Revolutionizing Cybersecurity with Osquery and SQL-Powered Analytics: Why Sapphire Ventures and Uptycs Chose to Partner
We’re excited to announce today that we’re leading $30 million Series B financing for Uptycs, a start-up that’s revolutionizing security analytics by providing enterprises with a SQL-based security analytics platform for performing intrusion detection, vulnerability management, incident investigation, workload protection, security audits and compliance checks. Uptycs is able to do all this across a company’s server endpoints (such as Linux VMs and containers) within data centers, cloud providers like AWS, Azure and Google Cloud, and productivity endpoints such as macOS and Windows.
A cumulation of several trends has driven the need for cybersecurity solutions like Uptycs. Firstly, to address the growing threat of cyber-attacks, enterprises have increasingly been running agents from siloed security applications. In addition, the emergence of ephemeral workloads in modern infrastructure has caused the amount of security telemetry (hence noise) to explode. Enterprises have also seen a demand to protect non-Windows operating systems, such as macOS on productivity endpoints and Linux on cloud workloads. And more recently, mandated remote work has increased security risk, making products like Uptycs mission critical.
Uptycs pairs Osquery, a best-in-class open-source endpoint agent, with a proprietary SQL-powered analytics platform to enable a unified view of server workloads and endpoints across heterogeneous environments (like the public cloud, on-premise, laptops and more) for security analytics and performance monitoring. Inspired by how Salesforce and SAP have changed the CRM and business process industries with SQL based applications, Uptycs built a platform that uses SQL to extract operating system information with Osquery agents as tables and relational databases, and translates them into security analysis use cases and eventually, performance metrics visibility.
With the new funding, we’re excited to see Uptycs continue to support its enterprise customers, augment its marketing and sales capabilities, improve product development and expand product capabilities. Meanwhile, our Portfolio Growth team, will be supporting Uptycs in its mission to help modern enterprises adopt its SaaS-based approach to using Osquery for security analytics and performance metrics of cloud workloads and endpoints.
Making security analytics accessible since its founding
Uptycs was founded in 2016 by Ganesh Pai (former chief architect at Akamai Technologies), Uma Reddy (former VP of engineering at Sonus) and Mike Hluchyj (former CTO, carrier products at Akamai), who currently serves on the company’s board. Their goal was to make security analytics easily accessible—especially for enterprise customers that are faced with a massive shortage of cyber-security talent. According to Cybercrime Magazine, there will be approximately 3.5 million unfilled cybersecurity jobs by 2021.
Uptycs addresses the shortage in security talent by using Osquery, an open-source agent developed at Facebook that allows users to write SQL queries to explore operating system data for security analysis and for obtaining performance metrics. Uptycs is growing in popularity among enterprises because its SQL-based platform makes it easy and accessible for someone with the ability to write SQL code to easily become a security analyst. Having seen the adoption of SQL-based analytics tools like Looker, a previous Sapphire Ventures investment, we believe that Uptycs is on the right path to democratize the market for security analysts, making it much more accessible.
A quickly growing market opportunity
When looking at the overall cloud security market, we see an impressive opportunity for growth—for the industry and specifically, for Uptycs. Recent data from Grand View Research shows that the cloud security market size is expected to reach $12.63 billion (13.9% CAGR) by 2024.
We believe enterprises will adopt security solutions like Uptycs for their security needs because of its easy-to-use, open-source based approach. As we look at the technology landscape, open-source platforms are gaining more and more traction because they’re distributed widely, embraced by developers and allow for collaboration across enterprises. In addition, open-source agents reduce blind spots, especially for cloud workloads.
Helping customers secure their systems
It’s not enough to deploy an open-source Osquery and collect an onslaught of system activity. That’s why customers are turning to Uptycs to help answer: “Now what?”
The Uptycs security platform uses data across the entire fleet of Osquery agents to run correlations and identify anomalous activity. The platform is capable of managing and contextualizing system data from 50 to 500,000+ endpoints—providing the who, what, when and where at the individual- server workload and laptop levels.
Uptycs has already seen success with its enterprise customers.
- Provides API for payment processing: Deployed on mostly macOS laptops, Uptycs eliminates the need to recreate detection and alert logic every time a new tool is added. The Osquery API helps enterprises with tool consolidation—they just punch a few lines of code and get the data they need immediately.
- Integration focused ISV: By using Uptycs, the company was able to complete a comprehensive asset audit for compliance requirements on all their 1000+ servers.
- Next-gen DevOps provider: Working with a remote team, Uptycs was tapped to manage assets and ensure device authentication and authorization. This solves such problems as determining whether or not a user is authorized to log in at 4a.m. from Europe.
Trusted Uptycs leadership and industry expertise
Although we feel vendor fragmentation and marketing hype create challenges in understanding the differentiated value that security companies deliver, we firmly believe security is critical to the success of every company, and Chief Information Security Officers who have a lot of purchasing power would agree. We’re hyper-focused on investing in startups like Uptycs that not only provide a differentiated product, but are evolving into a platform.
We’re also excited about the Uptycs team. Co-founders Ganesh Pai, Mike Hluchyj and Uma Reddy have been working together for more than 20 years. They know the security industry incredibly well, have a proven track record of working together and create great technology products. Ganesh, Mike and Uma sold their first company, Verivue, to Akamai. After two years at Akamai, the co-founders and their talented engineering team decided to start their second company together, Uptycs. This time, with a bigger, more relevant challenge to work with.
We’re thrilled to be a part of this journey with Uptycs. Here at Sapphire Ventures, we have a long history of partnering with Boston-based companies, including the likes of DataRobot and CloudHealth (acquired by VMware), and we’re pleased to add Ganesh and Uptycs to the portfolio. We are all looking forward to helping build another company of consequence with Ganesh and his team!
Disclaimer: Nothing presented within this article is intended to constitute investment advice, and under no circumstances should any information provided herein be used or considered as an offer to sell or a solicitation of an offer to buy an interest in any investment fund managed by Sapphire Ventures. Information provided reflects Sapphire Ventures’ views as of a time, whereby such views are subject to change at any point and Sapphire Ventures shall not be obligated to provide notice of any change.Companies mentioned in this article are a representative sample of portfolio companies in which Sapphire Ventures has invested in which the author believes such companies fit the objective criteria stated in commentary, which do not reflect all investments made by Sapphire. A complete alphabetical list of Sapphire’s investments made by its direct growth and sports investing strategies is available here. No assumptions should be made that investments listed above were or will be profitable. Due to various risks and uncertainties, actual events, results or the actual experience may differ materially from those reflected or contemplated in these statements. Nothing contained in this article may be relied upon as a guarantee or assurance as to the future success of any particular company. Past performance is not indicative of future results.