Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronin Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

#access-management, #agile-software-development, #aws, #bitbucket, #checkmarx, #continuous-integration, #cycode, #devops, #enterprise, #funding, #fundings-exits, #github, #gitlab, #insight-partners, #israel, #jenkins, #recent-funding, #security, #security-tools, #software-development, #software-engineering, #startups, #tc, #united-states, #version-control, #yl-ventures

0

Grip Security raises $6M to improve SaaS security

Many large enterprises now rely on hundreds of third-party SaaS applications to do business, but their security organizations can barely keep pace. Right now, the state of the art for SaaS enterprise security are cloud access security brokers (CASBs) that act as intermediaries between users and the actual service. But they don’t provide the kind of visibility that enterprises want since employees will often route around their IT departments. Tel Aviv-based Grip Security aims to make this a lot easier by providing enterprises with full visibility into their SaaS portfolios through enforceable endpoint-centric access controls and new data governance capabilities that work across devices and locations.

Grip Security today announced that it has raised a $6 million seed round led by cybersecurity-focused YL Ventures, with participation from CrowdStrike CEO and co-founder George Kurtz and a group of other angel investors with deep roots in the cybersecurity industry. These include the likes of former Akamai CSO Andy Ellis, former Zscaler CISO Michael Sutton, former Bank of America Chief Security Scientist Sounil Yu and Amazon Whole Foods CISO Sameer Sait.

Image Credits: Grip Security

“The founding team at Grip Security brings deep technical acumen to disrupt the SaaS security market,” said Ofer Schreiber, partner at YL Ventures. “Grip will not only upend antiquated SaaS security solutions, but they’ll also help enterprises implement much needed automated and granular security for SaaS, the fastest growing segment in information technology.”

Before starting Grip Security, co-founder and CEO Lior Yaari actually spent some time as the CTO of YL Ventures (though he says he still had to go through the firm’s standard vetting procedure to get funding). In that role, he talked to a lot of CISOs, and, again and again, they talked to him about the problems with current SaaS security solutions. Like his co-founders, Idan Fast (CTO) and Alon Shenkler (VP R&D), Yaari also has a deep cybersecurity background. But it was during his time YL Ventures that the idea for Grip Security was born.

“Within YL Ventures, we were always looking for the next interesting sub-market and we knew from our conversation with CISOs  […] that people know SaaS is a problem and they did not like the existing solutions — many of them being CASBs,” Yaari told me. “From this view of an investment team that not only talks with customers but also sees some technical teams that try to solve this problem and then go back and look for other solutions because they didn’t find a good fit within the market, I eventually wanted to do it myself. Last July, I actually told [YL Ventures partner Ofer Schreiber] that if no one solved this until October, I will. That was a joke back then — and then, three or four months later, it became reality. It’s hard to look at hard and interesting problems without trying to solve them.”

Most of the popular CASBs today were founded around 2013 and 2014 and then later acquired by other major players like Microsoft, Cisco and Proofpoint. But Yaari argues that the problems with protecting SaaS today is fundamentally different from those 10 years ago. These solutions, he argues, worked for protecting a dozen applications or so.

The promise of Grip Security is that after a quick installation, enterprises get full visibility into which applications their employees actually use. Yaari wasn’t quite ready to give away the secret sauce of how Grip does this, though. But he noted that this is a non-intrusive solution. “We do not install anything on user devices or corporate networks, but we follow the footprints left by SaaS applications and use this data to identify with extreme accuracy what applications were used.” He noted that Grip Security’s solution travels with the users, no matter which device they use.

Grip Security currently has about 15 employees and plans to use the new funding to build out its platform with additional capabilities, especially around providing access governance and data governance to applications. The plan is to grow to 20 to 25 employees within the next year.

#grip-security, #recent-funding, #saas, #security, #startups, #tc, #yl-ventures

0

Orca Security raises $210M Series C at a unicorn valuation

Orca Security, an Israeli cybersecurity startup that offers an agent-less security platform for protecting cloud-based assets, today announced that it has raised a $210 million Series C round at a $1.2 billion valuation. The round was led by Alphabet’s independent growth fund CapitalG and Redpoint Ventures. Existing investors GGV Capital, ICONIQ Growth and angel syndicate Silicon Valley CISO Investment also participated. YL Ventures, which led Orca’s seed round and participated in previous rounds, is not participating in this round — and it’s worth noting that the firm recently sold its stake in Axonius after that company reached unicorn status.

If all of this sounds familiar, that may be because Orca only raised its $55 million Series B round in December, after it announced its $20.5 million Series A round in May. That’s a lot of funding rounds in a short amount of time, but something we’ve been seeing more often in the last year or so.

Orca Security co-founders Gil Geron (left) and Avi Shua (right). Image Credits: Orca Security

As Orca co-founder and CEO Avi Shua told me, the company is seeing impressive growth and it — and its investors — want to capitalize on this. The company ended last year beating its own forecast from a few months before, which he noted was already aggressive, by more than 50%. Its current slate of customers includes Robinhood, Databricks, Unity, Live Oak Bank, Lemonade and BeyondTrust.

“We are growing at an unprecedented speed,” Shua said. “We were 20-something people last year. We are now closer to a hundred and we are going to double that by the end of the year. And yes, we’re using this funding to accelerate on every front, from dramatically increasing the product organization to add more capabilities to our platform, for post-breach capabilities, for identity access management and many other areas. And, of course, to increase our go-to-market activities.”

