Out of Stealth Neon Cyber Advances Workforce Cybersecurity

Our Background

I started my career in cybersecurity in the late 1990s as the equivalent of a janitor, cleaning up graffiti when websites got defaced. Over time, attackers have evolved, shifting from destructive events to lucrative takeovers. System compromises went from being the end goal to the beginning step of a more audacious infiltration of an organization's entire lifeblood. Once the target shifted to holding data hostage, the concepts we leveraged as an industry had to adapt as well. Protecting infrastructure and data has always been the core of what cybersecurity professionals aim for.

We used to have the luxury as defenders to have well-defined perimeters: traffic flowing through corporate-owned pipes, end users in static, pre-defined office locations. That luxury, the concept of an actual perimeter, is now part of history books as we have moved to a decentralized, geographically disbursed workforce. The rapid evolution of SaaS services & cloud-first office systems has enabled remote/hybrid work to become a sustainable model for companies and their workforce. Attackers, never ones to enjoy losing their targets of opportunity, have also made the shift, embracing compromised identities as a key entry point to further escalate into a company. We have to defend the workforce, protecting the people who power your business is fundamental.

Cody Pierce and I leveraged our combined 50 years of cyber experience to build our first company, AlphaWave, which helped companies better understand their infrastructure attack surface. Tracking inventory and exposure levels of systems & services has always been a tough battle for organizations; everything facing the Internet requires a balance of risk. We see a similar issue from a different lens now. What was once an outside-in approach to compromising an organization has shifted to going directly at the users. Attackers are leveraging new waves of techniques, a fast-expanding barrage of AI-powered phishing, social engineering, credential theft, and SaaS abuse to gain and maintain footholds in an organization.

Why Now?

We founded Neon Cyber to help organizations protect the key piece to the modern era of attacks: the user and their identities. The name Neon itself is a statement of our desire to help companies illuminate the vast amount of touchpoints their users and data have through the new age of the Web. Observability and control of behaviors that could compromise a user or disclose data have shifted from border controls and XDR, directly into the browser, which has become the new operating system of business.

We started building in early 2024, intending to provide defense against identity attacks and phishing. We had some early realizations that the first-party telemetry we were able to gather, while providing defense against attacks, could be used for much more. We watched as attackers switched from traditional phishing methods to living off of trusted sites, so we built the world's first AI anti-phishing model that lives in the browser. We have had the privilege of having design partners across several verticals who had unique concerns but all shared a similar voice. "What are our users doing and where is our data going?". We listened to their feedback and built a robust, AI-powered SaaS application catalog to assist in showing what their users were accessing and with what level of security. The focus is now and will always be helping organizations understand the who, what, when, and where their workforce and data are interacting with the outside world.

We founded Neon Cyber with the mantra of "protect the people that power your business", something that is ingrained in every decision we make. Building the best Workforce Cybersecurity Platform is the mission. Behavioral observability and control of user activity is how we will accomplish it. Putting this into action means solving pain points that exist and are evolving now:

• EDR/XDR and network monitoring cannot see or control inside the browser. We embed ourselves directly where users work and act as a security team sitting alongside them.

• Traditional phishing detection relies heavily on email scanning and intelligence feeds, and is defeated by modern techniques. We built an AI-powered phishing model to ensure we stop attacks where traditional gateway tools fail, directly in the browser with no blind spots, in real time.

• The adoption of SaaS and AI tools outpaces IT visibility and control. We built robust visibility on the applications, authentication methods, and data that users interact with, helping reduce the SaaS attack surface and improve identity hygiene for organizations.

• Despite advances and adoption of SSO, MFA, IDP, and various other identity protection methods, user accounts are still at high risk of compromise or disclosure. We catalog every authentication type across identities and allow for robust reporting and control over these methods.

Our Future

We are supported by an investment team in Silverton Partners out of Austin, Texas. They share our goals and excitement to advance..

“The threats facing the modern workforce, such as Shadow-SaaS, Identity Attacks, and Phishing, have become an epidemic for organizations of every maturity level,” said Kip McClanahan, Partner, Silverton Partners. “Neon Cyber has a clear vision for Workforce Protection and the innovative technology to make a difference. Silverton invests in game-changing companies, and we continue to be impressed with the team and execution.”

We have always felt that security is a team sport, and we are thrilled to jump in and team up with our customers as part of their squad. Our commitment to understanding the modern workforce's identity threat landscape and turning that into an easy-to-deploy, easy-to-manage unified platform will guide us over the next several years, and we hope you join us.

If you are ready to start protecting your workforce and level up your confidence in your users' safety, reach out to us to have a conversation or a demo today.