Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/15/2015
03:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Onapsis Raises $17M Round to Boost Cybersecurity of SAP and Oracle Applications

Sharp rise in demand for emerging enterprise application security market drives new funding; supports sales efforts, marketing and research & development

Boston, MA – September 15, 2015 – Onapsis, the global experts in SAP and Oracle enterprise application security, today announced it has closed a $17 million Series B funding round led by Evolution Equity Partners, with full participation of existing investor .406 Ventures as well as new investor Arsenal Venture Partners. This round brings the total investment in Onapsis to $30 million since the inception of the company. J.R. Smith, partner at Evolution and former CEO at AVG Technologies (NYSE: AVG), will join the company’s board of directors.

This news comes in the wake of a new breed of breaches that are stealthy and targeted on corporate espionage, estimated to cost an annual $445 billion for companies globally. The first widely and publicly reported breach affecting SAP enterprise applications involved USIS, which provided security clearance services for Office of Personnel Management (OPM) and Department of Homeland Security (DHS). This recent attack involved exploiting the company’s vulnerable SAP ERP systems and put a public spotlight on why hard to find vulnerabilities in complex SAP enterprise applications are the perfect target for cyber attackers. The oversubscribed investment in Onapsis reflects the sharp rise in demand for specialized, scalable and comprehensive solutions from Global 2000 organizations to secure their critical SAP and Oracle enterprise applications as well as a rapidly maturing market.

Enterprise applications running on SAP and Oracle such as enterprise resource planning (ERP), customer relationship management (CRM), human capital management (HCM), business intelligence (BI) and supply chain management (SCM) house an organization’s most valuable data and support mission-critical business processes. They are also major targets at risk to nation-state attacks, intellectual property theft, financial fraud and sabotage. However, today’s traditional security vendors do not offer detection and response capabilities necessary for fully securing the SAP and Oracle enterprise application layer from attacks. With SAP and Oracle releasing hundreds of security patches annually, security and IT teams are finding it a challenge to keep up. As these applications are increasingly moving to a hybrid cloud model, with mobile and IoT environments, their attack surface is expanding exponentially.

“It’s critical that, as an industry, we get SAP and Oracle enterprise application security right. The economic and legal risk is too high for businesses to continue operating with their critical data exposed,” said J.R. Smith, partner, Evolution Equity Partners. “Onapsis has established itself as the leading global experts in this field. Our commitment to enter one of the fastest growing market segments in security is attributed to Onapsis’ patented technology, a strong research and development team and the quality of execution from their leadership team,” continued Smith.

As estimated by Onapsis, the SAP and Oracle enterprise application security market will grow to approximately $3.3B by 2018 with the majority of the Global 2000 using these applications in traditional as well as cloud and mobile platforms across on-premise, hybrid and public cloud solutions.

“The need to better secure enterprise business application platforms has become increasingly evident, as suggested by recent high-profile breaches that directly targeted vulnerabilities in ERP systems. With the expansion of the attack surface to IoT, mobile and cloud, the potential for unauthorized or malicious access to these high-value assets – and the business risks such exposures entail – will increase along with it," said Scott Crawford, Research Director,  Information Security, 451 Research.

With the influx of capital, Onapsis plans to scale research and development efforts and support the rapid adoption and delivery of its platform for the Global 2000 through expansion of sales, marketing and customer success teams.

“Leading CISOs of Global 2000 organizations are realizing that traditional security products and methods are not designed to protect their SAP and Oracle enterprise applications from cyber attacks, leaving their crown jewels exposed,” said Mariano Nunez, CEO and co-founder, Onapsis. “Having been the first company to identify this emerging threat and deliver the advanced technology and research required to address it, we have always been and remain fully committed to enable SAP and Oracle customers to run their business’ securely. This new round of funding, led by firms with an unmatched cybersecurity pedigree, further validates the demand for our solutions and our undisputed leadership in the enterprise application security market.”

“Onapsis has exceeded our expectations on both execution and earnings," says Maria Cirino, Managing Director, .406 Ventures. "It has definitely joined the ranks of the Boston-based cybersecurity elite. We are extremely fortunate to have one of the strongest VC cyber security portfolios and Onapsis is exceptionally well positioned as a first, best and only provider of SAP and Oracle cyber security to enjoy continued rapid growth as it dominates its market segment.” 

In 2014, Onapsis achieved over 130 percent year-over-year revenue growth, launched the Onapsis Security Platform, secured a global patent, identified and helped SAP and Oracle solve more than 50 security vulnerabilities, and expanded its presence in Europe. For the year ending 2015, Onapsis is on track to achieve a consistent rate of growth with a strong pipeline, market awareness and an industry-leading solution, as well as a notable board of advisors and directors.

About Onapsis

Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications.

Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms.

For more information, please visit www.onapsis.com, or connect with us on TwitterGoogle+, or LinkedIn.

About Evolution Equity Partners

Evolution Equity Partners, based in New York City and Zurich, Switzerland, is an international growth stage technology investor helping exceptional entrepreneurs develop market leading companies with global reach. The firm has a focus on Information Security, Enterprise Software and Consumer/Enterprise crossover opportunities. Current and past portfolio companies include: AVG Technologies (NYSE: AVG), Cognitive Security (NASDAQ: CSCO), OpenDNS (NASDAQ: CSCO), 60K, Onapsis, NejTV, SecurityScorecard and others.  www.evolutionequity.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jcorvin
50%
50%
jcorvin,
User Rank: Apprentice
9/16/2015 | 2:29:06 PM
Why would SAP customers pay for Onapsis solutions when they can use SolMan for free?
Not all cyber security companies are a sure bet. Onapsis is a one-trick pony. It's exclusively focused on developing security solutions tied to SAP software. It has yet to develop anything meaningful for Oracle platforms. This is a dangerous strategy. Also, SAP itself is moving heavily into the market and doing battle with third party vendors such as Onapsis. Finally, the most damning issue is that Onapsis software has more effective and cheaper alternatives. Once SAP customers realize they can get the same functionality and performance from standard SAP tools such as Configuration Validation in Solution Manager, its game over for Onapsis. Most customers would take a free, SAP-delivered solution over some expensive toy from a VC-funded start-up that may not even be around in five years.
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.