Why Centana Invested in Cayosoft

By Eric Byunn | Co-Authors: Jake Madnick, Jay Lee

Microsoft’s Active Directory is the Backbone of IT Infrastructure

Identity is a large and growing vector for cybersecurity attacks, and Active Directory (AD) continues to be the primary identity database of record for enterprises. Ninety percent of Global Fortune 1000 companies run on AD1 and with cyberattack incidents on AD continuing to proliferate, there is increasing focus on securing the identity (versus solely the network or endpoints). As many as 50% of organizations have experienced an AD attack in the last two years, and more than 40% of those attacks are successful2, with notable recent examples like SolarWinds and MGM looming large.

Continuing trends around cloud adoption have created greater complexity for administrators managing a growing mix of on-premise, cloud, and hybrid environments. While these challenges are industry agnostic, organizations that operate in regulated sectors, such as financial services, often have more complex compliance procedures and higher sensitivity to consequences of a potential breach. As threats to AD become more persistent and as internal infrastructure environments become more complex, better systems and tooling are necessary for enterprises.

IT Challenges More Complex Than “Did You Try Restarting it?”

Administration of directory services, which may include a combination of AD, Entra ID or other cloud-based directory services, file servers, on-premise access components, and more, can be done through native Microsoft permissions or custom scripts. However, managing and coordinating amongst different systems quickly becomes difficult as organizations scale. The process of user provisioning and deprovisioning compounds in work and complexity as enterprises begin managing multiple environments, employee counts rise, permutations of roles and privileges increase, and the types of devices and applications being tracked grow. Furthermore, the native process for backing up and recovering the configuration rules and data within an AD instance (i.e., an AD Forest) is highly manual and time-consuming – with uncertain fidelity and reliability.

The result? Pain from the IT department while HR continues the hiring (or firing) spree. These challenges extend beyond just the complexity of managing the workflow – the manual effort and business continuity impact of recovering a Forest also keeps the IT department up at night.

The Cayosoft Solution

Cayosoft’s consolidated platform provides end-to-end solutions tailored towards solving these problems across on-premise, cloud, and hybrid environments. Through its platform, Cayosoft automates day-to-day AD management tasks, provides monitoring to identify and reverse any unusual or malicious changes, and enables instant recovery of an organization’s AD Forest, attributes, and objects. While it seems like a technology-only problem, bad actors impact a whole lot more than just the IT team – for example, the fallout from the aforementioned MGM attack was as much as $100 million due to disruptions to day-to-day operations3.

Through many discussions with market participants, it was evident how challenges arise when trying to manage AD at scale. But it was also clear through those conversations how seamless the Cayosoft experience could be in managing that complexity, and the peace of mind that companies received knowing that a solution has their back in case anything goes wrong. Through their Administrator and Guardian platforms, we believe Cayosoft offers a best-of-breed platform that helps IT departments, executive teams, and businesses manage, monitor, and recover their Active Directory environments.

We’re excited to partner with cofounders Bob Bobel (CEO) and Andrey Polevoy (CTO), who have impressively bootstrapped Cayosoft to become a leading provider in this market. Together, they have spent over 50+ years in infrastructure technology and the products they have developed showcase this expertise. As the market undergoes a continued transition to hybrid and cloud environments, we believe Cayosoft is well-positioned to capitalize on those tailwinds with more capital for go-to-market resources and continued investments in innovation and product excellence.

Centana’s Active Role in Identity

Centana has deep expertise in investing in enterprise solutions serving the broader financial services ecosystem, including a strong focus on the identity and access management market. Previous investments in the space include Jumio (consumer authentication), SpyCloud (cybercrime analytics including account takeover prevention), Sayari (counterparty identity), and SheerID (identity attribute verification). Deep connectivity to this ecosystem, which includes banks, payment companies, insurance carriers, and more, has highlighted the growing needs of large enterprises and highly-regulated entities – and why solutions like Cayosoft are so essential. We look forward to supporting Bob, Andrey, and the broader Cayosoft team as they embark on this next stage of their journey.

 

[1] Frost, J. (2020, March 20). Active Directory Holds the Keys to Your Kingdom, But Is It Secure? Frost Perspectives.

[2] Enterprise Management Associates (EMA). (2021, September). The Rise of Active Directory Exploits: Is It Time to Sound the Alarm?

[3] U.S. Securities and Exchange Commission. (2023, October 5). MGM Resorts International. EDGAR Database.