A Thanksgiving turkey must be carefully prepared and cooked in just the right way, lest it come out too dry or undercooked. Similarly, your cloud assets should also be configured properly if they’re going to be secure.
Lightspin, a new Israeli-based cybersecurity startup, has emerged from stealth this week to tackle the latter problem, securing $4 million in initial seed funding from Ibex Investors and other private angel investors. The company uses graph-based tools and algorithms to analyze the security posture of an organization’s cloud stack, identifying misconfigurations or problematic permission policies in order plot out the most likely avenues of attack.
In a statement, Ibex Investors Vice President Nicole Priel said investors saw promise in Lightspin’s effort to tackle security problems “that are often missed or not managed by cloud providers and other solutions.”
“We see great added value in Lightspin’s approach to addressing these critical, yet often overlooked aspects of cloud security, particularly as the future of innovation becomes increasingly dependent on cloud capabilities, and threat actors simultaneously become more sophisticated,” said Priel.
Vladi Sandler, CEO and co-founder of the company, said he is a big believer in the idea that the most important problems a person can solve are the ones they’ve suffered from personal experience, and poor visibility across cloud security policies was one of them.
But it’s not just Sandler who has noticed the problem. As cloud services have grown more popular and complex over the years, so too has the process for managing and securing them. A survey of 300 IT, cloud and security professionals conducted by Fugue in April found that misconfiguration was the number-one cause of cloud-based data breaches, with 76 percent of respondents saying the risk will increase or stay the same over the next year.
“Every time we would come to bigger organizations to do some assessment and….we showed them account takeovers or platform takeovers were [possible] just because of misconfiguration or risky permissions,” said Sandler. “So, we just understood the big problems that nobody ever solved.”
The COVID-19 pandemic only accelerated the need for cloud services among businesses, many of whom had little previous experience with setting up or securing them. Lightspin’s platform is designed to think like an attacker and offers “contextual cloud security protection.” The company claims it can map an organization’s cloud assets and detect critical threats within minutes, giving IT security teams a real-time road map for closing off security vulnerabilities, fixing overly lax permission policies and tightening leaky, misconfigured buckets in their cloud enterprise.
Sandler said the company will use the new seed money to continue developing Lightspin’s platform and underlying tech. Right now, its sales team is focusing on expanding the customer base in the U.S. East Coast and Central and Western Europe, but it is also looking to further staff up from their current headcount of just 12 employees.
“We’re running really fast both from the business side – the marketing side – and development,” said Sandler.