Anticipating cyber attacks: Why we invested in Saporo

Like most good stories, it started with a group of friends and a few beers: the idea of Saporo was born when Olivier, Eric and Guillaume shared a few bottles of Saporo on a Summer evening in 2021. Fast forward a few months, the Lausanne-based cyber security startup joins the Lightbird squad, lands its first client and is working in full swing on a solution helping organizations better anticipate and prevent cyber attacks.

As more and more organizations migrate their infrastructure to the cloud, remote work becomes prevalent and IoT fosters an increasingly connected world, the exposure to cyber attacks has gone up drastically: According to Checkpoint’s Cyber Security Report, cyber attacks against corporate networks increased by 50% in 2021 compared to the previous year. On average, an organization becomes a victim of ransomware every 11 seconds worldwide.

Cyber attacks not only pose a risk to an organization’s finances and reputation but can also threaten business continuity as a whole. The risks incurred by cyber attacks are so high and expensive that insurance providers have raised premiums and in some cases are even no longer provide coverage for cyber attacks. AXA France, for example, canceled reimbursements for ransomware payments under its cyber insurance policies for its customers in May 2021 because the number of claims was exploding.

The so-called Achilles heel of a company’s IT security — be it in the SMB or Enterprise segment — is the directory. A directory service is used to manage users and their access rights: when you enter a password of your work laptop, the directory is checked to see if you have the rights to use this laptop and the various corporate services attached to it. This directory and the respective identities are commonly targeted in cyber attacks: attackers identify the weakest point of entry and try to move up from the user’s identity towards more valuable assets, e.g. from the intern up to the CFO’s credentials and data. While the directory is the cornerstone of most organizations’ network, it is not designed for security.

This is exactly where Saporo comes into play: Saporo proactively and continuously conducts machine learning-driven analyses across assets, users, and computers to proactively identify and prioritize the necessary fixes before attackers exploit them. This enables security managers to anticipate cyber crimes rather than react to attacks that have already occurred. Consequently, financial, reputational, and business risks can be limited and reduced.

We are proud backers of Saporo and have co-led the recently announced pre-seed round of $2.7M together with our friends from Session.vc. Here are three points why we are convinced that Olivier, Guillaume, Eric and their team are onto something big!

1️⃣ A strong founding team of cyber security experts and serial entrepreneurs

The first time we spoke with Olivier was at the beginning of August 2021, when Saporo was only four months old. Olivier and his co-founders Guillaume and Eric quickly showed a deep understanding of the cyber security space in combination with strong execution power. Their background and professional experience in both Switzerland and the U.S. leads to a good cultural mix. They also experienced firsthand what it means to build a unicorn as part of the Nexthink team, a Swiss-based analytics platform to measure and manage information security programs. In addition to several years of experience at Nexthink, the founding team has built further extensive cyber security as well as company-building know-how at companies such as Dathena, Vectra AI and Alaya.

The Saporo team — fully remote and distributed across Europe & the U.S.

2️⃣ A growing market with big momentum

Organizations are starting to take security risks more seriously: According to Gartner, worldwide spending on information security and risk management technology is expected to reach 211B in 2025. High growth is predicted for this market in the next couple of years because security spending still varies widely between different industries/companies today. While cloud-based companies already spend 9.5% of their total IT budget on security, more traditional companies are still far away from this figure. However, as these more traditional organizations become more digitized, e.g. by deploying IoT devices and moving to the cloud, they are increasingly urged to protect themselves against cyber attacks. The opportunity for cyber security players to address the needs of these new customers is huge.

A good example of this market opportunity resides in the healthcare sector, where healthcare providers are increasingly moving their data to the cloud. This shift poses great challenges related to data privacy and data security, especially concerning sensitive patient data. For attackers, however, this data is very attractive and IT security managers consequently invest a lot of resources to deal with these issues. Interestingly enough, IT security teams spend 60–70% of their time on post-incidents, i.e. checking logs and trying to figure out what went wrong when it is already too late.

Wouldn’t it make more sense to prevent cyber attacks in the first place? This is exactly where solutions like Saporo dealing with privilege access management in combination with threat intelligence come into play. And more and more IT security officers realize the strategic importance of prevention over reaction. This move from post-incident to pre-incident analysis is the last point we would like to make on why we believe Saporo has great potential.

3️⃣ Moving from post-incident to pre-incident analysis

Saporo’s solution helps CISOs and their teams with pre-incident analyses by

• proactively conducting stress tests to identify and fix weaknesses in the directory before attackers exploit them. Saporo not only looks at whether the assets are compliant but also whether the assets have higher-privileged access to further assets. Simple stress testing tools or scanners do not perform such extensive analysis.
• ruthlessly prioritizing actions with the least amount of effort for the biggest impact. By prioritizing problems based on real attack scenarios, IT security teams can consequently allocate resources to the most critical issues at hand.
• eliminating the need for deep attacker knowledge and providing quantifiable risk measures and efforts instead. This is done in a simple and practical way, letting IT administrators configure the solution directly in their tech stack.

Product screenshot of the Saporo dashboard (Source: Saporo)

Currently, Saporo focuses on the Microsoft Active Directory (on-premise) and Azure AD (cloud). Looking at the market size of Microsoft, this makes sense: Microsoft remains the dominant provider with its Azure AD (Active Directory) despite increasing competition from other players like Google and Amazon. Among the Fortune 500 companies, Microsoft has a market share for identity management of 95%. This is mainly driven by the continuous presence of Microsoft Office in the (enterprise) business space. There is however some movement in the Directory-as-a-Service space, with JumpCloud (USA, 2012, $350.7M) recently announcing their $159M Series F at a $2.56B valuation, and Okta (USA, 2009, NASDAQ:OKTA) going public on the NASDAQ in 2017. Consequently, Saporo is also working on the coverage of other data sources like Amazon Web Services, Google Cloud Platform and Okta to be released in the coming months.

The team is using the fresh funding of this financing round to expand its team, especially in sales and product development. We are excited to have joined Saporo early on their adventure and cannot wait to work together on the journey ahead.

If you would like to stay up to date with all news Lightbird, sign up for our newsletter and follow us on Twitter and Linkedin.