Silverfort

1.1 Company Identity, Headquarters, and Business Model

Silverfort is a privately held cybersecurity company that operates the only end-to-end unified identity security platform capable of protecting all identities — human, machine, and AI-driven — across all environments: on-premises, hybrid, and cloud. The company was founded in 2016 in Tel Aviv, Israel by Hed Kovetz, Yaron Kassner, and Matan Fattal, three alumni of the Israeli Defense Forces' clandestine Unit 8200 intelligence unit, widely recognized as one of the world's premier cyber intelligence organizations. The company's operational headquarters moved to Plano, Texas (5525 Granite Parkway), while maintaining a major R&D and engineering hub in Tel Aviv at Leonardo da Vinci Street, Landmark TLV Tower. Additional offices span Boston (Massachusetts), Sydney and Melbourne (Australia), Frankfurt (Germany), Singapore, and Antwerp (Belgium), reflecting a globally distributed enterprise-oriented organization. Silverfort's core product, the Silverfort Identity Security Platform, is built around patented Runtime Access Protection (RAP) technology. RAP integrates inline with existing Identity and Access Management (IAM) infrastructure — including Active Directory (AD), Okta, Azure AD (Entra ID), RADIUS, LDAP, ADFS — without requiring agents on endpoints, proxies between systems, or modifications to servers or applications. This agentless, proxyless architecture is Silverfort's primary technical differentiator: it enables organizations to extend Multi-Factor Authentication (MFA), identity threat detection, and Zero Trust policies to resources that other solutions cannot reach, including legacy systems, command-line tools, service accounts, industrial OT infrastructure, and machine-to-machine authentication. The business model is B2B SaaS with subscription-based licensing, targeting enterprises with complex heterogeneous identity environments. Revenue and go-to-market emphasis is concentrated in North America, where roughly half the customer base is located, with strong representation in financial services, healthcare, government/defense, critical infrastructure, and manufacturing. Silverfort does not publicly disclose ARR or specific revenue figures, but the company disclosed at Series D (January 2024) that revenue was growing at 100% annually and ARR was in the "tens of millions of dollars." [CO001, CO002, CO003, CO004, CO005, CO006]

1.2 Founders, Leadership, and Governance

Silverfort was co-founded by three veterans of the IDF's elite Unit 8200 intelligence corps, each occupying a distinct functional role that covers the primary executive competencies of the company. Hed Kovetz serves as CEO and Co-Founder. Kovetz is the primary external spokesperson, investor relations contact, and the architect of Silverfort's market positioning strategy. He has been the public face in all major fundraise announcements, customer briefings, and press interviews. His leadership has maintained consistent strategic direction since founding. Yaron Kassner serves as CTO and Co-Founder. Kassner leads Silverfort's technology architecture, innovation roadmap, and research team. His background in cryptography and enterprise security has driven the development of the patented RAP technology. He has spoken publicly at security conferences including RSAC and has articulated Silverfort's vision for protecting previously unprotectable identity assets. Matan Fattal serves as VP R&D and Co-Founder. Fattal leads engineering and product development, overseeing the build-out of the platform's expanding capabilities across NHI security, AI agent protection, and PAM modernization. In June 2025, Silverfort brought on Howard Greenfield as President and Chief Revenue Officer, a material leadership augmentation for the company's next-stage growth. Greenfield has extensive identity market experience, having served as CRO at SailPoint during its successful IPO in 2017 and as CRO at Centrify (now Delinea). Prior to joining Silverfort, he was an Operating Partner at Canaan, a venture capital firm, helping portfolio companies scale their go-to-market strategy. Greenfield's appointment signals Silverfort's intention to scale revenue aggressively and pursue a potential exit or significant expansion milestone. Mike Gregoire, Founding Partner at Brighton Park Capital and former CEO of CA Technologies and Taleo, joined Silverfort's board of directors when Brighton Park led the Series D round in January 2024. Gregoire has been a public champion for Silverfort's market thesis, quoted in multiple official communications. Avery Schwartz, a partner at Greenfield Partners (Series C lead), also joined the board at Series C close. Key-person risk is moderate to high. The founding team of three is fully integrated into Silverfort's identity as a company — each co-founder's continued engagement is central to technology credibility (Kassner), product execution (Fattal), and market narrative (Kovetz). No succession plan or key-man insurance disclosures are publicly available, representing a governance information gap for diligence. [CO010, CO011, CO012, CO013, CO014, CO015]

1.3 Funding History, Valuation, and Investor Base

Silverfort has raised a total of $222 million across five distinct funding rounds from its founding in 2016 through January 2024. The company achieved unicorn status — a valuation exceeding $1 billion — with its Series D round, closed January 23, 2024, which raised $116 million led by Brighton Park Capital. Brighton Park Capital is a growth equity firm focused on software and technology-enabled services; its Founding Partner Mike Gregoire, former CEO of CA Technologies, has described Silverfort as "one of the rare companies that has successfully envisioned how a large market will need to transform to solve a tough problem — in this case, identity security." The funding chronology is: a seed round in June 2017 (amount undisclosed); a Series A of $11.5 million in June 2018 led by TLV Partners; a Series B of $30 million in August 2020 led by Aspect Ventures (with Citi Ventures, Maor Investments, TLV Partners, StageOne Ventures, and Singtel Innov8 participating); a Series C of $65 million in April 2022 led by Greenfield Partners (with GM Ventures, Acrew Capital, Vintage Investment Partners, StageOne Ventures, Singtel Innov8, Citi Ventures, Aspect Ventures, and Maor Investments participating); and the Series D of $116 million in January 2024 led by Brighton Park Capital (with Acrew Capital, Greenfield Partners, Citi Ventures, General Motors Ventures, Maor Investments, Vintage Investment Partners, and Singtel Innov8 participating — all-equity structure per TechCrunch). The cumulative investor base is notable for its mix of strategic and financial investors. Strategic investors include Citi Ventures (Citibank's corporate VC arm), General Motors Ventures, and Singtel Innov8 (Singapore Telecom's corporate VC), all of which represent potential channel or enterprise customer relationships. Financial investors include Brighton Park Capital, Greenfield Partners, Acrew Capital, Vintage Investment Partners, TLV Partners (an Israel-focused venture firm), StageOne Ventures, Maor Investments, and Aspect Ventures. The breadth and quality of institutional backers across all rounds reflects strong conviction across multiple investment cycles in Silverfort's market thesis. No secondary transactions, debt instruments, or credit facilities are publicly disclosed. The company has operated exclusively on equity financing to date. Pre-money valuation for Series C was not disclosed by the company; PitchBook cited a ~$150M valuation as of August 2020 (post-Series B), with significant growth implied at Series C. The Series D established a ~$1B post-money valuation confirmed by TechCrunch sourcing. [CO017, CO018, CO019, CO020, CO021, CO022]

1.4 Scale Metrics, Milestones, and Market Traction

As of early 2026, Silverfort serves 1,000+ enterprise organizations across North America, Europe, and Asia-Pacific, including several Fortune 50 companies per LinkedIn's company description. The company does not publicly disclose named enterprise customers. Publicly known customer references include Singtel, Samsonite, and UPS, which were mentioned by CEO Hed Kovetz in the Series C announcement as being among the "smaller" customers at that time. The 1,000+ customer figure is company-claimed and corroborated across multiple third-party reports and the company's own website. At the time of the Series D in January 2024, Silverfort was adding approximately 100 new customers per quarter, reflecting a customer acquisition velocity of approximately 400 net new customers per year. ARR was reported to be in the "tens of millions of dollars" and growing at 100% annually, implying ARR of approximately $40–90M at the time of the Series D announcement based on the "tens of millions" qualifier. No subsequent ARR disclosure has been publicly made. Employee count has grown substantially. At Series B (August 2020), Silverfort had 60 employees; at Series C (April 2022), the company had 120 employees; as of March 2025, Tracxn counted 604 employees; and as of LinkedIn data available in 2025, the company shows 629 employees. This roughly 10x growth from 60 to 600+ employees over five years tracks with the rapid capital deployment and global expansion. Key product milestones include: the December 2023 scalable Service Account Protection launch; the January 2024 Series D unicorn round; the September 2024 Identity-First Incident Response solution launch; the late 2024 acquisition of Rezonate (extending NHI security capabilities); the December 2024 Privileged Access Security (PAS) launch; the January 2025 CrowdStrike integration; and the June 2025 AI Agent Security launch and Howard Greenfield appointment as President & CRO. Silverfort was named one of Fast Company's 10 Most Innovative Companies in Security for 2025, confirming broad industry recognition. [CO026, CO027, CO028, CO029, CO030, CO031]

