Vorlon was founded in 2022 by Amir Khayat and Amichay Spivak who hold a combined 35+ years of cybersecurity experience. Prior, they developed and sold a Security Orchestration Automation and Response platform called Demisto (now branded XSOAR) which was acquired in 2019 by Palo Alto Networks in its third largest acquisition to date.
While deploying automation solutions for thousands of customers, Amir and Amichay identified a serious problem facing Enterprise organizations. With the rise of automation and continued demand for greater productivity, organizations are increasingly relying on other vendors’ (third-party) applications and services to drive efficiency within their businesses. Every vendor uses Application Programming Interfaces (APIs) to enable their own software to communicate with other systems. This communication is facilitated by ‘secrets' like OAuth, API keys, and user credentials. However, the methods used to transport these secrets continuously pose a security risk to the customer (the one consuming the APIs)—usually by granting over-permissive access to other sensitive data. And while vendors take certain precautions to secure the development of their own APIs, there has been no attention paid to protecting the data in motion from one system to the other.
Today, large enterprises consume an average of 25,500 APIs. While there aren't any good references for the number of APIs a large enterprise publishes, Google itself publishes 246—more than 100X less than what is consumed.
Oftentimes, APIs are granted more access than necessary to perform the task they are designed to do (we call this over-permissive) and the access granted to APIs are able to inadvertently access sensitive data, including Personally Identifiable Information (PII), Protected Health Information (PHI), and even Payment Card Industry (PCI) information. This sensitive data can then be exploited by threat actors in the event of a breach or leak. The APIs themselves are often exploited by threat actors as well.
In fact, 98.3% of organizations have a relationship with a third-party that has experienced a data breach in the last two years. Chances are that you or someone you know is involved in a data breach right now - but you wouldn't even know it because it takes an average of six to seven months to identify, not to mention the two to three months it takes to mitigate.
Our customers use Vorlon to detect, identify, and remediate these threats.
Our Customers & Advocates
"Vorlon gives us greater visibility across all third-party API assets and dramatically reduced event triage timelines."
"Vorlon helped us understand not just the APIs we were using but also what systems these APIs were connecting to and the data that was enabled on top of the APIs. Vorlon provided me with quite a bit of telemetry and threat intel around our API usage — which is especially game-changing for the third parties that might as well be a black box to us. The biggest takeaway for us is the sheer size of the attack surface generated by third-party vendors connecting to our data both directly and indirectly."
"I think most CISOs already know this, but third-party APIs are right now probably one of the Achilles heels of our world, with a very wide usage and almost no visibility unto them. The goal, through a tool like Vorlon, is you can bring that out of the shadows and into the light and can start to put the same sorts of controls in API security that we’ve put on all sorts of other security over the last decades."
"The patent-pending technology Vorlon has built is far superior to anything else we have seen in this space."
"Every few years, cybersecurity undergoes a transformation to safeguard what's truly invaluable. As businesses increasingly embrace third-party solutions, it's crucial to monitor the data flowing between them. Enter Vorlon, a solution designed to empower businesses with the essential visibility and proactive security measures needed to protect their most valuable assets."
CISO and Data Privacy Officer
"The Vorlon team has used their deep cybersecurity experience to develop an effective way in solving third-party security with the added benefits of automated detection/response, data privacy and secrets monitoring. The Vorlon platform stands out from others by preparing Enterprises to defend against stolen secrets that lead to data exfiltration."
BTE Partners, CIO/CISO
CEO and Co-Founder
CTO and Co-Founder
Head of Product
Head of Marketing
Head of Research