Cyera is a security company that gives businesses context and control over their most valuable asset: data. Pulse 2.0 interviewed Cyera CEO and co-founder Yotam Segev.
Yotam Segev’s Background
Before Cyera, Segev met his co-founder Tamar Bar-Ilan when they were in the Israel Defense Forces (IDF’s) Talpiot Leadership Academy more than a decade ago. And Segev said:
“During our service in the Israeli Defense Force’s (IDF) elite Unit 8200 we gained valuable insight into the challenges operational security teams face in securing their data. That experience in offensive cyber operations and data defense was the catalyst for creating Cyera.”
“At this time, I also gained firsthand experience leading teams tasked with deploying and operating cybersecurity technologies in the field. I saw how difficult it was to use existing tools and realized there was a need to develop a better solution. These insights inspired me and Tamar to found Cyera in 2021, and continue to fuel the company’s rapid growth. As CEO, I lead strategic direction and guide the company to develop technology and tools through customer-inspired innovation.”
Formation Of Cyera
How did the idea for Cyera come together? Segev shared:
“While initially developing Cyera’s data security technology, we interviewed more than 100 CISOs to understand their pain points – and we were struck by the unanimous response to a simple question: Is your data safe? None of the CISOs could answer confidently that they knew where their data is, whether it’s secure, who can access it, and how to remediate security, privacy, and compliance exposures that threaten their business. On a mission to empower CISOs to answer this simple question – definitively, Cyera was born.”
“Cyera’s vision is for every business to realize the full potential of their data — collaboration, connection with customers, insight that fuels innovation — to power a new era of development, growth and productivity. Realizing this potential requires that businesses have the ability to leverage transformational technology responsibly while protecting their most valuable asset – data.”
Favorite Memory
What has been your favorite memory working for Cyera so far? Segev reflected:
“Cyera was less than one year old. We went to visit the security team of an F500 enterprise in the Carolinas – we presented our demo in their boardroom to four people. The CISO looked at us with excitement and said, “if you can do even half of what you’re showing us here we have a lot of business to talk about. This makes me want to move everything to the cloud NOW”. They are now one of our premier customers.”
Challenges Faced
What challenges has Segev faced in building the company? Segev acknowledged:
“Cyera is doing something new and different, which always creates a variety of interesting challenges. We are taking an altogether new approach to data security, creating novel technology and leveraging the latest art in data science, machine learning, and artificial intelligence to build it. So from a purely technical perspective, creating what will become a reference architecture and model for approaches in the future from scratch is always a challenge. Fortunately we have an incredibly motivated, talented, and tenacious team of developers, data security engineers, architects, and researchers who love the challenge, and consistently rise to and above it as they build Cyera’s AI-powered data security platform.”
“The current macroeconomic climate certainly does not make it easy to go to market. This is true for any company, but certainly for an early stage company that is creating new categories. Fortunately we have an incredible early stage investor in Cyberstarts. They introduced us to the CISOs in their network and those conversations were the foundation on which Cyera was built. Before we started to build the product, we were able to understand what was truly important to operational security teams, and to use that knowledge in refining our vision, and defining our target market, initial ICP, and foundational product.”
“Our early momentum attracted some of the leading VCs in the industry. We were very fortunate to have the support and backing of Sequoia and Accel in our $60M Series A round in early 2022. Here we are one year later, and we just announced a $100 million Series B led by Accel along with Cyberstarts, Sequoia, and a new investor in Redpoint Ventures.”
“Fortunately, with the right product, identifying very relevant and timely use cases that CISOs care about, and building out our team to pace with our market traction, we have not felt negative impacts of the economic climate. Rather, we have experienced strong traction as our platform serves unmet needs and addresses fundamental and business-critical challenges for enterprise companies.”
Core Products
What are Cyera’s core products and features? Segev explained:
“Cyera’s cloud-native, AI-powered, agentless data security platform secures data everywhere. Cyera brings together automated sensitive data discovery and classification, continuous data security posture management (DSPM), real-time detection and response, data access governance, and data privacy. Cyera safeguards data across a company’s hybrid cloud, including Infrastructure as a Service like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, Database-as-a-Service Platforms like Snowflake, Databricks, and MongoDB Atlas, and Software-as-a-Service platforms including Microsoft 365 and Google productivity suite. Cyera continuously discovers, classifies, and provides context on the data a company has, who can access it, where it goes, and how it is secured across those environments, for structured and unstructured data. This enables organizations to maintain the confidentiality, integrity, and availability of their cloud data to maximize the business value it represents.”
