Cloud security startup Avid Secure didn’t do the usual emergence from stealth mode with a splashy launch.
“We didn’t go that route because we already had large paying customers,” said co-founder and CEO Nikhil Gupta, who previously held leadership roles at ForeScout, VMware, and Cisco.
The company’s customers include Shutterfly, IDT Corporation, Belong.co, and Aspiring Minds. Co-founder and CTO Ganesh Krishnan is a former engineering lead and chief information security officer at Atlassian, LinkedIn, and Yahoo. Earlier this week he was accepted into Forbes Technology Council, an invitation-only group of CIOs, CTOs, and technology executives.
The company also won an endorsement from Golan Ben-Oni, global chief information officer at IDT who fended off ransomware attacks similar to WannaCry in April 2017. Hackers used cyberweapons stolen from the National Security Agency and locked the telecom company’s systems, demanded a ransom, and stole employee credentials. Several other security products IDT used at the time didn’t detect the attack.
“Apart from being highly competent AI security professionals, the Avid Secure team’s understanding of enterprise cloud security needs is unparalleled,” Ben-Oni says in a quote on the Avid Secure website. “I feel secure and can better sleep at night following our Avid Secure deployment.”
It also scored a “big win” against Palo Alto Networks and its Evident.io technology, Gupta said. Palo Alto Networks acquired the cloud infrastructure security startup for $300 million earlier this year. “It’s a very large, six-figure deal,” Gupta added.
Avid Secure launched in August 2017 and made its software-as-a-service (SaaS) product generally available in March. It uses artificial intelligence (AI) and automation to detect and respond to security threats. It also automates governance, risk, and cloud compliance across Amazon Web Services (AWS) and Microsoft Azure, with Google Cloud Platform (GCP) support coming soon. “We are feverishly working on Google support,” Gupta said.
But the company’s early success isn’t about its technology, according to its chief technology officer.
“Our approach isn’t about technology per se, like hey, let’s build a cool technology,” Krishnan said. “It’s about what problems do security teams face, and how do we use technology to help them solve those problems. Any time you build a tool, it’s not just about technology, it’s about how people work with your tool and how it makes their life easier. If if doesn’t make their life easier, they don’t use it no matter how good your technology is.”
Cloud Security Problems
Enterprises face three major cloud security problems, Krishnan said. The first is lack of visibility across multi-cloud environments. “If you ask how many cloud instances do you have? The answer isn’t there,” he said. “Because they lack the basic visibility. You can’t fix what you can’t see.”
Compliance is problem No. 2. As workloads move to the cloud, companies must identify and comply with new processes and regulations. Plus, code is changing constantly because of the rapid pace of DevOps, which means cloud environments can become noncompliant in no time at all.
“What’s needed here is continuous, ongoing monitoring and compliance so those issues are detected and — better yet — prevented,” Krishnan said. “And problem three: the security unemployment rate is zero percent.”
There aren’t enough security professionals to staff security operations centers. And there’s not enough automation and people to analyze threats and respond to attacks, which are growing larger and smarter all the time.
AI and Automation
Avid Secure solves these problems with “intelligence security monitoring,” he said. This means the product not only does continuous monitoring, but it also makes the alerts contextual. “The attacks are getting intelligent, so the monitoring has to get more intelligent, not just in terms of process and saving time but doing things like anomaly detection, and using machine learning to enhance the alerts,” Krishnan said.
It also uses network topology visualization. “Within five minutes of deploying we give you a visual topology of all of the assets in your cloud environment,” he said. Companies can use this for compliance reports, migrations, and to visualize threats.
The product includes out-of-the- box templates, automation, and custom policies to help reduce time and costs associated with compliance and governance.
And it uses this idea of DevSecOps — bringing security and DevOps teams together — with automated drift detection, policy-based guardrails, agentless host governance, and streamlined vulnerability remediation. Additionally, it integrates with security tools from AWS, SentinelOne, and Splunk.
The company started with a “smart seed” round, but won’t say how much funding it’s collected. Gupta says it is generating revenue. He added, “We are customer obsessed and 100 percent focused on fueling customer growth.”