Identity management has been one of the most common fulcrums of security breaches in recent years, and it's a nightmare for organizations to track, which is one of the main reasons it remains a constant threat to malicious hackers. Linx, a security startup founded in Tel Aviv, has been quietly building technology using AI and analytics to address this problem, but today, after acquiring customers in stealth mode, it has emerged publicly with $33 million in funding to tackle the identity management challenge more aggressively.
Linx's funding was announced in one lump sum, but more specifically in two separate rounds, highlighting the company's momentum since its inception in stealth mode: its most recent funding round was $27 million co-led by Index Ventures and Cyberstarts, and it had previously raised $6 million led by Cyberstarts.
Linx's other investors speak to the founders' reputation in the Israeli security community. Investors include Mickey Boodaei (Imperva, Trusteer, Transmit), Rakesh Loonkar (Trusteer, Transmit), Assaf Rappaport and Yinon Costica (Wiz, Adallom). Other investors in the round are Cerca Partners and Knollwood Investment Advisory.
Linx Security has been around for just over a year, but it has an interesting backstory: The two co-founders, Israel Duanis (CEO) and Niv Goldenberg (CPO), originally met and became friends like many in the Israeli tech industry, when they enlisted together in the Army's 8200 Cyber Unit, a group that also included them, Assaf Rappaport, and the other Wiz founders.
Duanis and Goldenberg started out working at cybersecurity companies — Duanis and Adalom at Checkpoint Software, and Goldenberg at Microsoft and Transmit — and Duanis later left the field to found, run and eventually sell (to Via) an automotive fleet management technology company called Fleetonomy. But Duanis felt there was more to be done in security.
“Looking back over the last 20 years, it felt like identity was always overlooked,” he said in an interview. At Check Point, access management and privileges were fundamentally an IT issue, not a security issue, he recalled. “But now, a lot of attacks are identity-driven.” A quick look at some of the most high-profile breaches of the past few years (Equifax, T-Mobile, Snowflake, etc.) highlights how identities, and especially unmanaged credentials, can be exploited by malicious hackers. “They were all about credentials,” Duanis said.
Their bet was that a platform that could understand and fix this from a compliance, security and efficiency perspective “could make a real impact,” he said.
“Today, identity is the new boundary and we need to address it.”
Ultimately, the relationship with Rapaport became (laughs) pretty strong. When Duanis told Assaf that he was thinking about starting a startup focused on identity management, Duanis told him that Assaf introduced him to Gili Lanan of CyberStart, who is kind of a cyber kingmaker in Israel. The seed deal was done within 24 hours, and thus Linx Security was born.
Linx only came out of stealth today, and the company hasn't released any customer names or details about how it works, but the basic idea is this:
Organizations today use or have used hundreds, or even thousands, of different apps and software. Each requires user authentication to access, but as apps are regularly retired or employees come and go, companies may not be able to comprehensively remove all identity information for a given app or employee as they come and go.
Over time, organizations can begin to accumulate large amounts of so-called unmanaged identity information that quickly becomes a huge liability – that is, left unattended and ignored until a bad actor picks up one and gains access to the entire system.
Linx's approach is to use analytics and AI to scan and understand the broader landscape of an organization's systems, and then link all identities together to actual, active employees (hence the Linx name). This process also finds identities that are no longer associated with active users, so they can be removed.
The resulting data becomes a map that can be used to track the system over time, so that if an identity is captured and used unexpectedly, you know that's what's happening.
While AI has quickly become a hackneyed and perhaps misused term in the tech industry, Duanis said Linx's use of AI is very targeted. “AI is overused as a term,” he acknowledged. “But if you understand what AI is, [a network] And then you'll be able to run [algorithms] “I think that leveraging that power very quickly on the development side to provide suggestions and automation has created a space to make a real impact and make a real difference in how people are managed today.” What would typically take months to weed out unmanaged identities can now be done in “a few hours,” he said.
Cyberstarts' Lannan was able to predict the market evolution and quickly signed on to back Linx.
“Identity is the biggest threat to the modern enterprise,” he said in a statement. “CISOs' identity teams are struggling to keep up with ever-increasing tasks and are saddled with outdated legacy solutions.”