Lightspin nabs $20M to boost enterprise cloud security

Elevate your enterprise data technology and strategy at Transform 2021.


Cloud security platform Lightspin today announced that it raised $16 million in a series A round led by Dell Technologies Capital, with participation from Ibex Investors. Cofounder and CEO Vladi Sandler says that the funds, which bring the company’s total raised to $20 million, will be used to expand Lightspin’s market reach and product offering.

Roughly 83% of enterprise workloads have moved to the cloud, according to a 2020 survey from LogicMonitor. But the cloud remains vulnerable to cyberattacks. IBM found last year that the average time to identify a breach was 206 days. And Gartner predicts that 50% of companies will unintentionally expose components of their cloud applications and infrastructure to the internet in 2021, up from 25% in 2018.

Lightspin’s agentless security tools leverage context to protect cloud and container environments, including Kubernetes infrastructure, during build and runtime. A container consists of an entire runtime environment, which is to say an app and all of its dependencies, libraries, and other binaries as well as the configuration files needed to run it. Using graph-based technology, Lightspin attempts to detect misconfigurations, weak configurations, over-permissive policies, common vulnerabilities and exposures, and more to prioritize critical issues, fixing some automatically.

Sandler founded Tel Aviv, Israel-based Lightspin in 2020 alongside cloud security experts with backgrounds in infrastructure penetration testing. According to him, the COVID-19 pandemic brought a burst of online traffic accelerating digital transformation — and the security threats that come along with it. The demand for cloud security solutions increased as a result.

In a recent survey of global CEOs and chief information security officers (CISOs), 74% of respondents said they’d reallocated funds to cybersecurity, according to cloud security company Forcepoint. While analysts previously predicted that enterprises would eventually embrace a range of cybersecurity solutions by 2025, the WSJ Intelligence report found that the pandemic has accelerated many of their plans.

“Lightspin has gained momentum with significant customers ranging from startups to Fortune 500 corporations. Key customers include Imperva, Gett, and Rapyd,” Sandler told VentureBeat via email. “[Our main] competitors are Palo Alto Networks, Checkpoint, and startups such as Wiz and Orca Security. But Lightspin uniquely enables security teams to maximize their productivity by significantly reducing the number of security alerts to only the critical ones and provides DevOps teams with quick and simple remediation in a form of infrastructure-as-code.”

Graph-based approach

Lightspin’s platform employs graphs — mathematical objects consisting of nodes and edges — to capture the complex relationships between security risks. For example, a node might represent a malicious attacker, while the edges represent the assets that they’re attacking (e.g., a container).

As Cisco’s Michael Howe explains: “Graphs are a very intuitive notion of how relationships exist … [With them,] we can describe things in terms that everyone is familiar with [and] we don’t have to appeal to more complicated descriptions … For example, in the information security world, we have network-level data such as IP addresses, domains, DNS records, [and] WHOIS information, and as we begin to populate that data into a graph model, we start to see the holes and everyone can communicate very clearly about what they see.”

Lightspin enriches this graph information with external intelligence, analyzing how attackers exploit misconfigurations and cross-referencing this with information from third-party threat intelligence providers. Predictive path analysis algorithms discover risky paths and potential attack vectors and spotlight critical items based on the attack path context.

“As previous consultants and buyers, [we] recognize buyers’ primary needs by applying [our] deep understanding of attack strategies, resulting in a unique contextual approach to cloud security,” Sandler said. “Lightspin’s contextual algorithms consistently detect and determine the risk of threats to cloud environments.”

Beyond this, Lightspin offers visualizations that let customers view cloud assets and relationships ostensibly like attackers do. It’s designed to integrate with DevOps services like Jira, Slack, and ServiceNow via an API in addition to Jenkins, Terraform, CircleCI, GitLab, and Bitbucket.

Alon Weinberg, director at Dell Technologies Capital, said there’s a “strong consensus” within the CISO network that technologies like those at Lightspin can help to expose the risks of potential attacks in cloud environments. “By providing clear context and actionable remediation options, Lightspin is bridging the gap between DevOps and security teams both in the build stage and in production,” he said in a press release.

Lightspin’s latest capital infusion comes after Ibex led a $4 million seed round in the company. This year, Lightspin plans to triple its workforce of around 20 people across the U.S. and Israel and move into new offices.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Leave a Comment