SAVVY raises $30m for SaaS cybersecurity platform that focuses on human error

It doesn’t matter how good your security infrastructure is if you don’t keep the humans from messing things up.

 Cybersecurity (illustrative). (photo credit: PIXABAY)
Cybersecurity (illustrative).
(photo credit: PIXABAY)

Israeli cybersecurity company SAVVY has raised $30 million in Series A funding for its platform which helps organizations eliminate workforce-initiated security incidents involving software-as-a-service (SaaS) applications. Canaan led the round, with participation from Cyberstarts and Lightspeed.

SaaS has become increasingly popular in recent years, as it allows businesses to offload IT and development responsibilities to third-party providers. This can be beneficial for businesses, as it can save them time and money. However, it also creates security risks, as employees may not be aware of the security implications of using SaaS applications, and can make mistakes that allow hackers to gain access to sensitive data, systems, and networks. 

For example, if a SaaS provider is hacked, the data of all of its customers could be compromised. This could include sensitive data such as financial information or intellectual property. In addition, SaaS applications often have access to a lot of data about their users, which could be used to track or target them.

Mitigating security risks before they occur

SAVVY's platform, which is already in use by Fortune 500 companies in the hospitality and consumer goods industries, addresses the issue of SaaS security by providing organizations with visibility into their SaaS usage and by automating security controls. By automating security controls and providing visibility into SaaS usage, the platform can help organizations to identify and mitigate security risks before they occur.

"SAVVY's focus on the ‘human’ attack surface and protecting employees across browsers and work apps solves a massive problem all enterprises face and is only getting worse," said Joydeep Bhattacharyya, general partner at Canaan. "The real-time nature of SAVVY enables security teams to finally preempt employee-initiated events rather than just respond, which is why customer feedback has been so positive and also why we believe SAVVY will lead the emergence of an entirely new category of browser and application security."

 A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. (credit: REUTERS/KACPER PEMPEL/ILLUSTRATION/FILE PHOTO)
A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. (credit: REUTERS/KACPER PEMPEL/ILLUSTRATION/FILE PHOTO)

SAVVY’s platform is a newer approach to SaaS security that embeds directly into user work environments. This allows it to counter user-initiated SaaS events, such as the unsafe use of generative AI, sensitive data loss, and creation of supply chain risks through SaaS integrations. SAVVY does not block applications or actions, require traffic steering, or introduce latency, as legacy approaches do. Instead, it provides users with guidance and recommendations to help them make safe and secure choices. For example, for ChatGPT, SAVVY can guide users to turn off the chat history before submitting a prompt to prevent using proprietary information to train Generative AI models.

Guy Guzner, co-founder and CEO of SAVVY, touted the platform’s holistic approach to the cybersecurity ecosystem.

“Our Workforce Security Automation platform helps SecOps gain full visibility and control over all user SaaS touchpoints, including sensitive information sharing in generative AI apps, and our suggestive guidance system helps users understand the risks as they happen and why they shouldn’t bypass security in favor of productivity,” he said. “Companies can have the highest security budgets and the best systems in place, but if you’re not reaching the end user at the point of decision, then history will continue to repeat itself.”