Open Raven emerged from stealth with the launch of its modern data security platform that brings visibility and control to enterprise data protection.
Founded by established industry entrepreneurs Dave Cole and Mark Curphey, who previously built large-scale cybersecurity products at CrowdStrike, Symantec, SourceClear and Microsoft, Open Raven is designed as an elegant solution to the complex problem of data security.
With an open source core to be available under the Apache 2.0 license, the platform helps customers understand, manage and ensure the security of data from a single location – at a time when teams are overwhelmed and data breaches are hitting record numbers.
The rate of data creation is accelerating each year due to factors such as inexpensive cloud computing, DevOps and the explosion of internet-connected devices, exceeding enterprises’ ability to handle its volume, variety and velocity.
Despite this, 86% of organizations currently maintain separate on-premises and cloud teams for data security policies, processes and technology, according to ESG. This contributes to lapses in good data hygiene, which now outnumber nation-state adversaries and criminal hackers as the most common cause of major security incidents.
At the same time, a complex global network of regulations – from the General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) – is bringing data security and privacy into the boardroom.
“Security leaders are increasingly finding that a data centric view of security control is more important than ever,” said Phil Venables, senior advisor and board director, Goldman Sachs Bank and an Open Raven board member.
“This requires companies know what data resides where in their enterprise and how it is protected. Open Raven is solving for this by making those insights accessible.”
The Open Raven Platform puts customers back in control of their data, from mapping their systems to managing their data risk. Built as a control plane for data security, the platform works seamlessly with an organization’s existing tools and features so customers can understand and manage all data from a single location, starting with an emphasis on structured data.
The sophisticated Open Raven Graph is designed to make understanding and managing modern data complexity straightforward. Its cloud-native design balances SaaS simplicity and scale with the data privacy of an on-premises solution through installation into an organization’s own cloud.
“When it comes to data breaches, there is a quiet epidemic that is not the result of hacking from Russia, Iran or China,” said Dave Cole, CEO of Open Raven.
“Accidental data exposures are the driving force behind today’s breaches. Our mission is to reinvent data security for the modern era starting by making it easy to answer fundamental questions such as ‘where is my data?’ and ‘how is it protected?’ Open Raven is designed to automate the elimination of blind spots, stopping data breaches at the source.”
Open Raven was built in conjunction with senior security leaders at global organizations across industries, including automotive, gaming, financial technology and software.
Its investors include Upfront Ventures, whose partner Kara Nortman led the company’s seed round funding of $4.1 million; Phil Venables; Niloo Razi Howe, former chief strategy officer at RSA; Andrew Peterson, CEO of Signal Sciences and Oliver Friedrichs, VP and GM at Splunk.
How Open Raven works
The Community Edition of the Open Raven Platform, released at launch, provides automated mapping of cloud and on-premises data stores using a variety of techniques from APIs to network scanning. This includes the Open Raven DMAP fingerprinting service, which is purpose-built to identify what assets are functioning as data stores.
DMAP uses machine learning to pinpoint popular data stores such as ElasticSearch, Postgres, MongoDB and others so that they can be better understood and managed without the guesswork required by existing tools.
In order to eliminate blind spots, users are able to define both discovery methods and frequency of updates, which can be progressively expanded as the user gains confidence or increased access.
Open Raven’s search feature is both straightforward and powerful, providing ready answers to hard data security, privacy and compliance questions.
Users can easily visualize and act upon the results to queries such as “Where do I have unencrypted data that is Internet-accessible?” and “Is all data in Europe protected according to our standards?” Trending reports and a GraphQL-based API make communicating and integrating platform results across an enterprise straightforward.
In order to maximize visibility and eliminate blind spots, Open Raven is built on a flexible graph database with an open connector model that accommodates any potential data source.
In addition to on-premises network scanning, default connectors today include Amazon Web Services (AWS) data services such as S3 and RDS, as well as related services where data may be found (e.g., EC2). With this foundation, building new connectors for AWS is easy and template-based.
This same approach will soon be extended to Microsoft Azure and Google Cloud Platform as well as a series of on-premises data sources. New connectors can be not only built by Open Raven but by anyone with coding skills and an interest in adding new data sources.
Open Raven is available for install by request while in Preview and will be generally available this spring, enabling organizations to identify their data stores and begin managing them in order to mitigate any current risk.
Open Raven’s open architecture also enables others to contribute and extend the platform using their existing tools and minimal effort.