SaaS application security startup Adaptive Shield comes out of stealth

Adaptive Shield has a strong channel component in their Go-to-Market strategy, which includes both VARs and MSSPs.

Adaptive Shield Co-founders Maor Bin, CEO (l.) and Jony Shlomoff, CTO.

Configuration errors in SaaS applications have become an increasing problem, and are now the cause of about a third of data breaches. Adaptive Shield, an Israeli-based startup, is coming out of stealth today with an explicit focus on this issue. They are also announcing that they have received $4 million in seed funding from Vertex Ventures Israel, who have funded other successful startups like CyberArk.

“We tackle the problem of misconfigurations in SaaS applications,” said Maor Bin, Adaptive Shield’s CEO and co-founder, who had previously been Research Lead, Threat Systems Products at Proofpoint. “Most SaaS security companies are focused on infrastructure, particularly around networks relating to big clouds. Our focus is to monitor all the business-critical applications including Office 365, Salesforce and Slack. We connect SaaS applications, retrieve global settings and user privileges and look for loopholes against vendor best practices, and security frameworks. We also automate the entire security operation, including the process of alerting.”

The problem organizations face here is that modern enterprise apps are extremely complicated, and can have hundreds of built-in security configuration controls, which the customer is tasked with managing themselves.

“Applications like Salesforce and Office 365 have hundreds of security settings, and are really security products by themselves,” Bin said. “Security teams tend not to be aware of all the settings, so they don’t have good visibility.” The problem is further magnified by the number of apps, and the result is that it is relatively easy to make SaaS setting errors that leave companies open to one-click corporate espionage.

Adaptive Shield provides one common platform to manage all their SaaS app security. It automates the discovery of SaaS app security misconfigurations, and provides continuous monitoring and alerts to protect against any changes that might introduce a risk.

“You can get value where you have a large amount of applications or just a few core applications,” Bin said. “Even if you are just focused on protecting Office 365 first, with that one application you could get value from us because of its importance.”

The sector in which Adaptive Shield plays is a very new one. Gartner defined it on July 30 in their latest SaaS Hype Cycle report, referring to it as SaaS Security Posture Management. Since most SaaS security companies focus on infrastructure, the application-centric ones tend to be newer startups, like Adaptive Shield.

“A huge differentiator for us is the number of applications we cover – 23 at this point,” Bin noted.

Developing channel relationships is a central part of Adaptive Shield’s Go-to-Market strategy.

“Like every startup, we started selling direct trying to introduce ourselves to early adopters, but channels are a big part of our strategy, including both VARs and distributors,” Bin indicated. “Talking to VARs is the best way to scale, and we have a few already. In these early days, the most important part is to get some partners who will work with us and trust us.”

MSSPs are also key to the strategy moving forward.

“We have MSSPs that we starting to work with, but none are fully deployed just yet,” Bin said.

Strategic vendor partnerships are the final piece of the partner ecosystem.

“Strategic technology partnerships are a huge part of the Go-to-Market strategy, and we are currently working on that,” Bin noted. He indicated that one important relationship is currently being discussed, which he was unable to disclose because it is not yet a done deal.

“We also have some generic integrations like Okta and some other SSO platforms, because SSO is part of our platform,” he added.