About Us

By using machine learning and graph technologies, Saporo continuously maps an organization's attack surface composed of users, assets, and services. Our technology scores every attack path based on business impact and prescribes courses of action to mitigate risk and exposure.

Identifying all potential attack paths in large and dynamic environments is impossible using manual methods. Finding, quantifying and prioritizing where to start and what to do requires automation.

Privileged account access represents the keys to the kingdom for threat actors, enabling them to move around a network almost unabated. With it, attackers can explore and extract as much sensitive data as they like. These same privileged accounts then allow the threat actor to encrypt that same stolen data and hold the organization at ransom.

Defenders can never hope to get ahead of attackers if attackers have a better understanding of the battlefield - the organizations own network. By leveraging the same techniques used by threat actors to visualize the shortest path to privileged access to critical resources, defenders can start to see their environment as attackers do. Once visibility is achieved, it becomes much easier to anticipate attack paths and implement the appropriate countermeasures and controls.

Meet advisory board

Advisory Board Members

Christophe Bouillard

VP of Information Technology at Rolex

Christophe is a senior technology executive and C-suite leader (CTO and CISO) with over 20 years of experience building information security and technology infrastructures for global organizations. He is currently Vice President of Information Technology at Rolex Watch USA. He is passionate about driving technology and innovation, building high-performing technology teams, and showing business teams what technology can do for organizations in a rapidly changing world.

"Saporo is an indispensable defense tool for all organizations that want to be one step ahead in controlling risks within their increasingly complex infrastructures."

Christopher Morales

CISO at Netenrich and CompTIA Cybersecurity Council Member

Christopher is currently Chief Information Security Office (CISO) and Head of Security Strategy at Netenrich. Chris has over two decades of information security experience, most recently leading advisory services and security analytics for Vectra AI. Throughout his career, he has advised and designed incident response and threat management programs for some of the world’s largest enterprises.

"Security is operating in a world that has changed vastly since current practices were established. It is impossible to protect every asset. Saporo provides immediately the actionable information to focus on what matters in a chaotic environment."

Thomas Maillart

Senior Lecturer Information Science Institute at University of Geneva

Thomas Maillart holds a Master from EPFL (2005) and a PhD from ETH Zurich (2011). At ETH Zurich, Thomas received the Zurich Dissertation Prize in 2012 for his pioneering work on cyber risks and spent 2 years researching at the ETH Zurich Center for Law and Economics. Before joining the University of Geneva, Thomas Maillart was a post-doctoral researcher at UC Berkeley until 2016. Thomas Maillart has co-founded a cybersecurity startup in 2005, and has consulted on cybersecurity for various governmental and private organizations.

"Properly understanding and modelling how cyber attacks cascade along vulnerability paths to compromise most valuable assets is one of the key untamed challenges for cyber risk management with implications for cyber-insurance, but also for organization design and strategic management. Saporo is one of a kind startup proposing a solution to simulate, verify and thus manage attack paths. Therefore, I am utmost thrilled to contribute my scientific knowledge on complex systems and extreme risks to Saporo."

Cedric Nabe

Head of Risk Advisory for the Romandie region chez Deloitte Switzerland - Former CISO at Edmond de Rothschild

Cedric Nabe is a Director in Risk Advisory and takes part in developing and managing the growth of Deloitte operational and cyber risk services in the Romandie. Previously Cedric has been working as the Group CISO, Group DPO and business continuity manager of a Swiss private bank. Cedric works across industries and specializes in solving complex operational and cyber risk challenges. In addition, Cedric is a former professional Swiss athlete credited with multiples Swiss championship titles. Throughout his career, Cedric represented Switzerland in many major championships (e.g. the Berlin 2009 World Championships in athletics).

"Saporo is the missing piece of the puzzle in providing cyber security professionals with the visibility and transparency needed to reduce the attack surface for enterprises."

Time is of the essence.

It is a race of time between the attacker and the defender. Winning the race against attackers requires ordering the seemingly chaotic connections between users, assets and resources to expose and prioritize paths that attackers will most likely exploit.