- In 2019, 70% of organizations experienced a breach to their cloud environment.
- According to Gartner, 95% of cloud security failures are due to human error.
- Experts at EY estimate organizations will need 50% more funding than they are currently allocating to deal with the evolving cloud attack landscape.
Stats and figures like these are why Lightspin is here.
In early 2020, a team of offensive security practitioners with years of entrepreneurial experience came together to address what we saw as a challenging--and until then--unanswered problem.
The problem, as you might have guessed, was that of ensuring security in the cloud. Though the cloud affords organizations with incredible opportunities for growth and flexibility, it brings with it a host of new security challenges. The complexities of the shared security model, plus the ease with which cloud configuration vulnerabilities can occur, mean that these environments are at great risk to threats. And that's why we end up with stats like the ones listed above.
As organizations continue on their forward-march of embracing the cloud for countless infrastructure (IaaS) and platform (PaaS) use cases, they turn to Cloud Security Posture Management (CSPM) tools to try to stem the tide of misconfigurations and mistakes that leave them vulnerable to potentially devastating data breaches. But not only do these tools create lots of extra white noise via extraneous alerts, they often fail to catch important events altogether. Moreover, runtime tools are not proactive, which means that teams have to rely on alerts to find out about incidents.
Moreover, considering that in 2019, most of the companies that experienced a breach were, in actuality, compliant, CSPM tools have proven to be insufficient in extending security across cloud environments. Another approach is to look at CVEs in search of common vulnerabilities. But CVEs fail to address zero-day attacks, the very same ones that can do the most damage if they get through defenses.
Looking for Something Better
In early 2020, our experience led us to identify the challenges of dealing with fragmented cloud security. Then we hit upon an idea; what if we could help organizations view their cloud environments from the perspective of an attacker? What if we could empower organizations with the visibility to understand the root cause of issues, instead of simply dealing with the outermost symptoms? What if we could help cut through the noise and alerts to remove the guesswork and see deep inside any cloud security stack?
Once upon a time, we had both been in the position of the security buyer, and thus understood the most profound pain points a new solution would need to address:
- The creation of contextual cloud security
- The reduction of alerts and white noise
- The need to protect cloud environments along the digital transformation
We envisioned a solution that would tackle the challenge of cloud security from a holistic approach. One that would take all CVEs, misconfigurations, policies, and permissions and distill them into risk insights, enabling teams to view issues in order of priority, in the context of their own environment. And what do we mean by “in the context of their own environment”? To us, this is the clear, visual understanding of how things would play out if specific assets were to be breached (i.e., the net impact, as well as the precise impact, it would have on your environment), as well as an understanding of the ramifications of settings, and combinations of settings, down the road. With this predictive graph-based approach, teams could first be presented with a clear visualization of the potential attack paths, then easily identify/detect each one, prioritize based on actual importance, and fix any potential problems.
We understood what was needed to provide organizations with that attacker’s point of view and create true security in cloud environments. After speaking with nearly 50 global CISOs and Cloud security directors to ensure optimal product-market fit, we knew we were going in the right direction. And despite the fact that our founding coincided with the height of the COVID-19 breakout, the message resonated deeply with investors. We were fortunate enough to be named Ibex Investor’s first seed fund customer, part of an exclusive collection of companies showing exceptional promise. We are infinitely grateful to our good friends there for their invaluable insights and guidance as we go down this path together.
Now with over six active deployments at Fortune 500 companies and over 20 pilots in global organizations, we are thrilled to come out of stealth mode and begin on our journey. So if you're looking to get proactive and start blocking any potential attack paths in your environment, we’d love to hear from you. Together we can explore your use cases and discover how contextual cloud security can benefit your organization.
To learn more about Lightspin, reach out to us today for a demo.