1.5 Adverse Signals, Governance Gaps, and Diligence Flags

Silverfort's most material diligence gaps reflect its status as a private company with no SEC reporting obligations and limited public financial disclosure. ARR and revenue figures are company-claimed and unaudited; the last disclosed growth rate (100% annually) and customer addition rate (100/quarter) date from January 2024, leaving an 18-month+ information gap through mid-2026. Independent verification of current financial metrics requires direct access to management or investor data rooms. Key-person dependency on the three co-founders — particularly CEO Hed Kovetz — is a structural risk. The founding team's continued involvement is central to the company's market narrative, investor relationships, and technical credibility. No public succession plan, executive bench depth disclosure, or key-man insurance arrangements have been disclosed. The headquarters migration from Tel Aviv, Israel to Plano, Texas (Dallas area) represents a strategic pivot toward North American enterprise sales. While this reduces geopolitical concentration risk, it also introduces operational complexity: engineering and R&D remain heavily concentrated in Israel, creating a dual-headquarters model with inherent coordination costs. Israel's cybersecurity ecosystem geopolitical risks (regional conflict, talent pipeline disruption) apply to Silverfort's R&D operations. Competitive pressure is intensifying from Microsoft (which bundles Defender for Identity with Microsoft 365 E5), CrowdStrike (Falcon Identity), CyberArk, BeyondTrust, and new entrants like Delinea. The bundling threat from Microsoft in particular affects pricing leverage for Silverfort in accounts with heavy Microsoft licensing commitments. No material litigation, regulatory enforcement actions, leadership fraud allegations, layoffs, or sanctions were identified in public sources during this research. The company carries normal cybersecurity sector risks (geopolitical, competitive, customer concentration) without elevated adverse signals. [CO036, CO037, CO038, CO039, CO040]

1.6 Exhibits

2.1 Market Boundary and Definition

Silverfort's addressable market spans three adjacent identity security categories: privileged access management (PAM), identity threat detection and response (ITDR), and non-human identity (NHI) security. The company's Unified Identity Protection platform monitors and enforces authentication policies across on-premises Active Directory, Azure Active Directory / Entra ID, Okta, LDAP, RADIUS, and legacy enterprise systems — reaching identity surfaces that traditional PAM tools require deployed agents or proxies to protect. Included spend covers software and services that detect credential theft, prevent lateral movement, protect service accounts and machine identities, enforce MFA on privileged resources, and deliver real-time risk-based access policies across hybrid environments. Excluded from Silverfort's primary scope are endpoint detection and response (EDR), network-layer firewalls, cloud security posture management (CSPM), and identity governance and administration (IGA) platforms focused on joiner-mover-leaver workflows rather than runtime threat prevention. Key adjacencies include zero trust architecture platforms — which require identity security as a foundational pillar — broader IAM platforms (Okta, Microsoft Entra), and PAM vaulting solutions (CyberArk, BeyondTrust). The primary status-quo substitute is Microsoft Defender for Identity (MDI), included at zero incremental cost in the Microsoft 365 E5 license. Other substitutes include SIEM-based identity analytics, manual privileged-account auditing, and native Entra ID Conditional Access policies. Silverfort's differentiation from substitutes lies in agentless deployment, coverage of unmanaged legacy systems inaccessible to agent-based tools, and real-time enforcement rather than alerting-only posture.[CM001, CM002, CM003, CM004, CM005]

2.2 Market Sizing: TAM, SAM, and SOM

No analyst firm publishes a single unified identity protection market that matches Silverfort's full platform scope. Three proxy markets define the TAM range. The global IAM market is estimated at $25.96B in 2025 growing to $42.61B by 2030 at a 10.4% CAGR per MarketsandMarkets (November 2025 publication). The PAM sub-segment, where Silverfort is explicitly named as a key player by MarketsandMarkets, is projected to reach $7.7B by 2028 at a 21.5% CAGR. Mordor Intelligence estimates the PAM market at $4.25B in 2025, growing to $13.83B by 2031 at 21.72% CAGR, with machine identities outnumbering human identities by 40:1. The Zero Trust security market provides a broader structural context at $36.5B in 2024 growing to $78.7B by 2029 at 16.6% CAGR per MarketsandMarkets. Silverfort's serviceable addressable market (SAM) is more narrowly defined as the intersection of PAM and ITDR for enterprise organizations operating hybrid Active Directory environments with 500 or more employees. Based on the PAM market range and ITDR's emergence as a discrete Gartner category (2022), the plausible SAM range is estimated at $7–12B by 2028 — the upper bound reflecting premium pricing for ITDR capability layered on top of PAM vaulting. Analyst estimates for PAM diverge substantially: MarketsandMarkets projects $7.7B by 2028 while VerifiedMarketResearch projects $28B by 2032, driven by different scope definitions that sometimes include adjacent IGA and identity analytics spending. North America accounted for 38.1% of PAM revenue in 2025, BFSI the largest vertical at 28.3%, and healthcare the fastest growing at 23.2% CAGR through 2031. Silverfort's serviceable obtainable market (SOM) is not publicly disclosed. Based on the company's $222M total raised, approximately 1,000 enterprise customers, and industry-standard SaaS penetration rates of 3–8% of SAM, a directional SOM of $200–600M over a 3-year horizon is plausible but requires diligence confirmation of ARR and net revenue retention data.[CM006, CM007, CM008, CM009, CM010, CM011]

2.3 Buyer Segmentation and Budget Ownership

Silverfort targets enterprise security buyers in organizations with hybrid Active Directory environments and a formal identity security program. The primary decision-maker is the CISO or head of identity security, who controls the security tooling budget and co-owns the decision with the IAM infrastructure team. For mid-market organizations, an IT Security Director or IT Director may lead the evaluation, particularly when triggered by a cyber-insurance requirement. Five vertical segments dominate Silverfort's buyer base. Financial services is the highest-spending vertical for identity security, driven by DORA, SOX, and PCI-DSS compliance mandates. Healthcare faces acute ransomware exposure and HIPAA breach liability, making identity security investments a high-urgency board priority. US federal government agencies operate under Executive Order 14028's Zero Trust mandate and CMMC 2.0 requirements. Manufacturing and critical infrastructure operators face OT/IT convergence challenges requiring protection of legacy RADIUS and LDAP environments unreachable by agent-based solutions. Mid-market enterprises are growing buyers, triggered by cyber-insurance premium requirements and awareness from ransomware peer incidents. Budget ownership spans the security and IT budgets depending on organizational maturity. In larger enterprises, identity security tools are funded from the dedicated security budget under CISO control. In mid-market organizations, security and IT budgets often overlap, and the CIO may share purchasing authority. Adoption is typically triggered by a ransomware incident affecting a peer organization, a regulatory audit finding, a cyber-insurance requirement mandating PAM controls before underwriting, or a proactive initiative following a board-level risk review. Cloud deployments represent 57% of the PAM market as of 2025, reflecting the shift to hybrid deployment models that Silverfort's agentless architecture is designed to support. MSSPs represent an important indirect channel for mid-market customers seeking managed identity security services.[CM016, CM017, CM018, CM019, CM020, CM021]

2.4 Growth Drivers and Adoption Constraints

Identity-based attacks are the dominant enterprise intrusion vector. The CrowdStrike 2025 Global Threat Report documented that adversaries now routinely log in rather than break in, using stolen or abused credentials as the primary intrusion method. The average eCrime breakout time reached just 29 minutes in 2025, and AI-enabled attacks grew 89% year-over-year, compressing the window for detection and response. The IBM Cost of Data Breach Report 2025 corroborates this trend, with phishing and compromised credentials identified as leading initial attack vectors. Three regulatory tailwinds directly drive IAM and identity security spending. The SEC's 2023 cybersecurity disclosure rules require public companies to report material cybersecurity incidents within four business days, elevating board-level urgency for identity visibility and governance. The NIST SP 800-207 Zero Trust Architecture standard and the CISA Zero Trust Maturity Model provide federal and enterprise frameworks that treat identity as the primary security pillar. Europe's NIS2 Directive, enforceable since October 2024, mandates identity security controls for operators of essential and important entities across 18 critical sectors, opening a substantial European market opportunity for Silverfort. Key adoption constraints temper the growth outlook. Microsoft Defender for Identity (MDI) is included in Microsoft 365 E5 at zero incremental cost, providing real-time AD threat detection to buyers already on E5. Any account strategy must identify where MDI is deployed and insufficient versus where it has not been configured. Implementation complexity in brownfield AD environments with legacy forest structures slows enterprise PAM projects. Budget compression during 2024–2025 security rationalization cycles has led enterprises to consolidate overlapping tools. Organizational switching costs from incumbent PAM deployments at CyberArk or BeyondTrust create inertia. Cyber-insurance companies now frequently require PAM controls as a precondition for underwriting, creating a structural demand tailwind that partially offsets budget pressures.[CM026, CM027, CM028, CM029, CM030, CM031]

