Push Security nabs $15M to secure companies’ cloud applications

Push Security nabs $15M to secure companies’ cloud applications

Posted on

Push Security Ltd., a startup helping companies secure their software-as-a-service applications, has raised a $15 million funding round to support its growth.

The Series A round was announced today. According to Push Security, Alphabet Inc.’s GV venture capital arm led the investment. GV was joined by Decibel and multiple angel investors including the co-founders of Duo Security Inc., a cybersecurity startup that Cisco Systems Inc. bought for $2.35 billion in 2018.

The typical enterprise uses upwards of dozens of SaaS applications to support its business operations. Employees often store sensitive business data in those applications, which makes them a target for hackers. Push Security is working to reduce the risks posed by the SaaS products that a company’s employees use. 

The London-based startup offers a platform that automatically detects when workers sign up for a new cloud application. According to Push Security, its platform creates an inventory of employees’ SaaS accounts and scans them for insecure settings. If it finds an issue, the startup’s platform asks affected employees to change the vulnerable account setting.

“The most sensible way we’ve found to scale SaaS security in an employee-adopted apps world is to put users at the center of helping to improve security,” explained Push Security Chief Executive Officer Adam Bateman (pictured, left, with co-founders Tyrone Erasmus and Jacques Louw). “We prompt users at the right time to encourage them to take an action that will benefit an organization’s security, like updating their software or securing their user account.”

Push Security’s algorithms spot when employees sign up for an SaaS application using a weak password. The software also detects cases where an employee reuses the same login credentials across multiple services. Recycled passwords are a cybersecurity risk because, in the event of a breach, they can be used by hackers to compromise several applications at once. 

Workers often sign up for SaaS applications using their corporate Google Workspace or Microsoft 365 accounts. In such situations, there is no risk of weak or reused passwords. However, other cybersecurity issues can emerge.

Some SaaS applications only work if they’re granted permission to access the data in a user’s Google Workspace or Microsoft 365 account. As a result, there’s a risk that workers may make sensitive business records accessible to a potentially risky cloud service. Push Security’s platform can automatically detect risky account access permissions given to SaaS applications, as well inactive permissions that should be deleted because they’re not used.

Another set of features in the startup’s platform focuses on detecting compromised email accounts. According to Spot Security, it spots breaches by searching for malicious mail rules. A mail rule is a type of inbox setting that can be misused by hackers, for example by forwarding password reset emails to an external address.

Push Security made its platform available last July. Since then, the startup has amassed a user base that reportedly includes about 50,000 workers across “hundreds” of teams. Along the way, the startup also added connectors for more than 480 SaaS applications to its platform.

Photo: Push Security

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *