Building the future of cybersecurity: ClearVector’s Series A
I am excited to announce ClearVector's $13M Series A led by Scale Venture Partners (Ariel Tseitlin), with participation from Okta Ventures (Austin Arensberg), Inner Loop Capital (Justin Label), and existing investor Menlo Ventures (Tim Tully)!
This round of funding couldn’t be more timely, as we see an explosion in the number of human, non-human (machine), 3rd party – and soon – AI identities in production environments. Traditional cybersecurity solutions are siloe’d, leading to a fragmented view, requiring customers to cobble together a holistic view of their environment across many different technologies and cloud providers.
Further, the proliferation of AI technology in the hands of the adversary will make traditional threat intelligence even less valuable, especially in production environments such as AWS, GCP, Azure, GitHub, and Kubernetes – AI enables the adversary to quickly change and evade traditional detection methods. A new approach is needed to stop the adversary.
We believe focusing on identity activity instead of adversary activity is key to the future – a unified approach we call “identity-driven security”. By using runtime activity to build models of human, non-human (machine), and 3rd party identities, we detect and stop the adversary within seconds – without using traditional threat intelligence. Every company is different, and we believe your security should be too - tailored to you and your business - which is exactly what we do. Every time the adversary encounters ClearVector, ClearVector looks different - making adversary activity immediately visible, leading to better security outcomes for everyone – except the adversary.
Why runtime activity? It’s the closest thing to truth you can have. Any governance or inventory system – whether for traditional systems or identity – are point in time snapshots. If you ask an IdP for what identities you have, they’ll answer with the current (human) employees you have – without a mention of ones in the past or future that may have only existed for a short time. Never mind non-human (machine) and 3rd parties – they aren’t in your IdP.
And what about exposure management? Vulnerability management and misconfiguration are point in time snapshots of potential risk – runtime activity holds the answer to the question – are you actively compromised?
That said - runtime activity isn’t the full answer – knowing how to connect this activity across domains is also key. This is where our purpose-built graph comes in – today our commercial graph has billions of nodes and edges – connecting the dots at scale across previously fragmented environments such as cloud providers, SaaS apps, and inside of workloads such as traditional VM’s, containers, and Kubernetes, giving you and our platform the context of the originating identity. The adversary exploits these cracks and gaps to achieve their mission – without this unified view, it’s hard to build effective detection and response programs. For example, if an adversary compromises a developer GitHub account, which is used to commit changes to a repo, which then is picked up by CI/CD which deploys new infrastructure into your production environment – how would you know? When would you know? And how would you track down the identities involved to determine the blast radius and impact?
If the adversary knows our security products better than we do – how as defenders do we have a chance to actually succeed? Where is the high ground in this battle?
Fast forward to today, we’ve built and deployed our identity-driven platform to some of the most important companies on the planet, protecting sensitive and important data from the adversary. We’re on a mission to make the adversary's mission prohibitively difficult and immediately visible – tilting the economics in the favor of defenders.
And we’re just getting started.
Up for the challenge? Visit clearvector.com/about-us#careers