Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/15/2015
03:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Onapsis Raises $17M Round to Boost Cybersecurity of SAP and Oracle Applications

Sharp rise in demand for emerging enterprise application security market drives new funding; supports sales efforts, marketing and research & development

Boston, MA – September 15, 2015 – Onapsis, the global experts in SAP and Oracle enterprise application security, today announced it has closed a $17 million Series B funding round led by Evolution Equity Partners, with full participation of existing investor .406 Ventures as well as new investor Arsenal Venture Partners. This round brings the total investment in Onapsis to $30 million since the inception of the company. J.R. Smith, partner at Evolution and former CEO at AVG Technologies (NYSE: AVG), will join the company’s board of directors.

This news comes in the wake of a new breed of breaches that are stealthy and targeted on corporate espionage, estimated to cost an annual $445 billion for companies globally. The first widely and publicly reported breach affecting SAP enterprise applications involved USIS, which provided security clearance services for Office of Personnel Management (OPM) and Department of Homeland Security (DHS). This recent attack involved exploiting the company’s vulnerable SAP ERP systems and put a public spotlight on why hard to find vulnerabilities in complex SAP enterprise applications are the perfect target for cyber attackers. The oversubscribed investment in Onapsis reflects the sharp rise in demand for specialized, scalable and comprehensive solutions from Global 2000 organizations to secure their critical SAP and Oracle enterprise applications as well as a rapidly maturing market.

Enterprise applications running on SAP and Oracle such as enterprise resource planning (ERP), customer relationship management (CRM), human capital management (HCM), business intelligence (BI) and supply chain management (SCM) house an organization’s most valuable data and support mission-critical business processes. They are also major targets at risk to nation-state attacks, intellectual property theft, financial fraud and sabotage. However, today’s traditional security vendors do not offer detection and response capabilities necessary for fully securing the SAP and Oracle enterprise application layer from attacks. With SAP and Oracle releasing hundreds of security patches annually, security and IT teams are finding it a challenge to keep up. As these applications are increasingly moving to a hybrid cloud model, with mobile and IoT environments, their attack surface is expanding exponentially.

“It’s critical that, as an industry, we get SAP and Oracle enterprise application security right. The economic and legal risk is too high for businesses to continue operating with their critical data exposed,” said J.R. Smith, partner, Evolution Equity Partners. “Onapsis has established itself as the leading global experts in this field. Our commitment to enter one of the fastest growing market segments in security is attributed to Onapsis’ patented technology, a strong research and development team and the quality of execution from their leadership team,” continued Smith.

As estimated by Onapsis, the SAP and Oracle enterprise application security market will grow to approximately $3.3B by 2018 with the majority of the Global 2000 using these applications in traditional as well as cloud and mobile platforms across on-premise, hybrid and public cloud solutions.

“The need to better secure enterprise business application platforms has become increasingly evident, as suggested by recent high-profile breaches that directly targeted vulnerabilities in ERP systems. With the expansion of the attack surface to IoT, mobile and cloud, the potential for unauthorized or malicious access to these high-value assets – and the business risks such exposures entail – will increase along with it," said Scott Crawford, Research Director,  Information Security, 451 Research.

With the influx of capital, Onapsis plans to scale research and development efforts and support the rapid adoption and delivery of its platform for the Global 2000 through expansion of sales, marketing and customer success teams.

“Leading CISOs of Global 2000 organizations are realizing that traditional security products and methods are not designed to protect their SAP and Oracle enterprise applications from cyber attacks, leaving their crown jewels exposed,” said Mariano Nunez, CEO and co-founder, Onapsis. “Having been the first company to identify this emerging threat and deliver the advanced technology and research required to address it, we have always been and remain fully committed to enable SAP and Oracle customers to run their business’ securely. This new round of funding, led by firms with an unmatched cybersecurity pedigree, further validates the demand for our solutions and our undisputed leadership in the enterprise application security market.”

“Onapsis has exceeded our expectations on both execution and earnings," says Maria Cirino, Managing Director, .406 Ventures. "It has definitely joined the ranks of the Boston-based cybersecurity elite. We are extremely fortunate to have one of the strongest VC cyber security portfolios and Onapsis is exceptionally well positioned as a first, best and only provider of SAP and Oracle cyber security to enjoy continued rapid growth as it dominates its market segment.” 

In 2014, Onapsis achieved over 130 percent year-over-year revenue growth, launched the Onapsis Security Platform, secured a global patent, identified and helped SAP and Oracle solve more than 50 security vulnerabilities, and expanded its presence in Europe. For the year ending 2015, Onapsis is on track to achieve a consistent rate of growth with a strong pipeline, market awareness and an industry-leading solution, as well as a notable board of advisors and directors.

About Onapsis

Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications.

Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

For more information, please visit www.onapsis.com, or connect with us on TwitterGoogle+, or LinkedIn.

About Evolution Equity Partners

Evolution Equity Partners, based in New York City and Zurich, Switzerland, is an international growth stage technology investor helping exceptional entrepreneurs develop market leading companies with global reach. The firm has a focus on Information Security, Enterprise Software and Consumer/Enterprise crossover opportunities. Current and past portfolio companies include: AVG Technologies (NYSE: AVG), Cognitive Security (NASDAQ: CSCO), OpenDNS (NASDAQ: CSCO), 60K, Onapsis, NejTV, SecurityScorecard and others.  www.evolutionequity.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jcorvin
50%
50%
jcorvin,
User Rank: Apprentice
9/16/2015 | 2:29:06 PM
Why would SAP customers pay for Onapsis solutions when they can use SolMan for free?
Not all cyber security companies are a sure bet. Onapsis is a one-trick pony. It's exclusively focused on developing security solutions tied to SAP software. It has yet to develop anything meaningful for Oracle platforms. This is a dangerous strategy. Also, SAP itself is moving heavily into the market and doing battle with third party vendors such as Onapsis. Finally, the most damning issue is that Onapsis software has more effective and cheaper alternatives. Once SAP customers realize they can get the same functionality and performance from standard SAP tools such as Configuration Validation in Solution Manager, its game over for Onapsis. Most customers would take a free, SAP-delivered solution over some expensive toy from a VC-funded start-up that may not even be around in five years.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.