Valence Security raises fresh capital to secure the SaaS app supply chain

Valence Security, a company securing business app infrastructure, today announced that it raised $25 million in a Series A round led by M12, Microsoft’s corporate venture arm, with participation from YL Ventures, Porsche Ventures, Akamai Technologies, Alumni Ventures and former Symantec CEO Michael Fey. The new capital brings the company’s total raised to $32 million, and co-founder Shlomi Matichin says it’ll be put toward product development and doubling Valence’s 25-person headcount by the end of the year.

Matichin co-founded Valence Security with Yoni Shohet in 2021. A two-time entrepreneur, Shohet previously co-launched SCADAfence, an industrial Internet of Things security startup. Matichin, for his part, was one of the founding members of Capester, a platform for cataloging videos of civic violations.

“In recent years, malicious actors have placed their focus on the interconnectivity between software-as-a-service (SaaS) applications, leveraging its potential for their attack campaigns, as we saw in the SolarWinds breach,” Matichin told TechCrunch in an email interview. “Organizations struggle to secure this [app] mesh — a growing, complex and interconnected environment of SaaS apps, third-party integrations, identities, privileges and data.”

Matichin and Shohet built Valence to address these challenges around visibility into the SaaS supply chain, including misconfigurations, risk prioritization and remediation. The platform attempts to detect all of a company’s SaaS apps and contextualize them with vendor risk assessments, offering tools to spot improperly configured security controls and drifts from established policies.

Valence can also help manage risky, inactive and overprivileged authentication keys, third-party integrations and no- and low-code workflows, Matichin says — in addition to potentially insecure public-facing files and emails forwarded externally. Identity security flows within Valence, meanwhile, aim to ensure users are managed by a central identity provider, using multi-factor authentication and are properly offboarded.

According to Matichin, driving the demand for these services is the increasing threats companies face — and general SaaS app sprawl. The average enterprise uses around 80 SaaS apps, with BetterCloud estimating that businesses with more than 1,000 employees use more than 150 apps. This opens firms to attack. According to a Dimensional Research survey commissioned by ReversingLabs, a cybersecurity vendor, just over half (51%) of IT security teams report being able to protect their software from supply chain attacks.

The impact of such attacks can be devastating. In a recent paper, Kaspersky estimated the cost of a supply chain software attack to an enterprise at $1.4 million. That doesn’t factor in the lost revenue from additional downtime arising during remediation, which can substantially add to costs (to the tune of thousands to millions of dollars) and affect a firm’s reputation.

“Beyond security concerns, the repercussions of SaaS supply chain attacks are at the top of business priorities in light of the growing number of high-profile SaaS supply breaches over the past two years,” Matichin said. “These breaches can expose multiple interconnected SaaS applications for a single organization as well as threaten the business-critical data stored in those applications. This risk to business objectives, as well as to business continuity and efficiency due to the significant impact these breaches have on SaaS use, should be top-of-mind for the C-suite.”

Tel Aviv-based Valence competes with a number of vendors in the supply chain SaaS app security space, including Canonic Security, Atmosec (which has raised $6 million), Astrix Security ($15 million), Wing Security ($26 million), AppOmni ($123 million), Obsidian Security ($119.5 million) and Adaptive Shield ($34 million). When asked whether that concerned him, Matichin responded by highlighting what he sees as a growing need for visibility and control over SaaS assets and remediation of the risks.

“As remote working conditions accelerated the adoption and use of SaaS applications, a unique and unaddressed risk surface uncovered a growing need for SaaS security solutions targeting the sprawling SaaS mesh,” Matichin said. “In this respect, Valence was strongly positioned to address the unique security and business needs at the height of the pandemic, [and] Valence will continue to set the standard for SaaS security going forward.”

Matichin didn’t reveal the size of Valence’s customer base or projected revenue. But even if it’s lower than that of the company’s close competitors, VCs seem ready and willing to throw their weight behind security vendors. In the first half of 2022, there was $12.5 billion in venture capital invested across more than 530 deals, according to a report from investment firm Momentum Cyber — in line with H1 2021’s $12.6 billion invested.

Valence Security raises fresh capital to secure the SaaS app supply chain by Kyle Wiggers originally published on TechCrunch