Oasis Security reels in $35M more to secure nonhuman identities – Business
Cybersecurity startup Oasis Security Ltd. today disclosed that it has raised another $35 million through an extension of a Series A round originally announced in January.
The latest capital infusion, which was led by Accel, Cyberstarts and Sequoia Capital, doubles the size of the original investment. It brings Oasis’ total outside funding to $75 million.
There are many cases where a business application needs to be accessed by not only a company’s employees but also other applications. An analytics tool, for example, may have to fetch financial records from a database to generate a sales forecast. To meet that requirement, administrators must create an account for the analytics tool in the database being accessed.
Accounts created for applications and their associated data are collectively known as NHIs, or nonhuman identities. Tel Aviv-based Oasis has developed a platform designed to help organizations more effectively secure their NHIs. The company, which launched in January, says that its software has already been adopted by Chipotle Mexican Grill Inc. and several other large enterprises.
One of the challenges involved in securing NHIs is that a typical company has so many of them that some can go unnoticed. If administrators are not aware of an NHI, they can’t take steps to protect it from hackers. Oasis says its platform automatically creates an inventory of all the NHIs in an organization and makes the list available through a centralized interface.
After finding a new NHI, the company’s software scans it for vulnerabilities. It prioritize vulnerabilities based on severity to help administrators tackle the most urgent issues first. To speed up the remediation process, Oasis provides an automation tool that can instantly delete NHIs without human input if certain risks are detected.
When an application logs into another application, it must often provide an API key, a file that functions as a kind of password. Such logins often also involve certificates, documents that a service uses to verify that it’s not malicious. API keys, certificates and the other data assets associated with an NHI are known as secrets.
Oasis detects vulnerabilities that stem from ineffective management of NHI secrets. The platform can, for example, identify when an API key is not rotated on a regular basis. Rotating, that is replacing, secrets from time to time ensures that hackers can’t log in if they somehow obtain an out-of-date API key.
Oasis also spots other types of cybersecurity issues. The platform can identify NHIs that aren’t actively used and should therefore be deleted. The fewer surplus NHIs a company has, the fewer opportunities hackers have to try and gain access to its applications.
Deleting unnecessary NHIs is often challenging because it’s not always apparent whether they are indeed redundant, or are still used by some applications. Deleting an asset on which business applications depend to run can disrupt employees’ work. To help administrators more quickly determine whether an NHI can be deleted, Oasis displays detailed information about which services use it and what for.
“We are witnessing an unprecedented identity security crisis where non-human identities are at the epicenter, with severe business repercussions for many organizations,” said Chief Executive Danny Brickman (pictured, right, with co-founder Amit Zimerman). “Security and identity teams are left alone in uncharted territory, as other tools lack the ability to provide holistic visibility, posture and governance of NHIs across the hybrid cloud.”
Oasis will use its new funding for product development. The company also plans to expand go-to-market activities.