Spera Unveils Platform for Finding and Tracking Identities
Spera emerged from stealth today to launch a namesake platform that discovers and tracks identities to enable organizations to better enforce zero-trust cybersecurity policies.
Fresh from raising $10 million in funding, Spera CEO Dor Fledel said the biggest challenge organizations face today when implementing zero-trust policies is they have no inventory of identities. The Spera platform uses machine learning algorithms to discover and aggregate all the identities used to access enterprise applications, he said.
That approach makes it possible to compare how well each identity is adhering to zero-trust policies, added Fledel.
Identity and access management (IAM) today is a major headache given all the applications used both in the cloud and in on-premises IT environments, said Fledel. The Spera platform uses the application programming interfaces (APIs) exposed by various applications and platforms to automate the collection of identities that today are managed via disparate silos, he added.
One of the issues that organizations routinely encounter is there is often a disconnect between the entities that manage identity. Business units and human resource teams routinely grant access to IT services by making requests to internal IT operations teams. However, when an employee leaves an organization or shifts job roles, they often fail to tell IT teams to deprovision access. It’s not uncommon for former employees to still be able to access applications months after they have left an organization.
The correlation engine Spera created makes it simpler to surface those issues in a way that also serves to make it simpler to comply with a wide range of compliance mandates, noted Fledel.
In the age of zero-trust, identity is supposed to be the new perimeter, but it’s hard to defend something that is unknown. Cybersecurity teams that define zero-trust policies have a vested interest in making sure they are applied, but in the absence of knowing how many identities exist, it’s exceedingly difficult to effectively implement such policies. Spera, in effect, is providing a means to trust but verify that zero-trust policies are being enforced, said Fledel.
In the wake of a scourge of phishing attacks that seek to compromise end-user credentials, identity is arguably the top attack vector being employed by cybercriminals. Failing to track and manage identities makes organizations susceptible to phishing attacks that, thanks to generative artificial intelligence (AI) platforms, are expected to increase in terms of both volume and sophistication.
A more structured approach to identity management is obviously long overdue. Most of the focus on security for the past three decades has been on defending the network perimeter and endpoint devices. Cybercriminals have long known the simplest attack vector to exploit is a set of credentials that gives them access to an entire application environment. From there, it’s relatively trivial for cybercriminals to access interconnected systems in a way that, for example, enables them to distribute malware laterally.
One way or another, modern approaches to cybersecurity begin and end with identity management, so that needs to go well beyond managing a simple username and password.