2.5 Sizing Gaps and Diligence Asks

The most material evidence gap is the absence of a widely accepted standalone market size for ITDR or unified identity protection. Analysts size IAM ($25.96B), PAM ($4–7.7B), and Zero Trust ($36.5B) as separate categories without isolating the Silverfort-specific intersection of PAM, ITDR, and NHI. This creates a range-of-TAM problem: using the broadest IAM TAM implies a market far larger than Silverfort's realistic sales motion, while using PAM alone excludes the ITDR and NHI opportunity that distinguish Silverfort from pure PAM vaulting vendors. The NHI management market is analytically underdeveloped. Machine identities — service accounts, API keys, OAuth tokens, and AI agent credentials — are cited by Mordor Intelligence as a critical demand driver, with machine-to-human ratios reaching 40:1 in modern enterprises. However, no major analyst firm had sized NHI as a discrete market segment as of May 2026. Given Silverfort's 2024 acquisition of Rezonate to strengthen NHI capabilities, the incremental revenue contribution from NHI use cases is a key diligence ask. Conflicting PAM market estimates ranging from $3.6B to $28B by 2032 reflect genuine uncertainty about boundary conditions and should not be averaged or cited as a single consensus figure. VerifiedMarketResearch's higher estimate likely includes adjacent IGA and identity analytics spending beyond the core PAM vaulting and session management that MarketsandMarkets and Mordor count. Silverfort's own ARR as of Q1 2026 has not been publicly disclosed; the last known data point was "tens of millions growing ~100% YoY" as of the January 2024 Series D announcement. Priority diligence asks include: current ARR and net revenue retention; revenue split across PAM, ITDR, and NHI; deal size distribution; and win/loss rates against CyberArk, BeyondTrust, and Microsoft MDI.[CM036, CM037, CM038, CM039, CM040]

2.6 Exhibits

3.1 Competitive Landscape — Direct Peers, Platforms, Status Quo, and Likely Entrants

Silverfort's competitive landscape segments into four layers of materially different strategic significance. The first layer — PAM incumbents — includes CyberArk (NASDAQ: CYBR, ~$1.1B estimated ARR FY2026), BeyondTrust (Francisco Partners / Thomas Bravo-backed, estimated $350–500M revenue), and Delinea (TPG Capital-backed, estimated $200–300M revenue, formerly Thycotic and Centrify). These vendors dominate the privileged-access-management budget and primarily sell credential vaulting, privileged session management (PSM), and secrets management. Silverfort does not vault credentials — its agentless architecture operates at the authentication layer rather than the credential store layer — making these relationships simultaneously competitive (identity security budget overlap) and potentially complementary (vault + agentless enforcement). The second layer — ITDR and identity platform vendors — includes CrowdStrike (Falcon Identity Protection, ~$3.65B total ARR FY2026, 29,000+ endpoint customers) and SentinelOne (Singularity Identity, ~$1.1B ARR FY2026). Both vendors leverage existing endpoint-agent deployments to add identity telemetry, providing cross-correlated endpoint-plus-identity threat detection. Their distribution advantages (multi-year enterprise contracts, SOC integration) create significant sales-cycle displacement risk, though neither vendor offers Silverfort's agentless protocol-level MFA enforcement for legacy systems. Semperis (identity resilience, AD recovery) occupies adjacent territory in AD security but competes on AD recovery capabilities rather than authentication enforcement; Semperis' Purple Knight free tool has 75,600+ downloads, creating top-of-funnel awareness Silverfort lacks. The third and most consequential layer — platform vendor bundling — is Microsoft's Defender for Identity (MDI). MDI is included at no incremental cost in Microsoft 365 E5 ($57/user/month) and provides AD-focused threat detection deployed across an estimated 70%+ of large enterprise accounts that also represent Silverfort's primary target market. MDI's documented limitations — lack of agentless MFA enforcement, no NHI protection, limited legacy protocol coverage, and no cross-protocol conditional access — are Silverfort's primary sales angles, but MDI's free deployment creates a floor of competition that requires Silverfort to justify incremental spend on every enterprise deal. The fourth layer — status quo and free tooling — is the most common actual incumbent: organizations managing identity security through native Windows event logs, Microsoft's free BloodHound CE (attack-path analysis), Semperis' free Purple Knight (AD security scoring), and manual AD administration processes. The status-quo alternative is the primary displacement Silverfort achieves in mid-market accounts entering their first structured ITDR/unified-MFA purchase. Likely new entrants include Palo Alto Networks (Cortex XDR identity integration), IBM (QRadar UEBA/identity analytics), and the emerging non-human identity (NHI) pure-plays such as Astrix, Entro Security, and Oasis Security competing specifically in machine-identity governance.[CP001, CP002, CP003, CP004, CP005, CP006]

3.2 Competitor Profiles — Scale, Funding, Target Customer, and Strategic Direction

CyberArk is the PAM market segment leader with an estimated $1.1B ARR, trading on NASDAQ at $13–14B market cap in May 2026. Its Identity Security Platform spans PAM (Privileged Access Manager), endpoint privilege management (EPM), secrets management, and Identity Threat Detection via its Secure Browser and Behavioral Analytics products. CyberArk's primary motion remains credential vaulting and session recording for privileged accounts; its ITDR expansion is via acquisition and platform extension rather than a ground-up agentless approach. CyberArk is a potential strategic acquirer of Silverfort given product complementarity (vault + agentless) and Silverfort's unique NHI/service-account protection capability. CyberArk disclosed that 63% of surveyed organizations fail to adequately secure their highest-risk privileged access, validating the market problem both vendors address. BeyondTrust positions itself as the "only analyst-recognized leader in both PAM and ITDR," per its homepage, a claim it derives from simultaneous Gartner and KuppingerCole leadership positioning. Its "Paths to Privilege" platform spans PAM, remote access, and identity threat detection from a unified control plane. BeyondTrust is agent-dependent — its PAM and ITDR capabilities require software deployment on protected systems — making it architecturally complementary to Silverfort in legacy/OT environments but competitive in standard enterprise accounts. Estimated revenue of $350–500M and significant government contract presence. Delinea (formerly Thycotic + Centrify, acquired StrongDM 2025) is repositioning as a cloud-native PAM and "identity security platform," advertising 99.995% contractually assured uptime and 500+ enterprise integrations. Delinea's acquisition of StrongDM (just-in-time database and infrastructure access) adds runtime authorization capabilities relevant to the developer-access and cloud-operations use cases that Silverfort also targets via its NHI protection. Delinea lacks Silverfort's protocol-level MFA enforcement and agentless architecture. CrowdStrike Falcon Identity Protection leverages its 29,000+ endpoint-agent deployments to add AD user risk scoring, lateral movement detection, and real-time MFA enforcement via Charlotte AI agentic workflows. CrowdStrike's endpoint-first distribution advantage is significant: in accounts where CrowdStrike Falcon is already deployed, Falcon Identity Protection represents a low-friction, same-vendor expansion that directly overlaps Silverfort's ITDR detection layer. CrowdStrike does not offer agentless protocol-level MFA for service accounts or legacy systems, which is Silverfort's primary differentiation claim against CrowdStrike in OT, healthcare, and legacy-banking environments. SentinelOne Singularity Identity combines endpoint and identity telemetry from a single lightweight agent, providing unified threat detection across AD and Entra ID, active deception capabilities, and dark-web credential exposure monitoring. SentinelOne's deception technology (honeypot/lure deployment) is a technically distinctive capability Silverfort does not offer. Microsoft MDI is architecturally built into the SIEM+XDR suite, providing zero-incremental-cost AD threat detection for 80+ attack techniques but lacking cross-protocol MFA enforcement, NHI protection, and legacy-system coverage that Silverfort's agentless architecture provides.[CP001, CP005, CP006, CP008, CP009, CP010]

3.3 Capability, Pricing, GTM, and Regulatory Posture Comparison

The most decisive capability differentiation for Silverfort is its agentless enforcement of identity security policies at the authentication protocol level. No other production-deployed vendor can enforce MFA, risk-adaptive conditional access, or real-time blocking on NTLM, Kerberos, LDAP, RDP, and SMB simultaneously without agents on protected systems. This capability gap directly enables Silverfort to protect service accounts, machine accounts, and legacy systems — asset classes that CyberArk, BeyondTrust, CrowdStrike, and SentinelOne cannot systematically cover due to their agent-first architecture. CyberArk's Conjur secrets manager addresses machine secrets vaulting but not the runtime authentication control plane that Silverfort manages. On pricing and GTM posture: CyberArk is the most expensive solution ($150K–$1M+ per enterprise deployment), sold through a structured enterprise motion with 6–12-month sales cycles and strong SI/partner channel. BeyondTrust uses a similar model. Delinea competes on SaaS simplicity and lower total cost of ownership. CrowdStrike and SentinelOne sell identity as an add-on to their existing endpoint platform contract (estimated $8–15/endpoint/year), dramatically lowering friction for accounts with existing endpoint relationships. Microsoft MDI enters at zero incremental cost within M365 E5, creating a price-floor competitive dynamic. Silverfort's pricing is estimated at $100K–$500K ARR for mid-to-large enterprise, with NHI protection typically the primary budget justification in new deals since Rezonate integration. Regulatory posture: CrowdStrike and Microsoft both hold FedRAMP High authorization, giving them access to the most sensitive federal workloads. Silverfort is working toward FedRAMP authorization (as of May 2026, not yet completed), creating a gap in US federal civilian agency and DoD accounts. CyberArk has FedRAMP Moderate and a strong government contract vehicle presence (GSA Schedule, CIO-SP3). BeyondTrust holds FedRAMP Moderate. For CISA Zero Trust Architecture mandates (EO 14028, CISA ZTMM), Silverfort's identity-pillar coverage is architecturally well-positioned, but the lack of FedRAMP High authorization is a near-term constraint for classified and DoD accounts. Multi-homing is common in this market: the majority of large enterprise Silverfort customers also maintain Microsoft MDI (deployed by default with M365 E5) and may have CyberArk for PAM. Silverfort's sales motion must consistently justify incremental spend above the zero-cost MDI baseline, making competitive differentiation a critical sales enablement asset.[CP004, CP007, CP010, CP011, CP017, CP018]

