SaaS security provider raises $50M to boost application security  

Managing the modern enterprise attack surface is tough. With organizations maintaining an average of 254 SaaS apps, security teams need to have complete visibility across the hybrid cloud to mitigate application security vulnerabilities at pace, which few have the tools to do. 

SaaS security providers like Skybox Security, which today announced it has raised $50 million in financing from CVC Growth Funds, Pantheon and J.P Morgan, are aiming to increase transparency over the attack surface through the use of security policy management and vulnerability management. 

Skybox Security uses a combination of infrastructure context and threat intelligence to increase visibility of the attack surface across IT, hybrid cloud and OT environments. With this information, security teams can conduct discovery, prioritization and remediation for potential exploits across the cloud. 

This latest financing highlights that protecting SaaS apps is critical for protecting the attack surface as it spans the hybrid cloud.

Why application security is key to securing the attack surface 

While the widespread increase in cloud adoption has paved the way for new apps in the workplace, these proliferating apps have introduced new vulnerabilities. In fact, research shows that 85% of apps have “critical” vulnerabilities. 

As more and more apps enter hybrid working environments, security analysts need to have the visibility to identify these apps and check them for vulnerabilities at scale if they want to protect the attack surface. 

“The rapid adoption of new technologies driven by digital transformation, cloud migration, the hybrid work culture and the IIoT (industrial internet of things) boom [have] left security teams scrambling to manage an ever-expanding attack surface and a skyrocketing number of vulnerabilities,” said Mordecai Rosen, CEO of Skybox Security. 

“Today’s modern businesses need to be agile and adaptable to succeed, and both IT and OT hybrid cloud environments need to keep up with the rapid pace of change. As networks expand and become more fragmented, IT teams are challenged to manage an almost innumerable number of devices, rules and security vulnerabilities while maintaining alignment across functional silos and with limited resources,” Rosen said. 

Skybox Security aims to provide this by offering a solution for managing the risk of app migration, testing for exposures throughout the attack surface and mitigating vulnerabilities before threat actors can exploit them. 

For instance, the solution collects and aggregates vulnerability data from scanners, EDRs, CMBDs, security controls, OT assets and threat intelligence to identify vulnerabilities where they exist in the environment. 

The SaaS security market 

Skybox Security’s focus on SaaS application security places it in the category of the global SaaS security market, which researchers valued at $8.2 billion in 2021 and estimated will grow to $21.1 billion by 2028. 

The organization is competing against a number of vendors including Tenable, a vulnerability and exposure management provider, which offers vulnerability and misconfiguration discovery and risk scoring. Tenable recently announced raising $174.9 billion in revenue in its third quarter 2022 financial results. 

Another competitor is Tufin, a firewall management and network security vendor, which offers automated firewall and security policy management alongside network security change automation. Tufin most recently announced raising $29.5 million in revenue in the second quarter of 2022. 

According to Rosen, the key differentiator between Skybox Security and other competitors is its combination of exposure management and vulnerability management into a single platform. 

“Skybox is the first company to release a SaaS solution for security policy and vulnerability management in both on-prem and multicloud environments,” Rosen said.