SGNL hangs $ 30 million for a new version of identification security based on zero privileges

SGNL hangs $ 30 million for a new version of identification security based on zero privileges

Security experts often describe identity as the “new perimeter” in the world of security: in the world of cloud services where network assets and applications can go from afar, the largest vulnerabilities are often disclosed and usurped connection identification.

A startup called Sgnl has built a new approach which, according to her, is better to secure the way identities are used to access and more applications – it is based on the emerging concept of zero implementation, where user access is conditional rather than “standing” – and today it announces today 30 million dollars on the back of strong growth.

Funding, a series A, is led by Brightmind Partners, a new VC focusing on cybersecurity (he has not yet announced his first fund: this should come later this year). Among strategic investors, Microsoft (via M12) and Cisco Investments strategic investors, as well as Costanoa, which led SGNL’s seeds in 2022.

SGNL has now raised $ 42 million, and although the evaluation is not disclosed, the company is definitively growing. He claims to have “multiple” main business customers, one of which has “the main media, entertainment and technological operations” and uses SGNL to rationalize access management in its cloud environments.

The startup does not reveal its list of customers but notes that examples of the types of violations that have resulted from holes in identity posture – the type that would be better blocked using technology like SGNL – include violations to MGM ($ 100 million),, T-Mobile ($ 350 million),, At & t,, MicrosoftAnd Caesars.

SGNL is an original idea of ​​Scott Kriz (CEO) and Erik Gustavson (CPO), which had previously co -founded another identity management company called Bitium. Google acquired this startup in 2017 And there, said Kris, he and his team were loaded not only for directory services for products like Google Workspace and Google Cloud Platform, but also the creation and management of access to identification for the Company itself, in particular how Google employees were able to access the data.

This is where Kriz and Gustavson saw a gap in the way identification services were managed through the tools of access to company identifiers at the time, including theirs.

“Essentially, we realized that there was a missing solution in identity security which was not only unique in Google, but in industry,” he said. “There was this desire for companies to go to a place where there was no standing access.”

In a word, said Kriz, access to identification requires a level of context: you need passwords, but also access to privileges for each application. “But even in [services] Where it was done – Okta was one, Microsoft was another – they were very good at opening doors. What they were not very good was to close this door. »»

In other words, once a circumstance has changed – the job status being the most obvious, but others as if special work was finished – access was not closed. This, in turn, created potential vulnerabilities for malicious actors to exploit.

Kriz has said that some factors have prevented security companies from being able to close this access so far. The first was a lack of agreement between the sellers for a standard. The breakthrough for this came from another ex-googler called ATUL TLLSHIBAGWALE, who was the inventor of Caep (The continuous access evaluation protocol), which underlies the SGNL platform. CAEP was adopted by the Openid Foundation, and Toulshibagwale is now the CTO of SGNL.

“It is not owner for us, but we are the ones you know, and now he has the adoption in Microsoft, Apple, Cisco, in the biggest companies,” Kriz said.

The second development, unique in SGNL, ​​is the way he built what Kriz describes as “the rich context” he uses to create his access management. This allows, essentially, companies set up several access policies, plus a certain number of conditions which must also be met, so that someone can access a particular application or other data.

SGNL has created not only the structure of how access can be authorized (or closed), but also what it describes as “data fabric”, an identity graph that allows the system to operate without depending up -to -date individual data sources. Kriz noted that one of its customers had 400,000 employees and 30,000 roles within AWS, and that helped him reduce this to six policies (plus several conditions related to them). (As for AI in his name, he uses AI to build and manage this data fabric.)

There are several large companies that do more around zero implementation privileges, including Cyberart and Sailpoint, alongside a certain number of startups; But that does not dissuade investors.

“I love the fact that they founded and left a business, and they spent a decent time at Google. These things are very important. They understand how large companies work, “said Stephen Ward, one of the founders of Brightmind (and himself a former Homedepot CISO and former government security specialist). “It is not a popular company to say, but, with such a large idea, you can create a large ditch just by building the platform.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Bench invoices to people for the services they have already paid, some customers say
WhatsApp could soon allow users to directly pay invoices; Operation tested in this country
Trump wants a tiktok agreement, but China could always let it die
Ice will handle Google search results for “mass deportations”