Becoming Savvy

Post Image

I’ve been fortunate enough to work in the cybersecurity industry for many years, collaborating with some of the top vendors and industry experts. More than a decade ago, I recognized the need to enhance workforce protection against web-borne threats. In 2013, I co-founded Fireglass, a browser isolation startup, alongside some of the most talented individuals I know. Together, we played a significant role in advancing this field, leading to the company’s acquisition by Symantec in 2017. It has been an incredible journey.

After a few years, we came to the realization that even with amazing security technology, we still couldn’t fully protect users from their own actions. We attributed this gap partially to the lag in security controls evolution, created by the rapid growth of Software-as-a-Service (SaaS).  Compounding the issue, the adoption of SaaS apps is often driven by the business vs. the IT department, making it even harder to gain visibility and secure. Unfortunately, this means that users can unintentionally become part of the problem. According to the Verizon 2023 Data Breach Investigation Report, a staggering 74% of breaches involve the human element, which includes social engineering attacks, errors, and misuse. We knew we had to do something differently to bring about dramatic reduction in risk from human actions.

So, we decided to bring the team back together and found Savvy. Alongside myself, Savvy’s CTO Yoav Horman, who previously led Fireglass R&D, and our CPO Eldar Kleiner, we also brought in David Ben Zakai as our Chief Engineering Officer, who was our Chief Architect at Fireglass. Our mission this time would be to establish the next evolution of security by developing a platform that engages users before a cyber event occurs and educates them about where the risks lie. Ultimately, our goal is to help users become more “security savvy.”

Why did we choose the name Savvy?

We chose the name Savvy because having a security-savvy workforce means they have a solid understanding and practical knowledge of their organization’s security best practices. One of the most frustrating things that can happen during the workday is when you perform an online action to get your job done, only to be blocked without any explanation. When this occurs, many of us try to find ways to bypass the block and continue working. Unsurprisingly, a leading analyst firm reported that in a 2022 survey, 69% of respondents admitted to bypassing security policies in order to meet their business objectives. If we want our workforce to truly comprehend why certain actions are risky and should be avoided, it is crucial to provide them with real-time feedback at critical decision points. Instead of simply stating “this is not allowed,” we should offer them safer alternatives.

How does Savvy reduce risk from human actions?

To put it simply, Savvy delivers just-in-time guidance that helps users make smarter security decisions. The platform achieves this by employing a three-step process.

First, Savvy conducts a comprehensive discovery and inventory of all the SaaS applications used by your workforce, including the risks associated with each app. By understanding the landscape of SaaS usage within your organization, you gain valuable insights into the highest areas of risk.

Second, Savvy brings your security policy to life through its powerful automation engine and a collection of prebuilt or custom no-code playbooks. These playbooks translate your organization’s security best practices into actionable steps that users can easily follow. Whether it’s implementing multi-factor authentication, setting up strong passwords, or configuring privacy settings, Savvy ensures that your security policies are consistently enforced.

Finally, the platform actively engages with users in real-time to influence their security decisions and change the outcome of potential security scenarios. This interactive approach allows Savvy to provide timely guidance and feedback at critical decision points, empowering users to make informed choices. Instead of simply blocking certain actions without explanation, Savvy offers safer options that align with your organization’s security policies. By delivering contextual information and education, Savvy helps users understand why certain actions are risky and encourages them to adopt security-savvy behaviors.

Through its comprehensive visibility, automation capabilities, and real-time user interaction, Savvy significantly reduces the risk arising from human actions. By proactively addressing potential security vulnerabilities and educating users about best practices, Savvy empowers your workforce to make smarter security decisions, ultimately strengthening your organization’s overall security posture.

What are the most common use cases we address?

Thanks in large part by the rapid shift in technology adoption, many see Identity as the new security perimeter. It’s for this reason that Savvy use cases start with reducing Identity-based risks. Savvy continuously discovers all the accounts your workforce is creating for accessing various SaaS apps, whether managed or unmanaged. This includes accounts that users have forgotten about, or those that are no longer in use. Savvy shows the authentication methods, missing MFA, direct logins (vs. SSO), weak or shared credentials, and cases in which employees use corporate credentials for accessing personal apps. This enables teams to eliminate security gaps, ensure the safe use of SaaS, and verify that former employees are fully offboarded.

Another common use case centers around data loss. Let’s take a closer look at ChatGPT and other GenAI tools as an example. These tools offer incredible capabilities that can significantly boost workforce productivity and efficiency. It’s no surprise that everyone is eager to utilize them. However, it’s crucial to exercise caution, especially when dealing with sensitive information. If employees unknowingly transfer confidential data into a GenAI tool, there is a risk that this information could be exposed without our knowledge, particularly if it is used to train AI models. That’s where Savvy comes in to mitigate this risk. When a user attempts to submit sensitive data, Savvy alerts them to the potential danger before data is transmitted off the device. If the user still wants to proceed, Savvy ensures that they configure privacy settings to minimize any potential data exposure. Additionally, if a company has a preferred contract with another generative AI tool than the one the user is using, Savvy can guide the end user to employ that tool instead.

The road ahead

As Savvy continues to grow and expand, we remain dedicated to our mission of revolutionizing the way organizations approach cybersecurity. With the ongoing advancements in technology and the ever-evolving threat landscape, it is crucial to stay ahead of the curve and proactively address potential vulnerabilities. By providing real-time guidance and education, Savvy empowers users to become more security-savvy and actively contribute to their organization’s overall security strategy.

We are incredibly fortunate to have partnered with CanaanCyberstarts, and Lightspeed, who played a vital role in introducing us to our first enterprise customers. Their support and expertise have been instrumental in the success of Savvy, allowing us to reach a wider audience and make a significant impact in the cybersecurity industry.

I couldn’t be prouder of the platform we have built so far and how effectively it’s working. The positive feedback and growing demand for Savvy have exceeded our expectations. Since emerging from stealth mode, we have seen an influx of interest from organizations seeking innovative solutions to enhance their security posture. It is truly exciting to witness the recognition and validation of our efforts, as more and more businesses recognize the importance of empowering their workforce to make informed security decisions.

The journey ahead is filled with endless possibilities, and I am eager to see how Savvy continues to evolve and make a lasting impact in the cybersecurity realm. With the unwavering support of our partners and the dedication of our talented team, I am confident that Savvy will play a pivotal role in shaping the future of cybersecurity, ultimately making the digital world a safer place for everyone.