CyCognito — Automated SaaS Security to Identify Shadow Risk

Arif Janmohamed
Lightspeed Venture Partners
3 min readNov 19, 2019

--

CyCognito founders: Rob Gurzeev (CEO) and Dima Potekhin (CTO)

I don’t envy today’s Chief Information Security Officer (CISO). Not a day goes by without another headline about a large company getting hacked, exposing millions of users’ data to the bad guys. Equifax. Target. Sony. These are just a few of the companies recently in the news.

The problem is that today’s enterprise is much more complicated to protect than in the past. Back in the good old days, a company had a data center and inside that data center were a bunch of applications and their related data. To protect these applications and data, the CISO bought a bunch of firewalls, which he occasionally upgraded. Life was good.

But today’s modern enterprise has a sprawling set of systems to protect. Developers are building applications on multiple clouds… and they’re occasionally forgetting to set appropriate passwords or encrypt their data. Business users are adopting all sorts of SaaS applications, some of which may have security holes. And companies still have to protect their legacy data centers.

Hackers love this complexity since it’s created many more opportunities to break into a company. But in many cases, today’s security professionals are flying blind. Put simply, a company’s attack surface has massively expanded, but for the modern security team to protect this surface, they first need to understand it.

You can’t protect what you can’t see.

CyCognito’s founders intimately understand this issue, having spent many years inside one of Israel’s intelligence agencies. When co-founding CyCognito, Rob and Dima had a vision to help enterprise security teams understand how hackers will attack their companies. How would a hacker probe a network without being detected? Which high-value assets would a hacker spend time trying to break into? And which parts of an enterprise’s internet footprint are most vulnerable?

On the surface, these may seem like relatively easy questions to answer… but at scale it’s a very, very hard problem to solve.

What the CyCognito team has built is incredible — in just 2 years, they’ve built one of the world’s largest and most sophisticated botnets that constantly crawls the internet to find, classify and index every company’s internet-visible assets (such as servers, data repositories, or connected devices). The CyCognito platform then probes these assets with a hacker’s mindset to discover any vulnerabilities that can lead to a high value breach. These vulnerabilities are then added to CyCognito’s security graph and classified by business context and priority, with a particular lens towards where a hacker would spend his efforts.

In short, CyCognito has built an internet-scale security graph. Already, they’ve mapped over 3.5B servers and connected devices, annotated by security issue and business context. The result is that CyCognito customers’ security teams can prioritize fixing those issues that would seem most attractive to a hacker. And since this is done with internet-scale technology, there are no agents. There is no configuration. Security teams receive compiled data that shines a light on critical business vulnerabilities. This is a game changer.

Today, we are excited to announce that we have led CyCognito’s $18M Series A financing. We are thrilled to partner with the CyCognito team as well as our friends at Sorenson, UpWest Labs and Dan Scheinman.

It takes an ambitious and innovative founding team to recognize an opportunity to transform a market. And the CyCognito founders are building a platform to help companies discover their Shadow Risk exposure, those critical blind spots that attackers use to gain entry into targeted organizations. At Lightspeed, we are excited to partner with Rob and Dima in their journey to combine internet-scale technology and deep expertise into the mind of a hacker to build the security graph that will help security teams protect against the unknown.

Arif Janmohamed is a Partner at Lightspeed Venture Partners. He focuses on investments in enterprise IT, Security and SaaS and sits on the boards of a number of rapidly scaling companies, including Netskope, TripActions, Appzen, Moveworks, and CyCognito. In his free time, Arif plays ice hockey with his wife, who yells at him for never passing the puck to her.

Lightspeed is a multi-stage VC firm focused on accelerating disruptive innovations and trends in the enterprise and consumer sectors. Lightspeed has backed 350+ companies globally in the past two decades including Nutanix, AppDynamics, MuleSoft, Snap and Nest.

--

--

Arif Janmohamed
Lightspeed Venture Partners

Venture Capitalist at Lightspeed Venture Partners. Canadian. Dad.