Companies moved en masse to the cloud during the pandemic, under pressure to digitally transform. According to a 2021 survey from O’Reilly, cloud adoption steadily rose across industries, with 90% of organizations using cloud computing compared to 88% in 2020.
The accelerated cloud adoption led to a rise in security issues. In a recent poll of U.K. executives by PwC, cloud-related risks were top of the cybersecurity agenda, with 39% respondents expecting such security risks to “significantly affect” their organization in the coming months.
For some startups, that’s been good for business. See: Mitiga, a cloud security firm that offers a subscription-based service to help companies prepare for cloud and software-as-a-service (SaaS) attacks. Mitiga today announced that it raised $45 million in a Series A round led by ClearSky Security with participation from Samsung Next, Blackstone, Atlantic Bridge and DNX.
Co-founder and CEO Tal Mozes says that the fresh cash will be put toward product development and expanding Mitiga’s 56-person workforce. The Series A values Mitiga at over $100 million.
“The pandemic accelerated cloud and SaaS adoption without growing organizations’ capabilities and talent at the same rates, in order to successfully handle a rising tide of cloud and SaaS incidents,” Mozes told TechCrunch in an email interview. “This inequity created a huge need to build a scaled solution — and that’s exactly what we did. The company is well-positioned today to run for years without additional funds if needed.”
Tel Aviv-based Mitiga was founded in 2019 by Mozes, Ofer Maor and Ariel Parnes, a retired colonel from Israel Defense Forces. Mozes and Maor previously spearheaded Hacktics, a penetration test company that was acquired by Ernst & Young over a decade ago, and Seeker Security, an app security automation product Synopsys bought in 2015.
Mozes says that the team was initially motivated by a desire to fill what they saw as a gap in the incident response industry: solutions designed for cloud and SaaS. The segment, he avers, is still dominated today by professional services companies applying old-school approaches to cloud cybersecurity.
Mitiga’s different in that it takes a “modern” approach to cloud incident response, Mozes asserts. The service analyzes cloud forensics data for investigation, storing forensics data from various clouds and software-as-a-service apps. Using a library of cloud attack scenarios, Mitiga hunts for attacks in the forensics data, managing and orchestrating the response in real time.
“We’ve built a module we call ‘forensics as code” that enables our researchers to automate the work of incident response and threat hunts,” Mozes said. “Partnering with Mitiga enables teams to do more, extending their capabilities without hiring expensive, hard-to-find new talent.”
It’s not strictly hype, necessarily. There’s real, documented benefits to adopting any kind of cloud security solution. In a survey by Palo Alto Networks, 80% of organizations with strong cloud security postures noted increased workforce productivity while 85% of those with low “friction” between security and development and DevOps teams reported the same.
Of course, even if Mitiga’s solution is as good as Mozes claims, there’s no shortage of rival vendors offering services to secure organizations’ cloud assets. The competition’s growing fiercer.
Cloud security startup Wiz raised $300 million at a $10 billion valuation just in February. Sentra, which finds data in the cloud and offers remediation plans for data security teams, nabbed $30 million in January. There’s also Dig Security, Laminar and Opus Security — cloud security orchestration and remediation platforms that have between them raised tens of millions of dollars in capital.
According to Insight Partners, the global market for cloud security could grow from $48.57 billion in 2022 to $116.25 billion in 2028.
For his part, Mozes — no surprise — expressed confidence in Mitiga’s current growth trajectory. Somewhat suspiciously, however, he wouldn’t disclose the size of the company’s customer base or any concrete revenue numbers. Mozes cited competitive reasons for the secrecy. But from where we’re standing, it certainly makes it harder to get a sense of the state of Mitiga’s business.
“When the success of so many of today’s enterprises hinges on what happens in their cloud and SaaS environments, the new levels of readiness and investigation speed we deliver equate to record response times for the security leaders and business value for the C-Suite,” Mozes said. “In the cloud and SaaS era, companies that can recover from breaches quickly possess a significant advantage.”