In 2017, hundreds of thousands of computers in government offices, private organizations, railway networks, hospitals, and other establishments across 150 countries were locked out by the powerful WannaCry ransomware and organizations had to pay cryptocurrency in ransom to unlock them. The year 2017 wasn’t even halfway through when, two more ransomware worms — NotPetya, and BadRabbit — played havoc with computers and networks worldwide, causing billions in damage.
Now, in the midst of the COVID-19 pandemic, as organizations have quickly embraced remote work in a big way, ransomware attacks have witnessed a sharp increase. It is becoming easier for cybercriminals to create such dangerous malware — with the increasing trend of malware for hire and the building blocks of malware technologies like EternalBlue, Mimikatz, and EternalRomance — being publicly available or open-sourced.
Over the past few years, cyberattacks have continued unabated across the globe and today, over 15 billion stolen credentials are freely available on the dark web, making the job of hackers a lot easier for a further round of attacks.
Security researchers say that nearly 9 out of 10 security breaches start with or involve stolen credentials and exploitation of administrative access. Granting administrator rights to end-users complicates the security scenario as they tend to install unapproved software, which could be malware. Once a machine with local administrator rights is compromised, the attacker could use the credentials to pivot off and reach even databases storing sensitive information. Thus, properly managing the administrator rights, controlling and monitoring privileged access, and enforcing password management best practices have all proved to be the foundational security measures.
The last few years have seen the rise of Privileged Access Management(PAM) — a technique that protects accounts with privileges like administrator and superuser accounts. PAM prevents the insecure way of sharing credentials, enables minimal disclosure of access credentials, tracks patterns of unusual behavior, etc.
This problem is further accentuated by the rise of public cloud — it is important for businesses to ensure that your AWS, Azure, or Google Cloud instances are secure — since these are no longer within your organization network perimeter. And then there is the issue of keys management in your software code, configuration files, etc — essentially part of DevSecOps.
Organizations have had to purchase different solutions for each of these problems, which are often very complex and expensive, until now. Securden solves all of these problems and does much more — for both on-prem and in the cloud. A number of organizations in banking, financial, government, healthcare, education, eCommerce, and IT service segments across the US, Europe, and Asia-Pacific have been using Securden for the last couple of years and are loyal customers.
Furthermore, MSSPs (Managed Security Service Providers) where a single MSSP might manage security for thousands of clients and tens of thousands of IT assets had a hard time keeping track of all the credentials, managing users, changing system configurations, managing cloud infrastructure, etc. Securden’s product has been adopted by a number of MSSPs, who also helped in co-creating the product.
Securden’s privileged access governance suite is built on key security principles, including Zero Trust Security, Least Privilege Enforcement, Just-in-Time Access Governance, and Continuous Risk Assessment on top of robust credential vaulting. Securden suite also covers a remote access solution for IT staff and an endpoint permissions management tool that together make remote work secure and productive.
Accel is pleased to announce our seed investment into Securden. We were able to see the completeness of the product, a great team, a vision for the future, and most importantly customer love.
Accel over the last decade has partnered with some of the top cybersecurity companies in the world, e.g. 1Password, Crowdstrike, Netskope, Snyk, Sumologic, Sysdig, Tenable, TrustArc — to name a few. The cybersecurity world is changing, and Accel is looking to partner with those who are looking to bring the change.