Multi-factor & Risk-based Authentication , Security Operations
Demisto Founders Launch Passwordless Authentication CompanyDescope to Help Developers Make Authentication Part of Application Build Process
The founding team behind SOAR vendor Demisto has started a passwordless authentication and user management platform company that caters to the developer community.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Silicon Valley-based Descope emerged from stealth Wednesday with 30 employees, $53 million in funding and backing from industry titans including CrowdStrike CEO George Kurtz, Microsoft Chairman John Thompson, Rubrik CEO Bipul Sinha and Wiz CEO Assaf Rappaport. Descope helps developers embed authentication in the application build process and competes with Auth0 in the CIAM space (see: ForgeRock, Ping, IBM, Okta Top KuppingerCole CIAM Tech Eval).
"This is the last place you really want to make mistakes. There are a lot of small things that most developers just don't think of."
– Slavik Markovich, co-founder and CEO, Descope
"The devil is in the details here," Descope co-founder and CEO Slavik Markovich tells Information Security Media Group. "If you're a developer that's not an expert in security and not an expert in identity management, you will make mistakes. And this is the last place you really want to make mistakes. There are a lot of small things that most developers just don't think of."
Descope was established in April 2022, started in private beta in August 2022 and debuted a public beta version of its product earlier this month. The company closed a seed funding round led by Lightspeed Venture Partners and GGV Capital shortly after its founding and has used the proceeds to hire engineers and get its product into production.
Prior to establishing Descope, Markovich and co-founder Rishi Bhargava started analytics and automation vendor Demisto in early 2015 and sold the company to Palo Alto Networks in March 2019 for $560 million. At Palo Alto Networks, Markovich served as a senior vice president of product, and Bhargava served as vice president of product strategy for three years before leaving to start Descope.
'A Whole Different Feeling'
Descope focuses on helping developers in the business-to-business world tackle issues around SAML support and single sign-on, allowing them to fully update roles and permissions for users as well as group membership directly in the product, according to Markovich. As a result, he says, developers can implement these protocols without having to fully understand them.
When coding applications, Markovich says, developers often aren't thinking about identity management issues such as application takeover, fingerprinting of the device and mapping the authentication to the device to track user behavior. Descope allows developers to customize the look and feel of the authentication process as well as what's used as a second factor by adding just a few lines of code to their application.
Descope wants to minimize the friction associated with being redirected to a different page for logging in that looks completely different from the rest of the application since that has a direct impact on the bottom line. In addition, Descope's passwordless approach means that users will no longer have to deal with forgotten passwords or password resets, which are often a reason users drop during authentication.
"It's just a whole different feeling when the login looks exactly like the rest of your website," Markovich says.
'You Can Actually See Visually What Has Been Implemented'
Descope appeals both to startups that want a more modern approach and to long-standing companies that wish to go passwordless or reduce friction in their authentication process. Markovich says Descope has traction with smaller or midsized firms at the beginning of their authentication journey as well as with customers looking to replace Auth0 with something that's passwordless and more customizable.
The company provides authentication to developers working on both business-to-business and business-to-consumer applications, Markovich says. From a B2B perspective, Descope has focused on supporting single sign-on through SAML and other protocols as well as multi-tenancy. In contrast, the B2C business focuses more on detecting fraud in a frictionless matter that's easy and secure for developers and users.
Descope is available at no cost to businesses with fewer than 7,500 monthly users or fewer than 50 tenants on the B2B side, Markovich says. Pricing for the paid version is based on active users or the number of tenants and provides additional security features around biometrics, behavioral analytics and phone-based two-factor authentication. Descope today has roughly a dozen paying customers, Markovich says.
"A lot of times, authentication is very tied to the system, so the CISO has to rely on the developers to understand how the security actually works," Markovich says. "But with us, you can actually see visually what has been implemented. So for a CISO, it's an added benefit of visually understanding the entire authentication process, which is easier to read and easier to understand."