Enso:获融$6M 应用安全管理
【201028 TechCrunch】Enso Security, a Tel Aviv-based startup that is building a new application security posture management platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder and CTO Alex Rice; Sounil Yu, the former chief security scientist at Bank of America; Omkhar Arasaratnam, the former head of Data Protection Technology at JPMorgan Chase and toDay Ventures.
【谷歌翻译 未经校对】Enso Security是一家位于特拉维夫的初创企业,正在构建新的应用程序安全状态管理平台,该公司今天宣布已筹集600万美元的种子资金,由YL Ventures领投,Jump Capital参与了此轮融资。本轮天使投资人包括HackerOne联合创始人和CTO Alex Rice;美国银行前首席首席安全师Sounil Yu;摩根大通(JPMorgan Chase)和toDay Ventures的数据保护技术前负责人Omkhar Arasaratnam。
The company was founded by Roy Erlich (CEO), Chen Gour Arie (CPO) and Barak Tawily (CTO). As is so often the case with Israeli security startups, the founding team includes former members of the Israeli Intelligence Corps, but also a lot of hands-on commercial experience. Erlich, for example, was previously the head of application security at Wix, while Gour Arie worked as an application security consultant for numerous companies across Europe and Tawily has a background in pentesting and led a security team at Wix, too.
该公司由Roy Erlich(首席执行官),Chen Gour Arie(CPO)和Barak Tawily(CTO)创立。与以色列安全初创公司一样,创始团队不仅包括以色列情报机构的前成员,还包括许多动手的商业经验。例如,Erlich之前是Wix的应用程序安全负责人,而Gour Arie曾在欧洲众多公司担任应用程序安全顾问,而Tawily拥有渗透测试的背景,并领导了Wix的安全团队。
“It’s no secret that, today, the diversity of R&D allows [companies] to rapidly introduce new applications and push changes to existing ones,” Erlich explained. “But this great complexity for application security teams results in significant AppSec management challenges. These challenges include the difficulty of tracking applications across environments, measuring risks, prioritizing tasks and enforcing uniform Application Security strategies across all applications.”
“今天,研发的多样性使[公司]能够迅速引入新的应用程序并推动对现有应用程序的更改,这已不是秘密,” Erlich解释说。“但是,对于应用程序安全团队来说,如此巨大的复杂性带来了巨大的AppSec管理挑战。这些挑战包括难以跨环境跟踪应用程序,衡量风险,确定任务的优先级以及在所有应用程序中实施统一的应用程序安全策略。”
But as companies push out code faster than ever, the application security teams aren’t able to keep up — and may not even know about every application being developed internally. The team argues that application security today is often a manual effort to identify owners and measure risk, for example — and the resources for application security teams are often limited, especially when compared the size of the overall development team in most companies. Indeed, the Enso team argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security.
但是,随着公司以前所未有的速度推出代码,应用程序安全团队将无法跟上进度,甚至可能不知道内部正在开发的每个应用程序。该团队认为,例如,当今的应用程序安全性通常是手动确定所有者和衡量风险的工作,并且应用程序安全性团队的资源通常是有限的,特别是与大多数公司的整体开发团队相比。实际上,Enso团队认为,当今大多数AppSec团队都将大部分时间都花在与开发人员建立关系以及执行与产品相关的操作和任务上,而不是在应用程序安全性上。
“It’s a losing fight from the application security side because you have no chance to cover everything,” Erlich noted. “Having said that, […] it’s all about managing the risk. You need to make sure that you take data-driven decisions and that you have all the data that you need in one place.”
Erlich指出:“从应用程序安全方面来说,这是一场失败的斗争,因为您没有机会涵盖所有内容。” “话虽如此,[…]全部与风险管理有关。您需要确保做出由数据驱动的决策,并且将所有需要的数据都放在一个地方。”
Enso Security then wants to give these teams a platform that gives them a single pane of glass to discover applications, identify owners, detect changes and capture their security posture. From there, teams can then prioritize and track their tasks and get real-time feedback on what is happening across their tools. The company’s tools currently pull in data from a wide variety of tools, including the likes of JIRA, Jenkins, GitLab, GitHub, Splunk, ServiceNow and the Envoy edge and service proxy. But as the team argues, even getting data from just a few sources already provides benefits for Enso’s users.
然后,Enso Security希望为这些团队提供一个平台,使他们可以通过一个平台来发现应用程序,识别所有者,检测更改并掌握其安全状况。然后,团队可以确定优先级并跟踪其任务,并获得有关其工具中正在发生的事情的实时反馈。该公司的工具目前可从多种工具中提取数据,包括JIRA,Jenkins,GitLab,GitHub,Splunk,ServiceNow和Envoy边缘和服务代理。但是,正如团队所争论的那样,即使仅从少数几个来源获取数据也已经为Enso的用户带来了好处。
Looking ahead, the team plans to continue improving its product and staff up from its small group of seven employees to about 20 in the next year.
展望未来,该团队计划继续改进其产品和员工,将其只有7名员工的小组在明年提高到20名左右。
“Roy, Chen and Barak have come up with a very elegant solution to a notoriously complex problem space,” said Ofer Schreiber, partner at YL Ventures . “Because they cut straight to visibility — the true heart of this issue — cybersecurity professionals can finally see and manage all of the applications in their environments. This will have an extraordinary impact on the rate of application rollout and enterprise productivity.”
YL Ventures合伙人Ofer Schreiber说:“ Roy,Chen和Barak提出了一个非常优雅的解决方案,以解决臭名昭著的复杂问题空间。” “由于他们直接关注可见性-这是此问题的真正核心-网络安全专业人员最终可以查看和管理其环境中的所有应用程序。这将对应用程序的部署速度和企业生产力产生巨大影响。”
我们为网安创企与资本市场搭建桥梁
【客服微信:junshao】
—— 全球网安投融事件 TimeLine ——
2020年10月
2020年9月
【整体并购】Signal Sciences:被Fastly$775M并购 布局应用安全
2020年8月
2020年7月
2020年6月
【威胁防护】infiniDome:获融$1.6M GPS威胁防护
【威胁防护】Lastline:VMware收购 布局威胁防护
2020年5月
2020年4月
2020年3月
2020年2月
2019年12月
2019年11月
2019年10月
【业务安全】Duality:获融$16M 隐私与数字IP保护
【整体并购】Carbon Black:被VMware收购 强化网安能力