Banyan Security, which today announced raising $30 million in series B funding, said it saw a 300% increase in users in 2021 for its product that enables customers to shift incrementally to a zero trust network access (ZTNA) model. The product stands in contrast to other zero trust solutions that require a “rip and replace” approach to use, which can be a major barrier for customers, CEO and cofounder Jayanth Gummaraju told VentureBeat.
Banyan’s ZTNA offering enables secure remote access for employees to corporate applications and cloud infrastructure. The product enables “zero trust” in the sense that it considers context including the user’s identity and device security posture before deciding whether to grant access. The product ultimately allows customers to achieve “least-privilege access,” where users only get access to what they really need, according to the company.
While zero trust has become a buzzword, “the concept is something that is totally the right path forward for the security industry,” Gummaraju said in an interview. “If you look back at all the attacks, a lot of them can be attributed to people having more privilege than they should have had.”
The concepts of zero trust and least-privilege are at odds with traditional network security approaches for securing remote access — namely, the VPN, which essentially creates a privileged tunnel to access applications. The VPN is a decades-old technology that was “built for a very different world,” he said.
Phasing in zero trust
Banyan Security aims to take a “pragmatic” approach to phasing in ZTNA in place of VPNs, Gummaraju said. That means the Banyan product can work work in tandem with existing VPN technologies while also integrating with all other security investments a customer might have — such as identity systems, device management tools, and endpoint detection and response (EDR) solutions. The product is architected to accommodate a diversity of environments, the company said.
“We take them through a journey. They can start wherever they are, and from there, we provide them steps to get to this [least-privilege] state,” Gummaraju said.
“It’s hard to go tell a big company, ‘Hey, ditch your Cisco VPN that you’ve been spending millions of dollars on over the last 20 years — and then just start using us,'” he said. “A lot of what we’ve done is to architect [the product] in a way that you can incrementally deploy it. We can coexist with VPNs as you deploy. And you can start with just one team—or one application even—and then roll it out. And then see how it works, and how excited users might get using it. And then use that as the starting point to roll it out to the rest of the company.”
Another area where Banyan stands out is by providing customers with visibility into exactly where they are in their journey to zero trust and least-privilege access, Gummaraju said. Currently, the company’s most sophisticated customers are about halfway to the ideal end state in that journey, he noted.
While Banyan is not disclosing how many customers or total users it has, the company says that its 300% gain on users in 2021 is an indication that new customers are adopting the solution and that existing customers are scaling up.
Banyan expects its user growth rate to be even in higher in 2022, as the company recently released a free edition of its product.
Named customers include real estate platform Compass, while other customers include Fortune 500 companies in multimedia and database software, the company said. Banyan’s product has been generally available since October 2019.
Banyan’s series B round was led by Third Point Ventures and included participation from SIG, Alter Venture Partners, Shasta Ventures, and Unusual Ventures. The company has now raised a total of $47 million since its founding in 2015.
The funding will go toward hiring across sales, marketing, and engineering. The company currently employees about 50 people and plans to double its workforce this year.
A key goal for the funding is “getting our name out,” Gummaraju said. “I still feel that we are the best-kept secret.”
Recent hires who will help with the effort include Den Jones — who previously headed up zero trust efforts at Adobe and Cisco — as chief security officer.
While Banyan’s customers so far have mostly represented tech-focused companies, the company sees the opportunity to expand beyond those early adopters this year, Gummaraju said.
In terms of the need for secure remote access, “I think people have woken up to the fact that this is going to be more of a long-term thing. It’s not just a spike because of COVID,” he said. “So we think we’ll be able to branch out into other areas.”
Banyan Security’s founders are Gummaraju, formerly of VMware; chief operating officer Tarun Desikan, formerly of Moovweb; and Yoshio Turner, formerly of HP Labs.