Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Canonic Security Emerges From Stealth With $6 Million and SaaS App Sandbox

Tel Aviv, Israel-based Canonic Security has emerged from stealth with $6 million seed funding from investors including First Round Capital, Elron Ventures, SV Angel and Operator Partners. The company provides a third-party app governance platform powered by an app sandbox.

Tel Aviv, Israel-based Canonic Security has emerged from stealth with $6 million seed funding from investors including First Round Capital, Elron Ventures, SV Angel and Operator Partners. The company provides a third-party app governance platform powered by an app sandbox.

Industry is increasingly adopting SaaS solutions, and users increasingly connect their own choice of apps to the existing IT-approved business applications. It’s a user-driven aspect of the composability principle advocated by Gartner’s 2021 survey of 2,000 CIOs. 

Canonic Security Logo“Over half of high-composability respondents said they promote a high-trust culture that encourages employees to independently make decisions – double the percentage of moderate- and six-times more than low-composability enterprises,” says Gartner. Enterprises, it says, must embrace composability to thrive through disruption in 2022 and beyond.

User-introduced third-party apps that aid the users’ own tasks is an example of ‘composability’. It can improve performance, but places a severe strain on the security team charged with securing operations. “Highly composable environments integrate business application components from third parties and citizen developers without ever requiring standardized vendor controls, ultimately expanding the attack surface,” warns Canonic.

Composability encourages users to introduce additional apps effectively without approval; but the security team needs to understand any possible negative effect, and is overburdened by app vetting and approval processes. “This has opened up a whole new frontier of security challenges,” comments Josh Kopelman, founder and partner of investor First Round.

The Canonic solution is to sandbox the third-party apps before they connect to the customers’ approved IT applications. Its app governance platform has sandboxed tens of thousands of apps across industries including healthcare, defense and software organizations. The Canonic platform seeks to eliminate the inherent contradiction between composability and cybersecurity.

The platform streamlines third-party app reviews. Is the app over-privileged, demanding permissions it doesn’t require? Is it really what it says it is? Has it been compromised? What does it connect to or from, and how?

The result provides visibility over first-, second- and third-party apps and API integrations; it uncovers rogue and vulnerable apps; and it can quarantine suspicious apps, reduce inappropriate privileges and if necessary, revoke and block access. 

Canonic Security was founded in November 2020 by Boris Gorin (CEO, formerly senior director of information products at Proofpoint) and Niv Steingarten (CTO, formerly co-founder and VP of engineering at OverOps). The investment will accelerate the product’s go-to-market and development initiatives, which are already used in over twenty deployments worldwide.

Related: Grip Security Raises $25 Million to Secure SaaS Applications

Related: Adaptive Shield Emerges From Stealth to Secure SaaS Applications

Related: Unapproved SaaS Applications Widely Used Under IT’s Radar

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek


Forty cybersecurity-related M&A deals were announced in January 2023.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...