Search company, investor...
Search

Founded Year

2018

Stage

Series A | Alive

Total Raised

$14M

Last Raised

$14M | 1 yr ago

About Akeyless

Akeyless is a secrets management platform providing an all-inclusive solution for the management. It is based in Tel Aviv, Israel.

Akeyless Headquarters Location

94 Yigal Alon st. Alon 2 Tower

Tel Aviv, 6789140,

Israel

ESPs containing Akeyless

The ESP matrix leverages data and analyst insight to identify and rank leading companies in a given technology landscape.

EXECUTION STRENGTHMARKET STRENGTHLEADERHIGHFLIEROUTPERFORMERCHALLENGER
Emerging Tech / Cybersecurity

This market includes companies that provide tools for storing and managing encryption keys, which allow organizations to encrypt and decrypt data. Key management solutions protect encryption keys from unauthorized access, corruption, or loss.

Akeyless named as Challenger among 8 other companies, including Virtru, Fortanix, and Ubiq Security.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Akeyless's Products & Differentiation

See Akeyless's products and how their products differentiate from alternatives and competitors

  • Secrets Management

    The Akeyless Vault Platform is a SaaS-based solution for Secrets Management that enables organizations to centrally manage credentials, certificates, and keys for humans and workloads, and accelerate DevOps workflows. Using a patented, FIPS 140-2 certified, KMS technology (Akeyless DFC), users keep full custody of their keys

    Differentiation

    Pure SaaS solution 

    Easier to use, easy to deploy 

    Customers maintain full custody of their keys 

  • Subscribe to see more

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

    Differentiation

    We're on a mission to enable every organization to make smarter decisions about tech. Whether it's finding a new game-changing vendor or understanding a new market, it's easier, faster and smarter with CB Insights. All made possible by the smartest, hardest-working team in tech. Subscribe to see more.

Expert Collections containing Akeyless

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Akeyless is included in 1 Expert Collection, including Cybersecurity.

C

Cybersecurity

5,158 items

Akeyless Patents

Akeyless has filed 2 patents.

The 3 most popular patent topics include:

  • Cryptography
  • Authentication methods
  • Block ciphers
patents chart

Application Date

Grant Date

Title

Related Topics

Status

7/11/2019

7/27/2021

Cryptography, Key management, Block ciphers, Cryptographic attacks, Cryptographic hash functions

Grant

Application Date

7/11/2019

Grant Date

7/27/2021

Title

Related Topics

Cryptography, Key management, Block ciphers, Cryptographic attacks, Cryptographic hash functions

