Oasis Security has raised $35 million in a Series A funding round led by Sequoia Capital, Accel, Cyberstarts and Maple Capital. Individuals who also participated include Guy Podjarny, founder of Snyk and Michael Fey, Co-Founder and CEO of Island.
Danny Brickman, Co-founder and CEO of Oasis Security, said, “Shifts in infrastructure and workloads have completely changed the identity stack. Non-human identities have grown exponentially and become the weak link in enterprise cybersecurity.
“The compromise of a single service account or token could allow a malicious actor to delete an entire cloud environment. Traditional human identity and secrets management tools can’t handle the scale and complexity of non-human identities, leaving most organizations flying blind and severely exposed. Oasis delivers a comprehensive yet easy-to-use solution that allows growth and security to go hand-in-hand.”
What is the non-human identity problem?
When it comes to conversations about identity and credentials, all too often, the focus is on humans. The reality is that for at least the last two decades, machines, security certificates and software have had identity accounts for logging in to systems in order to have the rights to function.
With the explosion of IoT over the last decade, we have reached the point where humans are a tiny number of the identities IT has to manage. It is not just the number of identities that is the problem. Many devices use default identities that are not managed. Others are purely unmanaged devices. It creates a significant risk surface that is open to attack and abuse.
What Oasis has created is its own platform that looks for all non-human identities on the network. It does discovery, resolution of issues and automates the process. It sounds good, but it does raise some questions.
- Is the discovery a passive process? If not, what agents are being used and what accesses and rights do they need? How is this an improvement on other auditing solutions?
- How is the resolution working? Discovering 100 devices takes time to understand before remediation is put in place. How is that handled? What templates are used?
- Automating the management of the non-human identity lifecycle should be easier than humans. Most are predictable. They stay in one location and can be managed from there. But what about mobile devices? How does this integrate into mobile device management solutions?
What is the money for?
Oasis has released little details on how the money will be used. When Enterprise Times asked, the company said, “The money will be invested in recruiting for both engineering and sales positions, across Israel, the United States, and Europe.”
Enterprise Times: What does this mean?
Most identity solutions, such as Privileged Access Management (PAM) and Identity Access Management (IAM), are focused on people. It ignores the vast amount of other accounts that exist on the network. Many of those accounts have high-level privileges making them key targets for compromise.
The Oasis platform seems to offer much, and its value seems to be in a single platform that brings several things together. It will be interesting to see how it develops over time and what its target market is.