SAVVY Exits Stealth with $30M in Funding to Enable Safe Use of SaaS Applications at Scale
Workforce Security Automation Empowers Organizations with Just-in-Time Guardrails to Prevent SaaS Security Incidents
Tel Aviv, Israel – July 11, 2023
SAVVY, a cybersecurity pioneer that eliminates workforce-initiated security incidents involving software-as-a-service (SaaS) applications, including generative AI, announced today that it exited stealth and raised a total of $30 million. Canaan led the most recent Series A funding round with key investors Cyberstarts and Lightspeed. Cyberstarts also led the initial seed round with Lightspeed.
SaaS has been a boon for the enterprise, enabling business-led initiatives and offloading effort and resources from internal IT and development. On average, organizations have 130 SaaS apps, an 18% increase from last year. However, the lack of security control standardization and complexities introduced by integrations are stressing security operations (SecOps) teams and increasing friction between IT and the business. Unbridled SaaS sprawl is challenging resource-strapped enterprises to consistently enforce effective security controls at scale.
SAVVY’s Workforce Security Automation platform addresses human error by empowering SecOps with complete visibility and security automation playbooks for orchestrating SaaS incident response before an unsecure action takes place. By implementing just-in-time guardrails directly into the user workspace as a pop-up security copilot, the platform provides real-time alerts and suggestive guidance to improve user decision-making. SAVVY is already deployed by Fortune 500 companies in the hospitality and consumer goods industries, with over 100,000 active users.
“The best security companies tackle surface vectors of attack head on. SAVVY’s focus on the “human” attack surface and protecting employees across browsers and work apps solves a massive problem all enterprises face and is only getting worse,” said Joydeep Bhattacharyya, general partner at Canaan. “The real-time nature of SAVVY enables security teams to finally preempt employee-initiated events rather than just respond, which is why customer feedback has been so positive and also why we believe SAVVY will lead the emergence of an entirely new category of browser and application security.”
Unlike legacy approaches that block applications or actions, require traffic steering, and introduce latency, SAVVY’s platform is embedded directly into user work environments to counter user-initiated SaaS events, including the unsafe use of generative AI, sensitive data loss, and creation of supply chain risks through SaaS integrations. For example, for ChatGPT, SAVVY can guide users to turn off the chat history before submitting a prompt to prevent using proprietary information to train Generative AI models.
Additionally, SAVVY provides visibility into applications not connected to single sign-on (SSO) or cases where users sign in directly with reused, shared, or compromised corporate credentials. Using such credentials is usually undetectable by network security controls, making user offboarding challenging. SAAVY discovered three times more apps where employees used their corporate identity that were invisible to SecOps because of its lack of SSO, and nearly 30% of all apps involved risky employee behavior including password reuse, compromised accounts, and weak passwords.
“Companies can have the highest security budgets and the best systems in place, but if you’re not reaching the end user at the point of decision, then history will continue to repeat itself,” said Guy Guzner, co-founder and CEO of SAVVY. “Our Workforce Security Automation platform helps SecOps gain full visibility and control over all user SaaS touchpoints, including sensitive information sharing in generative AI apps, and our suggestive guidance system helps users understand the risks as they happen and why they shouldn’t bypass security in favor of productivity.”
SAVVY’s security copilot is tailored to each organization with powerful out-of-the-box security automation playbooks that can be easily customized through its no-code automation engine. SecOps teams can determine how they engage users when encountering SaaS events and enable automatic incident responses to secure users and SaaS usage at scale.
SAVVY reports real-time actionable insights and metrics to security teams, enabling them to identify high-risk areas and user risk profiling to pinpoint which roles and teams require more support. The platform recommends steps for risk mitigation and tracks improvement over time.
“We are thrilled to continue this journey with SAVVY’s experienced entrepreneurs, who are helping organizations solve the ever-challenging human element of cybersecurity that has only worsened with burgeoning SaaS growth,” said Gili Ranaan, founder at Cyberstarts. “SAVVY has spent significant time across dozens of large US organizations to understand how to reduce the impact of poor employee cyber hygiene and developed an easy-to-use solution that is unlike anything else on the market.”
SAVVY’s Workforce Security Automation platform eliminates user-initiated security incidents involving SaaS apps. The platform provides organizations with just-in-time security guardrails that automate security workflows to prevent potential incidents before they take place and provide suggestive guidance that empowers users to make better decisions. SAVVY provides customizable security automation playbooks that empower SecOps to automate responses to various user actions, engage users at critical decision points to prevent incidents, reduce event overload, and improve SecOps effectiveness. For more information, visit https://www.savvy.security/.