3.4 Switching Costs, Lock-in, Multi-homing, and Distribution Power

Silverfort's switching costs stem from two primary sources: authentication-policy complexity and NHI discovery completeness. Once an enterprise deploys Silverfort's unified authentication policy engine, the organization accumulates dozens to hundreds of identity-specific access policies governing which users, groups, and service accounts can authenticate to which resources under which conditions. These policies encode business logic (e.g., "service account X can authenticate from server Y to resource Z only, blocked outside production hours") that is difficult to migrate to a different identity enforcement architecture. The NHI inventory that Silverfort builds over time — cataloging machine accounts, service accounts, and non-human identities with their behavioral baselines — becomes an institutional asset with significant replacement cost in terms of re-discovery, re-baselining, and re-policy-writing. Multi-homing is prevalent: most Silverfort enterprise accounts also deploy Microsoft MDI (via M365 E5) and often CyberArk for privileged-account vaulting. This co-existence is Silverfort's installed-base defense — it positions as an enforcement layer above and around the vault, covering the authentication protocols and account types that vaults and standard ITDR tools miss. The risk is budget pressure: CISOs reviewing identity security spending in 2025–2026 increasingly question whether three-vendor identity stacks (vault + ITDR + agentless enforcement) are justifiable when Microsoft and CrowdStrike are expanding platform coverage. Silverfort's response is to target the NHI/service-account protection use case as a standalone budget justification. Distribution power asymmetry is significant: Microsoft has near-universal enterprise identity infrastructure presence (Active Directory is the de facto corporate identity fabric); CrowdStrike has 29,000+ enterprise endpoint customers; SentinelOne has 12,000+ enterprise EDR customers. Silverfort must win each account through direct sales (primary) and a growing partner/MSSP channel, competing against vendors whose identity products are add-on expansions to existing relationships. Silverfort's MSSP channel and Howard Greenfield's (President/CRO, hired June 2025) go-to-market build-out are critical to scaling past this distribution disadvantage.[CP022, CP023, CP024, CP025, CP026, CP027]

3.5 Moat Durability, Commoditization Risk, and Adverse Competitive Evidence

Silverfort's patent-protected agentless architecture is its most durable competitive moat. The ability to intercept and enforce policy on authentication protocols at the domain-controller level — without touching endpoints or servers — requires significant Active Directory engineering depth and reflects Silverfort's IDF Unit 8200 founding-team expertise. This architecture has no direct equivalent in the commercial market as of May 2026. Silverfort has filed multiple patents covering its authentication-proxy and protocol-interception approaches, adding some IP defensibility to its architectural advantage. The second moat dimension is NHI coverage completeness. Silverfort's 2024 acquisition of Rezonate added cloud non-human identity (NHI) discovery for AWS, Azure, and GCP service principals, creating a more complete NHI governance story from on-premises service accounts to cloud workload identities. As enterprises accelerate adoption of AI agents and automated workflows that generate machine identity sprawl (estimated 40:1 machine-to-human identity ratio per Mordor Intelligence 2025), the NHI protection use case creates a structural long-term growth driver for agentless identity enforcement. Adverse evidence and commoditization risk: Three dynamics threaten moat durability. First, BeyondTrust and CyberArk are both investing in agentless-capable workflows — CyberArk's Identity Flows and BeyondTrust's Pathways products add some agentless-adjacent capabilities, though neither replicates Silverfort's protocol-level interception architecture as of May 2026. Second, Microsoft is actively expanding MDI's coverage of AD attack techniques and Entra ID conditional access policies — if MDI eventually covers the core Silverfort NTLM/Kerberos enforcement use case, the market-addressable differentiation narrows significantly. Third, CrowdStrike's Charlotte AI agentic identity-response capability (real-time MFA enforcement, privileged-account blocking) is converging on Silverfort's adaptive-enforcement value proposition, backed by CrowdStrike's vastly larger engineering and go-to-market resources. The three-to-five year competitive durability of Silverfort's agentless moat is a key diligence question.[CP025, CP028, CP029, CP030, CP031, CP032]

3.6 Exhibits

4.1 Revenue Model, Pricing, and Revenue Mix

Silverfort monetizes through a per-user/per-identity annual SaaS subscription for its unified identity protection platform. The primary SKUs are (1) the core Silverfort platform covering MFA enforcement, identity threat detection, and policy management for human identities; (2) the Non-Human Identity (NHI) protection module for service accounts and machine identities, now expanded via the Rezonate acquisition to cover cloud service principals in AWS, Azure, and GCP; and (3) professional services for deployment, integration, and ongoing customer success. The company-claimed ARR growth rate of 100% YoY was disclosed in January 2024; any subsequent ARR or growth-rate figures have not been publicly released. At an estimated entry price of $100K–$500K ARR per enterprise deployment (see Chapter 3), and with 1,000+ enterprise customer count disclosed in company materials, total ARR is plausibly $100M–$200M if average contract values exceed $100K — but the customer count × ACV calculation is highly sensitive to ACV assumptions. Revenue recognition is subscription-based SaaS, with multi-year contracts (typically 1–3 years) common in enterprise security. This creates predictable deferred revenue liabilities but also strong renewal visibility. Professional services revenue is estimated at 5–15% of total revenue based on comparable enterprise security vendors (CyberArk's reported PS mix was ~10–12% in FY2024). Silverfort's software-only delivery model (no hardware, no agent infrastructure to distribute) supports high incremental margins on additional seats and NHI coverage expansions. The addition of Rezonate's cloud NHI capability in late 2024 adds a new TAM segment without requiring structural changes to the core SaaS delivery model. Channel economics: Silverfort distributes through a combination of direct enterprise sales (estimated >70% of ARR) and a growing MSSP/reseller channel. The MSSP channel is strategically important for mid-market coverage and reduces CAC for sub-$100K ACV deals. Howard Greenfield, appointed President and CRO in June 2025, is specifically focused on channel partner acceleration. Silverfort also lists its platform on cloud marketplaces (AWS Marketplace, Microsoft Azure Marketplace), which reduce procurement friction in accounts with existing cloud commit.[CI001, CI002, CI003, CI004, CI005, CI006]

4.2 GTM Motion and Sales Efficiency Proxies

Silverfort's primary GTM motion is a direct enterprise sales model with typical 6–12-month sales cycles targeting Fortune 500 and Global 2000 companies. The average deal is championed by a CISO or VP of Identity/Security, with budget typically drawn from the identity security or SIEM/SOC budget. Enterprise sales cycles in this market are characterized by proof-of-concept deployments, active displacement of incumbent tools, and board/CFO budget approval for new platform categories. Key sales efficiency proxies (estimated from comparable enterprise identity SaaS vendors): Customer Acquisition Cost (CAC) is not publicly disclosed. Based on CyberArk's reported sales and marketing expense ratio (~45% of revenue) and comparable company benchmarks from Okta and SentinelOne, enterprise identity security vendors typically spend $0.80–$1.50 to acquire $1 of first-year ARR. At estimated $100M+ ARR, Silverfort's annualized S&M spend is likely in the $50–80M range, implying a sales efficiency ratio of approximately 1.0–1.5x. CAC payback at 80%+ gross margins would be approximately 12–20 months — within the 24-month window considered efficient for enterprise SaaS. Sales cycle and expansion dynamics: Silverfort's agentless architecture creates a land-and-expand opportunity: initial deployments protect human identity authentication, with subsequent expansions adding NHI protection modules, extending to more domains, or adding the Rezonate cloud-NHI capability. This expansion motion is a natural upsell that does not require re-competing for budget but extends the platform footprint. Net Revenue Retention (NRR) is the key metric for validating this expansion model but has not been publicly disclosed. Comparable enterprise identity security vendors (CyberArk: est. 115-120% NRR, Okta Enterprise: reported 120%+ NRR) suggest Silverfort's target NRR is 110–125% in an effective expansion motion.[CI007, CI008, CI009, CI010, CI011]

