Startup Enso Security emerges from stealth with posture management solution for AppSec management

Enso exits stealth with $6 million in seed funding, with a solution they think is unique in the market, and with a plan to develop an MSSP channel.

Israeli-based  startup Enso Security has come out of stealth with a solution designed to manage application security at scale with a posture management platform tool. They also announced their seed funding round, led by YL Ventures. The round includes participation from Jump Capital, and from multiple individuals who have or have held leadership role in the security industry.

All three of the company founders, CEO Roy Erlich, Chief Products Officer Chen Gour Arie, and CTO Barak Tawily, came out of Wix.com, a do-it-yourself SaaS platform for making websites, that has a lot of features. With Enso, the trio is looking to take the category of posture management that has become recognized in the Cloud and SaaS spaces, and apply it to applications.

“We are aiming to do the same approach for applications –  discover the gaps, eliminate blind spots and automate,” Erlich said. “Posture management is discovering and finding out what is the mission scope. Build an inventory of what’s there to protect. Then enrich the data and measure security around each asset, and determine when to have a more relaxed process. That lets you respond to drifts in the measurement.”

Applications are a market with significant pain points, where AppSec teams are looking for solutions that can provide visibility and coordinate the tools, people and processes involved in application development without interfering with developer workloads. According to Gartner’s ‘Hype Cycle for Application Security 2020’ report, “many organizations struggle to maintain an inventory of APIs and need help to locate them and ensure they are tested and managed.”

“While demand is strong, there is a lot of uncharted territory in this market, with some problems that have not been addressed,” Erlich said. “Everyone is suffering from a lot of noise. We need to manage security, not vulnerabilities. It takes a lot of attention of the engineers to detect vulnerabilities, with work that is typically done manually. Full management of the entire processes is really important.”

Erlich said that no solution does what they do.

 Enso co-founders, L to R: Barak Tawily, Roy Erlich and Chen Gour Arie

“There is no offering like we are bringing here,” he said. “Some teams have created scripts to solve the problem, but they are done by security teams, not developers.” The Enso platform, in contrast, is designed with the flexibility needed by both nascent and mature AppSec teams, providing single pane of glass visibility across every application developed in an enterprise environment, and granular analytic application security controls.

“We have built it in a very flexible way to allow AppSec teams to adapt it to their own unique understanding,” Erlich indicated. “Any two stacks can be very different. To do posture management, you have to accommodate those unique understandings of the specific users. It really has to be flexible.”

Erlich said that while their offering is being branded as the Enso Security platform, its full platform capabilities lie in the not-too-distant future.

“I would call it a solution today,” he stated. “It will become a platform in the near future when customers use it in ways we didn’t envision.”

Out of the gate, the target market for Enso is mid-sized enterprises.

“Our strategy today and the Go-to-Market plan is focus on application security teams in complex environments,” Erlich said. “Environments get really complex when you have about 200-250 developers. We want to be the go-to vendor to manage those environments, and be the design partner for them. The very large enterprises are more likely to invest in application security teams and do this themselves.”

“It would also work in smaller enterprises, which produce a lot of applications,” said Chen Gour Arie, the Chief Products Officer.

With the company in proof of concept stage as they come out of stealth, Enso is selling their offering direct.

“Later on, we are aiming to use MSSPs as a selling point once we are ready for broader deployment,” Erlich said. “MSSPs will be the channel.”