Lightspin swipes $20M to enhance enterprise cloud security

The cloud security platform Lightspin declared that it raised $16 million in a Series A, led by Dell Technologies Capital, in the presence of Ibex Investors. In addition, co-founder and CEO Vladi Sandler declares that the company’s total funds raised to $20 million and will use it to increase Lightspin’s market reach and product proposals.

According to a 2020 survey from LogicMonitor, almost 83% of enterprise workloads have migrated to the cloud. However, the cloud remains susceptible to cyberattacks. Last year IBM found that the average time to identify an attack was 206 days. Further, Gartner predicts that 50% of organizations will unintentionally expose elements of their cloud applications and infrastructure to the internet in 2021, which was 25% in 2018.

Lightspin’s agentless security tools leverage framework to secure cloud and container environments, including the Kubernetes platform, during build and runtime. A container comprises an entire runtime environment, which needs the app and all of its dependencies, libraries, and other binaries and the configuration files to run it. Lightspin attempts to identify misconfigurations, malleable configurations, over-permissive policies, ordinary susceptibilities, and exposures using graph-based technologies. Further, it prioritizes critical issues, fixing some automatically.

Sandler established Tel Aviv, an Israel-based Lightspin, in 2020, and cloud security experts with experiences in infrastructure penetration testing. According to him, the COVID-19 pandemic fetched an eruption of online traffic, accelerating digital transformation and security threats. As a result, the demand for cloud security solutions increased.

A recent survey on global CEOs and chief information security officers (CISOs) conducted by cloud security company Forcepoint reveals that 74% of participants would reallocate funds to cybersecurity. In addition, the WSJ Intelligence report found that the pandemic has accelerated many of their plans, while analysts forecasted that enterprises would eventually adopt a range of cybersecurity solutions by 2025.

Graph-based approach

Lightspin’s platform engages graphs (mathematical objects that comprises nodes and edges) to analyze the complex relationships between security risks. For example, a node may represent a malicious intruder, while the edges represent the assets they target (e.g., a container).

According to Ciscos M’ichael Howe, “Graphs are a very spontaneous concept of how relationships exist. We can describe things for everyone’s familiarity. Besides, we don’t have to appeal to more detailed descriptions. For example, in the information security world, we have network-level data such as DNS records, IP addresses, domains, and WHOIS information. As we begin to populate that data into a graph model, we can see the gaps, and everyone can speak very clearly about what they understand.”

Lightspin enhances this graph information with external intelligence, analyzing the ways the intruders exploit misconfigurations and cross-verifying this with information from third-party threat intelligence providers. In addition, predictive analysis algorithms identify risky paths and potential attack vectors and highlight critical items based on the attack path context.

Sandler said, “As previous consultants and buyers, we recognize buyers’ primary needs by applying a profound understanding of attack strategies, resulting in an exclusive contextual approach to cloud security. Lightspin’s contextual algorithms constantly identify and regulate the risk of breaches to the cloud environments.”

Apart from this, Lightspin offers visualizations that let customers see cloud assets and relationships like attackers do. It’s developed to integrate with DevOps services like Jira, Slack, and ServiceNow via an API, Terraform, CircleCI, Jenkins, GitLab, and Bitbucket.

As per Alon Weinberg, director at Dell Technologies Capital, there is a “strong consensus”within the CISO network that technologies similar to those at Lightspin can help to detect the risks of potential attacks in cloud environments. In a press release, he said, “By providing clear background and actionable remedy options, Lightspin is bridging the gap between DevOps and security teams in the build stage and production.”

Lightspin’s latest capital flow comes after Ibex led a $4 million seed round to the company. This year, Lightspin plans to triple the workforce of around 20 people all over the U.S. and Israel to shift into new workplaces.