Linx Emerges from Stealth with $33M to Revolutionize Identity Security

Linx emerges from stealth with $33M to lock down the new security perimeter: Identity

Identity management is one of the most common fulcrums around which security breaches have pivoted in the last several years, and one of the main reasons it's the gift that keeps on giving to malicious hackers is that it's a nightmare for organizations to track. A security startup founded in Tel Aviv called Linx has been quietly building technology using AI and analytics to address this, and today, on the back of picking up customers in stealth mode, it's coming out into the open with $33 million in funding to take on the challenge of identity management more aggressively. Linx's funding is being announced in a single sum, but more specifically it's coming in two tranches that speak to its momentum while in stealth. The latest is $27 million co-led by Index Ventures and Cyberstarts; prior to that Linx raised $6 million led by Cyberstarts. Other investors in Linx speak to the founders' reputation in the Israeli security community: they include Mickey Boodaei (Imperva, Trusteer, Transmit), Rakesh Loonkar (Trusteer, Transmit), and Assaf Rappaport and Yinon Costica (Wiz, Adallom). Other investors in the round are Cerca Partners and Knollwood Investment Advisory. Linx Security has been around for just over a year and it has an interesting backstory. The two co-founders, Israel Duanis (CEO) and Niv Goldenberg (CPO), originally met and became friends as so many others do in the world of Israeli tech: they were enlisted together in the army in the 8200 cyber unit. They were not the only ones in that particular cohort: Assaf Rappaport and the other Wiz founders were also in that group. Both Duanis and Goldenberg went on to work for cybersecurity companies, Checkpoint Software in the case of Duanis and Adallom, Microsoft and Transmit for Goldenberg; and Duanis also later ranged away from the space, founding, running and eventually selling (to Via) an automotive fleet management tech company called Fleetonomy. Yet Duanis still felt like there was something in security that he needed to do. "When I looked at past 20 years I felt like ID has always been overlooked," he said in an interview. At Checkpoint, he recalled, access mgmt and permissions were essentially IT issues, not security, "but so many attacks now are ID-driven." A quick look at some of the most high-profile breaches of the last several years - Equifax, T-Mobile, Snowflake to name just a few - underscores how identity, specifically ungoverned credentials could be exploited by malicious haciers. "These were all credentials issues," said Duanis. Their bet was that a platform that could understand and fix this from the perspectives of compliance, security and efficiency "could create a real impact," he said. "Today identity is the new perimeter, and so you need to address that." Ultimately, the Rappaport Rapport - heh - was pretty strong. When Duanis told Assaf he was thinking about forming a startup to focus on ID management, Duanis tells me that it was Assaf who introduced him to Gili Raanan at Cyberstarts -- kind of a kingmaker in Israeli cyber. The seed deal was done within 24 hours and thus Linx Security was born. With Linx coming out of stealth only today, the company is not disclosing any names of customers, nor a huge amount of detail about how it works, but the basic idea goes a little something like this: Organizations today typically use or have used hundreds, if not thousands, of different apps and software. Each will require user authentication to access, but when an app is no longer used regularly, or when workers come and go, a business might not comprehensively eliminate all of the identity information that comes with the waxing and waning of any particular app or worker. Over time, the organization can start to accrue a massive stockpile of so-called ungoverned identity information, and that soon becomes a big liability: sitting there, ignored, until a malicious actor picks one up and uses it to access the whole system. Linx's approach is to use analytics and AI to scan and understand the wider landscape of an organization's system to link (hence the name) all identities up together and to actual, active employees. In the process it also finds IDs that are no longer connected to active users so that they can be removed. The resulting data then becomes a map that can be used to track the system over time, and thus when an ID is picked up and used unexpectedly, you'll know it's happening. Although AI has quickly become a hackneyed and likely misused term in tech, Duanis said that Linx's use of it is very targeted. "AI is overused as a term," he admitted, "but I think that once you're able to take the essence of [a network] and to be able to run [algorithms] very quickly on the development side, to use that power to provide suggestions and automations, I think that has created a real impact, and a place for a real change in the way that people manage today." He said that typically the work that could have taken months to do to weed out ungoverned identities can now be done "in hours." Raanan at Cyberstarts made the deal to back Linx quickly because of how he could see the market evolving. "Identity is the top threat vector for the modern enterprise," he said in a statement. "Identity teams under the CISO, are struggling to cope with a growing number of tasks and suffer from antiquated legacy solutions."

Linx Security raises $33M for its identity security platform - SiliconANGLE

Linx Security Inc., a startup that helps enterprises secure their employees' application accounts, launched today with $33 million in funding. The Tel Aviv-based company raised the capital over two rounds. The initial $6 million raise was led by Cyberstarts, which later returned to co-lead a $27 million investment in Linx together with Index Ventures. Cerca Partners and Knollwood Investment Advisory are also investors along with several executives from the cybersecurity industry. Unused employee accounts in business applications can pose a cybersecurity risk. If an account is not actively used, malicious login attempts are potentially more likely to go undetected. The more unused login credentials there are in a company's technology environment, the more opportunities hackers have to launch a cyberattack. Linx Security offers a software platform designed to enterprises address such risks. According to the company, its platform can significantly reduce the amount of effort involved in finding and removing unused or risky employee accounts. "Identity security is one of the urgent cybersecurity pain points organizations struggle to address in today's fast-paced business environment," said Linx Security co-founder and Chief Executive Officer Israel Duanis. Linx finds insecure accounts by collecting data on user access permissions from a company's technology infrastructure. The company collects the data in an agentless manner, meaning administrators don't have to install any additional software on their systems to use the platform. After gathering raw technical information about potentially insecure accounts, Linx organizes it into a consistent format to facilitate analysis. The platform uses artificial intelligence to scan application accounts for cybersecurity risks. According to Linx, its algorithms can automatically map out accounts that should be removed because the employee who used them has left the company. The platform also spots other types of issues, such as unnecessary accounts that belong to current employees but were never used. Linx visualizes the issues it finds in a dashboard to help administrators prioritize their work. The dashboard displays the number of risks that the platform identifies, ranks them by severity and lists the systems they affect. Administrators also have access to related information such as the number of applications that Linx has scanned for account-related cybersecurity issues. The company says that its platform can spot vulnerabilities in not only employee accounts but also so-called service accounts. Those are accounts used by applications to interact with one another. A revenue forecasting tool, for example, may require a service account in a marketing database to analyze the purchase logs the database contains.