Status

Grant

Latest Akeyless News

The importance of securing machine-to-machine and human-to-machine interaction

Jan 21, 2022

The importance of securing machine-to-machine and human-to-machine interaction In this interview with Help Net Security, Oded Hareven, CEO at Akeyless , explains how organizations manage secrets, particularly how this practice has changed and evolved amid the rapid shift to hybrid/remote work and how it benefits organizations security wise. We have seen great changes in the last couple of years in how companies operate and organize their workflow. How have these changes altered the way they manage secrets? Indeed the way companies operate workflows has changed dramatically. The sad truth is that secrets–which, can be anything from standard username/password or credentials, to SSH keys, API keys, and certificates–as we know them today, were not centrally managed until the rise of secrets management solutions in very recent years. Key Management Services ( KMS ) were focusing on keys, while Privileged Access Management ( PAM ) and Password Management tools focused on human credentials. As long the organization didn’t yet implement any of the new cloud trends such as DevOps, Automation, and Containerization, everyone was happy inside the so-called perimeter. Companies are shifting their services to the cloud, but on-premise workloads are going to be around for many years to come. Then there is the fact that there is not just one cloud, obviously. And large organizations have different teams and business units that all choose different platforms. So the hybrid multicloud organization is quickly becoming the norm. This is a great thing as now all organizations can be agile and choose the platforms and support tools that not only work best for them but also provide the most value to the overall organization. These trends create challenges, which we call ‘secret sprawl’. The challenge associated with interconnecting and providing the right level of access to disparate workloads introduces a host of new security and compliance challenges. For instance, the sheer number of secrets used by machine-to-machine and human-to-machine interactions has proliferated dramatically due to automation, containerization, DevOps initiatives, and so on. In this hybrid multicloud environment I explained above, there is a risk of having separate islands of secrets. It is difficult for security teams to see how many secrets are in use overall, who uses them, and where. And if they can’t see them, how can they ensure they are safe? Another challenge associated with the automation/DevOps trends is how secrets are used. It is too often that we see secrets hardcoded in source code or configuration files, in plain text, which are then uploaded to public repositories such as GitHub. These secrets, and especially the ones used by privileged users such as network or security admins, and DevOps engineers, have traditionally been managed by Privileged Access Management (PAM) solutions. However, these solutions were not designed for machine-to-machine communications, something we now see ballooning. Rather, they were designed to provide security around humans accessing machines. There was no element that would validate machine identities and facilitate appropriate access to other machines. This is a recipe for disaster. From the perspective of a corporate security team when we bring these two things (hybrid multicloud + M2M access) together, they face quite a challenge, as they are ultimately responsible to ensure the organization adheres to security and compliance guidelines. Meanwhile, they also don’t want to be the department of ‘NO’ and inhibit the organization’s agility and ability to remain competitive. Another change that is a bit more technical but has important implications: securing your secrets with cryptography, requires a master key. Typically, these are kept safe by hardware-based cryptographic solutions known as Hardware Security Modules, or HSMs. This chainlink of using a new secret to protect a secret is known as the Secret Zero Problem. Unfortunately, when using cloud-based secret vaults, organizations have to relinquish their master keys to them. This means CSPs have access to the organization’s secrets, and therefore their data. They can be accessed by rogue administrators, or the cloud provider can be subpoenaed under the cloud act for example, and the government then has access to their data, and perhaps without the organizations’ consent. This is not what cryptography is intended to do. This approach introduces an enormous amount of unnecessary risk, a risk the organization cannot control. What do you think is the optimal way to do secrets management? Secrets management should be done in a way where both users and machines have a secure, transparent, and scalable way to obtain, issue, and revoke secrets. This means secrets management should be centralized, agnostic to the location of the user or machine, or which flavor of cloud platform the service they need access to is running on. Secrets management is a critical component of an organization’s automation strategy to ensure secure access and communication for humans and machines. It plays a vital role in enabling the business to adopt modern workplace technologies while remaining both secure and agile. Secrets management, therefore, needs to be available wherever the organization’s workloads and users are, and able to scale automatically, based on demand. Why is secrets management important? Secrets management is critical because it allows organizations to be more agile and more secure at the same time. It allows them to move on from the classic world of static secrets, secrets with long-standing privileges, to a more dynamic and real-time approach to authenticating and accessing the services they need. It is too often that we see secrets hardcoded in source code or configuration files, which are then posted publicly to GitHub for example. We can now use dynamic secrets instead, which provide what the industry calls Just-In-Time (JIT) access. This is a term borrowed from the manufacturing industry, where they don’t order goods or parts until they are actually needed. In this case, the key reason for JIT is when you use ephemeral resources in the cloud. When these resources are revoked, the associated keys need to be revoked automatically as well. In addition, if you dynamically create secrets with just enough privileges that the human/machine identity is authorized for, and revoke access after a reasonable/predetermined time period, you greatly reduce the opportunity that an attacker has to compromise that secret. If you can’t use dynamic secrets, for example for administrator-level accounts on servers or network devices, you can at least automatically rotate them and stop relying on humans to update their passwords. And finally and somewhat obviously perhaps, secrets management solutions keep secrets safe and secure, so only authorized identities can have access to them, and nobody else. Could you explain a secret’s lifecycle? It starts with the creation or generation of a secret, which again can be a credential, key, certificate, or password used by either a machine or human to access a workload. The creation of a secret can be done manually, or automatically. Automatically is the preferred way because humans are typically not good at creating strong passwords. Then, in the case of static secrets, there’s the option to rotate it and change the secret at a set interval. How frequently you do this can be mandated by security policy standards such as PCI DSS (90 days max). Finally, at the end of the cycle, the secret is revoked and can no longer be used to access your intended target. This can be triggered by the expiration time of a dynamic secret (we call that the TTL or time-to-live) or manually, for example when an employee or contractor is no longer with the company. What is the state of secrets management nowadays and how do you think it will evolve in the future? The current state of secrets management is that there is a rapidly growing awareness of the importance of securing machine-to-machine and human-to-machine interaction, among security professionals as well as DevOps teams, especially as organizations transition to hybrid multicloud infrastructure and containerized workloads. Today, there’s a mismatch, where organizations are running more and more of their workloads in the dynamic cloud environments, while their secrets management strategy does not exist yet. And in the case of CSP offerings, they are too proprietary, primarily designed for workloads operating within their specific cloud environment. In the future, I see secrets management and secure remote access converging and allowing for even more seamless secure communications between disparate systems, and with more integrations into other security systems. I also foresee secrets management solutions incorporating elements of machine learning and artificial intelligence to help define policies and revoke access when necessary based on external security incidents. Daily Newsletter - E-mail sent every business day with a recap of the last 24 hours Weekly Newsletter - E-mail sent every Monday with a recap of the last 7 days (IN)SECURE Magazine - E-mail sent when a new issue is released

