In software, the rise of automation has been a huge source of progress and productivity. Machine-to-machine communication is increasingly the norm for organizations that have embraced a DevOps culture and reaped the benefits of putting developers in the driver’s seat.
Like every evolution, this has brought unintended consequences. With DevOps, the other side of the coin is now clear: a proliferation of non-human identities, as bots, APIs, scripts, and certificates spread without restriction. All offer attackers access points that didn’t exist before, including the sensitive data that many machine identities require to fulfill their function.
CISOs are starting to realize that the attack surface of their organization has widened dramatically, often beyond their ability to monitor it. One survey found that machine identities now outnumber human ones by almost 50x in the average enterprise. Cybersecurity debt is becoming the new technical debt.
The scale and velocity of this problem are why we’re so excited to be backing Oasis, a cybersecurity company securing non-human identities. While legacy vendors are slow to respond to the machine identity challenge by trying to adapt their existing offerings, Oasis is fast emerging as the modern, holistic solution to manage these identities.
Integrating into a customer’s cloud environment, secrets managers, and core SaaS applications, Oasis maps all non-human identities, presents a risk assessment, and recommends appropriate actions. It first creates an inventory of all machine identities, showing their type, origin, permissions, owners, and business context (when they were last used, by whom, and for what purpose). It then drills down into risks and recommends remediation such as splitting an identity with an excessive level of privilege into several with narrower permissions, or shutting down expired and redundant identities.
Oasis offers something that other providers can’t: a centralized system for governing non-human identities. In a place of confusion and uncertainty, it brings clarity and visibility – addressing one of the most pressing concerns for CISOs as they get to grips with a trend that has transformed the threat landscape.
We admire how Oasis has attacked this fast-widening gap in the market. Since its founding in stealth about a year ago, it has shown impressive momentum with enterprise customers, confirming the scale and urgency of the problem. The team also has deep cybersecurity experience: Danny (CEO) served as Head of Cyber R&D at the IDF intelligence unit, alongside Amit (CPO), who led a special ops team and together won the Israel Defense Prize. Earlier, they emerged from Cyberstarts, Israel’s leading cybersecurity incubator.
We believe Danny and Amit have both the skill and the ambition to capitalize on their early potential and are excited to be investing in them alongside Sequoia, Cyberstarts, and Maple Capital. Oasis joins a portfolio of category-defining security companies we’ve partnered with. From early investments in companies that have since gone public, including CrowdStrike, ForgeRock, and Tenable, to more recent partnerships with emerging leaders such as Blackpoint, Cyera, and Snyk, we’ve been long-term believers in cybersecurity. We believe Oasis can grow and own a new category here, namely to protect enterprises from the threat posed by non-human identities.
Congratulations to the team and welcome to the Accel family!