech company offering anyone a service, somewhere in your future is a security assessment giving you the seal of approval to manage clients’ data and operate on your devices. No one takes security lightly anymore. The business costs of cyberattacks have now hit an all-time high. Government bodies, companies and consumers need the assurance that the next software they download isn’t going to be an open door for hackers.

For good reason, security certifications like the SOC 3 really put you through the wringer. My company, Waydev, has just attained the SOC 3 certification, becoming one of the first development analytics tools to receive that accreditation. We learned so much from the process, we felt it was right to share our experience with others that might be daunted by the prospect.

As a non-tech founder, it was hard not only to navigate the process, but to appreciate its value. But by putting our business caps on, our team was able to optimize our approach and minimize the time and effort needed to achieve our goal. In doing so, we were granted SOC 3 compliance in two weeks, as opposed to the two months it takes some companies.

We also turned the assessment into an opportunity to better our product, align our internal teams, boost our brand and even launch partnerships.

So here’s our advice on how teams can smoothly reach an SOC 3 while simultaneously balancing workloads and minimizing disruption to users.

First, bring your teams on board

Because we can’t expect employees to stack those hours on top of their regular workdays, as a leader you have to accept — and communicate — that the speed of your output will inevitably decrease.

As a founder, you’ll be acting as captain steering a ship into that SOC 3 port, and you’ll need all members of your crew to join forces. This isn’t a job for a specially designated security team alone and will require deep involvement from your development and other teams, too. That might lead to internal resistance, as they still have a full-time job tending to your product and customers.

That’s why it’s so important to start by being crystal clear with your employees about what this process will mean to their work lives. However, they have to embrace the true benefits that will arise. SOC 3 will immediately raise your brand’s appeal and likely see new customers come in as a result.

Each employee will also come out the other end with well-honed cybersecurity skills — they’ll have a deep understanding of potential cyber threats to the company, and all security initiatives will carry a far lighter burden. There’s also the sense of pride and fulfillment that comes with having an indisputable edge over your competitors.

#column, #computer-security, #cryptography, #cyberwarfare, #data-security, #ec-column, #ec-cybersecurity, #ec-how-to, #security, #security-tools, #startups

To guard against data loss and misuse, the cybersecurity conversation must evolve

Data breaches have become a part of life. They impact hospitals, universities, government agencies, charitable organizations and commercial enterprises. In healthcare alone, 2020 saw 640 breaches, exposing 30 million personal records, a 25% increase over 2019 that equates to roughly two breaches per day, according to the U.S. Department of Health and Human Services. On a global basis, 2.3 billion records were breached in February 2021.

It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.

Conventional DLP solutions are built on a castle-and-moat framework in which data centers and cloud platforms are the castles holding sensitive data. They’re surrounded by networks, endpoint devices and human beings that serve as moats, defining the defensive security perimeters of every organization. Conventional solutions assign sensitivity ratings to individual data assets and monitor these perimeters to detect the unauthorized movement of sensitive data.

It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.

Unfortunately, these historical security boundaries are becoming increasingly ambiguous and somewhat irrelevant as bots, APIs and collaboration tools become the primary conduits for sharing and exchanging data.

In reality, data loss is only half the problem confronting a modern enterprise. Corporations are routinely exposed to financial, legal and ethical risks associated with the mishandling or misuse of sensitive information within the corporation itself. The risks associated with the misuse of personally identifiable information have been widely publicized.

However, risks of similar or greater severity can result from the mishandling of intellectual property, material nonpublic information, or any type of data that was obtained through a formal agreement that placed explicit restrictions on its use.

Conventional DLP frameworks are incapable of addressing these challenges. We believe they need to be replaced by a new data misuse protection (DMP) framework that safeguards data from unauthorized or inappropriate use within a corporate environment in addition to its outright theft or inadvertent loss. DMP solutions will provide data assets with more sophisticated self-defense mechanisms instead of relying on the surveillance of traditional security perimeters.

#bridgecrew, #cloud-computing, #collaboration-tools, #column, #computer-security, #cryptography, #data-management, #dlp, #ec-column, #ec-cybersecurity, #ec-enterprise-applications, #enterprise, #security, #security-tools, #stacklet, #startups

Cybersecurity startup Panaseer raises $26.5M Series B led AllegisCyber Capital

Panaseer, which takes a data science approach to cybersecurity, has raised $26.5 million in a Series B funding led by AllegisCyber Capital. Existing investors, including Evolution Equity Partners, Notion Capital, AlbionVC, Cisco Investments and Paladin Capital Group, as well as new investor, National Grid Partners also participated. Panaseer has now raised $43m to date.

