Public cloud security startup Laminar emerges from stealth with $37M

The cloud may be the direction that much of enterprise IT is moving today, but it still remains a major source of security issues, with some 98% of all enterprises in a recent survey reporting that they have contended with a cloud-related security breach in the last 18 months.

Today, a startup called Laminar is coming out of stealth with $37 million in funding with a solution to address how that issue plays out in public cloud architecture, specifically with “agent-less” technology it claims can monitor for data leakages, and fix them, faster than other approaches to cloud security on the market.

The funding is being disclosed for the first time now to coincide with the company’s launch, but it actually comes in two tranches: a $32 million Series A led by Insight Partners, with SentinelOne, TLV Partners and Meron Capital participating, and a $5 million seed round.

SentinelOne, a specialist in endpoint security, is the obvious strategic investor in that list, but Insight has been a strategic partner of sorts for Tel Aviv-based Laminar, too. That’s because the startup has been leaning on Insight Ignite, a division of the VC that pairs portfolio companies with potential customers to grow their business. Laminar says that its tech has been tested by “hundreds” of CISOs through the program, with a portion of those progressing into becoming actual customers when the service commercially launches in 2022.

It’s always notable when a company that has yet to publicly roll out a product, much less sign up a customer, manages to raise a substantial round of funding. The reason is often that the founders in themselves are impressive enough to merit the bet, and that is the case with Laminar, too.

Co-founders Amit Shaked (CEO) and Oran Avraham (CTO) are both veterans of Unit 8200, the famous Israeli military intelligence service that has been the breeding ground for so many other entrepreneurs in the country. Friends from childhood, Avraham led a team that was a four-time winner of Google’s Capture the Flag online security competition, and when he was just 17, he identified the first iPhone 3G baseband vulnerability. Shaked worked for some time at Magic Leap. At the time of writing, they are still both younger than 30.

There are a number of tech companies that have identified the shortcomings of cloud services when it comes to cybersecurity, making for a variety of approaches to solving that problem.

In the realm of public cloud services, others providing solutions include the likes of Netskope (which earlier this year was valued at $7.5 billion, speaking to the business opportunity here); Microsoft (which most recently beefed up its cloud-based cybersecurity profile with the acquisition of CloudKnox earlier this year); vArmour (which is approaching an IPO); and many, many more.

Laminar’s belief is that it has built technology that is faster and easier to use, and is more geared to the realities of how cloud services are designed: apps and services are built and run across multiple public clouds (in Laminar’s case its main activity today is centered around Azure, Google Cloud and AWS, Avraham told me).

Laminar’s approach, Shaked said, is different for another reason, too: It is built around the idea of being proactive rather than reactive. “It’s more about preventing data from leaking rather than assuming something happened or already went wrong,” he said. Typically large enterprises are operating on hybrid cloud systems, using three or four providers across multiple geographics, “and that makes it more complex.”

Its technology is “agentless” and asynchronous to put less strain on network operations and data flow, which the company says contrasts with much of how existing cloud security is built using either agents on end points or proxies that filter (and slow down) traffic.

The system, as Shaked described it, starts by building a picture of a company’s managed and unmanaged data landscape (that is, both data used actively in services, and data produced through those services but then simply placed in “shadow” datastores). This is then used as a basis for a mass-scale monitoring operation around how the network is behaving: systems are set up for “sanctioned” data movements, and so when data changes or moves for any other reason, it gets flagged, stopped and fixed.

Emmet Keeffe, an operating partner at Insight who founded Insight Ignite, said the VC was interested in what Laminar had built because it fit well with how it saw the market evolving and a gap that was emerging.

Previously, he said, enterprises were just paying lip service to the concept of digital transformation. “It was just the theatre of digital in 2018,” he said. “Most of what was happening was not real digital change. That all changed in March 2020” — when COVID-19 hit — “when we saw a massive unlocking of digital. Then, the first thing that needed to be rethought was cybersecurity.” In essence, “fully unlocking the cloud,” as Keeffe described it, has essentially led to unlocking too much data, too. “We came to Laminar because this really needed to be solved, market-timing wise.”

It’s very notable that SentinelOne, a specialist in endpoint security, is investing here, too: It makes one wonder if the company might potentially be exploring how it might augment the work it already provides with a cloud-native approach as well, and how it might use Laminar as a partner (or more?) down the line to do so.

“Data and APIs are mission critical in the functioning of today’s digital society,” said Tomer Weingarten, CEO, SentinelOne, in a statement. “Securing data wherever it resides is the foundation of our Singularity XDR platform — we see Laminar’s approach as complementary in helping our customers secure data in a cloud-first world.”