SAVVY: Workforce Security Automation Company Raises $30 Million

By Annie Baker • Jul 17, 2023

SAVVY – a cybersecurity pioneer that eliminates workforce-initiated security incidents involving software-as-a-service (SaaS) applications, including generative AI – recently announced that it exited stealth and raised $30 million. Canaan led the most recent Series A funding round with key investors Cyberstarts and Lightspeed. And Cyberstarts also led the initial seed round with Lightspeed.

SaaS has been a significant boon for the enterprise, enabling business-led initiatives and offloading effort and resources from internal IT and development. And on average, organizations have 130 SaaS apps, an 18% increase from last year. However, the lack of security control standardization and complexities introduced by integrations are stressing security operations (SecOps) teams and increasing friction between IT and the business. Unbridled SaaS sprawl is challenging resource-strapped enterprises to consistently enforce effective security controls at scale.

SAVVY’s Workforce Security Automation platform addresses human error by providing SecOps with complete visibility and security automation playbooks for orchestrating SaaS incident response before an unsecured action occurs. And by implementing just-in-time guardrails directly into the user workspace as a pop-up security copilot, the platform provides real-time alerts and suggestive guidance to improve user decision-making. SAVVY is already deployed by Fortune 500 companies in the hospitality and consumer goods industries, with over 100,000 active users.

Compared to legacy approaches that block applications or actions, require traffic steering, and introduce latency, the company’s platform is embedded directly into user work environments to counter user-initiated SaaS events, including the unsafe use of generative AI, sensitive data loss, and creation of supply chain risks through SaaS integrations. For example, SAVVY can guide ChatGPT users to turn off the chat history before submitting a prompt to prevent using proprietary information to train Generative AI models.

Plus, SAVVY provides visibility into applications not connected to single sign-on (SSO) or cases where users sign in directly with reused, shared, or compromised corporate credentials. And using such credentials is usually undetectable by network security controls, making user offboarding challenging. SAAVY discovered three times more apps where employees used their corporate identity that were invisible to SecOps because of its lack of SSO, and nearly 30% of all apps involved risky employee behavior, including password reuse, compromised accounts, and weak passwords.

SAVVY’s security copilot was tailored for each organization with powerful out-of-the-box security automation playbooks that can be easily customized through its no-code automation engine. And SecOps teams can determine how they engage users when encountering SaaS events and enable automatic incident responses to secure users and SaaS usage at scale.

SAVVY also reports real-time actionable insights and metrics to security teams, enabling them to identify high-risk areas and user risk profiling to pinpoint which roles and groups require more support. The platform recommends steps for risk mitigation and tracks improvement over time.

KEY QUOTES:

“The best security companies tackle surface vectors of attack head-on. SAVVY’s focus on the “human” attack surface and protecting employees across browsers and work apps solves a massive problem all enterprises face and is only getting worse. The real-time nature of SAVVY enables security teams to finally preempt employee-initiated events rather than just respond, which is why customer feedback has been so positive and also why we believe SAVVY will lead the emergence of an entirely new category of browser and application security.”

— Joydeep Bhattacharyya, general partner at Canaan

“Companies can have the highest security budgets and the best systems in place, but if you’re not reaching the end user at the point of decision, then history will continue to repeat itself. Our Workforce Security Automation platform helps SecOps gain full visibility and control over all user SaaS touchpoints, including sensitive information sharing in generative AI apps, and our suggestive guidance system helps users understand the risks as they happen and why they shouldn’t bypass security in favor of productivity.”

— Guy Guzner, co-founder and CEO of SAVVY

“We are thrilled to continue this journey with SAVVY’s experienced entrepreneurs, who are helping organizations solve the ever-challenging human element of cybersecurity that has only worsened with burgeoning SaaS growth. SAVVY has spent significant time across dozens of large US organizations to understand how to reduce the impact of poor employee cyber hygiene and developed an easy-to-use solution that is unlike anything else on the market.”

— Gili Ranaan, founder at Cyberstarts