AI Security AI安全 1d ago Updated 1d ago 更新于 1天前 39

QIZ Security Raises $17 Million for Cryptographic Governance Platform QIZ Security 筹集 1700 万美元用于加密治理平台

QIZ Security secured $17 million in seed funding led by Bessemer Venture Partners and Merlin Ventures to expand its cryptographic posture management platform. The platform utilizes an agentless, API-based integration method to continuously discover and map cryptographic assets across on-premises, cloud, and hybrid environments. Key features include automated identification of weak cipher suites and outdated protocols, with severity ranking and prioritized remediation plans to address encryption 以色列初创公司 QIZ Security 完成 1700 万美元种子轮融资,由 Bessemer Venture Partners 和 Merlin Ventures 领投。 该公司推出加密态势与后量子密码学 (PQC) 管理平台,旨在解决量子计算带来的长期安全风险。 平台通过 API 集成而非代理程序,持续发现并映射混合环境中的加密资产,识别过时协议和弱密码套件。 系统根据严重程度和业务影响对弱点进行排名,生成优先修复计划,支持 CISO 与合规团队协作。 创始人 Ben Volkow 强调,企业需建立连续的控制层以在“Q-Day”到来前实现加密现代化。

55
Hot 热度
60
Quality 质量
55
Impact 影响力

Analysis 深度分析

TL;DR

  • QIZ Security secured $17 million in seed funding led by Bessemer Venture Partners and Merlin Ventures to expand its cryptographic posture management platform.
  • The platform utilizes an agentless, API-based integration method to continuously discover and map cryptographic assets across on-premises, cloud, and hybrid environments.
  • Key features include automated identification of weak cipher suites and outdated protocols, with severity ranking and prioritized remediation plans to address encryption gaps.
  • The solution is specifically positioned to help enterprises achieve post-quantum cryptography (PQC) readiness by providing continuous governance rather than relying on one-time assessments.
  • Founded by Ben Volkow, Lenny Ridel, and Itan Barmes, the company aims to establish a continuous control layer for cryptography ahead of the anticipated "Q-Day" threat.

Why It Matters

This development highlights the growing industry urgency around post-quantum security, shifting PQC readiness from a theoretical concern to an immediate operational priority for enterprise leadership. For security practitioners, it underscores the critical need for visibility into cryptographic assets, as organizations cannot secure or migrate what they cannot discover. The focus on agentless, API-driven solutions suggests a market preference for lightweight, non-intrusive tools that can integrate seamlessly into complex, multi-cloud infrastructures without disrupting operations.

Technical Details

  • Architecture: The platform employs an agentless design relying on API-based integrations rather than network probes or installed agents, facilitating easier deployment across diverse environments.
  • Discovery and Mapping: It continuously scans for cryptographic assets, mapping their connections to specific applications and business systems to provide a holistic view of the attack surface.
  • Risk Assessment: The system identifies vulnerabilities such as outdated protocols and weak cipher suites, then ranks them based on severity and potential business impact to generate prioritized remediation plans.
  • Scope: Supports comprehensive governance of encryption for data both in transit and at rest across on-premises, cloud, and hybrid infrastructure.
  • Target Audience: Designed to facilitate collaboration between CISOs, compliance teams, and application owners by providing a unified view of cryptographic health.

Industry Insight

  1. Strategic Shift to Continuous Governance: Organizations should move away from periodic, snapshot-style crypto audits toward continuous monitoring platforms to maintain real-time visibility into cryptographic health and compliance.
  2. Preparation for Quantum Threats: With "Q-Day" approaching, enterprises must begin inventorying and classifying their cryptographic assets immediately to plan for a smooth migration to post-quantum algorithms, avoiding last-minute scrambling.
  3. Integration Over Installation: The success of agentless, API-first security tools indicates that future cryptographic management solutions will prioritize ease of integration and minimal operational overhead over heavy, on-premise software installations.

TL;DR

  • 以色列初创公司 QIZ Security 完成 1700 万美元种子轮融资,由 Bessemer Venture Partners 和 Merlin Ventures 领投。
  • 该公司推出加密态势与后量子密码学 (PQC) 管理平台,旨在解决量子计算带来的长期安全风险。
  • 平台通过 API 集成而非代理程序,持续发现并映射混合环境中的加密资产,识别过时协议和弱密码套件。
  • 系统根据严重程度和业务影响对弱点进行排名,生成优先修复计划,支持 CISO 与合规团队协作。
  • 创始人 Ben Volkow 强调,企业需建立连续的控制层以在“Q-Day”到来前实现加密现代化。

为什么值得看

对于关注网络安全基础设施和后量子迁移的企业而言,该资讯展示了从一次性评估向持续加密治理转变的技术趋势。它揭示了投资机构对 PQC 准备度及自动化加密管理平台的重视,为行业提供了应对量子计算威胁的具体落地方案参考。

技术解析

  • 核心功能:平台专注于加密态势管理和后量子密码学 (PQC) 准备,覆盖本地、云及混合环境。
  • 资产发现与映射:通过 API 集成方式,持续自动发现加密资产,并将其与应用和业务系统进行关联映射,无需部署网络探针或代理。
  • 风险评估与修复:自动检测过时协议、弱密码套件及数据在传输和静态存储时的加密缺口,并根据严重性和业务影响对弱点进行优先级排序,生成可执行的修复计划。
  • 协作机制:设计旨在促进 CISO、合规人员和应用所有者之间的协作,提供连续的加密控制层。

行业启示

  • PQC 成为董事会级议题:随着量子计算威胁逼近,后量子密码学准备度已从纯技术问题上升为企业治理和董事会关注的战略优先级。
  • 从静态到动态的加密治理:传统的单次安全评估已不足以应对复杂的混合环境,企业需要转向持续的、自动化的加密资产发现和风险管理模式。
  • API 优先的安全集成策略:采用无代理(Agentless)和 API 集成的方式降低部署复杂性,是提升跨部门协作效率和快速响应加密风险的有效路径。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Funding 融资