2020 might go down as the year that companies take a hard look at their secure remote access options. At least one company is betting on it.
This week, cybersecurity startup Axis Security announced it has secured $32 million in Series B funding. The money comes mostly from a new investor, venture capital firm Canaan Partners, as well as original investors Ten Eleven Ventures and Cyberstarts.
“Our Series B investment in Axis Security is a confluence of two thesis areas. One, that companies will continue to adopt ‘work from anywhere’ policies and two, that security solutions must verify everyone and everything before granting access,” wrote Joydeep Bhattacharyya, a general partner at Canaan Partners in a blog earlier this week.
Co-founded by Israeli security researcher Dor Knafo in 2018, Axis Security offers a cloud-based platform to companies for secure remote access to internal applications. Knafo, who has a background in malware, web-based attacks and reverse engineering, first developed a plan for the company while working at Fireglass, a company that specializes in browser isolation technology.
While at Fireglass, he noticed a common pattern: large enterprises weren’t using their product to safely browse the internet, but instead as a means to provide contractors or temporary employees to safely access their software applications. While many businesses still remain tied to their virtual private networks for rank and file employees, Knafo said his experience at Fireglass hinted at an untapped market for businesses to quickly and safely grant third-party individuals or devices access to certain internal systems.
After Axis secured $14 million in Series A seed investment in March – just as the pandemic was leading to shutdowns and shelter in place orders across the country – Knafo and others met with dozens of chief information security officers in order to get a better sense of their needs and pain points when it came to responding to the pandemic. They came away with one conclusion.
“They were really afraid to have contractors on their network,” Knafo said.
The company’s emergence comes right as businesses have scrambled over the past six months to reorganize their IT operations in the shadow of the coronavirus pandemic, closing offices, sending employees home and dealing with a sudden surge of workers remotely signing into their work applications.
Axis Security’s platform is hosted on an Amazon Web Service cloud and facilitates secure remote access for business systems and applications. Unlike many competitors in the VPN or software defined perimeter space, Axis’ services are agentless – meaning users don’t have to download or install anything to use it.
It also leverages a number of zero trust concepts that have become particularly relevant during the pandemic. First, users signing in through the Axis platform never actually touch the client’s network; they’re given access to individual applications as needed and only where they have clear, documented authorization, as opposed to unfettered access to company systems. That could allay some of the fears that come with using a VPN, where a single compromise using stolen credentials could potentially threaten the entire network.
Axis’ platform also has a feature to disassemble content and inputs sent by users connecting through their platform, inspect the code for malicious signatures and then reassemble it before it interacts with the actual application, lowering the risks of outside malware being introduced by a threat actor or insider.
The combination of user friendliness, scalability and unique security benefits of a zero trust cloud platform, along with the way COVID has reshaped business operations, are why some market researchers believe Axis could be a disruptor for parts of a VPN market that might be as large as $71 billion by 2027.
“Because VPN technology is struggling to meet the need for access to cloud-based applications, there is an opportunity for vendors like Axis to take market share with secure and easy to-use alternatives,” Omdia, a market research firm, wrote in May.
The global shift to telework in the wake of the coronavirus pandemic has not only expanded their pool of potential customers, it’s also potentially broadened the use cases.
The company started with edge users in mind – servicing part time-contractors who need temporary access to a client company’s system or facilitating a merger by integrating newly acquired staff before they get added to the Active Directory . Now the founder sees the technology as a wholesale replacement for VPNs and other alternatives to do secure remote across an entire enterprise.
“When COVID started, we asked all those same questions again to CISOs…and suddenly employee access became much bigger,” said Knafo. “And for us, what it meant is we actually had to accelerate our strategy on employee access.”
After receiving that first shot of funding, Knafo said he met with dozens of CISOs to gauge their needs and pain points, asking them how they managed their VPNs or what policies were in place for a virtual desktop infrastructure. He came away from those meetings convinced that many were broadly dissatisfied with their options in the secure remote access market, whether they were using a VPN, virtual desktop infrastructure or remote desktop gateway.
“You have such a big variety of users coming from so many devices, logging in to so many different applications,” Knafo said. “Not only is this complicated, you have lots of other solutions trying to solve the access problem…and so we did dive into that and we came back to them with a solution to all the problems that we saw.”
Knafo said the company currently has approximately 40 full time employees, a client base “in the 10s” and tens of thousands of daily users. They plan to invest much of the new funding into scaling up sales and marketing teams in the U.S., growing their staff to 100 employees and expanding their footprint into the European market.
“Today our team is primarily focused on R&D…and a little bit on sales and marketing,” said Knafo. “We’re going to invest heavily in sales and marketing specifically in order to build a more mature and stronger go-to-market team.”