Silverfort, the Israeli/U.S. startup, takes an all-in view when it comes to identity security in an organization. When it comes to potential breaches, people, machines, clouds, legacy and new apps can all be targets, and they can be exploited at any of the many points where they interact with each other. So the best way to protect against malicious exploits is to secure identity authentication between any and all of them.
That thesis has been getting proven out and tested by businesses, and the startup says it is now currently signing them up as customers at a rate of 100 per quarter. Revenues meanwhile are growing at 100% annually with ARR in the tens of millions of dollars. All that has caught the eye of investors, and now, Silverfort has raised $116 million to expand at a what reliable sources tell me is “around” a $1 billion valuation.
“We believe we can actually be that focused identity security layer that covers all the silos,” CEO and co-founder Hed Kovetz said in an interview.
Brighton Park Capital is leading the all-equity round, with previous backers — a mix of strategic and financial investors — participating. They include Acrew Capital, Greenfield Partners, Citi Ventures, General Motors Ventures, Maor Investments, Vintage Investment Partners and Singtel Innov8.
As those familiar with security technology know, the space can be sliced and diced into many different domains and approaches. Identity has emerged as one of the more interesting of these in recent years, not least because of the growth of cloud architecture, which has made it possible to build not only more business software and apps, but a whole new frontier of interactivity between those different products to make them, and workers, more dynamic and productive. Each point of interactivity essentially involves authentication between apps and therein lies the challenge: each of these can become a potential vulnerability. Given that a lot of the authentication is carried out in an automated way, and that vulnerabilities can be created inadvertently even through the most innocent code ship, this creates a large, and difficult to monitor, attack surface.
Ironically, often the most disruptive technology can be the products that slip into usage easily, asking little of users to work. That is somewhat the case with Silverfort, which is designed to work with any current ID management products that an organization might already use. Silverfort essentially fits in around these, taking a snapshot of the bigger network, which covers not just workers but machines and apps, and then provides observation around the bigger landscape, tracking unusual activity and responding to it, specifically Threat Detection and Response (ITDR) and Identity Threat Prevention (ITP) capabilities.
As we’ve described it previously, the aim is not to build another ID platform to replace or compete with, say, Okta, or anything else. It’s to “sit behind all the other platforms” in Kovetz’s words. The other platforms forward authentications to Silverfort, which provides “a second opinion” in authenticating a user, or a machine. The all-in approach also, critically, covers legacy apps and end points, which is a hard reality of the promise of “digital transformation”: most businesses will not be ripping old systems and hardware out, but replacing it over time.
“Silverfort is one of the rare companies that has successfully envisioned how a large market will need to transform to solve a tough problem – in this case, identity security,” said Mike Gregoire, a partner at Brighton Park Capital, in a statement. “The company has a track record of building innovative products at scale that exceed customer expectations, combined with excellent go-to-market execution. Silverfort’s deep market expertise and vision for the identity security market, as well as their ability to build a winning team and culture, are second to none.” Gregoire is a former CEO of CA Technologies and Taleo, and he is joining Silverfort’s board with this round.