New York City and Washington DC-based startup Zip Security announced a $7.7 million financing round led by General Catalyst, co-led by Human Capital, and with participation from Box Group.
Zip focuses on bringing advanced cybersecurity capabilities to the SMBs that do not have the resources of bigger firms. SMBs are increasingly targeted by cybercriminals because of their supply chain access to larger firms, while being simultaneously less well defended. And, of course, ransomware targets all firms regardless of size.
“Most of the world assumes that large businesses with industry IP are the sole targets of bad actors,” comments Quentin Clark, MD at General Catalyst. “But that is not the case — ransomware is an issue businesses of all scales face, but it’s also the case that smaller businesses are often sought as a vector of attack to larger businesses.”
And yet, he continues, “smaller businesses don’t have CISOs and an entire security organization deploying and overseeing security software and policies — it’s not economically practical. This is a serious impedance mismatch.”
Our mission, says Josh Zweig, CEO and co-founder of Zip Security announcing the funding, “is to protect those smaller businesses and their customers’ data by making cybersecurity affordable and accessible.”
Zip offers a SaaS platform and service designed to minimize the in-house resources required for effective security. He uses the recent iLeakage example from October 2023.
“This was a bug around how Safari isolated tabs and the possibility to have one open tab steal data from another open tab,” he told SecurityWeek. “To protect yourself you need to do three things. First, you need to know that this thing exists — most people aren’t reading security news. Second, you must figure out a mitigation. Third, and most importantly, you must implement that mitigation.”
This isn’t something that can be done just once, but needs to be done for all Safari users in the company. Larger companies with established security teams can handle such issues, but it is problematic for SMBs. “I like to call them the Department of One, where you have just one security person or one IT person — or even none. Within a few hours, we surfaced that this happened in our SaaS offering to our customers, and coupled that with ‘Hey, here’s a button you can click to deploy the mitigation.’”
Zip’s philosophy is to put into practice a simple method of implementing law enforcements’ recommendation — get the basics right, and you will mitigate most cyber threats. It does this, says the company, “by integrating across best-in-class security tools including CrowdStrike, Okta, Jamf, and Microsoft Intune, allowing small businesses to run similar security programs to large corporations at a fraction of the time and cost.”
“The thing that makes these basics difficult, ” continued Zweig, “is they require weaving together lots of systems. Maybe you have one system to manage your Apple computers and one system to manage your Windows computers and a third system to manage your identities and a fourth system to manage your endpoint threat detection and remediation… Where things get hard with a minimal or non-existent security department, is how do you actually weave all these things together – how do you do the basics really well? We are the glue: we integrate with all these different systems, and we help you deploy, configure, and manage them in order to really nail the basics.”
Zip Security was founded by Josh Zweig (CEO) and Gabbi Merz (CTO). Both are alumni of Palantir, with roots in building security for government, critical industry, and Fortune 500 companies. Zip Security now seeks to bring that level of cybersecurity to SMBs. “We founded Zip,” he says, “with the belief that the cybersecurity market desperately needs a SaaS solution that makes securing a company an easy (and, dare we say, enjoyable?) experience.”
He adds, “We plan to use the new funding to scale up the development of our software product in service of our customers, including building out more advanced capabilities like device trust, automated patch management, and identity threat detection to provide best-in-class security so that customers can spend their time and resources where it matters most: on their mission.”