San Francisco, CA-based privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. The money will be used to expand Remediant’s marketing and field operations, product engineering, channel and customer success programs, following quintupled sales revenue between 2017 and 2018.
Remediant was founded in 2015 by two security practitioners, Paul Lanzi (now COO) and Tim Keeler (CEO). The two met while working at Roche. As practitioners they were faced with the problem found in all large corporations (Roche had about 120,000 global staff at the time): privileged account sprawl. With little control over privileged accounts it is difficult to stop and contain intruders’ lateral traversal through a network.
In one previous position, Lanzi told SecurityWeek, “I had privileged access to 3,000 or 4,000 systems — some of which I probably never logged into. But if my account were ever compromised, it would be game over for any or all of those systems.”
The solution, they thought, would be some form of ‘just-in-time’ administrator account control (JIT PAM): accounts that are spun up where and when needed, and removed after the need, just as Palo Alto Networks had introduced just-in-time firewall exception rules. With nothing in the market, they decided to do it themselves, and developed a prototype between 2015 and 2016.
In 2016 they took the concept to a Lions’ Den side conference at Black Hat. They did not win. But after the pitch, the deputy CISO from Lockheed Martin emerged from the audience. He told them that he had just asked his company to develop the same concept in-house, but that if Remediant had a working product, he would rather buy it than develop it.
Lanzi and Keeler were given 60 days to do a proof of concept at Lockheed Martin. They installed and performed the proof of concept in six days; had a fully signed deal within a couple of weeks, and had fully deployed the product within a few more weeks. “Remediant impressed us from day one with their ability to mobilize and quickly scale a PAM solution to secure more than 150,000 endpoints,” said Lockheed Martin CISO, Mike Gordon.
The first part of Remediant’s product is a continuous monitor that scans the network, locates existing administrator accounts and presents them on a dashboard. “It is almost always,” said Lanzi, “far more than the customer expects,” adding that existing customers had frequently been able to remove millions of old or unnecessary privileged accounts. He continued, “The second step is around locking down the remaining access, and then provisioning it back on a just-in-time basis.”
The product removes privileged accesses, but keeps a record. When a user requires privileged access to one or more systems, it is obtained via two-factor authentication from the master record. The 2FA is required to prevent a malicious intruder with stolen credentials gaining access to the master record.
If the candidate is verified by the master record as having authority to access a specific, or multiple systems, privileged rights are bestowed on a just-in-time basis, and then removed again after a specified time period (the default is four hours). In Lanzi’s own earlier example, he would move from having persistent rights to 3,000 to 4,000 systems, to having temporary, time-limited access to just one system, on demand. The same principle then applies to everyone within the organization.
This solves the privilege problem both on the network and at the endpoint. End users can be granted temporary rights to install apps on their own machines, or support desks can get just-in-time rights for installations on specific devices at specific times, rather than hold permanent rights over all devices. It also lends itself to the concepts of least privilege, zero trust and the evolution of microsegmentation.
“The concepts that underly zero trust access, and the principles of least privilege,” Lanzi told SecurityWeek, “are exactly the principles that we’re enacting around our access management. Our product is built on Docker, so we understand the benefits of a microsegmentation architecture and the move away from heavy workloads running on virtual machines towards running containers. Privileged access as it relates to containers and other microsegmented workloads is still an evolving field, so that’s something we’re exploring. In fact, doing R&D in that area is one of the areas where we’re using the money raised.”
Tom Kellerman, chief security officer at Carbon Black, joined the Remediant board as a strategic advisor in February 2019. He said at the time, “Authentication is the Achilles heel of cybersecurity. As cyber criminals continue to exploit trust relationships within corporations, privileged access management has become mission critical for cybersecurity and brand protection.”
Kellerman believes that Remediant’s SecureONE is a game-changer in the PAM market. “This round of fundraising is a testament to the foresight of Remediant’s founders. The global cybercrime wave facing businesses can be mitigated by proactive privilege access management and Just-In-Time Administration,” he said today.