Piva Capital Backs Xage Security
Real-world operations are facing increasing cyber threats. As evidenced by high-profile cyberattacks (such as Colonial Pipeline, JBS, Brenntag, Toshiba), bad actors seem to be shifting their focus beyond conventional information technology (IT) systems towards the operational technology (OT) systems that run our factories, supply chains, utilities, and other critical infrastructure.
The shift is a result of industries pushing to digitize their physical operations. While the race to digital transformation yields major benefits such as real-time analytics, process optimization, and automation, it leaves companies with major vulnerabilities in their mission-critical assets. OT systems (hardware and software that monitors or controls equipment, assets, and processes within industrial environments) that were once isolated, and thus protected from external threats, are now more vulnerable as they connect to IT networks and the cloud.
Adding to the complexity, the COVID-19 pandemic accelerated the need for remote access, increasing the potential entry points and opportunities for cyberattacks. Operational environments are now more distributed than ever, spanning across hundreds of thousands of locations, communicating over a variety of protocols, and requiring access from various devices, applications, and personas both inside and outside the core organization. The tools we have today to secure operational environments do not meet the demands of the modern (i.e. distributed & interconnected) industrial enterprise — they are inflexible, prone to error, and lack the ability to scale.
In response to recent cyberattacks, U.S. government agencies have recognized the gaps in OT security and proposed new guidelines. In July 2021, Cybersecurity & Infrastructure Security Agency (CISA) advocated for a new set of best practices for OT assets, and the Department of Homeland Security (DHS) and Transportation Security Administration (TSA) released mandates that require industries to prioritize the protection of critical infrastructure and OT systems. The VC world is taking note as well, pouring over $2.6 billion into OT security companies in 2021.
At Piva, we support visionary founders transforming industry for a better tomorrow. We believe modern industrial enterprises deserve advanced, agile security solutions that can scale alongside their business and protect the outermost edges of their operations.
We are thrilled to announce that Piva led a $30M investment in Xage, a company that is enabling modern industrial enterprises to manage the evolving and complex cybersecurity challenges across OT and IT systems. The company’s security platform, Xage Fabric, takes a transformative approach to OT/IT protection, using identity-based access control to protect users, machines, apps, and data, at the edge and in the center or cloud. The company is well-positioned to be the leading zero-trust security provider for industry leaders in manufacturing, energy, utilities, logistics, city infrastructure, transportation, and defense.
What initially drew us to Xage was the company’s novel approach to zero-trust security. Xage Fabric uses a cybersecurity mesh architecture that allows for security perimeters to be drawn around individual identities of users or devices or applications. Traditional security tools use a single perimeter to secure an entire network of devices, but the mesh architecture enables more granular, dynamic, and reliable control and protection. Xage Fabric distributes authentication, authorization, and enforcement to the edge devices of an operational environment. Decentralized enforcement is important because it eliminates single points of failure, reduces latency for real-time interactions, secures data-in-motion and in-use, and continues to protect when a network connection is limited or intermittent. Xage is one of the very few security providers that has developed a decentralized cybersecurity mesh to enable efficient security coverage across vast operational environments.
Until recently, OT security solutions have been focused on network visibility and threat detection — they monitor network activity and identify anomalies. Operators have largely prioritized visibility and threat detection over modern protection solutions, but the order of priorities is changing. As the volume and cost of cyberattacks increase rapidly, and government mandates expand, operators are under pressure to proactively protect their critical OT systems — keeping hackers out and preventing them from moving within their operations.
The Xage team has spent over five years building their first-of-a-kind technology in preparation for the surge in demand for stronger IT/OT protection. Now operating in 30 countries worldwide, Xage has fine-tuned their product to allow for seamless trial and customer integration. The team’s efforts have shown incredible results as market demand accelerated over the last six months and usage continues to expand among its existing customer base.
We are most impressed by the experienced, multi-disciplinary, and mission-driven team, led by CEO Duncan Greatwood. Alongside talented co-founders, Susanto Irwan and Roman Arutyunov, Greatwood has been able to attract top talent as Xage aims to shape the future of IT/OT cybersecurity.
All aimed at addressing the evolving challenges of operational security, an impressive group of new and existing investors join Piva in Xage’s Series B, including Momenta Partners, Valor Equity Partners, OurCrowd, March Capital, Saudi Aramco Energy Ventures, City Light Capital, and Saints Capital. The new funding will allow Xage to expand its global footprint while ensuring the world’s most important assets and operations are protected from cyberattacks.
