Valence, a Tel Aviv-based security startup that aims to help businesses better protect what Valence calls the “business application mesh,” today announced that it has raised a $7 million seed round, led by YL Ventures. Stonemill Ventures, the St. Louis Cyber Interest Group (STLCIG) and a number of angel investors, including a group of prominent CISOs, also participated in this round.
Founded by CEO Yoni Shohet (who also previously co-founded SCADAfence) and CTO Shlomi Matichin, Valence helps businesses better understand the connections between the many enterprise SaaS and self-hosted applications they now use. Often, after all, a company may use APIs, automation tools like Workato or Zapier or SaaS marketplaces to get more value from their various tools. But at the same time, this network, which Valence dubs the “business application mesh,” often grows without a lot of governance, leaving the door open for a variety of security issues from the shadow connectivity, over-provisioned privileges and unmanaged third-party access that is the inevitable result of connecting all of these disparate systems.
“When we started to talk to practitioners and talk to security customers and CISOs about this problem space, we realized that there’s this unhandled world of integrations between applications that is basically unmanaged and ungoverned by any type of security solution today,” Shohet told me.
What the team realized is that a lot of security tools today focus on how humans access corporate applications. Shohet argues that these tools don’t cover machine-to-machine connections very well, especially given the rise of automation and cloud migrations we’re seeing in the enterprise world right now. The connections between these applications are often set-and-forget — and depending on the company, there may not even be a formal vetting process either. Among other things, this leaves a company open to an unvetted third party having privileged access into the ecosystem of their corporate applications and data.
As Shohet noted, a lot of these networks are pretty centralized. By being able to scan the connections to a relatively small number of core systems, Valence can quickly detect potential issues like unvetted vendors and help its users disconnect these — or automate the process if needed. Some customers, he noted, are able to reduce their risk surface by dozens and sometimes even hundreds of applications within a few days of getting started with Valence.
“What’s really hard right now in security is to define a very unique approach to solve something in a holistic way,” YL Ventures partner John Brennan said.” And so, while we as investors had in our minds these fragments of different problems, the risk you’re running security right now — especially with so many smart people starting a lot of interesting companies — is solving maybe a small problem in an interesting way. And what Yoni and Shlomi together did when they came to us is essentially evangelize and define and articulate a massive platform that could solve a lot of these problems with a very different approach. […] I think it’s fair to say, when I look across our whole portfolio, the early velocity of this company is truly remarkable and I think it is a testament to the two people running it.”