Highlights:
- A business application requires access from the company’s employees and other applications in various instances. For example, an analytics tool might need to retrieve financial records from a database to produce a sales forecast.
- Oasis states that its platform automatically generates an inventory of all NHIs within an organization and provides access to this list through a centralized interface.
Oasis Security Ltd., a cybersecurity startup, has secured an additional USD 35 million as part of an extension to Oasis Security’s Series A expansion funding round initially unveiled in January.
Accel, Cyberstarts, and Sequoia Capital spearheaded the latest funding round, doubling the initial investment. With this infusion, Oasis Security Ltd.’s external funding reaches USD 75 million.
A business application requires access from the company’s employees and other applications in various instances. For example, an analytics tool might need to retrieve financial records from a database to produce a sales forecast. Administrators must establish an account for the analytics tool within the accessed database to fulfill this requirement.
NHIs, or non-human identities, refer to the accounts created for applications and their associated data. Oasis, headquartered in Tel Aviv, has developed a platform aimed at assisting organizations in better securing their NHIs. Since its launch in January, the company reports that Chipotle Mexican Grill Inc. and several other large enterprises have already adopted its software.
Securing NHIs presents a challenge because a typical company often has so many of them that some can go unnoticed. Without awareness of an NHI, administrators cannot take steps to protect it from hackers. Oasis states that its platform automatically generates an inventory of all NHIs within an organization and provides access to this list through a centralized interface.
Upon discovering a new NHI, the company’s software conducts vulnerability scans on it. It prioritizes vulnerabilities based on severity to assist administrators in first addressing the most urgent issues. Oasis offers an automation tool capable of instantly removing NHIs without human intervention if specific risks are detected to expedite remediation.
When an application logs into another application, it frequently needs to provide an API key and a password form. Such logins often involve certificates, which are documents a service uses to verify that the login is not malicious. Secrets are API keys, certificates, and other data assets associated with an NHI.
Oasis identifies vulnerabilities stemming from ineffective management of NHI secrets. For instance, the platform can detect when an API key is not regularly rotated. Regularly rotating or replacing secrets ensures that hackers cannot access the system even if they obtain an outdated API key.
Oasis also identifies various other types of cybersecurity issues. The platform can detect NHIs that are not actively used and should be deleted. Having fewer surplus NHIs reduces the opportunities for hackers to attempt to gain access to a company’s applications.
Removing unnecessary NHIs can be challenging because it’s unclear whether they are truly redundant or still utilized by some applications. Deleting an asset that business applications rely on can disrupt employees’ work. To expedite determining whether an NHI can be deleted, Oasis provides administrators with detailed information about which services use it and for what purposes.
Danny Brickman, CEO, stated, “We are witnessing an unprecedented identity security crisis where non-human identities are at the epicenter, with severe business repercussions for many organizations. Security and identity teams are left alone in uncharted territory, as other tools lack the ability to provide holistic visibility, posture, and governance of NHIs across the hybrid cloud.”
Oasis intends to allocate its Oasis Security’s Series A expansion funding towards product development alongside plans to expand its go-to-market activities.