Panaseer’s special sauce and sales pitch amount to what it calls ‘Continuous Controls Monitoring’ (CCM). In plainer English that means correlating a great deal of data from all available security tools to check assets, control gaps, you name it.

As a result, the company says it can identify zero-day and other exposures faster, or exposure to, say, FireEye or SolarWinds vulnerabilities.

Jonathan Gill, CEO, Panaseer said: “Most enterprises have the tools and capability to theoretically prevent a breach from occurring. However, one of the key reasons that breaches occur is that there is no technology to monitor and react to failed controls. CCM continuously validates and measures levels of protection and provides notifications of failures. Ultimately, CCM enables these failures to be fixed before they become security incidents.”

Speaking to me on a call he added: “The investment, allows us to scale our organization to meet those demands of customers with a team of people to implement the platform and help them get tremendous value and to evolve the product. To add more and more capability to that technology to support more and more use cases. So they’re the two main directions, and there’s a market we think of 10s of 1000s of organizations of a certain size, who are regulated or they have assets worth protecting and a level of complexity that makes it difficult to solve the problem themselves. And our Advisory Board and the customers I’ve spoken with think maybe there are barely 20 companies in the world who can solve this problem. And everybody else gets stuck on the fact that it’s a really difficult data science problem to solve. So we want to scale that and take that to more organizations.”

And why did they pick these investors: “I think we picked them and they picked us, we’ve been on that journey together. It takes months to find the best combination. The dollars are all the same when it comes to investors, but I think they can help improve as an organization and grow just like the existing investors do. They give us access and reach into parts of the market and help make us better as organizations as well.”

Bob Ackerman, founder and managing director of AllegisCyber Capital, and co-founder of DataTribe said: ‘The emergence of Continuous Controls Monitoring as a new cybersecurity category demonstrates a ‘coming of age’ for cybersecurity. Cyber is the existential threat to the global digital economy. All levels of the enterprise, from the CISO, to Chief Risk Officer, to the Board of Directors are demanding comprehensive visibility, transparency and hard metrics to assess cyber situational awareness.”

#advisory-board, #albionvc, #ceo, #cisco-investments, #co-founder, #computer-security, #computing, #cybercrime, #cyberwarfare, #europe, #evolution-equity-partners, #fireeye, #information-technology, #national-grid-partners, #network-management, #notion-capital, #paladin-capital-group, #security-tools, #solarwinds, #system-administration, #tc

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronin Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

#access-management, #agile-software-development, #aws, #bitbucket, #checkmarx, #continuous-integration, #cycode, #devops, #enterprise, #funding, #fundings-exits, #github, #gitlab, #insight-partners, #israel, #jenkins, #recent-funding, #security, #security-tools, #software-development, #software-engineering, #startups, #tc, #united-states, #version-control, #yl-ventures

Tines raises $26M Series B for its no-code security automation platform

Tines, a no-code automation platform co-founded by two senior cybersecurity operators, today announced that it has raised a $26 million Series B funding round led by Addition. Existing investors Accel and Blossom Capital participated in this round, which also includes strategic investments from CrowdStrike and Silicon Valley CISO Investments. After this round, which brings the total funding in the company to $41.1 million, Tines is now valued at $300 million.

Given that Tines co-founders Eoin Hinchy and Thomas Kinsella were both in senior security roles at DocuSign before they left to start their own company in 2018, it’s maybe no surprise that the company’s platform launched with a strong focus on security operations. As such, it combines security orchestration and robotic process automation with a low-code/no-code user interface.

“Tines is on a mission to allow frontline employees to focus on more business-critical tasks and improve their wellbeing by reducing the burden of ‘busy work’ by helping automate any manual workflow and making existing teams more efficient, effective, and engaged,” the company notes in today’s announcement.

The idea here is to free analysts from spending time on routine repetitive tasks and allow them to focus on those areas where they can have the most impact. The tools features pre-configured integrations with a variety of business and security tools, but for more sophisticated users, it also features the ability to hook into virtually any API.

Image Credits: Tines

The company argues that even non-technical employees should be able to learn the ins and outs of its platform within about three hours (sidenote: it’s nice to see a no-code platform acknowledge that users will actually need to spend some time with it before they can become productive).