“Cyera tames cloud data sprawl without the complexity, cost and operational overhead of legacy data protection solutions. Cyera is the first solution that provides holistic cloud data security coverage across SaaS, PaaS and IaaS environments. AI-powered classification automatically identifies the type of data that exists in each environment. Cyera then contextualizes the risk data represents across security, privacy, and regulatory compliance frameworks and provides actionable, prioritized remediation guidance. The result is cloud data security that enables businesses to be more agile and innovative while mitigating risk to reputation, customer loyalty, and compliance stemming from data theft.”
“The results and impact of Cyera’s platform are immediate. Leading financial, pharmaceutical, and retail customers have uncovered sensitive data and exposures they never would have otherwise.”
Evolution Of Cyera’s Technology
How has Cyera’s technology evolved since launching? Segev noted:
“Cyera was integral in defining the data security posture management (DSPM) market. “We have also been instrumental in pushing that definition to include data across hybrid environments, taking a cloud-native, and cloud-first approach, but not limiting ourselves to cloud only. Over the past year we’ve seen legacy companies pivot to claim DSPM capabilities despite fundamental architectural limitations based on outdated architectures. We have also seen DSPM startups attempt to narrow the definition of DSPM where our focus has been to expand our platform to create a holistic data security solution for the enterprise. Cyera has invested in expanding our AI-powered data security platform to focus on becoming the foundational operational data security platform for the enterprise.”
“Cyera implements a large language model that truly understands the content it’s scanning. Cyera comprehends context, intent, and nuance, and provides detailed insight and remediations so security teams can truly know their data and apply the correct controls. This use of AI is hard to build and operationalize, but from the outset we believed that AI and ML are critical capabilities to enable dynamic security controls, which CISOs and their teams need to keep pace with cloud, IoT, and AI advancements that threaten their data security posture and ability to assure compliance.”
“Cyera’s Azure OpenAI integration enables customers to make faster, more informed decisions about data security, privacy and governance. This integration builds on Cyera’s use of machine learning and large language models (LLMs) to further revolutionize the way businesses defend their data and assure compliance.”
“Integrating OpenAIs LLMs enables security practitioners to use free-form language to match data stores, data classes and issues, based on the technical or business problem they are trying to solve. For example, according to the Verizon Data Breach Investigations Report, insider threats made up 39% of data breaches in healthcare in 2022. Using semantic search to ask which issues increase an organization’s risk of a breach will instantly highlight protected healthcare information (PHI) accessible by stale users.”
“OpenAI’s LLMs will also accelerate how Cyera governs access to sensitive data. Cyera’s unified policy engine will take advantage of the LLMs to identify misconfigurations, recommend specific access controls and generate new policies for data access governance.”
Significant Milestones
What have been some of Cyera’s most significant milestones? Segev cited:
“A few of our most significant milestones include:
March 2022: Launched from stealth with $60 million in funding to lead the data-first revolution in cloud security. Within 2022 we partnered with several Fortune 500 companies, doubled our employee count, and grew revenue by 800% in our first year.
December 2022: Expanded our platform to include coverage for SaaS environments, providing a unified control plane for data security across SaaS, PaaS, and IaaS, including discovery and classification, DSPM, data access governance, and data privacy solutions.
April 2023: Launched an industry-first Unified Data Explorer that provides an intuitive and easy way for security teams to understand where they manage data across their cloud landscape and pinpoint sensitive data exposures to reduce their attack surface.
April 2023: Introduced unified Data Detection and Response (DDR) to extend the Data Security Posture Management (DSPM) capability as part of its more expansive Data Security Platform. Security practitioners can quickly and easily take action to remediate security exposures and stop sensitive data exfiltration in real-time.
May 2023: Introduced SafeType – a data privacy browser extension to help companies use ChatGPT securely. Businesses are torn between enabling their developers and teams to experiment with and leverage the transformative power of generative AI. When individuals use ChatGPT, it is extremely easy to accidentally feed it private information. If a user forgets to anonymize or remove data from a document or chat session, regulated data will be transmitted to the platform. SafeType identifies when a user is entering sensitive data into ChatGPT, informs them why it should not be shared and provides the ability to anonymize or remove it from the session. SafeType represents an opportunity to significantly improve data defense while enabling developers to explore, securely.
June 2023: Announced an integration with OpenAI to accelerate multi-cloud data security. Securing sensitive data remains a top priority for businesses and regulators. The integration tailors data security policies to help security teams make more informed data security, privacy, and governance decisions, accelerates how Cyera governs access to sensitive data, and enables Cyera’s unified policy engine to take advantage of the LLMs to identify misconfigurations, recommend specific access controls and generate new policies for data access governance.
June 2023: Secured $100 million Series B investment to become the data security platform enabling the AI revolution.”
Customer Success Stories
Upon asking Segev about customer success stories, he cited:
“The results and impact of Cyera’s platform are immediate. Leading financial, pharmaceutical, and retail customers have uncovered sensitive data and exposures they never would have otherwise.”