4.3 Cost Structure, Gross Margin, and Working Capital

Silverfort's cost structure is consistent with a software-only enterprise SaaS business. Cost of revenue (COGS) consists primarily of cloud infrastructure hosting costs, customer success personnel, and professional services delivery costs. Based on comparable vendors, gross margins are estimated at 78–85%: software subscription gross margins are typically 85–90%, blended down by professional services (30–50% gross margin). CyberArk reported subscription gross margins of 88% in FY2024; Silverfort's margin profile should be broadly comparable given similar software-only delivery with no hardware or agent infrastructure. Operating expenses: R&D investment is critical for Silverfort given the pace of competitive innovation from CrowdStrike and Microsoft. Based on 600+ employees and typical SaaS R&D headcount ratios (~30–40% of headcount in engineering), Silverfort likely employs 180–250 engineers. At Israeli engineering market compensation ($100–150K fully-loaded) and US leadership team costs, total R&D spend is estimated at $40–70M annually. Sales and marketing is the largest operating expense category for a scaling SaaS vendor; at the 45% of revenue benchmark, S&M would be approximately $45–90M at $100–200M ARR. G&A at ~10–12% of revenue adds $10–20M. Total operating expense is estimated at $100–180M annually, implying an operating loss (pre-stock-based compensation) of approximately $25–80M per year depending on ARR. Working capital and capital intensity are low: Silverfort collects subscriptions annually (or multi-year prepayments), creating favorable deferred revenue dynamics. Capex is minimal (software company with cloud-hosted infrastructure). The Rezonate acquisition in late 2024 introduced integration costs and potentially increased headcount, though the deal consideration was not disclosed. The primary financial flexibility risk is that Silverfort is burning cash to grow and depends on investor capital to fund operations until profitability.[CI012, CI013, CI014, CI015, CI016, CI017]

4.4 Public Traction Metrics and Financial Disclosure Gaps

Silverfort's public financial disclosures are severely limited. As a private Israeli-American company, Silverfort has no obligation to file financial statements publicly. The only ARR-related disclosure on record is the January 2024 Series D announcement in which the company stated it was generating "tens of millions" in ARR growing 100% YoY. This disclosure is now 16+ months stale as of May 2026. At the disclosed 100% growth rate sustained through 2024, extrapolated ARR would reach $80–160M by January 2025 — and, at plausible deceleration to 40–60% growth in 2025–2026, approximately $110–250M by May 2026. These extrapolations carry wide uncertainty bands and should be treated as directional only. Non-financial traction signals are available: 1,000+ enterprise customers (company-disclosed), 600+ employees (LinkedIn), and the company's January 2024 claim that it serves customers in Fortune 500 and critical infrastructure sectors. The Rezonate acquisition (undisclosed consideration) closed in late 2024, adding cloud-native NHI capabilities and presumably some incremental ARR from Rezonate's existing customer base (a small company by Series A stage). Howard Greenfield was appointed President/CRO in June 2025, signaling active GTM investment and potentially accelerating channel partner revenue. Adverse signal: The combination of a $1B valuation mark (from January 2024 Series D), 16-month-stale ARR disclosures, and no post-Series D financial updates creates a significant valuation opacity problem for any investor or acquirer performing diligence as of May 2026. At industry-standard enterprise identity SaaS revenue multiples of 10–20x ARR, the $1B valuation requires $50–100M ARR — achievable at the disclosed "tens of millions" floor — but the multiple paid at Series D implies a growth premium that is not independently verifiable without a data room.[CI018, CI019, CI020, CI021, CI022, CI023]

4.5 Capital Adequacy, Runway, and Financing Dependency

Silverfort raised $116M in its Series D in January 2024, led by Brighton Park Capital at approximately a $1B valuation. Total capital raised since founding is $222M. Based on the round history (see Company Overview chapter for full chronology), earlier rounds totaling $106M were completed between 2018 and 2022. The current financing reflects growth-stage capital deployment focused on GTM expansion into the US market, MSSP channel development, and R&D investment in NHI/cloud identity capabilities. Runway assessment: At estimated monthly net cash burn of $3–8M per month (derived from comparable enterprise identity SaaS companies at similar ARR scale and growth rate), the $116M Series D proceeds imply a gross runway of 14–38 months from January 2024, or approximately October 2025 to March 2027 as of the fundraise date. With 16 months elapsed since the Series D close (January 2024 to May 2026), net remaining runway is estimated at 0–22 months — meaning Silverfort is either currently fundraising its Series E, has already closed an undisclosed bridge or Series E, or has reached cash-flow near-breakeven through ARR growth. The absence of any public fundraising announcement through May 2026 is notable: either the company is disciplined in burn management (approaching profitability) or is in a pre-announcement Series E process. The Rezonate acquisition (late 2024) consumed some of the Series D capital but amount is not disclosed; if the consideration was cash-plus-stock at typical early-stage acquisition levels ($10–30M range), this reduces estimated runway by approximately 2–4 months. Brighton Park Capital's portfolio construction and prior exits suggest it supports 18–36 month funding windows before the next financing event; a Series E at $200–400M post-money is plausible in 2026–2027 if ARR growth and NRR metrics support it. Capital adequacy is the most urgent financial diligence question for any investor considering a position as of May 2026.[CI024, CI025, CI026, CI027, CI028, CI029]

4.6 Financial Verdict — Revenue Quality, Margin Path, and Diligence Blockers

Silverfort's revenue quality is assessed as good structurally but unverifiable in practice. The SaaS subscription model, enterprise customer base, and multi-year contract structure are all markers of high-quality recurring revenue. The agentless architecture creates installation-depth switching costs that support renewal rates. However, no actual revenue quality data — deferred revenue, churn, NRR, gross margin — has been publicly disclosed, making revenue quality an inference rather than an established fact. Margin path is plausible but uncertain. The software-only delivery model supports 80%+ gross margins at scale. Operating leverage is achievable if ARR grows faster than headcount and S&M spend. The primary path to cash-flow breakeven is expanding NRR with the NHI product while moderating headcount growth — achievable in 18–36 months if the market environment supports it. The key risk is that competitive pressure from free (MDI) and bundled (CrowdStrike) alternatives compresses pricing and increases sales cycle length, requiring higher S&M spend per dollar of ARR. Diligence blockers: Five questions must be answered from investor data room access before any financial underwriting is possible: (1) actual ARR and ARR growth rate as of the most recent quarter; (2) NRR and gross logo churn to validate switching cost moat; (3) gross margin by product line (platform vs. NHI vs. PS); (4) remaining cash balance and monthly net burn to assess runway; and (5) post-Rezonate integration status, incremental ARR from Rezonate, and total consideration paid. Without these five inputs, the $1B valuation mark from January 2024 cannot be evaluated against current business performance.[CI031, CI032, CI033, CI034, CI035, CI036]

4.7 Exhibits

5.1 Runtime Access Protection (RAP) Architecture

Silverfort's core architectural innovation is Runtime Access Protection (RAP), a technology that operates as an inline proxy within the organization's existing IAM infrastructure. Unlike agent-based identity security tools that require software installation on each endpoint, RAP connects directly to the domain controllers, LDAP servers, and RADIUS infrastructure as a proxying layer, receiving a copy of every authentication request — Kerberos tickets, NTLM challenges, LDAP bind requests, RADIUS packets, and RDP/SMB sessions — and enforcing policy decisions before the authentication completes. The enforcement mechanism is inline: Silverfort can approve, challenge (trigger MFA), or block any authentication in real time before the domain controller responds to the client. The architectural premise is that Active Directory domain controllers and RADIUS servers receive all authentication requests for on-premises Windows environments, making the domain controller a natural interception point. Silverfort installs a lightweight forwarder on the domain controller (distinct from an endpoint agent) that proxies authentication packets to the Silverfort policy engine. The policy engine applies risk scoring, behavioral baselines, and policy rules, then returns a decision to the forwarder within milliseconds. This approach means that any device, service account, or application that authenticates via AD — including legacy systems, OT equipment, manufacturing PLCs, and applications that cannot accept MFA agents — is automatically covered without any modification to those systems. The cloud delivery model uses a hybrid architecture: the Silverfort SaaS tenant handles policy management and telemetry aggregation, while the domain controller forwarder handles the authentication interception locally to avoid latency and single-point-of-failure risk. Status monitoring is provided at status.silverfort.com, which reports 99.999% uptime for the core MFA Service (CMS) and Azure Service Bus integration (MMS), consistent with enterprise-grade availability requirements. The RAP architecture is Silverfort's primary technical differentiation and is the foundation on which all platform modules are built.[CE001, CE002, CE003, CE004, CE005, CE006]