“If software is eating the world, automation is eating the enterprise,” Hinchy said. “Yet, the majority of progress in this space still requires non-technical teams to depend on software engineers to implement their automation. Other platforms are generally either too hard to use, not flexible enough or not sufficiently robust for mission-critical workflows like cybersecurity. Tines empowers enterprise teams to automate any of their own manual workloads independently, making their jobs more rewarding while simultaneously delivering enormous value for their organizations.”

Current Tines customers include the likes of Box, Canva, OpenTable and Sophos.

The company, which was founded in Dublin, Ireland and recently opened an office in Boston, plans to use the new funding to double its 18-person team in order to support its product growth.

“Tines has quickly established itself as a market leader in enterprise automation,” said Lee Fixel, founder of Addition. “We look forward to supporting Eoin and the Tines team as they continue to scale the business and enhance their product — which is beloved by their unmatched customer base.”

Image Credits: Tines

#addition, #api, #automation, #boston, #box, #business, #business-process-automation, #canva, #crowdstrike, #docusign, #dublin, #ireland, #lee-fixel, #low-code, #market-leader, #no-code, #opentable, #recent-funding, #security, #security-tools, #silicon-valley-ciso-investments, #sophos, #startups, #tc, #tines, #tools

Spectral raises $6.2M for its DevSecOps service

Tel Aviv-based Spectral is bringing its new DevSecOps code scanner out of stealth today and announcing a $6.2 million funding round. The startup’s programming language-agnostic service aims to automated code security development teams to help them detect potential security issues in their codebases and logs, for example. Those issues could be hardcoded API keys and other credentials, but also security misconfiguration and shadow IT assets.

The four-person founding team has a deep background in building AI, monitoring and security tools. CEO Dotan Nahum was a Chief Architect at Klarna and Conduit (now Como, though you may remember Conduit from its infamous toolbar that was later spun off), and the CTO at Como and HiredScore, for example. Other founders worked on building monitoring tools at Elastic and HP and on security at Akamai. As Nahum told me, the idea for Spectral came to him and co-founder and COO Idan Didi during their shared time at mobile application build Conduit/Como.

Image Credits: Spectral

“We basically stored certificates for every client that we had, so we could submit their apps to the various marketplaces,” Nahum told me of his experience at Counduit/Como. “That certificate really proves that you are who you are and it’s super sensitive. And at each point at these companies, I really didn’t have the right tools to actually make sure that we’re storing, handling, detecting [this information] and making sure that it doesn’t leak anywhere.”

Nahum decided to quit his current job and started to build a prototype to see if he could build a tool that could solve this problem (and his work on this prototype quickly discovered an issue at Slack). And as enterprises move from on-premises software to the cloud and to microservices and DevOps, the need for better DevSecOps tools is only increasing.

“The emphasis is to create a great developer experience,” Nahum noted. “Because that’s where we started from. We didn’t start as a top down cyber tool. We started as a modest DevOps friendly, developer-friendly tool.”

Image Credits: Spectral

One interesting aspect of Spectral’s approach, which uses a machine learning model to detect these breaches across programming languages, is that it also scans public-facing systems. On the backend, Spectral integrates with tools like Travis, Jenkins, CircleCI, Webpack, Gatsby and Netlify, but it can also monitor Slack, npm, maven and log providers — tools that most companies don’t really think about when they think about threat modeling.

“Our solution prevents security breaches on a daily basis,” said Spectral co-founder and COO Idan Didi. “The pain points we’re addressing resonate strongly across every company developing software, because as they evolve from own-code to glue-code to no-code approaches they allow their developers to gain more speed, but they also add on significant amounts of risk. Spectral lets developers be more productive while keeping the company secure.”

The company was founded in mid-2020, but it already has about 15 employees and counts a number of large publicly-listed companies among its customers.

#akamai, #api, #ceo, #computing, #conduit, #cto, #enterprise, #funding, #fundings-exits, #hp, #jenkins, #klarna, #machine-learning, #recent-funding, #security, #security-tools, #startups, #tel-aviv, #travis

Google launches Android Enterprise Essentials, a mobile device management service for small businesses

Google today introduced a new mobile management and security solution, Android Enterprise Essentials, which, despite its name, is actually aimed at small to medium-sized businesses. The company explains this solution leverages Google’s experience in building Android Enterprise device management and security tools for larger organizations in order to come up with a simpler solution for those businesses with smaller budgets.

