Why We Built Avalor - and What it Means for Enterprise Security
Avalor co-founders Raanan Raz (right) and Kfir Tishbi (left) share insights on what our team has built, why we built it, and why investors and partners are on board with our vision.
With the official launch of Avalor, the Data Fabric for Security™, we wanted to share some insights into what we’ve built, why we built it, and why investors and partners are on board with our vision.
First, you may be wondering, who are we? We are data experts - our background is not what you might expect from a security company - and that’s exactly the point. Because today, cybersecurity is data: security solutions exist to protect personal and business data. In doing that, they also generate enormous amounts of data. In fact, security teams are drowning in it, and are struggling to use it in any meaningful way.
As data engineers and entrepreneurs, we understood their pain. We previously helped build and grow Datorama (which was acquired by Salesforce) to address the disconnected data problem for marketers. Our experience building and growing Datorama, which enables data integration and insights across a complex, data-rich marketing stack, made us realize that the “data deluge” problem isn’t unique to the marketing function.
At the same time, we were hearing from security leaders and their teams about a growing problem: they too were inundated with numerous disjointed and disparate data streams. They had neither the bandwidth or expertise to integrate and understand all of this data, let alone use it to manage the security function more effectively.
This challenge, along with our love of data and its possibilities, inspired us to solve this data problem for security, and to do it in a new way - using data fabric architecture.
Building a data-first solution on top of a data fabric means that you first aggregate, de-duplicate and normalize the data without focusing on a specific use-case. Once the data is organized and prioritized, teams can make sense of it and take action.
Security Teams Need a Single Source of Truth for Data
Believe it or not, there once was a time when security teams longed for more data. For years, they used tools to generate security-specific metrics, and get baseline reporting on the status of their enterprise security posture, but not much more than that. Over time, with pressure to provide better risk intelligence and real-time reporting, CISOs demanded solutions that would provide more data-driven insights. And they wanted to know if all the tools they were buying were actually working.
The market saw this need and responded - only too well. A plethora of solutions have flooded the security space in the last two decades. Everything from MDRs to vulnerability scanners to threat intelligence platforms - many in combination with each other - were bought by CISOs in an unending battle against intruders. In fact, some studies estimate that today, large enterprises often have 30 tools - or more - in their security stack.
And nearly every one of these solutions generates some kind of data. However, it is data which is distinct to the purpose of that particular tool. Data which neither natively integrates with or, if appropriate, de-duplicates, data from other security software. This deluge of disconnected data can have a paralyzing effect on a security organization, which is already underwater battling cyber threats on multiple fronts. What’s more, security experts aren’t data experts - they shouldn’t be expected to integrate dozens of datastreams to understand how the security function (and its relationship to the business overall) is doing.
As we listened to CISOs and their teams describe their real, day to day struggles to get value and context from their data, it became clear to us that solving this problem required a new approach.
By building a solution using data fabric architecture we enable security teams to integrate data from multiple sources and create an open, scalable foundation that allows for many use cases. One that is flexible and can accommodate multiple data points from across the enterprise, to get insights that are reliable and actionable.
We then built our first application powered by our Security Data Fabric™, a dedicated solution for vulnerability risk management and prioritization. This application directly addresses the challenges security teams are facing by automatically aggregating, normalizing and de-duplicating risk data from discovery to remediation. And, to give SecOps what they have longed for: a single source of truth for assets, controls, identities, vulnerabilities, security bugs, and other related data points.
In the future, we see our data fabric as a platform that others can tap into to power their own applications. We are partnering with the biggest names in the data industry to increase our footprint and build an ecosystem that will enable security providers to take advantage of our solution.
How We Are Building and Growing Avalor
People often ask what it takes to lead a startup successfully. We believe it takes a strong partnership, smart, engaged investors and a lot of trust.
We are friends and co-founders who have known each other for nearly twenty years. We’ve always wanted to work together and push the limits of what we can do. After working closely together at Datorama and Salesforce, we now have the opportunity with Avalor to solve real problems for security as a credible business function. We know each other’s strengths and how to support and challenge each other to be better leaders, innovators, and people, every day.
And we are fortunate to have a great team of engineers and data scientists. Their hard work has enabled us to build a stable platform rather quickly and land significant business already.
Thanks for reading and learning more about us. We are excited, grateful, and ready.
- Raanan and Kfir
Read more on this and similar topics.View all posts
Avalor Emerges from Stealth with $30M to Make Sense of Security Data
We are officially out of stealth!
An Experienced CISO’s Take on Solving the Data-to-Decisions Gap
Guest post from Emily Heath, Avalor Board Member and former Chief Trust and Security Officer at DocuSign.