Michael Kiethley, Chief Information Officer at United Talent Agency uses Cyera to foster innovation with data. He said, ‘Cyera’s AI-powered data security platform is enabling us to infuse data literacy into our cloud development and security strategy.’
Arjun Thusu, Chief Information Officer at Mercury Financial said, ‘Cyera is accelerating our efforts to improve cyber resilience, and the deep context and unprecedented insight it provides into our data allows us to better align with business stakeholders and partners.’
Mike Melo, CISO of LifeLabs said, ‘Now more than ever, as we adopt more digital technologies, we need real-time visibility, automation and proactive controls to remain agile and keep our customer data protected. Cyera provides us complete, context-rich insight into the data we manage across Azure and Microsoft 365 and allows us to quickly adapt our security operations as our business strategy evolves.’
Scott Morris, Ex-SVP, CISO, Zipari said, ‘One of the most important things the Cyera solution revealed was the incidence of ghost data within our environment. We used those insights to put controls in place to address this risk very quickly.’”
Funding/Revenue
After asking Segev about funding, he revealed:
“We launched from stealth in March 2022 with $60 million in Series A funding to lead the data-first revolution in security. The financing, secured just 10 months after Cyera’s formation, was led by Sequoia Capital, alongside Accel, and Cyberstarts.”
“Then in June 2023, after establishing ourselves among S&P 500 organizations, we secured a $100 million Series B investment, led by Accel with participation from existing investors Sequoia and Cyberstarts. Redpoint Ventures also joined as an investor.”
“This brings the company’s total funding to $160 million since emerging from stealth in March of 2022.”
Total Addressable Market
What total addressable market (TAM) size is Cyera pursuing? Segev assessed:
“Regarding the market size, Gartner says $1.3 trillion in enterprise IT spending is shifting to cloud, growing to $1.8 trillion by 2025. Further, data security posture management (DSPM) is transformational for security and governance leaders and is expected to bridge gaps left by existing data protection technologies in an orchestrated, scalable way. According to Gartner: ‘By 2026, more than 20% of organizations will deploy DSPM technology, due to the urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks.’”
Differentiation From The Competition
What differentiates Cyera from its competition? Segev affirmed:
“The fundamental difference with Cyera is a focus on truly knowing what data represents. It’s a difference in approach, not a nuance in design. Our platform was purpose-built to leverage AI and machine learning at cloud scale to dynamically discover, classify, and understand an enterprise’s unique data. Cyera doesn’t simply use pattern recognition or signatures to understand data, we automatically and continuously identify and draw inference from an environment so our customers know exactly what data they have, what it represents, and the intent and nuance of the value that their data represents. That not only helps them improve their security and streamline their compliance efforts, it frees them to be more data-driven and leverage their data to accelerate their business processes and innovation.”
“From there, the cloud-native architecture is critical in the cloud era. That’s not a cloud-y set of buzzwords. To be cloud-native means that we don’t require hardware, software, or manual effort to find, identify, evaluate, and remediate issues. The process is fully automated, continuous, and can be scripted the way any other modern development (continuous integration / continuous deployment) process operates. Legacy providers require manual efforts, and newer DSPM, CSPM (cloud infrastructure), SSPM (SaaS applications), ASPM (application) vendors are all narrowly focused and create more silos in the enterprise. Cyera was designed and architected to discover, classify, evaluate, and secure all of an enterprise’s data, everywhere.”
“Beyond the deep knowledge of data, and cloud-native architecture, Cyera is also focusing on static posture improvements (what DSPM represents), real-time detection and response to changes (some call this Data Detection and Response, or DDR), achieving least privileged access to data and recognizing misuse and anomalies in access (a.k.a. Data Access Governance or DAG), and data privacy. This enables an enterprise to put data at the center of their security strategy, streamline compliance audits and requests for information (like the right to be forgotten, or records of processing activity requests), and ultimately be more data-driven in the way they address day-to-day challenges and opportunities to grow their business.”
Future Company Goals
What are some of Cyera’s future company goals? Segev observed:
“Our recent funding enables us to accelerate product development – including securing data in code repositories, communication channels, and on-prem, hire the best engineering talent and expand our go-to-market initiatives. It is a vote of confidence, not a guarantee of future success. That will come from what got us here, incredible passion for solving CISO’s most pressing security challenges.”
“Our big vision is to be the one-stop shop for data security.”
Additional Thoughts
Any other topics you would like to discuss? Segev concluded:
“The cybersecurity startup community continues to be dominated by former Israeli cyber intelligence professionals – Unit 8200 alumni. As a former member of 8200 and now the co-founder and CEO of a cloud data security company, I rely on lessons learned during my time in the military to navigate the startup world.”
“My three key principles are: Always Deliver, Customer-Driven Engineering, and Question Assumptions.”
“Embracing these lessons can have a dramatic impact on the trajectory of an organization.”