5.2 Platform Modules: Universal MFA, NHI, ITDR, PAM Gateway, Cloud NHI

The Silverfort platform consists of five primary capability modules delivered from a unified SaaS tenant and on-premises forwarder stack. Module 1: Universal MFA — extends multi-factor authentication to every identity and resource in the AD environment, including systems and protocols (NTLM, Kerberos, LDAP, RDP, SMB, RADIUS) that cannot be protected by conventional agent-based MFA tools. The key differentiator is coverage breadth: organizations with mainframes, legacy ERP systems, manufacturing OT, and bespoke on-prem applications that cannot support MFA agents can protect these systems via RAP without any modification. Silverfort integrates with existing MFA providers (Microsoft Authenticator, Duo, Okta Verify) as the verification layer, making it an extension of rather than a replacement for enterprise MFA infrastructure. Module 2: Non-Human Identity (NHI) Protection — Silverfort auto-discovers all service accounts in the AD environment, maps their authentication behaviors, and enforces policy to detect and block deviations. Service accounts typically cannot be enrolled in MFA and often have excessive privileges; Silverfort uses behavioral baselines to create "virtual fences" that alert or block when a service account authenticates from an unexpected source, destination, or protocol. The company estimates 60–80% of enterprise identities are non-human, making NHI the largest identity risk vector. Module 3: ITDR (Identity Threat Detection and Response) — applies ML-based anomaly detection to authentication telemetry to identify lateral movement, Pass-the-Hash, Kerberoasting, Golden Ticket attacks, and other identity-based TTPs in real time. The ITDR module generates alerts for SIEM integration and can trigger automated MFA challenges or account blocks. Module 4: PAM Gateway — Silverfort provides privileged access management features including just-in-time (JIT) privileged access, session monitoring initiation, and policy enforcement for privileged accounts, but does NOT include a native credential vault. Organizations needing vaulting must continue using CyberArk, BeyondTrust, or Delinea; Silverfort's PAM gateway complements rather than replaces dedicated PAM vault solutions. Module 5: Cloud NHI (post-Rezonate acquisition, late 2024) — extends NHI protection to cloud environments (AWS IAM, Azure Entra ID service principals, GCP service accounts, SaaS application OAuth credentials), cloud IdPs, and hybrid environments. The Rezonate technology adds ISPM (Identity Security Posture Management), entitlement management, and cloud ITDR capabilities to Silverfort's on-prem-first platform.[CE007, CE008, CE009, CE010, CE011, CE012]

5.3 Deployment Model, Integrations, and Operational Requirements

Silverfort's deployment model is hybrid SaaS: a cloud-hosted policy engine and management console combined with lightweight on-premises forwarders installed on domain controllers and RADIUS infrastructure. Deployment does not require endpoint agents, firewall changes, or modifications to protected systems — the only infrastructure change is installing the DC forwarder (a Windows service) on domain controllers. This is a significant operational advantage: enterprise organizations with hundreds or thousands of domain controllers can deploy Silverfort without change management processes for protected systems, reducing the time-to-coverage from months (for agent-based tools) to days or weeks. Integration ecosystem covers three tiers: (1) authentication infrastructure — Active Directory (all versions from 2003+), Azure AD/Microsoft Entra ID, LDAP directories, RADIUS servers, Kerberos KDCs; (2) security stack — SIEM integration (Splunk, Microsoft Sentinel, QRadar, LogRhythm) via syslog/API, PAM platforms (CyberArk, BeyondTrust, Delinea) for privileged account correlation, SOAR platforms for automated response, and EDR/XDR platforms for enrichment signal; (3) cloud identity — Microsoft Entra ID (Azure AD), Okta, Ping Identity, ForgeRock for cloud IdP correlation and policy extension. The Rezonate acquisition adds coverage for AWS IAM, GCP IAM, and SaaS application identity providers. The operational footprint is low compared to agent-based alternatives: no endpoint agents, no hardware appliances, no separate database for credential storage. The primary operational dependencies are the domain controller forwarders and internet connectivity to the Silverfort cloud tenant. High availability is achieved through domain controller redundancy (multiple DCs in each site) and the Silverfort SaaS tenant's geo-distributed architecture. The status page shows 99.999% uptime for core MFA services. The absence of a native credential vault means Silverfort does not create privileged credential management risk but also cannot support use cases that require checked-out credentials or session recording natively.[CE014, CE015, CE016, CE017, CE018]

5.4 Technology Differentiation, IP, and Competitive Moat

Silverfort's primary technology differentiation rests on three pillars. First, protocol-level interception: by operating at the Kerberos/NTLM/LDAP/RADIUS protocol layer rather than at the OS or application layer, Silverfort achieves universal coverage including systems where agent installation is impossible (legacy systems, OT, embedded devices, third-party SaaS). Competitors like CrowdStrike Identity Protection and Microsoft MDI operate as LDAP/Kerberos passive monitors (not inline enforcement), giving them detection but not prevention capability at the same scope. CyberArk and BeyondTrust require an agent or credential vault to protect privileged accounts. No competitor provides inline MFA enforcement for legacy Kerberos and NTLM protocols at enterprise scale without agents. Second, NHI behavioral baselines: Silverfort's service account discovery and behavioral profiling system is the most mature in the market by analyst assessment, with the ability to auto-discover, map, and enforce policy on service accounts without disruption to automation workflows. The "virtual fence" model (blocking deviations from established access patterns) is operationally superior to rule-based approaches that require manual policy configuration. Third, the agentless architecture creates deep installation-depth switching costs: once Silverfort's forwarders are integrated with an organization's DC infrastructure and MFA policies are configured across hundreds of applications and systems, ripping-and-replacing would require re-enumeration of every authentication path. This is a 6–18 month switching effort at large enterprises. IP strategy: A search of Google Patents for patents assigned to Silverfort returns no results as of May 2026. The company appears to rely on trade secrets and implementation know-how rather than patent protection for its RAP technology. This is a potential IP risk if a well-resourced competitor (Microsoft, CrowdStrike, or CyberArk) reverse-engineers and replicates the protocol interception approach, as there is no patent barrier to entry. The moat is practical rather than legal: the difficulty of building equivalent protocol-level coverage with enterprise reliability, and the switching costs from deep integration in production AD environments.[CE019, CE020, CE021, CE022, CE023, CE024]

5.5 Trust, Compliance, Roadmap, and Technical Risks

Trust and compliance posture: Silverfort operates a status page (status.silverfort.com) with real-time uptime metrics and has achieved 99.999% reported uptime for its core MFA service. Security certifications are not publicly disclosed on the Silverfort website; the company does not publicly claim SOC 2 Type II, ISO 27001, or FedRAMP authorization as of May 2026 — a gap for enterprise procurement teams evaluating regulated-industry deployments. Competitors CyberArk and Okta prominently display FedRAMP High certification, which is a prerequisite for US federal deployments. If Silverfort lacks FedRAMP authorization, its addressable market within US federal civilian and DoD environments is limited. Roadmap: The Rezonate acquisition announcement stated a target to "finish integrating Rezonate's technology into our unified platform in mid-2025." As of May 2026, the integration status is unknown from public sources. Silverfort's homepage references coverage for "AI agents" among the identity types it protects, suggesting the platform is extending NHI capabilities to AI agent identities (OAuth tokens, API keys, service accounts created by AI orchestration platforms) — an emerging use case as enterprises deploy AI agent frameworks (Microsoft Copilot, LangChain agents, Salesforce AgentForce) that create machine identity risk. Technical risks: (1) RAP proxy failure modes — if the Silverfort forwarder fails on a domain controller, authentication fallback behavior determines whether users are locked out or bypass security controls; this fail-open vs. fail-close configuration is critical but not publicly documented. (2) Microsoft MDI expansion — Microsoft's Defender for Identity product covers Kerberos/NTLM threat detection (the same protocol layer) and is delivered free with Microsoft 365 E5 licenses; continued MDI feature expansion reduces the ITDR differentiation for Microsoft-invested enterprises. (3) No public developer API or SDK means Silverfort cannot be integrated by customers through self-service; all integration work requires Silverfort professional services or supported connectors. (4) No public GitHub repository or developer community (0 HN threads referencing Silverfort, no StackOverflow tag) indicates the product is positioned as a vendor-managed security appliance rather than a developer-extensible platform.[CE025, CE026, CE027, CE028, CE029, CE030]

5.6 Exhibits

6.1 Customer Base Profile and Scale

Silverfort publicly claims "1,000+ organizations" as of 2025–2026, a figure corroborated by the company's LinkedIn presence (629 employees, 44,086 followers), investor communications at the Series D close, and consistent messaging across the company website, partner materials, and third-party analyst coverage. Several Fortune 50 companies are cited as customers, with financial services, healthcare, and government identified as the primary verticals. The 1,000-customer threshold was reportedly crossed ahead of the $116M Series D in May 2023, suggesting that by mid-2026 the actual installed base may meaningfully exceed 1,000. Public review platforms provide limited but positive signals: TrustRadius records a 9.3/10 rating from 3 enterprise reviewers; GetApp lists an overall 4.5/5 score; PeerSpot reviews emphasize healthcare and financial services deployments. Review volume is low relative to the stated customer count, which is typical for security vendors selling through enterprise procurement and NDA-constrained deployments. The company does not publish a customer list, case study library with named accounts, or geographic breakdown, which limits corroboration of the headline claim. The market coverage is primarily North America and Western Europe based on partner ecosystem geography and conference presence. Silverfort's website highlights its cyber insurance channel partners (Resilience, Coalition) and MSSP program as secondary vectors reaching mid-market customers who cannot justify a direct enterprise sales engagement.

