Silverfort

Researched 2026-06-28. Primary category: identity-governance (but see note — its real center of gravity is runtime identity protection / ITDR + NHI).

One-liner — A unified, largely agentless/proxyless identity-security platform that extends MFA, conditional access, and threat detection to systems that normally can’t get them — legacy apps, service accounts, command-line, OT — across cloud and on-prem.

What it does

Silverfort sits in-line with the authentication path (notably Active Directory via its security-protocol integration) so it can apply modern controls — MFA, conditional access, blocking — to resources that were previously “un-protectable,” without deploying agents on every host or proxies in front of every app. From that vantage point it does: universal MFA, identity threat detection and response (ITDR), and increasingly Non-Human Identity (NHI) security — discovering, monitoring, and protecting service accounts and machine identities, which are hard to put MFA on and are a common lateral-movement path. It markets a “Runtime Access Protection (RAP)” capability.

Where it sits in the stack

Foundation layer. Tagged identity-governance, non-human-identity, and data-access-governance, but its distinctive job is runtime identity protection / ITDR layered on the IdP and directory (microsoft-entra, okta, Active Directory) — complementary to, not a replacement for, IGA suites. It is not an inline prompt/egress control; it hardens the identity perimeter and limits lateral movement / blast radius. Strong NHI/service-account story makes it relevant alongside cyberark, token-security, oasis-security.

Deployment & architecture

Agentless/proxyless inline integration with authentication infrastructure (AD/Kerberos/NTLM, LDAP, plus cloud IdPs and access protocols); delivered as SaaS with on-prem/hybrid components. Integrates with IdPs, MFA providers, SIEM (microsoft-sentinel, splunk), and PAM. Its differentiator is breadth of coverage without per-app agents.

Positioning & differentiators

Known for the agentless approach that “goes everywhere,” including legacy/AD-centric estates where competitors need agents or proxies. Versus pure IGA (sailpoint, saviynt, linx-security) it is enforcement/detection at runtime, not certification/lifecycle. Versus PAM (cyberark) it protects existing accounts in place rather than vaulting them. Its NHI push competes with oasis-security, token-security, astrix-security. Marketing claims of being “the only platform that truly goes everywhere” should be read as marketing.

Ownership, funding & M&A

Independent, VC-backed unicorn. Founded 2016 by Hed Kovetz (CEO), Yaron Kassner (CTO), and Matan Fattal; Israeli-origin with US presence (Boston/Texas). ~$222M raised total; Series D $116M in January 2024 led by Brighton Park Capital at ~$1B valuation. 2025: Howard Greenfield joined as President/CRO. No acquisition of Silverfort confirmed. Confidence high.

CTO / hedge-fund lens

Day-2, but among the more relevant identity tools here for a regulated shop with a meaningful on-prem / Active Directory footprint and lots of service accounts. Its sweet spot — putting MFA on legacy apps and locking down service accounts without rip-and-replace — maps well to audit/insurance requirements and to limiting ransomware lateral movement. A cloud-only, Okta/Entra-native fund gets less incremental value. Not a model-risk (SR 11-7) tool, though ITDR coverage supports operational-risk and audit posture.

Competitors / alternatives

cyberark, oasis-security, token-security, astrix-security, sailpoint, saviynt, linx-security, microsoft-entra (Identity Protection).

Open questions / to verify

  • Precise current HQ designation (sources list Tel Aviv, Dallas, and Plano TX) — likely dual Israel/US.
  • Depth of the cloud-IdP (non-AD) coverage vs the AD-centric core.
  • Any funding/valuation change since the Jan-2024 Series D.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; confirmed independent unicorn (~$222M raised, $116M Series D Jan-2024 led by Brighton Park, ~$1B valuation), founded 2016 by Kovetz/Kassner/Fattal. Clarified center of gravity is agentless runtime identity protection / ITDR + NHI, not classic IGA. ownership_confidence raised to high.