Grip Security: Ushering in a New Era of SaaS Security
Sapir Harosh September 6, 2023
The modern Digital Enterprise has over 30,000 SaaS (Software-as-a-Service) applications available, and this number is growing rapidly. On average, an Enterprise consumes over 300 of these applications at any one time, with 30% of these changing annually, and only 10% of SaaS apps are enabled with necessary SSO (Single Sign On) identification tools. Enterprise SaaS application sprawl and user arrivals and departures create a serious and growing security and compliance problem within the Enterprise. Discovery, Risk Mitigation, and Orchestrating application users based on Policies poses a significant technical challenge and is an area of great current focus in Enterprise organizations. Third Point Ventures looks for companies with early proven product/market fit in Enterprise related technologies (with focus on Cybersecurity, AI Powered Software, and Data Infrastructure). We are particularly attracted to companies attacking new, growing segments possessing sustainable technical advantage and demonstrating rapid growth.
Our customer diligence (including both Grip’s existing customers and potential new customers we brought in to evaluate the product) made it clear why Grip’s products have achieved such rapid acceptance and growth with several Fortune 500 companies. Grip Security is tackling the problem of SaaS chaos with an advanced Identity Based SaaS Security Control Plane. This blog describes Third Point Ventures understandings related to this area and our excitement at the opportunity to lead Grip Security’s recent Series B financing.
The SaaS Security Conundrum
The proliferation of SaaS applications has revolutionized how businesses operate, enabling seamless collaboration, scalability, and accessibility across organizations. According to Gartner, SaaS remains the largest segment of the cloud market in terms of end-user spending. In fact, it is projected that SaaS spending will experience a significant CAGR of 17.9% and will reach a total expenditure of $197 billion by the year 2023. This transformation has, however, come at a cost—SaaS platforms have become prime targets for cybercriminals seeking to exploit vulnerabilities and gain unauthorized access to sensitive data. Additionally, employees can use any SaaS application without involving IT/Security (unsanctioned “Shadow IT”). Traditional security measures are struggling to keep pace with the evolving tactics of these attackers, necessitating a fresh approach that aligns with the dynamic nature of SaaS environments.
Data Breaches Are Getting Worse, And Are Very Costly
IBM's Cost of a Data Breach 2022 report unveils that the global average cost of a data breach is $4.35 million, a number that more than doubles to $9.44 million for North America. Stolen or compromised credentials are the most common initial attack vector, accounting for 19% of data breaches. Hackers may steal or compromise credentials by using brute force attacks, buying stolen credentials off the dark web, or tricking employees into revealing credentials through social engineering attacks. SaaS Application credential related vulnerabilities are getting worse, not better. Identity is the place that credentials can be managed, monitored, and controlled.
SaaS Applications Are Not Internally Protected
Hackers can take advantage of employees' mistakes to gain access to confidential information. For example, according to IBM, cloud misconfigurations served as the initial attack vector in 15% of breaches. SaaS applications can be configured without MFA (Multi-Factor Authentication), for example. Better Shadow SaaS discovery and comprehensive access controls have been a rapidly growing trend for regulators as well, prominently with NYDFS pushing the industry to enforce MFA across all SaaS apps. Grip Security's Innovative Approach: The Identity Enabled SaaS Security Control Plane
Grip Security captured our attention due to the rapid enterprise traction of their innovative approach of leveraging identity as the primary control point. This product delivers the industry’s most effective solution to discover, prioritize, secure, and orchestrate the mitigation and remediation of these risks. In Grip’s innovative arsenal:
Contextual Behavioral Analysis: Instead of relying solely on rule-based systems as many previous SaaS security vendors have done, Grip Security harnesses the power of artificial intelligence and machine learning (AI/ML) to dynamically understand and analyze user behaviors within SaaS applications. This enables the system to identify deviations from normal usage patterns, swiftly detecting behavioral anomalies that could signify a security risk.
Real-time Dynamic Detection: Traditional security tools often rely on static rules, leaving them susceptible to emerging threats. Grip Security, on the other hand, utilizes real-time, dynamic detection powered by artificial intelligence and natural language processing. This dynamic approach allows it to recognize novel data points and adapt to any environment.
Streamlined Incident Response: Rapid response is pivotal in minimizing the impact of security incidents and access control gaps. Grip Security's automatic remediation capabilities help organizations take swift action, controlling access across all enterprise identities and mitigating potential damage with minimal human intervention.
Shadow SaaS Discovery: Grip Security extends its reach beyond the conventional to provide visibility into shadow SaaS applications and rogue cloud accounts – those applications that operate outside the purview of IT and security teams. This visibility is crucial in identifying potential security blind spots and vulnerabilities.
The Importance of Securing SaaS Applications:
Our investment in Grip Security is an expression of Third Point Ventures long standing focus on Enterprise Cybersecurity and on finding the companies addressing new, growing, unmet needs and solving them with approaches that offer sustainable technical advantage.
Data Protection: SaaS applications often store sensitive data, including customer information, financial records, and intellectual property. Failing to secure these applications can result in devastating data breaches, leading to financial loss, reputational damage, and legal consequences.
Compliance Requirements: Many industries have specific regulations and compliance standards that organizations must adhere to. By implementing robust security measures, organizations can ensure compliance with these requirements and avoid penalties or legal issues.
Business Continuity: In the event of a security breach or data loss, organizations can suffer significant downtime, operational disruptions, and loss of productivity. Securing SaaS applications minimizes the risk of such incidents and helps maintain business continuity.
Business Agility: Implementing a SaaS Security program that can propagate security and access controls to all SaaS applications automatically, can allow the business to adopt SaaS applications quickly and securely. In a highly competitive market, with “Innovate or Die” as a strong mantra, this becomes a requirement.
Customer Trust: Customer trust is crucial for business success. Demonstrating a commitment to data security by investing in Grip Security enhances customer confidence, strengthens brand reputation, and fosters long-term relationships.
Our extensive customer diligence (including both Grip’s existing customers and potential new customers we brought in to evaluate the product) made it clear why Grip has achieved such rapid acceptance and growth with several Fortune500 companies. We are thrilled to be partnered with the excellent team at Grip Security and appreciative of the opportunity to lead their $41M Series B fundraise alongside existing investors YL Ventures, Intel Capital, and TSG. Our relationships with Grip's Founders, Lior Yaari, Idan Fast, and Alon Shenkler extends back to their days within the 8200 community and it’s a great pleasure to be able to work with them to help take Grip to the next level.
Grip is headquartered in Tel Aviv and is our 7th investment in Israel. Grip already has people based in the US and is securing relationships with US and Global Enterprise customers. Israel has been and remains the location of many of the most innovative Enterprise Technology companies and, in particular, Israel is a focal point for Cybersecurity innovation. Our focus on the Enterprise Cybersecurity as one of our three pillars (Cyber, AI Powered Software, and Data Infrastructure) requires that Third Point Ventures continue to look for and invest in the most innovative young companies in Israel. We’re excited to see where Grip Security will go from here and look forward to meeting similarly dynamic companies in the ecosystem.