Machine identity startup Token Security is pushing to transform how companies approach their identity management strategies after closing on a $7 million seed funding round today.

Today’s round was led by TLV Partners and saw participation from SNR and a number of angel investors, including Shlolo Kramer, one of Israel’s most prominent cybersecurity pioneers.

At a time when security is increasingly focused on user’s identities, Token Security is introducing what it calls a “machine-first approach” that it says turns the concept of identity management on its head. Traditionally, identity management systems have always been human-centric, the company explains, based on lists of employees and contractors, so security teams can check access permissions against them. But the startup insists that this approach is no longer suitable in an age where machine identities are growing exponentially.

Instead, the company’s platform lists the machines and services that make up a company’s information technology estates, keeping track of who has access to them and for what purpose. The platform works by integrating all of a company’s existing infrastructure, triaging its data to extract context and evaluate these systems for security threats.

Token Security co-founder and Chief Technology Officer Ido Shlomo (adjacent, right) said the platform works by discovering, inventorying and standardizing data across identity and access management repositories.

“We take the security organization all the way from being in the dark to remediating real risks and cutting down exposures to a minimum,” he said. “We cluster identities, credentials and entitlements for different teams – Engineering, DevOps, Data engineers, SREs and more. [Then] we prioritize the most critical identities and their vulnerabilities, and reduce risk using remediation capabilities.”

The startup says this new approach is necessary due to the proliferation of cloud and microservices-based architectures, which has resulted in an explosion in the number of machine identities accessing IT systems. These days, the average enterprise has 45 times more machine identities than human identities, with the number doubling over the last three years. So it has become critical to keep track of these machine identities and the systems they’re allowed to access, but existing tools can’t do that easily. Nor can they do the job of securing those systems.

Token Security’s other co-founder, Chief Executive Itamar Apelbat (left), said identity-based attacks have become the favored route of attackers today, adding that they no longer break in, but simply “log-in” to systems instead. “Legacy solutions deal with on-premise identities, which are mostly human,” he pointed out. “But in the cloud and generative AI era, identities are no longer human only, and they’re not in one place – they are all over the place.”

The Token Security platform brings its machine identity-based approach to all major cloud infrastructure platforms including Amazon Web Services, Google Cloud, Microsoft Azure and Snowflake, and also integrates with numerous identity management tools, source code repositories and secrets managers. This enables it to grab a wide range of data for additional contextual analysis, so it can learn exactly what each and every machine identity is accessing and why it is doing so, making it easier to uncover those that shouldn’t be on company’s allow lists.

It’s a promising approach that has gotten attention, not only from venture capitalists but also a range of financial technology, cybersecurity, insurance technology and e-commerce companies, ranging from mid-market to the Fortune 500, Token Security said.

Rona Segev, a managing partner at TLV Partners, said the industry has already moved from traditional firewalls and password protected systems to an identity-first security model, and believes the focus on machine identity is the next evolution. “Today, machine-to-machine communication is the norm,” he pointed out. “AI creates new services with new identities, connections and permissions even with no humans in the loop.”

As such, companies face the seemingly impossible demand of minimizing security risks without jeopardizing their operational integrity, he said, and to do this, a new approach is necessary.

“Token Security is taking the next step in the evolution towards Machine-first-Identity security with a platform built to keep CISOs informed and software companies productive,” Segev said. “We expect them to win over both crowds, and disrupt a highly competitive market.”

Image: SiliconANGLE/Microsoft Designer