Akeyless Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Akeyless Rank

  • When was Akeyless founded?

    Akeyless was founded in 2018.

  • Where is Akeyless's headquarters?

    Akeyless's headquarters is located at 94 Yigal Alon st., Tel Aviv.

  • What is Akeyless's latest funding round?

    Akeyless's latest funding round is Series A.

  • How much did Akeyless raise?

    Akeyless raised a total of $14M.

  • Who are the investors of Akeyless?

    Investors of Akeyless include Jerusalem Venture Partners, Team8 Capital and JVP Cyber Labs.

  • Who are Akeyless's competitors?

    Competitors of Akeyless include Fortanix, Sepior, Source Defense, QuintessenceLabs, Salt Security, Virtru, Sysdig, Noname Security, HashiCorp, Cycode and 22 more.

  • What products does Akeyless offer?

    Akeyless's products include Secrets Management and 1 more.

  • Who are Akeyless's customers?

    Customers of Akeyless include Progress, Stash, Constant Contact and Cimpress.

You May Also Like

Source Defense Logo
Source Defense

Source Defense is a real-time SAAS solution that protects online websites from attacks originating from third-party scripts. It uses a real-time sandbox isolation technology to provide a client-side website security solution focused on preventing malicious activity originating from website supply chain vendors. The company was founded in 2014 and is based in Rosh-Ha’ayin, Israel.

Contrast Security Logo
Contrast Security

Contrast Security is a provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without scanning.

Salt Security Logo
Salt Security

Salt Security is an API security platform that prevents zero-day API breaches. Salt detects attack attempts before other solutions alarms are tripped.

ZeroNorth Logo
ZeroNorth

ZeroNorth is a software and infrastructure risk management company that develops continuous app security and risk management tools.

Cycode Logo
Cycode

Cycode is a source code visibility and protection company. Cycode utilizes its Source Path Intelligence engine to deliver comprehensive visibility into all of an organization's source code and automatically detect and respond to anomalies in access, movement, and usage.

Virsec Systems Logo
Virsec Systems

Virsec Systems builds software that responds deterministically and proactively to defend against vulnerabilities that target mobile and fixed computer operating systems and applications.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.