Matichin co-founded Valence Security with Yoni Shohet in 2021. A two-time entrepreneur, Shohet previously co-launched SCADAfence, an industrial Internet of Things security startup. Matichin, for his part, was one of the founding members of Capester, a platform for cataloging videos of civic violations.

“In recent years, malicious actors have placed their focus on the interconnectivity between software-as-a-service (SaaS) applications, leveraging its potential for their attack campaigns, as we saw in the SolarWinds breach,” Matichin told TechCrunch in an email interview. “Organizations struggle to secure this [app] mesh — a growing, complex and interconnected environment of SaaS apps, third-party integrations, identities, privileges and data.”

Matichin and Shohet built Valence to address these challenges around visibility into the SaaS supply chain, including misconfigurations, risk prioritization and remediation. The platform attempts to detect all of a company’s SaaS apps and contextualize them with vendor risk assessments, offering tools to spot improperly configured security controls and drifts from established policies.

Valence can also help manage risky, inactive and overprivileged authentication keys, third-party integrations and no- and low-code workflows, Matichin says — in addition to potentially insecure public-facing files and emails forwarded externally. Identity security flows within Valence, meanwhile, aim to ensure users are managed by a central identity provider, using multi-factor authentication and are properly offboarded.

“Beyond security concerns, the repercussions of SaaS supply chain attacks are at the top of business priorities in light of the growing number of high-profile SaaS supply breaches over the past two years,” Matichin said. “These breaches can expose multiple interconnected SaaS applications for a single organization as well as threaten the business-critical data stored in those applications. This risk to business objectives, as well as to business continuity and efficiency due to the significant impact these breaches have on SaaS use, should be top-of-mind for the C-suite.”

“As remote working conditions accelerated the adoption and use of SaaS applications, a unique and unaddressed risk surface uncovered a growing need for SaaS security solutions targeting the sprawling SaaS mesh,” Matichin said. “In this respect, Valence was strongly positioned to address the unique security and business needs at the height of the pandemic, [and] Valence will continue to set the standard for SaaS security going forward.”

Valence Security raises fresh capital to secure the SaaS app supply chain by Kyle Wiggers originally published on TechCrunch

source