The new service includes the basics in mobile device management, with features that allow smaller businesses to require their employees to use a lock screen and encryption to protect company data. It also prevents users from installing apps outside the Google Play Store via the Google Play Protect service, and allows businesses to remotely wipe all the company data from phones that are lost or stolen.

As Google explains, smaller companies often handle customer data on mobile devices, but many of today’s remote device management solutions are too complex for small business owners, and are often complicated to get up-and-running.

Android Enterprise Essentials attempts to make the overall setup process easier by eliminating the need to manually activate each device. And because the security policies are applied remotely, there’s nothing the employees themselves have to configure on their own phones. Instead, businesses that want to use the new solution will just buy Android devices from a reseller to hand out or ship to employees with policies already in place.

Though primarily aimed at smaller companies, Google notes the solution may work for select larger organizations that want to extend some basic protections to devices that don’t require more advanced management solutions. The new service can also help companies get started with securing their mobile device inventory, before they move up to more sophisticated solutions over time, including those from third-party vendors.

The company has been working to better position Android devices for use in workplace over the past several years, with programs like Android for Work, Android Enterprise Recommended, partnerships focused on ridding the Play Store of malware, advanced device protections for high-risk users, endpoint management solutions, and more.

Google says it will roll out Android Enterprise Essentials initially with distributors Synnex in the U.S. and Tech Data in the U.K. In the future, it will make the service available through additional resellers as it takes the solution global in early 2021. Google will also host an online launch event and demo in January for interested customers.

#android, #android-enterprise, #device-management, #encryption, #enterprise, #google, #google-play, #google-play-store, #mobile, #mobile-device-management, #mobile-devices, #play-store, #security-tools, #smartphones, #united-states

Lightspeed Venture Partners backs Theta Lake’s video conferencing security tech with $12.7 million

Theta Lake, a provider of compliance and security tools for conferencing software like Cisco Webex, Microsoft Teams, RingCentral, Zoom and others, said it has raised $12.7 million in a new round of funding.

Lightspeed Venture Partners led the round with commitments from Cisco Investments, angel investors from the collaboration and security space, and previous investors, Neotribe Ventures, Firebolt Ventures and WestWave Capital, the company said.

The company’s financing comes as the COVID-19 pandemic has created a surge of demand for remote work conferencing technologies — and services that can ensure the security of those communications.

Citing a Research and Markets report, the company estimates that the market will grow from $8.9 billion in 2019 to $23 billion by the end of this year.

Theta Lake said that the funding would be used to increase its sales and marketing capabilities and for research and development on new product features, according to a statement. 

The company’s tech already uses machine learning to detect security risks in video, visual, voice, chat and document content shared over video and collaboration tools.

As a result of its investment, Arif Janmohamed, a partner at Lightspeed Venture Partners, will join the Theta Lake Board of Directors, the company said. 

“The need for security and compliance solutions that fully cover modern collaboration tools should be obvious to everyone,” said Devin Redmond, Theta Lake’s co-founder and chief executive, in a statement. “That need pre-existed the pandemic, but now is more pressing than ever. The shift from physical work sites and employer-owned networks with tightly managed devices and applications, to a distributed workplace that lives inside your collaboration tools means organizations need new security and compliance coverage that lives inside that new workplace. 

 

#artificial-intelligence, #cisco-investments, #cisco-systems, #collaboration-tools, #companies, #computing, #lightspeed, #lightspeed-venture-partners, #machine-learning, #microsoft, #neotribe-ventures, #partner, #ringcentral, #security-tools, #tc, #telecommunications, #web-conferencing

Contrast launches its security observability platform

Contrast, a developer-centric application security company with customers that include Liberty Mutual Insurance, NTT Data, AXA and Bandwidth, today announced the launch of its security observability platform. The idea here is to offer developers a single pane of glass to manage an application’s security across its lifecycle, combined with real-time analysis and reporting, as well as remediation tools.

“Every line of code that’s happening increases the risk to a business if it’s not secure,” said Contrast CEO and chairman Alan Nauman. “We’re focused on securing all that code that businesses are writing for both automation and digital transformation.”

Over the course of the last few years, the well-funded company, which raised a $65 million Series D round last year, launched numerous security tools that cover a wide range of use cases from automated penetration testing to cloud application security and now DevOps — and this new platform is meant to tie them all together.

