December 9, 2023

There is a data problem with security. According to Kfir Tishbi, who led the engineering team at Datorama, a marketing analytics company that was acquired by Salesforce in 2018. Tishbi, who worked at Citibank and digital entertainment startup Playtika before joining Datorama, said he often works with security teams. To meet project deadlines, dozens of different tools must be used, each with its own classification and output.

“The number of data points generated is enormous. Instead of trying to understand it, they created more tools and generated more data,” former Tishbi colleague Raanan Raz told TechCrunch in an email interview. cycle. We want to ensure that decisions and actions are data-driven and not based on half-truths. “

Set out to solve this problem, Tishbi and Raz co-founded Avalo, a platform that acts as the source of truth for cybersecurity assets, controls, identities, vulnerabilities, errors, and other data points. Avalor allows security teams to aggregate, normalize, deduplicate and track risk data from discovery to remediation — at least the way Raz advertises it.

Investors appear to be bullish on the idea. Avalor announced today that it raised $25 million in a Series A funding round led by TCV with participation from Salesforce Ventures, bringing its total funding to $30 million, including a $5 million seed round led by Cyberstarts last year. Raz said the fresh cash will be used to expand operations in the U.S. and Israel, specifically growing Avalor’s R&D, product, sales, marketing and customer success teams.

“Our platform can span the entire enterprise data surface, so both security teams and their internal partners such as CTO, engineering and IT can benefit, including real-time transparency into data sources through labeling and lineage,” Raz, who serves as president explain. “We also overlay business context on security data, meaning organizations can cut through the noise of security scanners and prioritize vulnerabilities based on their specific business. “

Considering that there are tons of startups out there solving the same problem, they are arguing. Securiti, a cybersecurity company backed by hundreds of millions of dollars in venture capital, recently launched a “data security cloud” designed to provide a layer of data protection and transparency wherever data resides. A more direct competitor is Dig Security, which builds tools to solve prominent observability problems in security.

Raz asserts that there are three main things that set the Avalor apart. The first is the ability to process data in any format from almost any source. The second is a vulnerability risk management and prioritization tool. As for the third, it’s scalability — Raz claims that Avalor can handle data volumes up to “zettabyte size.” (That’s a trillion gigabytes.)

“We’re building a secure data lake that’s not ‘garbage in, garbage out,’ so the data layer can be used for multiple use cases, like vulnerability management,” Raz said. “Some of these use cases share competitors that are only built for a single application. Our data fabric architecture enables us to scale the integrated solution across security teams and their business partners so they have a single source of truth from their data.”

Over time, plans are in place to allow third-party security vendors to build applications on top of Avalor for specific use cases. In this way, Raz sees the platform more as a unified database powering various modules and software than as an all-in-one, holistic solution to a company’s cybersecurity concerns.

Raz does not voluntarily provide Avalor’s revenue figures or the size of its customer base. But the company’s investors seem to support its strategy because it’s no big deal. TCV partner Morgan Gerlak said via email:

“An increasing number of tools have organizations scrambling to extract signal from noise. Avalor addresses this problem with a scalable solution that supports multiple common security use cases. Importantly, each of these use cases has a clear Budgets and buyers, not tomorrow.”

Of course, VCs do generally have enthusiasm for startups involving cybersecurity — and have for some time. Investment in emerging cybersecurity companies is $16 billion by 2022, down from $23 billion in 2021 but double 2020.

in the most recent ReportCrunchbase predicts that valuations in the cybersecurity industry may decline, but that demand will remain strong as high-profile attacks grab headlines and companies look to consolidate their security tools. according to a 451 Research SurveyIT and security teams use an average of 10 to 30 security monitoring solutions to monitor applications, network infrastructure, and cloud environments—a lot by any measure.

“Our data fabric helps security teams make sense of their data faster by accessing complete, accurate and precise information in any format from any source, including legacy systems, data lakes, data warehouses, SQL databases, in real time. , more accurate decision-making. And applications,” Raz said.

Avalor currently has 35 employees and expects to double that number by the end of this year.