Connect with us

Hi, what are you looking for?


Cloud Security

Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding

Australian cybersecurity startup Kivera raised $3.5 million in seed funding from General Advance, Round 13 Capital and angel investors.

Australian startup cloud security firm Kivera has raised $3.5 million seed funding from General Advance, Round 13 Capital and angel investors including Srinath Kuruvadi (MD and head of cloud security at JPMorgan Chase), Ely Kahn (VP product management for cloud security at SentinelOne), and others.

The primary purpose of the funding is to expand technical staff recruitment following the headquarters relocation from Sydney, Australia to New York. The firm has already emerged from stealth, but is maintaining a relatively low profile while it continues to build out its product and work with early customers (primarily in the financial sector).

The Kivera Cloud Security Protection Platform (CSPP) aims to prevent cloud breaches by eliminating their primary cause: misconfiguration in the public cloud. As long ago as 2019, Gartner reported, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes.” Little has changed since then.

Gartner went on to add, “Security and risk management leaders should invest in cloud security posture management (CSPM) processes and tools to proactively and reactively identify and remediate these risks.” Kivera’s premise is that identifying misconfigurations that already exist is often too late. Most CSPMs identify misconfigurations tens of minutes to hours later — and organized crime with automated internet searching tools can find and exploit the errors as quickly as CSPMs can recognize them. It is better, claims Kivera, to prevent misconfigurations than to find them: prevention is better than cure.

The primary cause of misconfigurations is that they are possible. Developers are under constant pressure to produce at speed, cloud service providers (CSPs) need to make their services easy to use or lose customers to competitors, they continually introduce new features and services, and security teams are often unaware of the detail of interaction between the company and the CSP.

“We offer something that is prevention first and detection second,” said Neil Brown, co-founder and VP of operations at Kivera. “We catch the risk before it is created rather than find it later.” The result is a set of configuration policies that can be enforced during development. “It means the developers can push forward at speed because any configuration policies will be caught by the guardrails established by company policies enforced by Kivera.”

He added, “Cloud security teams are swamped in a backlog of alerts, and they deserve to get out of triage mode and take control of their cloud security by preventing risk up front. When dealing with sensitive workloads, the consequences of a single mistake, such as accidentally exposing a resource to the internet, can be considerable.”

He provides encryption as an example. “Let’s say I want to build a virtual machine, but haven’t included encryption. Kivera will capture this and say, ‘hey, this machine is exposed to the internet and our company policy says it must be encrypted.’ So, Kivera will recognize the error and enforce preventive controls at build time — we’ll stop risks before they get into the cloud environment. We block the process and send a message to the engineer so that the configuration error can be fixed.” The problem never reaches AWS or Google Cloud or Azure.

Advertisement. Scroll to continue reading.

While each customer can develop its own policies, Kivera “has thousands of ‘out-of-the-box’ policies already embedded in pre-made policy packs,” he added. “They’re aligned with common frameworks such as NIST 853 or the CSA Cloud Controls Matrix and other compliance standards.”

Accidental – or not so accidental – attempts to bypass the Kivera controls through remote working are enforced at the CSP end. All CSPs have a native identity and access management authorization solution. Kivera uses this – if the attempted engineer access does not come through Kivera, it is simply blocked. 

Kivera was originally founded in Sydney, Australia by Neil Brown (VP of operations), and Vernon Jefferson (CTO) in 2019. Joe Lea, board member at Viakoo and strategic advisor to AI EdgeLabs and SecureX.AI, joined as CEO in June 2023. The firm has relocated its headquarters to New York to better serve the North American market.

Related: These Are the Top Five Cloud Security Risks, Qualys Says

Related: Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report

Related: Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration

Related: Survey Shows Reasons for Cloud Misconfigurations are Many and Complex

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...