SAVVY, a cybersecurity pioneer that eliminates workforce-initiated security incidents involving software-as-a-service (SaaS) applications, including generative AI, announced that it exited stealth and raised a total of $30 million. Canaan led the most recent Series A funding round with key investors Cyberstarts and Lightspeed. Cyberstarts also led the initial seed round with Lightspeed.
SaaS has been a boon for the enterprise, enabling business-led initiatives and offloading effort and resources from internal IT and development. On average, organizations have 130 SaaS apps, an 18% increase from last year. However, the lack of security control standardization and complexities introduced by integrations are stressing security operations (SecOps) teams and increasing friction between IT and the business. Unbridled SaaS sprawl is challenging resource-strapped enterprises to consistently enforce effective security controls at scale.
SAVVY’s Workforce Security Automation platform addresses human error by empowering SecOps with complete visibility and security automation playbooks for orchestrating SaaS incident response before an unsecure action takes place. By implementing just-in-time guardrails directly into the user workspace as a pop-up security copilot, the platform provides real-time alerts and suggestive guidance to improve user decision-making. SAVVY is already deployed by Fortune 500 companies in the hospitality and consumer goods industries, with over 100,000 active users.
CIO INFLUENCE: General Data Protection Regulation (GDPR) Anniversary
“The best security companies tackle surface vectors of attack head on. SAVVY‘s focus on the “human” attack surface and protecting employees across browsers and work apps solves a massive problem all enterprises face and is only getting worse,” said Joydeep Bhattacharyya, general partner at Canaan. “The real-time nature of SAVVY enables security teams to finally preempt employee-initiated events rather than just respond, which is why customer feedback has been so positive and also why we believe SAVVY will lead the emergence of an entirely new category of browser and application security.”
Unlike legacy approaches that block applications or actions, require traffic steering, and introduce latency, SAVVY’s platform is embedded directly into user work environments to counter user-initiated SaaS events, including the unsafe use of generative AI, sensitive data loss, and creation of supply chain risks through SaaS integrations. For example, for ChatGPT, SAVVY can guide users to turn off the chat history before submitting a prompt to prevent using proprietary information to train Generative AI models.
Additionally, SAVVY provides visibility into applications not connected to single sign-on (SSO) or cases where users sign in directly with reused, shared, or compromised corporate credentials. Using such credentials is usually undetectable by network security controls, making user offboarding challenging. SAAVY discovered three times more apps where employees used their corporate identity that were invisible to SecOps because of its lack of SSO, and nearly 30% of all apps involved risky employee behavior including password reuse, compromised accounts, and weak passwords.
CIO INFLUENCE: Nextira Selected by Ansys Technology Partner Program to Support Customers Implementing Ansys Gateway Powered by AWS
“Companies can have the highest security budgets and the best systems in place, but if you’re not reaching the end user at the point of decision, then history will continue to repeat itself,” said Guy Guzner, co-founder and CEO of SAVVY. “Our Workforce Security Automation platform helps SecOps gain full visibility and control over all user SaaS touchpoints, including sensitive information sharing in generative AI apps, and our suggestive guidance system helps users understand the risks as they happen and why they shouldn’t bypass security in favor of productivity.”
SAVVY’s security copilot is tailored to each organization with powerful out-of-the-box security automation playbooks that can be easily customized through its no-code automation engine. SecOps teams can determine how they engage users when encountering SaaS events and enable automatic incident responses to secure users and SaaS usage at scale.
SAVVY reports real-time actionable insights and metrics to security teams, enabling them to identify high-risk areas and user risk profiling to pinpoint which roles and teams require more support. The platform recommends steps for risk mitigation and tracks improvement over time.
“We are thrilled to continue this journey with SAVVY’s experienced entrepreneurs, who are helping organizations solve the ever-challenging human element of cybersecurity that has only worsened with burgeoning SaaS growth,” said Gili Ranaan, founder at Cyberstarts. “SAVVY has spent significant time across dozens of large US organizations to understand how to reduce the impact of poor employee cyber hygiene and developed an easy-to-use solution that is unlike anything else on the market.”
CIO INFLUENCE: CIO Influence Interview with Pete Lilley, Vice President and GM at Instaclustr
[To share your insights with us, please write to sghosh@martechseries.com]