Prowler gets $6M seed to build out hit open-source cloud security platform

Join leaders in Boston on March 27 for an exclusive night of networking, insights, and conversation. Request an invite here.


Fans of Spider-Man: Across the Spider-Verse will surely perk up at the mention of “Prowler.” But in this case, the name refers not to a compelling, sharp-clawed villain but rather to an open-source cloud security platform developed back in 2016 by former Amazon Web Services (AWS) security engineer Toni de la Fuente.

Today, Prowler is announcing $6 million in seed funding led by Decibel VC to build out a managed service offering atop the hit open-source product, which allows companies to even more easily deploy a security system unique to their cloud and their data.

Already, to date, the open source version has been downloaded more than 6 million times and is used to secure cloud infrastructure at some of the largest and most influential tech companies in the world, including AWS itself, Salesforce, Siemens, Tesla, and IBM.

de la Fuente will stay on the project as Chief Technology Officer, while the new Prowler company will be helmed by co-founder Casey Rosenthal as CEO, formerly of Verica, a continuous verification software maker, and Netflix’s “chaos” engineering team focused on introducing intentional failures to test and build better products.

VB Event

The AI Impact Tour – Boston

We’re excited for the next stop on the AI Impact Tour in Boston on March 27th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on best practices for data integrity in 2024 and beyond. Space is limited, so request an invite today.

Request an invite

What is Prowler and why is it taking off?

Prowler’s Python code stack is designed to meet the evolving needs of security teams, offering over 300 controls across a myriad of security frameworks including CIS, PCI-DSS, and GDPR, to name a few.

It is available for AWS, Microsoft Azure, Google Cloud, and Kubernetes, simplifying the deployment process across multiple accounts, and enabling continuous monitoring and faster execution with personalized support and integrations. With the recent funding, Prowler is set to enhance its offerings and introduce new features throughout 2024.

“It’s just taken off exponentially,” Rosenthal said in an exclusive audio interview with VentureBeat, of Prowler. “Cloud providers themselves are turning to this tool instead of the big expensive commercial stuff…we’re at the beginning of an inflection point where cybersecurity is going to go through the same kind of transformation that cloud infrastructure went through 10-15 years ago.”

That transformation, according to Rosenthal, from his own experience in and observing the space, is a change in decision-making as to who decides what cloud security tools are being used.

Due to the increasing complexity of cloud environments and the growing demand for cloud storage solutions in the age of generative AI, the power within organizations has shifted: Instead of the chief information officer (CIO) or chief technology officer (CTO) choosing the right security products, now security engineers have more power and can exert it within their organizations and decide what solutions to deploy since they are closer to the action.

Increasingly, those security engineers are turning to Prowler over other solutions and commercial offerings in the cloud security posture management (CSPM) market, such as Prisma Cloud from Palo Alto Networks, CrowdStrike, and Wiz, because it is one of the few open-source offerings.

For its commercial offerings, Prowler also stands out by charging based on the size of the customer’s cloud environment rather than per user — the latter the pricing model used by many other software-as-a-service (SaaS) providers, which can make it harder for small-to-medium sized businesses (SMBs) to afford.

Prowler’s pricing is one-tenth of a cent per cloud resource scanned per day, billed monthly. If the bill is less than $10 per month, the company charges nothing — it remains free for smaller cloud users.

Why Decibel VC is backing Prowler now

For Decibel VC, the decision to back Prowler was informed by founding partner Jon Sakoda‘s background as a cybersecurity founder of IMlogic, Inc., acquired by Symantec. Having been in the space for more than a quarter century, Sakoda knew the challenge of securing dynamic cloud environments and also the limitations of current, “one-size fits all” solutions offered by market leaders.

“Every cloud infrastructure is a snowflake — they’re all different,” Sakoda told VentureBeat in an exclusive video call interview. “It’s because every application is different. Everyone is building different kinds of applications. So inside of a cloud, you have a rapidly growing, rapidly changing snowflake, which is nothing like traditional security problems. You continuously monitor hundreds, if not thousands, of different services, for many, many hundreds of integrations and checks. That creates, in some cases, millions of data points. It’s an incredibly complex system just to monitor what’s going on inside a cloud.”