DevOps, the company argues, is really what necessitates a platform like this, given that developers now push more code into production than ever — and the onus of ensuring that this code is secure is now also often on that.

Image Credits: Contrast

Traditionally, Nauman argues, security services focused on the code itself and looking at traffic.

“We think at the application layer, the same principles of observability apply that have been used in the IT infrastructure space,” he said. “Specifically, we do instrumentation of the code and we weave security sensors into the code as it’s being developed and are looking for vulnerabilities and observing running code. […] Our view is: the world’s most complex systems are best when instrumented, whether it’s an airplane, a spacecraft, an IT infrastructure. We think the same is true for code. So our breakthrough is applying instrumentation to code and observing for security vulnerabilities.”

With this new platform, Contrast is aggregating information from its existing systems into a single dashboard. And while Contrast observes the code throughout its lifecycle, it also scans for vulnerabilities whenever a developers check code into the CI/CD pipeline, thanks to integrations with most of the standard tools like Jenkins. It’s worth noting that the service also scans for vulnerabilities in open-source libraries. Once deployed, Contrast’s new platform keeps an eye on the data that runs through the various APIs and systems the application connects to and scans for potential security issues there as well.

The platform currently supports all of the large cloud providers like AWS, Azure and Google Cloud, and languages and frameworks like Java, Python, .NET and Ruby.

Image Credits: Contrast

#agile-software-development, #application-security, #cloud-computing, #computing, #devops, #enterprise, #information-technology, #ntt-data, #recent-funding, #security, #security-tools, #software, #startups

GitHub starts publishing a public roadmap

GitHub today announced that it will start publishing a public roadmap to help its users understand when it will ship new features across its various versions of the GitHub code repository and products like GitHub Actions, its mobile app and its security tools.

“What we’re trying to do is provide a way for people to see what’s coming, join in that dialogue and give us feedback and be able to collaborate with us,” GitHub’s SVP of Product Shanku Niyogi told me.

He also noted that as the company’s enterprise business has grown, the need for customers to be able to prepare for what’s coming next has also increased. Until now, GitHub often provided this information to some of its larger customers directly (through good old slide decks), but that same information will now be available to all. To Niyogi, this is essentially about “building GitHub more the way that people build software on GitHub already.”

Image Credits: GitHub

Unsurprisingly then, the roadmap lives in a GitHub repo. Everything will be tagged based on the feature, the product it affects and its development stage. Over time, GitHub plans to attach more artifacts to every item, including screenshots, for example.

The company is also using its own product to give users the ability to give feedback through GitHub’s recently launched Discussions feature, for example.

Image Credits: GitHub

In its current iteration, the roadmap looks about a year ahead. “We’re not going to necessarily go throw things on here that we’re looking at five, six years ahead,” Niyogi said. “But as things start to kind of get into that horizon for us, we’ll have that. As happens with software development, you can always expect changes, so we want to be comfortable with that.”

Users can also sign up for notifications when anything on the roadmap changes.

The new roadmap is now live on GitHub.

 

 

#developer, #developers, #github, #microsoft, #roadmap, #security-tools, #software-development, #software-engineering, #version-control

Hasura launches managed cloud service for its open-source GraphQL API platform

Hasura is an open-source engine that can connect to PostgreSQL databases and microservices across hybrid- and multi-cloud environments and then automatically build a GraphQL API backend for them, making it easier for developers to then build their own data-driven applications on top of this unified API . For a while now, the San Francisco-based startup has offered a paid version (Hasura Pro) with enterprise-ready reliability and security tools, in addition to its free open-source version. Today, the company launched Hasura Cloud, which takes the existing Pro version, adds a number of cloud-specific features like dynamic caching, auto-scaling and consumption-based pricing, and brings those together in a fully managed service.

Image Credits: Hasura

At its core, Hasura’s service promises businesses the ability to bring together data from their various siloed databases and allow their developers to extract value from them through its GraphQL APIs. While GraphQL is still relatively new, the Facebook-incubated technology has quickly become extremely popular among many development teams.

Before founding the company and launching it in 2018, Hasura CEO and co-founder Tanmai Gopal worked for a consulting firm — and like with so many founders, that’s where he got the inspiration for the service.

