Spera exits stealth to reveal identity-based threat hunting capabilities

Spera’s ISPM capabilities provides a comprehensive inventory of a customer’s identities, permissions and environments to surface critical anomalies.

access management / access control / user connections / identities
DEM10 / Getty Images

The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities.

“Two of the most prominent identity-based attack vectors ­— stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals are really frustrated with the lack of tools for identity attack surface and risk management across their various environments. Spera provides visibility into enterprise identities and actions, where the biggest risks lie, and helps security teams rapidly improve security posture.”

Designed to complement an identity and access management (IAM) system, Spera’s ISPM features automation tools to help organizations identify, manage, and prioritize identity-based risks.

IAM alone is no longer enough, according to Jack Poller, an analyst at ESG Global. “IAM is shifting to identity security, where the focus is on managing the risk to the organization from identity-related threats and attacks,” he said. “Like most other cybersecurity domains, identity security is complex and involves many different aspects including identity federation, privilege access security, secrets management, identity and access governance, ITDR and identity posture management.”

Risk-hunting capabilities

Spera features a SaaS-based ISPM engine that provides security teams with a comprehensive view of their identity risk surface. To achieve this, it deploys an automation tool that performs an agentless, read-only integration with an organization’s on-premises and cloud applications and identity providers to generate a real-time identity inventory including all users, identities, permissions, and environments.

Spera’s ISPM aims to compete with existing industry disciplines like identity governance and administration (IGA) and identity threat detection and response (ITDR) with an edge in end-to-end risk detection, which it claims none of the existing solutions offer.

“Identity posture management is a relatively new discipline and is part of a greater realization that identities play a foundational role in cybersecurity, thus the transition of identity responsibility from IT operations to security,” said ESG’s Poller.

Fledel explained how Spera's product works: “In the Spera identity graph we uncover and understand the identities, permissions, and actions in practice,” he said. “We source them from a customer’s existing identity providers and applications, and add context to normalize, correlate and surface the anomalies in them with our unique IP and technology.”

Spera will benefit IAM managers in security teams and CISOs by providing them a comprehensive view to help identify or mitigate partially offboarded users, over-provisioned employees, unused and risky privileges, compromised credentials and other identity risks.

Fledel said customers solve 75% of the critical and high-severity issues in their environments within a few weeks of deployment.

Expansion plans

Currently a team of 16, Spera aims to expand to 23 by the end of this year. It is currently working on additional capabilities for its platform to license separately on top of its existing ISPM offering.

Spera also aspires to add to its partner portfolio which currently sports integrations with Okta and Active Directory (identity providers), AWS (cloud), and Salesforce and Office 365 (SaaS). Additionally, the offering has added API capabilities to integrate with a customer’s other homegrown and on-premises applications based on their own schema.

Spera has picked up seed funding of $10 million from YL Ventures and a clutch of angel investors including Google, Palo Alto Networks, Akamai, Zendesk, Zscaler and others.

The company will use the investment to improve its product technology and cover marketing expenses.

Copyright © 2023 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)