Open Raven Cloud-Native Data Protection Platform: Automating security and privacy operations

Open Raven launched the Open Raven Cloud-Native Data Protection Platform to operationalize data security and privacy in the cloud. To prevent data breaches, it automates asset discovery and data classification, provides real-time mapping and policy-driven protection for Amazon Web Services and S3. The Open Raven Platform is generally available today.

The Open Raven Platform auto-discovers where data is located in the cloud, what type of data it is — personal, sensitive, or regulated, — as well as who has access to it and where it can flow for full visibility, control, and protection.

“Before COVID-19, security and cloud teams were already short-handed. The rapid shift to remote work driven by the pandemic only increased workload, further exacerbating the problem,” said Dave Cole, Co-founder and CEO of Open Raven.

“We created the Open Raven Platform to help these teams restore visibility and protection of their cloud data, removing pain driven from approaches that are manual, time intensive and expensive.”

With the Open Raven Cloud-Native Data Protection Platform, security and cloud teams now have a unified solution for the following actions:

  • Discover all data and resources in a public cloud environment, including both native and non-native repositories. Real-time mapping highlights problem areas at a glance while search allows for pinpointing specific data and resources.
  • Classify data assets by identifying personal, sensitive and regulated data on a scheduled, event-driven or continuous basis. Open Raven uses a variety of techniques from pattern matching to machine learning to describe data while providing live verification via APIs to further boost accuracy.
  • Monitor using default or custom policies based on Open Policy Agent that combine both cloud asset and data context in rules that enable continuous or point in time monitoring for a full range of security, privacy and compliance use cases.
  • Protect cloud data through proactive alerting on data risk events as they happen, harnessing a wide range of integrations (via firehose API, webhook), or generating reports.

Open Raven’s cloud native design is built to handle big data. Discovery and classification are performed using serverless functions – not agents or network scanners that are challenging to deploy and struggle to scale horizontally. Flexible configuration options allow for fine-tuning of performance, completeness and cost.

Being able to assess even large environments for compliance eliminates previously painstaking manual efforts to report on data inventory, data transfer and other risk factors. It can be used to create the foundation for compliance in accordance with laws and standards such as FFIEC, GDPR, CCPA, PCI-DSS, HIPAA, and SOC2.

“Open Raven is helping us transform how we approach data security. Legacy tools only look at cloud resources or privacy, but don’t tell us if data is safe,” said Justin Dolly, Chief Security Officer of Sauce Labs. “Open Raven is the first platform that gives us real-time visibility into the safety of our cloud data, helping us to close security gaps faster.”

Open Raven expands leadership team by appointing three cloud and security industry veterans

Open Raven, the cloud-native data security platform that prevents breaches driven by modern speed and sprawl, announced a significant expansion of its leadership team with the appointment of three cloud and security industry veterans.

The company welcomed Rob Markovich as chief marketing officer, Alan Buckley as senior vice president of sales, finance and operations and Bill Hau as vice president of customer success.

The strategic hires come immediately on the heels of Open Raven’s Series A funding of $15M led by Kleiner Perkins and general availability of the Open Raven platform, announced last month.

“The next phase of our growth requires go-to-market leaders with exceptional track records of success in rapidly scaling companies across multiple functions,” said Dave Cole, CEO and co-founder of Open Raven.

“Rob, Alan and Bill combine impressive experiences in their respective areas with the essential skills required to educate the market and support our customers’ success. Part of our ethos is to make these aspects of our company as compelling as our platform and this expansion of our team ensures we deliver.”

With more than 20 years of success as a senior marketing leader, advisor and repeat entrepreneur, Rob Markovich is responsible for all marketing, product marketing and advocacy functions across the business.

Prior to Open Raven, Markovich was CMO at Wavefront, where he established the cloud-native observability product category and helped position the company for its $400 million acquisition by VMware.

Additionally, Rob was CMO at cloud monitoring startup Moogsoft, SVP of sales and marketing at security analytics startup VSS Monitoring (acquired by Danaher/Netscout), CEO at wireless security startup Network Chemistry (acquired by Aruba Networks/HP) and CEO of enterprise mobility startup Agito Networks (acquired by ShoreTel/Mitel).

“The near-daily stream of cloud data exposures is a clear sign that legacy DLP and siloed security monitoring tools are not working,” said Markovich.

“What attracted me to Open Raven is how it is delivering on a fundamental reinvention of data security for a cloud-native world, that holistically addresses the market’s growing need across the enterprise multi-cloud. I’m humbled by the opportunity to work with this world-class team to help build the next great security company.”

Alan Buckley joins Open Raven with over 20 years of experience in sales, field and finance operations at high growth enterprise software companies. Prior to Open Raven, Buckley led business operations at Tanium, and for almost six years was instrumental in its growth to become a market share leader in endpoint security and management.

Buckley also held global leadership roles in a similar capacity at McAfee, Micro Focus and Mercury Interactive/HP. Buckley is a Fellow Irish Chartered Accountant, commencing his career with Deloitte Ireland.

Bill Hau brings to Open Raven over 20 years of expertise on both the offensive and defensive side of cybersecurity operations. Hau has led incident response teams that investigated some of the world’s biggest hacks – many of these attacks have been widely reported in the world’s press.