6.2 Adoption Trajectory and Growth Evidence

The clearest public signal of adoption trajectory is the 100% year-over-year ARR growth cited in investor communications around the Series D in May 2023. This growth rate, if sustained, would imply an ARR range of $40–90M by mid-2025 based on plausible starting points, though Silverfort does not disclose ARR publicly. The $116M Series D at a reported $1B+ valuation (Calcalist, May 2023) is consistent with a company at 10–15x ARR multiple, typical for high-growth identity security vendors in that period. Headcount grew from roughly 300 employees pre-Series D to 629 on LinkedIn as of May 2026, suggesting continued investment in go-to-market and R&D capacity. The Rezonate acquisition (late 2024) expanded the platform into cloud NHI, indicating confidence in near-term cross-sell capacity to the existing base. Partner channel activation — particularly the MSSP program and cyber insurance integrations — provides a structural growth multiplier that reduces CAC for mid-market accounts. The absence of a Series E or IPO filing as of mid-2026 may indicate either organic sufficiency of current capital, exploratory M&A positioning, or extended diligence by potential acquirers (Microsoft, CrowdStrike, and Palo Alto Networks are frequently cited as strategic acquirers in identity security). No public pipeline metrics, win rates, or sales cycle length data are available.

6.3 Named Customer Proof and Vertical Depth

Silverfort does not publish a named customer list, but third-party review platforms and analyst citations provide partial evidence. PeerSpot reviewers identify financial services firms, healthcare networks, and manufacturing companies as deployers. TrustRadius reviews reference enterprise-scale deployments protecting 10,000+ user environments. The company's website partner pages cite Resilience and Coalition (cyber insurance underwriters) as channel partners, implying endorsement by risk-quantification specialists who have validated the product's protection claims in underwriting contexts. The Cyber Defense Magazine Gold Award (2024) and the company's consistent appearance on Gartner's Magic Quadrant for Access Management and identity threat detection reports provide analyst-tier validation. SCWorld and VentureBeat have covered Silverfort as a named vendor in identity security roundups, lending third-party editorial credibility. The company's MSSPAlert presence confirms that managed service providers sell and deploy Silverfort as part of managed identity security bundles for mid-market and regulated industries. Fortune 50 customer claims remain unverifiable from public sources — no press releases name specific accounts. Diligence path: request reference customer contacts from the company's sales team; review contract terms and renewal history in the data room.

6.4 Retention Durability and Switching Costs

Silverfort's retention dynamics are structurally favorable due to deep Active Directory integration. The platform is deployed as an inline proxy on domain controllers — replacing or removing it requires re-architecting the organization's authentication flow, testing NTLM and Kerberos policy continuity, and potentially leaving legacy systems unprotected during transition. This creates a switching cost profile comparable to PAM vaults and directory services rather than cloud-native SaaS tools. Customers who have extended MFA to legacy protocols, service accounts, and OT systems through Silverfort face a particularly high switching cost because no direct competitor offers equivalent agentless coverage at scale. TrustRadius and PeerSpot reviewers consistently cite "seamless integration with existing AD" and "no agents required" as reasons for continued use. No public NPS score, gross retention rate, or net revenue retention figure is available. The absence of public churn data is typical for private enterprise security vendors but limits diligence confidence. Adverse signals: one G2 review (archived, 2022) criticizes pricing opacity and contract flexibility, suggesting that early-stage renewal negotiations may be contentious. PeerSpot reviewers note that initial setup requires significant professional services engagement, which implies implementation investment that further cements retention but may slow initial deployment cycles.

6.5 Expansion Economics and Concentration Risk

Silverfort's platform architecture creates natural expansion vectors: new modules (NHI, cloud NHI via Rezonate, ITDR) can be activated on the existing AD connector infrastructure without new agents or deployment projects. Each new module represents an upsell opportunity for the existing account team. The MSSP channel provides a land-and-expand path for mid-market accounts, where initial deployments covering core AD MFA can grow to include service account protection and cloud NHI as organizations mature their identity security posture. The cyber insurance channel (Resilience, Coalition) creates a unique expansion dynamic: insurers who recommend Silverfort as a risk mitigation measure may require or incentivize broader platform adoption at renewal. Concentration risk is a structural concern for a 1,000+ customer company that grew to scale primarily through enterprise sales: it is common for the top 20 accounts to represent 30–50% of ARR, and loss of a single Fortune 50 account could materially impact reported growth. No public concentration data is available. The Rezonate integration adds cloud NHI as a cross-sell vector, but integration maturity as of mid-2026 is unclear and may limit near-term upsell capacity. Total addressable expansion per account is high — identity security platform vendors typically target $500K–$3M ACV for Fortune 500 deployments — but actual ACV data for Silverfort is not publicly disclosed.

6.6 Exhibits

7.1 Geopolitical, Legal, and Regulatory Risks

Silverfort is headquartered in Tel Aviv, Israel, with its core R&D organization concentrated in-country. The ongoing regional conflict (2023–present) creates three distinct risk dimensions: (1) physical security and operational continuity of the Israeli R&D team; (2) talent retention and recruitment in a conflict-adjacent environment; and (3) US government scrutiny of Israeli-origin dual-use cybersecurity technology under export control frameworks (EAR/ITAR adjacent). Silverfort's platform intercepts authentication traffic at the enterprise network layer — a capability that, in the wrong hands or under the wrong ownership, could be used for surveillance or credential harvesting. This creates export licensing complexity for sales to US federal agencies and Five Eyes governments. The company's privacy policy acknowledges GDPR applicability for EU-based customers, but data residency obligations under Article 46 GDPR for authentication telemetry processed by an Israeli SaaS vendor are not publicly addressed. The SEC's 2023 cybersecurity disclosure rule (33-11216) requires Silverfort's US public company customers to disclose material cybersecurity incidents within four business days — creating both a market opportunity (compliance urgency) and a liability (Silverfort as a potential named vendor in customer incident disclosures). NIST SP 800-207 (Zero Trust Architecture) and CISA's Zero Trust Maturity Model both reinforce identity segmentation requirements, creating a favorable regulatory tailwind that is partially offset by the compliance complexity of deploying Israeli-origin identity infrastructure in highly regulated verticals.

7.2 Competitive Displacement Risk

The most material single risk to Silverfort's growth trajectory is Microsoft's continued expansion of Entra ID Protection (formerly Azure AD Identity Protection) and Microsoft Defender for Identity (MDI) into the Kerberos/NTLM legacy protocol enforcement space. Microsoft controls Active Directory and has the engineering resources, distribution scale, and customer relationship proximity to deploy native identity enforcement features that would eliminate Silverfort's core value proposition at zero marginal cost for Microsoft 365 E5 licensed enterprises. As of mid-2026, Microsoft MDI can detect Kerberos-based attacks (Pass-the-Ticket, Golden Ticket) but does not enforce inline policy decisions — the distinction between detection and enforcement is Silverfort's primary moat. If Microsoft closes this gap, Silverfort's differentiation collapses for existing AD environments. CrowdStrike Falcon Identity Threat Protection (ITP) offers endpoint-agent-based identity telemetry and lateral movement detection, competing directly with Silverfort's ITDR module. CrowdStrike's bundling with Falcon Complete creates a strong consolidation argument for security buyers who already run CrowdStrike EDR. CyberArk's Privileged Access Manager competes in the PAM space where Silverfort's vaultless PAM positions. The PAM market is undergoing consolidation — CyberArk acquired Venafi (machine identity) in 2024 and continues to extend its platform. The Gartner ITDR category, if it consolidates around one or two primary vendors, could squeeze standalone ITDR vendors like Silverfort's ITDR module. Net assessment: Microsoft displacement risk is high severity, medium probability over a 3–5 year horizon; CrowdStrike bundling risk is medium severity, medium probability.

7.3 Operational and Technical Risks

Silverfort's Runtime Access Protection (RAP) architecture deploys as an inline proxy on Active Directory domain controllers. This creates a single-pane-of-glass availability dependency: if Silverfort's proxy layer fails, all authentication requests that pass through it are at risk of being dropped or defaulting to fail-open behavior. In fail-open mode (authentication passes without policy enforcement), the security posture collapses silently. In fail-close mode (authentication blocked on proxy failure), the entire enterprise authentication infrastructure can be disrupted. The status page at status.silverfort.com provides incident transparency, but historical incident logs and SLA data are not publicly available. The platform's attack surface is significant — a vulnerability in Silverfort's authentication proxy could allow an attacker to intercept or manipulate Kerberos tickets, NTLM challenges, or LDAP bind requests at scale. No CVEs have been publicly assigned to Silverfort's products in major vulnerability databases as of mid-2026, but the absence of CVEs may reflect youth of the product rather than absence of vulnerabilities. The Rezonate acquisition (late 2024) introduced new cloud NHI code that has not yet completed a full security audit cycle. Implementation complexity is an operational risk: PeerSpot reviewers consistently note that initial deployment requires significant professional services engagement, and poorly executed deployments could create authentication gaps during transition. The docs.silverfort.com platform provides technical documentation, but the depth and completeness of HA/failover configuration guidance is not independently verifiable.

