We’ve raised $100 million. Why?

Nobody gives you $100 million because they think you're cool. They trust you because they think you’re onto something.

More Spotlight on Passwordless MFA

The timing is right to focus on preventative controls that stop ransomware and account takeover attacks, rather than just focusing on trying to detect and respond to them.

Why? There are three reasons very relevant to the current moment.

First, passwords have overstayed their welcome.

Gartner says going passwordless is a priority… starting yesterday (as of January 2022).

Right at the center of Gartner’s impact radar (below), we can see passwordless authentication as a core component of “ubiquitous and transparent security.” And with good reason: passwords have long been the bane of security team’s existence. They cause 89% of web application breaches through credential stuffing and brute force attacks, and stolen passwords allow threats like ransomware and phishing to gain traction. Passwordless authentication solves these issues because by eliminating passwords you remove all of the risks associated with them.

Second, no one likes their MFA.

Microsoft says traditional MFA only has 22% adoption.

This does not bode well in a world of remote work and BYOD. But it’s no surprise MFA adoption remains low, despite the circumstances. Why? Demanding change within your organization is hard, especially when users are already fatigued by password rules and resets. For some organizations, prohibitions on use of personal devices and phones makes implementing MFA prohibitively expensive, because the company has to purchase and issue mobile phones or hardware security keys. At the same time, cyber insurance providers are demanding the adoption of MFA or cutting off coverage.

Third, the government is putting its foot down.

When they issued the “Federal Zero Trust Strategy” strategy on January 26, 2022, the government is requiring federal agencies to use phishing-resistant MFA. (Right now, the vast majority of implemented MFA products are not phishing-resistant). This mandate is directed at US government agencies — the most attacked entity in the world — and is a crystal clear condemnation of legacy, password-based MFA. This memo goes on to recommend passwordless MFA.

A direct quote from the memo shows just why Beyond Identity fits the bill for phishing-resistant MFA: “Tightening access controls will require agencies to leverage data from different sources to make intelligent decisions, such as analyzing device and user information to assess the security posture of all activity on agency systems.”

Doubling Down on What We’ve Built

All the capabilities mentioned in the section above are available from Beyond Identity today.

Our team has created the world's first passwordless technology that actually removes the password and continuously assesses risk signals from endpoints.This approach enables our customers to build the foundational layer of their Zero Trust access strategy.

With Beyond Identity’s single, massively-scalable platform that supports 3 different products, organizations can secure their workforce, DevSecOps teams, and customers. We’ve done the work to improve our customers existing investments by integrating with a range of technologies, including: SSO (e.g. Okta, Ping, Microsoft Azure AD, ForgeRock, etc.), MDM (Jamf, Microsoft Intune, Airwatch, etc.), SIEM (Splunk, etc.), and others in these categories.

To support our customers, we have three different data centers across the US and EMEA, with engineering and technical support in both regions.

Expanding the Product and Our Presence

While we’ve accomplished a lot in 2 years, we’ve got big plans in the year ahead. We’ll use these funds to:

• Expand our engineering team and our product capabilities. (We’re already at 185 employees today — including over 110 engineers.)
• Build deeper and broader relationships with partners so that we can best support them and their customers.
• Expand our sales GTM teams in APAC and LatAm markets.
• Invest in our datacenter infrastructure in our current regions (North Am and EMEA) and expand our footprint into the Asia-Pacific and Latin American regions.
• Make the use and purchase of our products self-service for organizations that choose that path, while further extending support for customers who want a hand-held experience.
• Expand technical partner integrations across the categories mentioned above — and many others to come.

Our goal is to ensure customers can maximize their existing infrastructure. With the wide range of security risk signals available in Beyond Identity, our customers can better prevent breaches while improving detection and response capabilities.

With this money in our pocket, we’re excited to keep improving what is already the strongest — and only — un-phishable MFA on the planet.