Hau’s management experience includes building the incident response, managed services, and training practices for leading security companies like Cylance, Mandiant/FireEye, Foundstone, IBM, Internet Security Systems, and McAfee.

Hau is passionate about enabling companies, governments and individuals to be successful in preventing cyber breaches. He has written many whitepapers on the subject and taught courses at conferences such as Blackhat.

The Open Raven cloud-native data security platform

Now generally available, the Open Raven platform delivers real-time data leak monitoring to proactively uncover cloud data exposure problems before they become security incidents.

The platform proactively discovers at-risk data, locates unknown data stores and shows every AWS account and asset from every angle in a global 3D map, making it easy for both security and cloud teams to see and prevent data mishaps as well as maintain compliance.

Open Raven’s agentless approach deploys seamlessly into an organization’s cloud environment and can easily integrate into automated workflows via its GraphQL API.

Open Raven’s modern data security platform brings visibility and control to enterprise data protection

Open Raven emerged from stealth with the launch of its modern data security platform that brings visibility and control to enterprise data protection.

Founded by established industry entrepreneurs Dave Cole and Mark Curphey, who previously built large-scale cybersecurity products at CrowdStrike, Symantec, SourceClear and Microsoft, Open Raven is designed as an elegant solution to the complex problem of data security.

With an open source core to be available under the Apache 2.0 license, the platform helps customers understand, manage and ensure the security of data from a single location – at a time when teams are overwhelmed and data breaches are hitting record numbers.

The rate of data creation is accelerating each year due to factors such as inexpensive cloud computing, DevOps and the explosion of internet-connected devices, exceeding enterprises’ ability to handle its volume, variety and velocity.

Despite this, 86% of organizations currently maintain separate on-premises and cloud teams for data security policies, processes and technology, according to ESG. This contributes to lapses in good data hygiene, which now outnumber nation-state adversaries and criminal hackers as the most common cause of major security incidents.

At the same time, a complex global network of regulations – from the General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – is bringing data security and privacy into the boardroom.

“Security leaders are increasingly finding that a data centric view of security control is more important than ever,” said Phil Venables, senior advisor and board director, Goldman Sachs Bank and an Open Raven board member.

“This requires companies know what data resides where in their enterprise and how it is protected. Open Raven is solving for this by making those insights accessible.”

The Open Raven Platform puts customers back in control of their data, from mapping their systems to managing their data risk. Built as a control plane for data security, the platform works seamlessly with an organization’s existing tools and features so customers can understand and manage all data from a single location, starting with an emphasis on structured data.

The sophisticated Open Raven Graph is designed to make understanding and managing modern data complexity straightforward. Its cloud-native design balances SaaS simplicity and scale with the data privacy of an on-premises solution through installation into an organization’s own cloud.

“When it comes to data breaches, there is a quiet epidemic that is not the result of hacking from Russia, Iran or China,” said Dave Cole, CEO of Open Raven.

“Accidental data exposures are the driving force behind today’s breaches. Our mission is to reinvent data security for the modern era starting by making it easy to answer fundamental questions such as ‘where is my data?’ and ‘how is it protected?’ Open Raven is designed to automate the elimination of blind spots, stopping data breaches at the source.”

Open Raven was built in conjunction with senior security leaders at global organizations across industries, including automotive, gaming, financial technology and software.

Its investors include Upfront Ventures, whose partner Kara Nortman led the company’s seed round funding of $4.1 million; Phil Venables; Niloo Razi Howe, former chief strategy officer at RSA; Andrew Peterson, CEO of Signal Sciences and Oliver Friedrichs, VP and GM at Splunk.

How Open Raven works

The Community Edition of the Open Raven Platform, released at launch, provides automated mapping of cloud and on-premises data stores using a variety of techniques from APIs to network scanning. This includes the Open Raven DMAP fingerprinting service, which is purpose-built to identify what assets are functioning as data stores.

DMAP uses machine learning to pinpoint popular data stores such as ElasticSearch, Postgres, MongoDB and others so that they can be better understood and managed without the guesswork required by existing tools.

In order to eliminate blind spots, users are able to define both discovery methods and frequency of updates, which can be progressively expanded as the user gains confidence or increased access.

Open Raven’s search feature is both straightforward and powerful, providing ready answers to hard data security, privacy and compliance questions.

Users can easily visualize and act upon the results to queries such as “Where do I have unencrypted data that is Internet-accessible?” and “Is all data in Europe protected according to our standards?” Trending reports and a GraphQL-based API make communicating and integrating platform results across an enterprise straightforward.

In order to maximize visibility and eliminate blind spots, Open Raven is built on a flexible graph database with an open connector model that accommodates any potential data source.

In addition to on-premises network scanning, default connectors today include Amazon Web Services (AWS) data services such as S3 and RDS, as well as related services where data may be found (e.g., EC2). With this foundation, building new connectors for AWS is easy and template-based.

This same approach will soon be extended to Microsoft Azure and Google Cloud Platform as well as a series of on-premises data sources. New connectors can be not only built by Open Raven but by anyone with coding skills and an interest in adding new data sources.

Open Raven is available for install by request while in Preview and will be generally available this spring, enabling organizations to identify their data stores and begin managing them in order to mitigate any current risk.

Open Raven’s open architecture also enables others to contribute and extend the platform using their existing tools and minimal effort.