As businesses increasingly rely on an ever-growing number of SaaS products, it has become imperative for security teams to get a better understanding of which applications a company’s employees are actually using and the risks associated with those. It’s no surprise then that we’ve seen an increase in SaaS security solutions as well. Wing Security, which is launching out of stealth today and announcing its $20 million Series A funding round, aims to offer a comprehensive end-to-end SaaS security platform that can help businesses discover, monitor and — if needed — automatically remediate potential security issues with how their employees are using any of over 100,000 SaaS tools.
The company’s Series A round was led by GGV Capital, while its $6 million seed round, which the company hadn’t previously disclosed, was led by S-Capital. Harmony Partners, Silicon Valley CISO Investments Group and a number of angels, including Fireblocks CEO and co-Founder Michael Shaulov, Orca Security co-Founders Avi Shua and Gil Geron, former Kenna Security CEO Karim Toubba and Claroty co-Founder Galina Antova, also participated.
One thing that makes Wing stand out right away is its founding team. Led by Retired Brigadier General Noam Shaar, the former Chief Information Security Officer for the Israeli Defense Forces (IDF) and Retired Colonel Galit Lubitsky, the former head of the IDF’s Cyber Operations, you’ll be hard-pressed to find a more experienced set of founders, even in the Israeli security startup ecosystem that draws heavily from the IDF’s unit 8200. It’s also this leadership experience that put the founders on this path to launch Wing.
“We understand that people need a holistic solution — end-to-end. They don’t need one solution to take care of the unknown applications, one solution to make sure that Slack is running and is being used securely,” Shaar said. “As a former CISO of the biggest and most complicated organization in Israel, all I wanted from my security products is to perform and to be simple to use and to keep me covered. Not saying ‘ah, you had that incident? That’s because we don’t cover that.’ Then you have just a lot of different solutions that you try to integrate together and it never works.”
Wing then offers a platform that can discover all of the SaaS services being used inside a company — without having to install agents on users’ devices. To do this, the service integrates with some of the major SaaS applications in use in a given company (think Slack, Salesforce, Zoom etc.) and then looks at the activity happening there and the connections to those applications. That’s not easy but relatively straightforward and comparable to what some other vendors in this space do. In addition, though, Wing also integrates with endpoint security solutions to regularly query those endpoints to gather telemetry about SaaS applications that employees are using on those machines.
“Bringing those two methods together, that’s the only way to build a full picture,” explained Shaar, who also hinted that the team is looking at a solution that would work without these existing endpoint management services.
It’s worth noting that the Wing team stressed that the service only looks at metadata. It also doesn’t look at the content of employees’ inboxes.
As for remediation, Wing not only finds unsanctioned applications but also potential issues with the configuration of approved SaaS services that could create security issues. Simply providing alerts about potential security issues isn’t good enough, though, the company — and its investors — argue.
“When security professionals see another tool that is giving them alerts, they ask ‘and then what? What do I do with these alerts? I have alerts from here till indefinite.’ I think this platform approach that Wing is taking is really unique. They go and say ‘we’re not stopping here, we’re going to solve this problem for you,” GGV’s Oren Yunger said.
In practice, this means Wing provides playbooks for remediating common issues, but also some automated tools for remediating recurring issues as well.
“Wing’s holistic platform takes care of all your SaaS security needs. It identifies all SaaS apps, prioritizes the risks, and automates remediation,” said Coinbase’s Philip Martin, representing the Silicon Valley CISO Investments Group. “This allows security teams to cope with SaaS security challenges quickly and efficiently, making security an enabler for employees who want to use SaaS tools rather than a productivity blocker.”