Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/15/2015
03:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Onapsis Raises $17M Round to Boost Cybersecurity of SAP and Oracle Applications

Sharp rise in demand for emerging enterprise application security market drives new funding; supports sales efforts, marketing and research & development

Boston, MA – September 15, 2015 – Onapsis, the global experts in SAP and Oracle enterprise application security, today announced it has closed a $17 million Series B funding round led by Evolution Equity Partners, with full participation of existing investor .406 Ventures as well as new investor Arsenal Venture Partners. This round brings the total investment in Onapsis to $30 million since the inception of the company. J.R. Smith, partner at Evolution and former CEO at AVG Technologies (NYSE: AVG), will join the company’s board of directors.

This news comes in the wake of a new breed of breaches that are stealthy and targeted on corporate espionage, estimated to cost an annual $445 billion for companies globally. The first widely and publicly reported breach affecting SAP enterprise applications involved USIS, which provided security clearance services for Office of Personnel Management (OPM) and Department of Homeland Security (DHS). This recent attack involved exploiting the company’s vulnerable SAP ERP systems and put a public spotlight on why hard to find vulnerabilities in complex SAP enterprise applications are the perfect target for cyber attackers. The oversubscribed investment in Onapsis reflects the sharp rise in demand for specialized, scalable and comprehensive solutions from Global 2000 organizations to secure their critical SAP and Oracle enterprise applications as well as a rapidly maturing market.

Enterprise applications running on SAP and Oracle such as enterprise resource planning (ERP), customer relationship management (CRM), human capital management (HCM), business intelligence (BI) and supply chain management (SCM) house an organization’s most valuable data and support mission-critical business processes. They are also major targets at risk to nation-state attacks, intellectual property theft, financial fraud and sabotage. However, today’s traditional security vendors do not offer detection and response capabilities necessary for fully securing the SAP and Oracle enterprise application layer from attacks. With SAP and Oracle releasing hundreds of security patches annually, security and IT teams are finding it a challenge to keep up. As these applications are increasingly moving to a hybrid cloud model, with mobile and IoT environments, their attack surface is expanding exponentially.

“It’s critical that, as an industry, we get SAP and Oracle enterprise application security right. The economic and legal risk is too high for businesses to continue operating with their critical data exposed,” said J.R. Smith, partner, Evolution Equity Partners. “Onapsis has established itself as the leading global experts in this field. Our commitment to enter one of the fastest growing market segments in security is attributed to Onapsis’ patented technology, a strong research and development team and the quality of execution from their leadership team,” continued Smith.

As estimated by Onapsis, the SAP and Oracle enterprise application security market will grow to approximately $3.3B by 2018 with the majority of the Global 2000 using these applications in traditional as well as cloud and mobile platforms across on-premise, hybrid and public cloud solutions.

“The need to better secure enterprise business application platforms has become increasingly evident, as suggested by recent high-profile breaches that directly targeted vulnerabilities in ERP systems. With the expansion of the attack surface to IoT, mobile and cloud, the potential for unauthorized or malicious access to these high-value assets – and the business risks such exposures entail – will increase along with it," said Scott Crawford, Research Director,  Information Security, 451 Research.

With the influx of capital, Onapsis plans to scale research and development efforts and support the rapid adoption and delivery of its platform for the Global 2000 through expansion of sales, marketing and customer success teams.

“Leading CISOs of Global 2000 organizations are realizing that traditional security products and methods are not designed to protect their SAP and Oracle enterprise applications from cyber attacks, leaving their crown jewels exposed,” said Mariano Nunez, CEO and co-founder, Onapsis. “Having been the first company to identify this emerging threat and deliver the advanced technology and research required to address it, we have always been and remain fully committed to enable SAP and Oracle customers to run their business’ securely. This new round of funding, led by firms with an unmatched cybersecurity pedigree, further validates the demand for our solutions and our undisputed leadership in the enterprise application security market.”

“Onapsis has exceeded our expectations on both execution and earnings," says Maria Cirino, Managing Director, .406 Ventures. "It has definitely joined the ranks of the Boston-based cybersecurity elite. We are extremely fortunate to have one of the strongest VC cyber security portfolios and Onapsis is exceptionally well positioned as a first, best and only provider of SAP and Oracle cyber security to enjoy continued rapid growth as it dominates its market segment.” 

In 2014, Onapsis achieved over 130 percent year-over-year revenue growth, launched the Onapsis Security Platform, secured a global patent, identified and helped SAP and Oracle solve more than 50 security vulnerabilities, and expanded its presence in Europe. For the year ending 2015, Onapsis is on track to achieve a consistent rate of growth with a strong pipeline, market awareness and an industry-leading solution, as well as a notable board of advisors and directors.

About Onapsis

Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications.

Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

For more information, please visit www.onapsis.com, or connect with us on TwitterGoogle+, or LinkedIn.

About Evolution Equity Partners

Evolution Equity Partners, based in New York City and Zurich, Switzerland, is an international growth stage technology investor helping exceptional entrepreneurs develop market leading companies with global reach. The firm has a focus on Information Security, Enterprise Software and Consumer/Enterprise crossover opportunities. Current and past portfolio companies include: AVG Technologies (NYSE: AVG), Cognitive Security (NASDAQ: CSCO), OpenDNS (NASDAQ: CSCO), 60K, Onapsis, NejTV, SecurityScorecard and others.  www.evolutionequity.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jcorvin
50%
50%
jcorvin,
User Rank: Apprentice
9/16/2015 | 2:29:06 PM
Why would SAP customers pay for Onapsis solutions when they can use SolMan for free?
Not all cyber security companies are a sure bet. Onapsis is a one-trick pony. It's exclusively focused on developing security solutions tied to SAP software. It has yet to develop anything meaningful for Oracle platforms. This is a dangerous strategy. Also, SAP itself is moving heavily into the market and doing battle with third party vendors such as Onapsis. Finally, the most damning issue is that Onapsis software has more effective and cheaper alternatives. Once SAP customers realize they can get the same functionality and performance from standard SAP tools such as Configuration Validation in Solution Manager, its game over for Onapsis. Most customers would take a free, SAP-delivered solution over some expensive toy from a VC-funded start-up that may not even be around in five years.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.