Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

10/9/2020
12:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Onapsis Raises $55M Growth Round, Led by CDPQ and NightDragon, Fueling Expansion to Protect Mission-Critical SaaS Applications

Funding Round to Accelerate Company's Growth Strategy to Expand Security and Compliance Support for Salesforce, Workday, Oracle, SAP and Other Leading Cloud Applications

BOSTON – October 6, 2020 – Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced it raised $55 million in Series D financing led by Caisse de dépôt et placement du Québec (CDPQ) and NightDragon with strong participation from existing investors .406 Ventures, LLR Partners and Arsenal Venture Partners. The investment will be used to significantly scale the company through rapid expansion into the mission-critical SaaS applications market, starting with protection and compliance for Salesforce and SuccessFactors applications.

This new support for mission-critical SaaS applications enables Onapsis to execute its vision of protecting the intelligent enterprise and accelerating digital transformation initiatives by delivering cybersecurity and compliance solutions for all mission-critical applications running on-premises and hosted on cloud Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), as well as the API-based integrations between them.

“As a long-term investor, we’re pleased with the quality of the company’s partnerships with leading business software providers and its recognition as an organization at the forefront of cyber threat detection and remediation,” said Alexandre Synnett, Executive Vice President and Chief Technology Officer at CDPQ. “We look forward to supporting the new growth initiatives put forward by the Onapsis management team and contributing, through this investment, to improving global cybersecurity.”   

Company Momentum and Performance

Onapsis is trusted by more than 300 of the largest global enterprises, including more than 20% of the Fortune 100, to protect their cloud, hybrid and on-premises mission-critical applications. This latest round of funding builds solid momentum after a strong performance year-to-date in 2020 for Onapsis. Highlights include (see Onapsis momentum infographic):

  • Over 145% growth in net new annual recurring revenue (ARR); recognized three consecutive years by the Deloitte Technology Fast 500 publication as one of North America’s fastest-growing technology companies
  • Outstanding customer satisfaction with 98% retention rate and one of the industry’s highest NPS scores
  • Recently announced strategic partnership with SAP, by which The Onapsis Platform is the SAP-endorsed application for cybersecurity and compliance
  • World-class cyber threat research lab – over 800 zero-day vulnerabilities discovered; multiple critical global CERT alerts based on Onapsis’ novel research
  • Established partnerships with leading system integrators and consulting firms including Accenture, Deloitte, IBM, PwC, Verizon, Optiv and others
  • Global operations in the United States, Argentina and Germany with more than 380 employees, recognized as a Top 3 Great Place to Work
  • New support for mission-critical SaaS applications to protect the intelligent enterprise

“Legacy security solutions don’t meet the requirements of today’s business applications – especially in the SaaS world,” said Dave DeWalt, who founded NightDragon and was named Vice Chairman of the Onapsis board of directors earlier this year. “These applications, which are at the core of every enterprise’s digital transformation and have accelerated due to the global pandemic, are facing the perfect storm, yet the tools used to protect them aren’t purpose-built for the job. The expansion into SaaS applications opens a huge market opportunity for Onapsis and fills a much-needed gap for enterprises in the cybersecurity and compliance space.”              

New Support for Mission-Critical SaaS Applications

As part of today’s announcement, Onapsis is launching an early access program for The Onapsis Platform for Salesforce and The Onapsis Platform for SuccessFactors. With support for these mission-critical SaaS applications, The Onapsis Platform enables customers to quickly discover, assess, prioritize and eliminate application misconfigurations, vulnerabilities and malicious activity that can impact an organization’s interconnected mission-critical application ecosystem and sensitive business data. Next up for Onapsis will be introducing early access program support for Workday, Oracle ERP Cloud and Oracle HCM Cloud, and other SaaS applications to be released in the coming months.

“As critical business processes and functions, such as HCM, CRM and ERP, extend to the cloud and SaaS environments, enterprises need a way to reduce the risk of their hybrid business platforms, enforce security and compliance baselines from the core to the cloud, and monitor application security, user activity, and threats from development to production,” said Mariano Nunez, CEO and Founder of Onapsis. “This funding only builds on our continued strong momentum as we stay hyper-focused on being the standard for mission-critical application security and compliance across cloud, hybrid and on-premises environments. We are honored to have the trust of new outstanding investors such as CDPQ and NightDragon, and the continued support of our existing partners. We’ll now further scale Onapsis to new heights and help even more organizations around the globe ensure all their critical information and processes are protected.”

To learn more, visit the Onapsis website: https://onapsis.com/.

 

ABOUT ONAPSIS

Onapsis protects the mission-critical applications that run the global economy, from the core to the cloud. The Onapsis Platform uniquely delivers actionable insight, secure change, automated governance and continuous monitoring for critical systems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendors such as SAP, Oracle, Salesforce and others.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve more than 300 of the world’s leading brands, including 20% of the Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10 chemical companies, 4 of the top 10 technology companies and 3 of the top 10 oil and gas companies.

The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 800 zero-day vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon—making Onapsis solutions the standard in helping organizations protect their cloud, hybrid and on-premises mission-critical information and processes.

For more information, connect with us on Twitter or LinkedIn, or visit us at https://www.onapsis.com.

ABOUT CAISSE DE DÉPÔT ET PLACEMENT DU QUÉBEC

Caisse de dépôt et placement du Québec (CDPQ) is a long-term institutional investor that manages funds primarily for public and parapublic pension and insurance plans. As at June 30, 2020, it held CA$333.0 billion in net assets. As one of Canada’s leading institutional fund managers, CDPQ invests globally in major financial markets, private equity, infrastructure, real estate and private debt. For more information, visit cdpq.com, follow us on Twitter @LaCDPQ or consult our Facebook or LinkedIn pages.

ABOUT NIGHTDRAGO

NightDragon is an investment firm focused on investing in growth and late-stage companies within the cybersecurity industry. Its flexible model allows it to lead or co-invest alongside leading venture capital and private equity firms in the pursuit of driving growth and increasing shareholder value. NightDragon is unique in providing deep operational expertise in cybersecurity gained by its founders Dave DeWalt and Ken Gonzalez from years serving as senior executives leading technology companies such as Documentum, EMC, Siebel Systems (Oracle), McAfee, Mandiant, Avast, and FireEye. For more information, visit NightDragon.com.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis Inc. All other company or product names may be the registered trademarks of their respective owners.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.