“One of the key things that we noticed was that in the entire landscape, computing is becoming better, there are better frameworks, it is easier to deploy code, databases are becoming better and they kind of work everywhere,” he said. “But this kind of piece in the middle that is still a bottleneck and that there isn’t really a good solution for is this data access piece.” Almost by default, most companies host data in various SaaS services and databases — and now they were trying to figure out how to develop apps based on this for both internal and external consumers, noted Gopal. “This data distribution problem was this bottleneck where everybody would just spend massive amounts of time and money. And we invented a way of kind of automating that,” he explained.

The choice of GraphQL was also pretty straightforward, especially because GraphQL services are an easy way for developers to consume data (even though, as Gopal noted, it’s not always fun to build the GraphQL service itself). One thing that’s unusual and worth noting about the core Hasura engine itself is that it is written in Haskell, which is a rather unusual choice.

Image Credits: Hasura

The team tells me that Hasura is now nearing 50 million downloads for its free version and the company is seeing large and small users from across various industries relying on its products, which is probably no surprise, given that the company is trying to solve a pretty universal problem around data access and consumption.

Over the last few quarters, the team worked on launching its cloud service. “We’ve been thinking of the cloud in a very different way,” Gopal said. “It’s not your usual, take the open-source solution and host it, like a MongoDB Atlas or Confluent. What we’ve done is we’ve said, we’re going to re-engineer the open-source solution to be entirely multi-tenant and be completely pay-per pricing.”

Given this philosophy, it’s no surprise that Hasura’s pricing is purely based on how much data a user moves through the service. “It’s much closer to our value proposition,” Hasura co-founder and COO Rajoshi Ghosh said. “The value proposition is about data access. The big part of it is the fact that you’re getting this data from your databases. But the very interesting part is that this data can actually come from anywhere. This data could be in your third-party services, part of your data could be living in Stripe and it could be living in Salesforce, and it could be living in other services. […] We’re the data access infrastructure in that sense. And this pricing also — from a mental model perspective — makes it much clearer that that’s the value that we’re adding.”

Now, there are obviously plenty of other data-centric API services on the market, but Gopal argues that Hasura has an advantage because of its advanced caching for dynamic data, for example.

#api, #caching, #cloud, #cloud-computing, #cloud-infrastructure, #computing, #developer, #enterprise, #graphql, #hasura, #postgresql, #san-francisco, #security-tools, #software, #web-development

Orca Security raises $20M Series A for its multi-cloud security platform

Orca Security, an Israeli cloud security firm that focuses on giving enterprises better visibility into their multi-cloud deployments on AWS, Azure and GCP, today announced that it has raised a $20 million Series A round led by GGV Capital. YL Ventures and Silicon Valley CISO Investments also participated in this round. Together with its seed investment led by YL Ventures, this brings Orca’s total funding to $27 million.

One feature that makes Orca stand out is its ability to quickly provide workload-level visibility with the need for an agent or network scanner. Instead, Orca uses low-level APIs that allow it to gain visibility into what exactly is running in your cloud.

The founders of Orca all have a background as architects and CTOs at other companies, including the likes of Check Point Technologies, as well as the Israeli army’s Unit 8200. As Orca CPO and co-founder Gil Geron told me in a meeting in Tel Aviv earlier this year, the founders were looking for a big enough problem to solve and it quickly became clear that at the core of most security breaches were misconfigurations or the lack of security tools in the right places. “What we deduced is that in too many cases, we have the security tools that can protect us, but we don’t have them in the right place at the right time,” Geron, who previously led a security team at Check Point, said. “And this is because there is this friction between the business’ need to grow and the need to have it secure.”

Orca delivers its solution as a SaaS platform and on top of providing work level visibility into these public clouds, it also offers security tools that can scan for vulnerabilities, malware, misconfigurations, password issues, secret keys in personally identifiable information.

“In a software-driven world that is moving faster than ever before, it’s extremely difficult for security teams to properly discover and protect every cloud asset,” said GGV managing partner Glenn Solomon . “Orca Security’s novel approach provides unparalleled visibility into these assets and brings this power back to the CISO without slowing down engineering.”

Orca Security is barely a year and a half old, but it also counts companies like Flexport, Fiverr, Sisene and Qubole among its customers.

#cloud-computing, #co-founder, #computer-security, #enterprise, #fiverr, #flexport, #funding, #fundings-exits, #ggv, #glenn-solomon, #managing-partner, #orca-security, #qubole, #recent-funding, #security-tools, #startups, #tc, #tel-aviv, #yl-ventures