When it comes to existing solutions, “some vendor is just guessing what’s right for you,” Sakoda explained, assigning risk ratings to different aspects of a cloud environment based on overall industry or sector trends that may not actually be right for the individual customer.

Instead of more granular, bespoke cloud solutions, many security engineers just “started to write their own detections and rules, for themselves to be able to determine what was a medium, high, or critical” security issue, Sakoda noted.

“They effective said, ‘hey we’re better at writing these checks and creating these findings,’” using open source options such as Prowler. “You eventually take control into your own hands. That is what Prowler became, over the course of many years.”

Sakoda pointed to the growth of in-house cybersecurity teams at large companies outside of tech and software, such as bank J.P. Morgan Chase, as evidence of how the need for companies to develop their own bespoke cloud security solutions had evolved and grown.

Yet, instead of growing initially as a private company, Prowler’s debut as a free, open-source solution allowed the cloud security community to converge around it and use it as more than just a product, but a growing library of checks and detections that could be shared and modified to fit the specific needs of each particular cloud customer.

The speed of the open-source community is also faster than what many existing private cloud security companies can match, according to Sakoda, meaning that engineers interested in making sure their cloud security has the most updated, latest and greatest detections and checks will often turn to open-source rather than wait for their provider to update the private software offering.

Since Prowler has had such success as an open source product by going against the grain of the trends of commercial software, why would it now launch a commercial software business of its own?

“We can still invest and have a free, powerful community offering that I think will always be a foundation of any successful open source company, while also beginning to have paid offerings,” such as managed services and hosting, Sakoda said.

“We’re trying to increase the open source utilization as much as possible,” Rosenthal added.

After discussing with hundreds of Prowler users, the co-founders and investors saw the opportunity to help larger organizations in particular as they add integrations and features for those outside their security team to access Prowler’s data, such as dashboards, for visibility of other teams. Hence the impetus to build a commercial managed service platform atop it.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Swift Observatory in safe mode as NASA investigates issue thumbnail

Swift Observatory in safe mode as NASA investigates issue

An issue with NASA’s Swift Observatory has forced it to suspend science operations and enter safe mode while the team investigates. The space-based telescope is not one of NASA’s best-known missions, but it has played a key role in investigating an astronomical phenomenon called gamma-ray bursts. The telescope, originally named the Swift Gamma-Ray Burst Explorer…
Read More
The 7 Best Gaming Controller for Every Kind of Player thumbnail

The 7 Best Gaming Controller for Every Kind of Player

Years ago, third-party gaming controllers were dirt cheap and notorious for poor craftsmanship—especially the eggshell-plastic MadCatz knockoffs. Every household had one. It was reserved for kid siblings and houseguests you maybe didn't like that much. Those kinds of controllers gave third-party gamepads a bad name—one that persists to this day.In recent years though, companies like…
Read More
DJI Neo review: The best $200 drone ever made thumbnail

DJI Neo review: The best $200 drone ever made

When DJI revealed its tiny $200 Neo drone, I immediately saw how it could fit into my vlogger’s toolkit to supplement my Mini 4 Pro and Mavic 3 Pro. Flying those sophisticated drones is a whole thing that requires planning. But the Neo can be launched spontaneously to grab quick and fun shots, thanks to
Read More
All-round smartphone: Old Xiaomi idea is revived by Motorola patent thumbnail

All-round smartphone: Old Xiaomi idea is revived by Motorola patent

Bild: Technizo Concept/LetsGoDigital Smartphones mit flexiblem Bildschirm, das Vorder- und Rückseite bedeckt – ist das das nächste große Ding nach Foldables und Co.? von Jonathan Kemper13. Januar 202211. Januar 2022 (*Werbelinks) Konzepte wie dieses treiben die Screen-to-Body-Ratio auf die Spitze, denn schließlich besteht mehr oder weniger der gesamte Smartphonekörper aus Bildschirm. Erinnern wir uns ein…
Read More

Try to fix Valve’s Steam Deck at your own peril

Valve has long been a proponent of open hardware and software, but its latest video makes a case to the contrary for the upcoming Steam Deck. The game company has posted a Steam Deck teardown video that shows how to pry open the handheld console while simultaneously urging you to keep the system shut. It's…
Read More
Index Of News
Total
0
Share