Small and medium businesses have become a growing target for malicious online hackers in recent years, currently accounting for between 43% and 61% of all security breaches and some $7 billion annually in related losses, according to different estimates. Today, a startup called Guardz is emerging from stealth with a two-part offering aimed at protecting them: a SaaS-based set of low-code security tools designed for businesses using cloud services, designed to be implemented without any specific security or advanced technical expertise; and insurance to help cover organizations in cases where something is disrupted. The startup is launching initially in the U.S., and along with that, it’s announcing $10 million in funding.
The funding is coming on the heels of some very early traction. In a closed beta, Guardz says it has already picked up 300 customers. The average number of employees in its current cohort of users is 30-40 per business, and the plan is to target organizations of between 10 and 250 people, with initial plans starting at $9/user/month.
The funding, meanwhile, is coming in the form of a seed round, led by Hanaco Ventures, with iAngels, GKFF Ventures and cybersecurity investor Cyverse Capital also participating. Guardz is not disclosing valuation at this stage.
Co-founders Dor Eisner (CEO) and Alon Lavi (the CTO) have decades of security experience between them, starting with years working on intelligence in Israel’s defense forces. A lot of work in cybersecurity tends to be focused either on enterprises — large organizations with a lot to lose in security breaches — and individual consumers, who have had a number of antivirus and other security software designed to target their specific use cases.
Enterprise security was very much where both Eisner and Lavi were working prior to founding Guardz. Eisner tells me he started to think about the challenges for SMBs in particular through his work at Rapid7, where he was doing a lot of research into what was happening on the Dark Web.
“As we started to look at the Dark Web we were first looking for what was being built and sold to attack enterprises,” he recalled. But what they found, he said, was something else: a set of tools being sold to hackers to “spray and pray” — level large amounts of cyberattacks against a wider set of smaller targets, SMBs, that were typically not set up to protect themselves against this.
Eisner refers to this class of “software,” if you can call it that, as “Attack As A Service.” AaaS essentially “weaponizes” the SaaS model, in Eisner’s words. AaaS “products” are essentially sold online on the dark web to malicious hackers who want to target cloud-based organizations: they buy and use the services online, on demand, as normal businesses might buy and use legitimate SaaS products.
“You don’t need to build complicated products to target SMBs. You just use the AaaS tools,” he said. SMBs are relatively easy, low-hanging fruit for malicious hackers these days. “SMBs just don’t have the budget or expertise to understand what to protect. In the last year, we’ve seen a big spike in these attacks and the usage of AaaS.”
Looking at and understanding what AaaS-based attacks are aiming to breach — primarily perimeters and clould-based data — is the basis of Guardz’s security tools. Alongside this, it’s partnering with insurance companies to provide cyber insurance to its customers. For now, Guardz is not disclosing who its insurance partners are and is instead selling the insurance as a white-label service.
The coupling of insurance with cybersecurity products is becoming more commonplace these days. Others that are building similar products together include ActZero, which launched in 2021 and also targets SMBs; Cowbell, which raised $100 million last year and also targets SMBs; Stoïk out of France; At-Bay, backed by Microsoft; and Coalition, which now has a whopping $5 billion valuation.
Their rise in part comes from the fact that, even with all the precautions in the world, the pace of malicious hacking, and the fallibility of humans is such that, an organization can still face a breach and lose valuable data or more as a result of malicious activity — let alone face legal action by partners or customers as a result.
But it’s also an opportunity because in many cases organizations are finding that they are not meeting certain requirements to get competitive insurance rates, or in some situations get insured at all: selling cyberinsurance policies along with the tools that the insurer approves to secure those IT assets becomes a logical way of packaging everything together.
But Eisner emphasized to me that he very much sees Guardz as a cybersecurity company — not an insuretech — and so it does not have plans to build its own insurance products, but will continue working with third parties to provide these to their customers in bundles.
“With the rise of Attacks-as-a-Service, the ongoing shortage of cyber talent, and the increasingly lucrative nature of targeting smaller businesses, the market is well-primed for a holistic cyber solution that addresses the unique challenges and imminent threats facing these companies,” said Alon Lifshitz, founding partner at Hanaco Ventures, in a statement. “We are excited to take part in Guardz’s journey as it makes headway in addressing and alleviating the crisis of high cyber vulnerability for small businesses everywhere.”
“The rise and democratization of ransomware and phishing attacks is hurting SMBs the most as they are currently the least protected, making this a huge and entirely underserved market,” added Shelly Hod Moyal, founding partner of iAngels. “With their first-hand experience building and commercializing successful cyber products, Dor Eisner and Alon Lavi are perfectly positioned to lead Guardz’s one-stop-cyber-shop for small businesses. We’re excited to partner with the Guardz team as they work to empower SMBs with the necessary tools to protect themselves.”
Comment