A few items that have popped into The Cyber Hut inboxes over the past couple weeks relating to funding and vendor news.
Authorization Vendor PlainID Nets $75 million
PlainID announced in December they had received a Series C investment round topping $75 million. This was lead by Insight Partners. PlainID are a leading authorization platform player that was founded in 2014. This Series C takes their total funding to $96 million. Israeli based with LinkedIn listing over 70 employees, they focus upon a policy based access control model with centralised management and distributed enforcement. They list use cases across retail, healthcare and financial services and see a world with authorization being decoupled from the protected applications and the identity provider infrastructure that can provide authentication context into the downstream authorization platform. Drivers such as zero trust architecture, consent management, partner ecosystems and PII are all emerging and requiring authorization to be succesul.
Face Authentication Vendor iProov Nets $70 million
Another investment round, this time in the authentication space, with iProov announcing a $70 million round this week. iProov focus on the “right person, real person, right now” conundrum with case studies across government and the highly regulated industries such as financial services and travel. Their “genuine presence” technology is aimed at the identity proofing and subsequent authentication event journeys where a high level of assurance is required for processing. Authentication is a hugely competitive and perhaps saturated space and it will interesting to see how providers start to differentiate themselves with regards proofing or integration options.
OT Zero Trust Provider Xage Nets $30 million
A zero trust security platform focused upon operational technology has netted a $30 million Series B round. Xage, based in Palo Alto announced the round this week which was lead by Piva. Xage focuses upon apply zero trust techniques to operational technology environments via the “Xage Fabric”. They reference the US air force as a user who leveraged Xage for secure sharing use cases for maintenance data. Energy and utilities are another area of focus for them. Their identity and access management capabilities focus on coverage across a range of OT protocols such as modbus and SSH seen against programmable logic controls (PLC), supervisory control and data acquisition systems (SCADA) and human management interfaces (HMI).
NIST Internal Report Blockchain for Access Control Available for Comments
NIST released NISTIR 8403 in December which is focused on how blockchain could be used within an access control system – primarily for the storage of rule and policy data. The idea being that as blockchains are inherently tamper evident and resistant, adversaries would be unable to alter access control rules. The draft references the standard XACML model of a PEP/PDP/PAP architecture and how a blockchain could augment into that arena. Some interesting ideas. The draft is open for comments until February 7th.