Enterprise identity giant Okta announced on Tuesday that it has agreed to acquire Israeli startup Spera Security in a move broaden Okta’s Identity threat detection and security posture management capabilities.
Backed by $10 million in funding from YL Ventures, along with investments from angels and serial entrepreneurs at companies like Google, Zscaler, Akamai and Zendesk, Serpa joined a growing list of early-stage startups tackling identity and access sprawl in the enterprise.
The brainchild of Dor Fledel and Ariel Kadyshevitch, Spera’s platform provides proactive, continuous protection from identity-based attacks that combine compromised credentials, social engineering and phishing.
Spera has explained that its product can be used to create real-time, continuously updated, risk and context-based inventory of identities and access across cloud and on-prem environments. The data can then be used to give security teams granular insights for remediating and preventing identity-driven attacks.
“Headquartered in Tel Aviv, Israel, Spera Security builds on Okta’s existing ITDR capabilities with a focus on security posture management and attack surface management,” Arnab Bose, Chief Product Officer, Workforce Identity Cloud at Okta, wrote in a blog post. “With Spera Security, we will equip our customers with richer insights and technology to elevate their Identity security posture management, and quickly identify, detect, and remediate risks.”
Terms of the deal were not disclosed, but some reports say the deal is valued in the range of roughly $100-130 million.
Okta has found itself in the crosshairs of multiple hacking groups this year that target its infrastructure to break into third-party organizations.
In September, Okta said a sophisticated hacking group targeted IT service desk personnel in an effort to convince them to reset multi-factor authentication (MFA) for high-privilege users within the targeted organization.
In that attack, Okta said hackers used new lateral movement and defense evasion methods, but it has not shared any information on the threat actor itself or its ultimate goal. It’s unclear if it’s related, but last year many Okta customers were targeted as part of a financially motivated cybercrime campaign named 0ktapus.