In the NYC enterprise startup scene, security is job one
While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world’s biggest banks and financial services companies are located there, it would certainly make sense for security startups to concentrate on such a huge potential market — and it turns out, that’s the case.
According to Crunchbase, there are dozens of security startups based in the city with everything from biometrics and messaging security to identity, security scoring and graph-based analysis tools. Some established companies like Symphony, which was originally launched in the city (although it is now on the west coast), has raised almost $300 million. It was actually formed by a consortium of the world’s biggest financial services companies back in 2014 to create a secure unified messaging platform.
There is a reason such a broad-based ecosystem is based in a single place. The companies who want to discuss these kinds of solutions aren’t based in Silicon Valley. This isn’t typically a case of startups selling to other startups. It’s startups who have been established in New York because that’s where their primary customers are most likely to be.
In this article, we are looking at a few promising early-stage security startups based in Manhattan
Hypr: Decentralizing identity
Hypr is looking at decentralizing identity with the goal of making it much more difficult to steal credentials. As company co-founder and CEO George Avetisov puts it, the idea is to get rid of that credentials honeypot sitting on the servers at most large organizations, and moving the identity processing to the device.
Hypr lets organizations remove stored credentials from the logon process. Photo: Hypr
“The goal of these companies in moving to decentralized authentication is to isolate account breaches to one person,” Avetisov explained. When you get rid of that centralized store, and move identity to the devices, you no longer have to worry about an Equifax scenario because the only thing hackers can get is the credentials on a single device — and that’s not typically worth the time and effort.
At its core, Hypr is an SDK. Developers can tap into the technology in their mobile app or website to force the authorization to the device. This could be using the fingerprint sensor on a phone or a security key like a Yubikey. Secondary authentication could include taking a picture. Over time, customers can delete the centralized storage as they shift to the Hypr method.
The company has raised $15 million and has 35 employees based in New York City.
Uplevel Security: Making connections with graph data
Uplevel’s founder Liz Maida began her career at Akamai where she learned about the value of large data sets and correlating that data to events to help customers understand what was going on behind the scenes. She took those lessons with her when she launched Uplevel Security in 2014. She had a vision of using a graph database to help analysts with differing skill sets understand the underlying connections between events.
“Let’s build a system that allows for correlation between machine intelligence and human intelligence,” she said. If the analyst agrees or disagrees, that information gets fed back into the graph, and the system learns over time the security events that most concern a given organization.
“What is exciting about [our approach] is you get a new alert and build a mini graph, then merge that into the historical data, and based on the network topology, you can start to decide if it’s malicious or not,” she said.
Photo: Uplevel
The company hopes that by providing a graphical view of the security data, it can help all levels of security analysts figure out the nature of the problem, select a proper course of action, and further build the understanding and connections for future similar events.
Maida said they took their time creating all aspects of the product, making the front end attractive, the underlying graph database and machine learning algorithms as useful as possible and allowing companies to get up and running quickly. Making it “self serve” was a priority, partly because they wanted customers digging in quickly and partly with only 10 people, they didn’t have the staff to do a lot of hand holding.
Security Scorecard: Offering a way to measure security
The founders of Security Scorecard met while working at the NYC ecommerce site, Gilt. For a time ecommerce and adtech ruled the startup scene in New York, but in recent times enterprise startups have really started to come on. Part of the reason for that is many people started at these foundational startups and when they started their own companies, they were looking to solve the kinds of enterprise problems they had encountered along the way. In the case of Security Scorecard, it was how could a CISO reasonably measure how secure a company they were buying services from was.
Photo: Security Scorecard
“Companies were doing business with third-party partners. If one of those companies gets hacked, you lose. How do you vett the security of companies you do business with” company co-founder and CEO Aleksandr Yampolskiy asked when they were forming the company.
They created a scoring system based on publicly available information, which wouldn’t require the companies being evaluated to participate. Armed with this data, they could apply a letter grade from A-F. As a former CISO at Gilt, it was certainly a paint point he felt personally. They knew some companies did undertake serious vetting, but it was usually via a questionnaire.
Security Scorecard was offering a way to capture security signals in an automated way and see at a glance just how well their vendors were doing. It doesn’t stop with the simple letter grade though, allowing you to dig into the company’s strengths and weaknesses and see how they compare to other companies in their peer groups and how they have performed over time.
It also gives customers the ability to see how they compare to peers in their own industry and use the number to brag about their security position or conversely, they could use it to ask for more budget to improve it.
The company launched in 2013 and has raised over $62 million, according to Crunchbase. Today, they have 130 employees and 400 enterprise customers.
If you’re an enterprise security startup, you need to be where the biggest companies in the world do business. That’s in New York City, and that’s precisely why these three companies, and dozens of others have chosen to call it home.