Contextual cloud security company Lightspin has emerged from stealth mode and announced a successful US$4 million funding round. Ibex Investors LLC led the funding round, which also included participation from private angel investors. Lightspin has already attracted a bunch of customers from the Fortune 500. It also has over 20 pilots of its technology running globally.
Vladi Sandler, CEO and Co-Founder at Lightspin, said: “An increasing reliance on cloud computing is inevitably leading to an expanding threat landscape. Having worked with CISOs and cloud owners from numerous global companies, we know that existing solutions do not address the full scope of security challenges for dynamic, modern cloud and Kubernetes environments.
“Based on our experience in attacking cloud infrastructure, we understand how attackers think, which is our superpower. We are proud to have secured this funding, at the height of the Covid-19 pandemic, and to launch out of stealth to further our work in helping organizations significantly reduce risk by identifying and prioritizing critical security gaps for remediation before they fall into the wrong hands.”
What does Lightspin do?
Lightspin was founded by a group of experienced pen-testers. That means they have spent their careers trying to break into software and find vulnerabilities. They are now focusing on the complexity of the cloud and containers. It is an area where there is a growing demand for better security as companies begin to realise the complexity of their cloud environments.
Part of that focus is also on containers. Securing containers is a tricky business. One idea is to push security into the container framework. This would make it easier for a developer to focus on code rather than security. However, to date, there are few tools out there to do this. Another problem with containers is the speed with which they are deployed and then taken down. It means that any detection of a security problem can come far too late to identify the container with a problem.
The contextual security approach that Lightspin espouses uses graph-based tools and algorithms to detect issues quickly. Whether that can be in real-time and identify problems before a container disappears, is unclear. However, the graph-based tools do offer a faster way of getting to the root cause than many security solutions for containers.
Improving the way security alerts are delivered
Importantly, those graph-based tools deal with another security issue around cloud – tracking assets. As companies move to a multi-cloud environment, they struggle to know where cloud assets are. It tracks assets, where they are, what they are doing and who is accessing them. Lightspin believes that this ability to map those clouds assets is key to any contextual view of cloud security.
Lightspin also claims that its platform delivers:
- Simple instruction for prioritizing and remediating top risks and mitigating threats in order of importance, whether a misconfiguration, public asset at risk, risky permissions or vulnerability
- Easy deployment of its SaaS platform – in just a few clicks. The user has access to a holistic approach that doesn’t only focus on compliance or real-time alerts once an attacker is already in the system.
What is equally as important as this is what any alerts contain. IT security teams are drowning under alerts. If all Lightspin does is increase that volume, then the value it offers will be questionable. Security teams are now asking for actionable intelligence from their security partners. Will contextual security make it easier to translate alerts into a set of actionable steps?
Enterprise Times: What does this mean
Even with limited cloud engagement, many companies are struggling to understand the breadth of their cloud surface. As 2020 continues pushing companies towards the cloud, the complexity and risks are growing. Add to that fast-moving technologies such as serverless, containers and microservices and knowing what assets a company has, where they are, and the risks associated with them is difficult.
What will be of interest is how quickly Lightspin can identify a problem and provide accurate alerts to security teams. Can it do this in real-time? If not, how close can it get?