7.4 Financial and Concentration Risks

Silverfort raised $116M in Series D in May 2023, reportedly achieving unicorn status at $1B+ valuation. As of mid-2026, no Series E filing, bridge round, or IPO announcement has been publicly disclosed. At typical growth-stage burn rates for a 629-employee identity security company (estimated $35–60M annual burn), the $116M Series D provides approximately 2–3 years of runway from close — implying potential need for additional capital in H2 2025 or H1 2026 if ARR growth has not reached cash-flow break-even. The macroeconomic environment for enterprise SaaS growth funding tightened significantly in 2023–2025, with valuation multiples compressing from 20–30x ARR (2021) to 8–12x ARR (2025). A forced down-round or bridge extension would reduce employee incentive alignment and create customer confidence risk in an enterprise security sale. Customer concentration is a structural risk that cannot be verified from public data: for a 1,000-customer company with strong Fortune 500 penetration, it is industry-standard for the top 10 accounts to represent 25–40% of ARR. Loss of one Fortune 50 account could reduce reported growth rate by 5–15 percentage points. The company's investor base includes Insight Partners (growth-stage PE/VC with active portfolio management), Fort Ross Ventures, and additional institutional investors from the Series D — none of which are sovereign wealth funds or strategic investors who would create ownership-conflict concerns for US government sales.

7.5 People, Governance, and Key-Person Risks

Hed Kovetz (CEO), Matan Fattal (VP R&D), and Yaron Kassner (CTO) are the three co-founders with sustained public visibility through conference talks, media interviews, and technical blogs. Kovetz in particular is the primary public spokesperson, investor-relations contact, and customer trust anchor. If Kovetz departed, the near-term impact on enterprise pipeline and investor confidence would be material. The company appointed Howard Greenfield as President and Chief Revenue Officer in late 2024, suggesting effort to distribute commercial leadership beyond the founding team — a positive governance signal. The 629-employee headcount is predominantly concentrated in Israel (engineering, R&D) with US go-to-market. Regional conflict risk could disrupt the Israeli workforce disproportionately compared to companies with distributed R&D. The board composition is not publicly disclosed with director names — this is typical for private companies but limits governance diligence. No litigation, regulatory action, or whistleblower filing involving Silverfort has been identified in public sources, a clean record consistent with a company at this stage. The IP strategy relies entirely on trade secrets rather than patents — this creates a retention dependency where departure of key engineers (protocol-level AD experts) would erode the technical moat more rapidly than at a patent-protected competitor.

7.6 Exhibits

8.1 Investment Thesis and Anti-Thesis

The bull thesis for Silverfort rests on three pillars. First, the company occupies a structurally differentiated position: its agentless, proxy-based MFA and identity-threat detection layer works across on-premises Active Directory, legacy systems, and cloud without agent installation, solving a problem that agent-based competitors such as CyberArk and Delinea cannot address without substantial custom integration. Second, identity security is one of the highest-conviction spending categories in enterprise cybersecurity: IDC forecasts cumulative identity-security outlays exceeding $21 billion annually by 2028, and the PAM/ITAM segment grew 22% in 2024 per GlobeNewswire market data. Third, the 2023 Series D at $1.5 billion post-money was led by reputable growth investors, signaling credible institutional validation. The anti-thesis is equally significant. Microsoft Entra ID—bundled inside Microsoft 365 E5 at zero marginal cost to existing enterprise licensees—directly attacks Silverfort's conditional-access and identity-protection use cases. If Microsoft's bundling strategy accelerates, Silverfort's addressable installed base shrinks materially. Additionally, CyberArk's 2024 acquisition of Venafi and its expanding CIEM and workforce-access suite signal aggressive platform consolidation that may commoditize stand-alone ITDR. Silverfort has not disclosed ARR, NRR, or GAAP burn, making independent verification of growth and capital efficiency impossible without further diligence. Finally, the Israeli headquarters creates export-compliance and geopolitical risk that could impede global enterprise sales cycles, particularly in regulated industries and government procurement.

8.2 Recommendation and Financing Context

We assign a CONDITIONAL BUY with a MEDIUM-HIGH confidence level and a HIGH risk rating at the current Series D price. Entry discipline is essential: the $1.5 billion post-money valuation represents approximately 5–7× estimated ARR ($115M–$135M range), which is defensible only if ARR growth remains above 35% annually and NRR stays above 110%. At a secondary-market or late-Series-D entry at a 20–25% discount to headline ($1.1–1.2B effective entry), the return profile improves significantly. Dilution risk from any Series E or M&A consideration must be modeled carefully: with $116 million raised in the D round, assumed total cumulative funding of ~$240 million, and likely 1.5–2.0× liquidation preference on the latest rounds, the common-equity waterfall narrows in a compressed exit. The financing mix is entirely private growth equity with no public data anchor. Tracxn and CBInsights profile data corroborate the funding rounds but cannot substitute for board-approved financial statements. Israel-based venture capital (including Zeev Ventures and Fort Ross Ventures as disclosed investors) adds geopolitical concentration to a portfolio that must be managed explicitly.

8.3 Comparable Valuation Analysis

The most relevant public comparables are CyberArk Software (CYBR), SentinelOne (S), and Okta (OKTA). CyberArk is the closest pure-play PAM/identity-security analog: it reported $1.06 billion in subscription ARR for fiscal 2024, with an enterprise value of approximately $12 billion as of May 2025, implying an EV/NTM-revenue multiple of roughly 10–12×. SentinelOne competes on the endpoint-and-identity convergence axis; its EV/NTM-revenue multiple has compressed from 20× in 2022 to roughly 7–10× in 2025, reflecting slowing growth from 100%+ to the 20%–30% range. Okta, at $2.26 billion in FY2025 revenue, trades at approximately 7–9× NTM revenue and provides a ceiling benchmark for mature identity-cloud players. Private precedent transactions include Delinea (Francisco Partners consolidation at undisclosed multiple but estimated ~$900M–1.2B for ~$120M ARR, implying ~7–10×) and the CyberArk/Venafi acquisition in 2024 at $1.54 billion, which market observers interpreted as roughly 8–10× ARR. For Silverfort at an estimated $115M ARR and a current post-money of $1.5 billion, the implied multiple of ~13× sits at a premium to the public-comp median and must be justified by higher growth, the uniqueness of the agentless architecture, or embedded M&A optionality.

8.4 Bull, Base, and Bear Scenarios

Bull scenario (25% probability signal): ARR reaches $200M+ by end of FY2026 driven by accelerated MSSP channel growth and government/defense wins outside the Microsoft-heavy commercial sector. NRR exceeds 120% as customers expand from AD-only to cloud/SaaS identity coverage. An M&A exit by a strategic acquirer—most plausibly CrowdStrike, Palo Alto Networks, or a PE sponsor seeking a PAM roll-up—at a 10–12× ARR multiple yields an enterprise value of $2.0–2.5 billion on exit ARR, translating to $2.5–3.5 billion total equity value if the business has scaled. Implied investor return: 2.0–3.0× on Series D capital at a 3–5 year hold. Base scenario (50% probability): ARR grows at 30–35% CAGR, reaching $150M by FY2026 and $250M by FY2028. Exit via IPO or secondary at 6–8× forward ARR yields $1.5–2.0 billion enterprise value. Series D investors achieve roughly 1.0–1.5× on invested capital, modestly positive after dilution from any bridge or Series E. Bear scenario (25% probability): Microsoft Entra ID and CyberArk bundling erode Silverfort's win rate in new logos. ARR growth decelerates to 15–20%. At 4–5× ARR on $130M base, enterprise value compresses to $520–650M, below Series D valuation. Liquidation preferences protect lead investors but common equity and employees see significantly reduced returns. Downside triggers: three consecutive quarters of NRR < 100%, or evidence of Entra ID displacing ≥3 Fortune 500 Silverfort deployments.

8.5 Exit Readiness and Thesis-Break Triggers

Silverfort's exit readiness is assessed as medium. Strategic M&A is the most probable near-term liquidity path: the company's agentless architecture and customer base of 1,000+ enterprises make it an attractive tuck-in for any platform identity or endpoint security consolidator. A stand-alone IPO requires substantiating ARR, NRR, and free-cash flow trajectory at a minimum of $250M ARR—a threshold the company has not yet publicly confirmed reaching. The nearest IPO window is 2027–2028 based on typical Israeli-HQ cybersecurity growth trajectories (cf. CyberArk IPO timeline). Thesis-break triggers requiring immediate diligence escalation: (1) ARR disclosed below $80M or NRR below 105% in FY2025 financials, implying the $1.5B valuation is materially unsupported; (2) Microsoft Entra ID achieves native agentless MFA GA at zero incremental cost—directly eliminating Silverfort's core value proposition for M365 E5 customers; (3) Regulatory action against Silverfort's Israeli operations affecting export licensing or data residency compliance in EU or US federal; (4) Loss of a top-3 enterprise customer due to competitive displacement, as evidenced in customer support forums or public case studies being retracted.

8.6 Exhibits