IAM isn’t cutting it, Spera raises $10M for a new approach to identity security 

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Being able to see who has access to what is the essence of data security. Yet, most organizations are getting it wrong, with 84% of security professionals reporting that they experienced an identity-related breach in the past year. 

While this is partly due to an increase in identities, Israeli cybersecurity startup Spera believes that existing approaches to securing the identity threat landscape, like identity and access management (IAM), aren’t cutting it. To bolster its enhanced IAM tool, the company today announced it has raised $10 million as part of a seed funding round led by YL Ventures.

Spera seeks to build on the limitations of legacy IAM solutions by providing organizations with an identity security posture management (ISPM) platform, which offers greater context and remediation guidance surrounding identity-related breaches. 

The vendor’s platform creates a real-time inventory of identities, users, permissions and environments across on-premise and cloud environments alongside risk context. Users can then identity analytics, user correlation and usage patterns to identify what steps to take to prevent and remediate identity-driven attacks. 


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Finding an answer to the identity crisis  

Identity attacks are one of the most pressing threats in enterprise security. In 2022 alone, Okta, Twilio and Uber all experienced serious data breaches due to threat actors compromising user accounts. 

These breaches are part of a trend of attackers routinely targeting user identities and accounts for online accounts and services, which are poorly secured with outdated password-based security and multi-factor authentication (MFA) mechanisms. 

“Organizations today find themselves lost in an identity jungle, and are unable to detect and monitor privileged accounts and identify or mitigate partially off-boarded users, over-provisioned employees, unused and risky permissions, compromised credentials and other identity risks,” said said Dor Fledel, cofounder and CEO of Spera. “These gaps leave security teams in a state of identity insecurity,”

Fledel cites CrowdStrike’s research that more than 80% of breaches are identity-driven. Also, IBM notes that stolen or compromised credentials were the most common attack vectors of 2022. 

“Without visibility, these risks cannot be effectively measured, prioritized and remediated,” said Fledel. “Attackers use this chaos to their advantage, despite the continued investment of security teams in IAM, zero trust programs and other identity security and risk management solutions.”

Spera’s answer to this identity crisis is to increase visibility over identity risks with automation. Automating the generation of an identity, privilege and account inventory helps security teams get a better understanding of their attack surface, and what steps they need to take to harden their defenses against modern threat actors.  

A brief look at the IAM market 

Spera’s solution falls loosely within the identity and access management market, which researchers project will grow from a value of $13.41 billion in 2021 to $34.52 billion in 2028. Key vendors in the IAM space include Okta, which raised $1.86 billion in revenue in 2023, and Sailpoint, which was acquired by Thoma Bravo in 2022 for $6.9 billion. 

While these vendors dominate the IAM market, Spera is most closely competing with identity threat detection and response (ITDR) providers like Authomize that seek to streamline data breach prevention and response. 

Authomize currently holds $22 million in total funding and offers enterprises a platform for streamlining the investigation of incidents surrounding identities, access privileges and IT assets. This allows defenders to identify stale accounts, overprivileged accounts and privilege escalation paths. 

Another key competitor is Oort, which raised $15 million in funding in October last year. The company provides an ITDR that enables security teams to set thresholds for behavioral anomalies so they can respond rapidly in the event of a breach.

However, Fledel argued that the key differentiator between Spera and these organizations is the fact that “existing solutions haven’t been able to provide the appropriate visibility and end-to-end identity coverage to allow risk mitigation and remediation across all environments.”

Originally appeared on: TheSpuzz