Shua argues that most current cloud security tools don’t really work in this new environment. Many, because they are driven by metadata, can only detect a small fraction of the risks, and agent-based solutions may take months to deploy and still not cover a business’ entire cloud estate. The promise of Orca Security is that it can not only cover a company’s entire range of cloud assets but that it is also able to help security teams prioritize the risks they need to focus on. It does so by using what the company calls its “SideScanning” technology, which allows it to map out a company’s entire cloud environment and file systems.

“Almost all tools are essentially just looking at discrete risk trees and not the forest. The risk is not just about how pickable the lock is, it’s also where the lock resides and what’s inside the box. But most tools just look at the issues themselves and prioritize the most pickable lock, ignoring the business impact and exposure — and we change that.”

It’s no secret that there isn’t a lot of love lost between Orca and some of its competitors. Last year, Palo Alto Networks sent Orca Security a sternly worded letter (PDF) to stop it from comparing the two services. Shua was not amused at the time and decided to fight it. “I completely believe there is space in the markets for many vendors, and they’ve created a lot of great products. But I think the thing that simply cannot be overlooked, is a large company that simply tries to silence competition. This is something that I believe is counterproductive to the industry. It tries to harm competition, it’s illegal, it’s unconstitutional. You can’t use lawyers to take your competitors out of the media.”

Currently, though, it doesn’t look like Orca needs to worry too much about the competition. As GGV Capital managing partner Glenn Solomon told me, as the company continues to grow and bring in new customers — and learn from the data it pulls in from them — it is also able to improve its technology.

“Because of the novel technology that Avi and [Orca Security co-founder and CPO] Gil [Geron] have developed — and that Orca is now based on — they see so much. They’re just discovering more and more ways and have more and more plans to continue to expand the value that Orca is going to provide to customers. They sit in a very good spot to be able to continue to leverage information that they have and help DevOps teams and security teams really execute on good hygiene in every imaginable way going forward. I’m super excited about that future.”

As for this funding round, Shua noted that he found CapitalG to be a “huge believer” in this space and an investor that is looking to invest into the company for the long run (and not just trying to make a quick buck). The fact that CapitalG is associated with Alphabet was obviously also a draw.

“Being associated with Alphabet, which is one of the three major cloud providers, allowed us to strengthen the relationship, which is definitely a benefit for Orca,” he said. “During the evaluation, they essentially put Orca in front of the security leadership at Google. Definitely, they’ve done their own very deep due diligence as part of that.”

#alphabet, #analytics, #axonius, #capitalg, #cloud, #cybersecurity-startup, #enterprise, #ggv-capital, #identity-access-management, #orca-security, #recent-funding, #redpoint-ventures, #security, #startups, #tc, #yl-ventures

0

Vulcan Cyber raises $21M Series B for its vulnerability remediation platform

Tel Aviv-based Vulcan Cyber, a cybersecurity startup that helps businesses prioritize and fix security vulnerabilities, today announced that it has raised a $21 million Series B funding round led by Dawn Capital. Wipro Ventures and existing investors YL Ventures and Ten Eleven Ventures also participated in this round. The company says it will use the new funding to roll out new remediation solutions and launch a free risk-based vulnerability management platform under the Vulcan Free monicker.

With this new round, Vulcan Cyber’s total funding to date is now $35 million. The company says it saw 500% growth in annual recurring revenue and new customer account metrics in 2020, with each user typically having between 10 and 100 users on the platform.

Image Credits: Vulcan Cyber

The company’s emphasis has always been on not just warning its customers about potential vulnerabilities but also helping them prioritize them based on the severity of the risk and the threat to a company’s business assets. Security teams, after all, are often overwhelmed by alerts and not every vulnerability a scanner represents is a high-priority risk for a business. The promise of Vulcan Cyber’s platform is that it helps these teams figure out where to best focus their resources.

While the funding is the headline news today, Vulcan’s new free offering is also worth a closer look.

Cybersecurity pros have used open-source vulnerability scanners like Nessus for almost two decades. More recently, vulnerability management programs have used risk-based vulnerability management tools to prioritize scan results to determine specific risk to the business and focus the remediation effort. The scan and prioritize functions are fundamental, necessary elements of any mature remediation program,” Yaniv Bar-Dayan, Vulcan Cyber’s CEO and co-founder said about the new free offering. “But now the industry has a free vulnerability prioritization engine to complement the scanners. This round of funding allows us to provide the Vulcan Free service to the cybersecurity industry to help businesses achieve cyber hygiene. This move shifts the economics of our market and will push CISOs and CIOs to dedicate more budget and resources not just on simple scan and prioritize paper pushing, but on driving actual remediation outcomes. We hope this will help the industry get fix done more effectively.”

With this new free offering, Vulcan’s freemium portfolio now includes Vulcan Free, which provides some of the company’s core prioritization and vulnerability management features, and its existing free vulnerability intelligence database.

#computer-security, #cybersecurity, #cyberwarfare, #data-security, #dawn-capital, #hacking, #recent-funding, #security, #software-testing, #startups, #tc, #tel-aviv, #ten-eleven-ventures, #vulcan-cyber, #vulnerability, #wipro-ventures, #yl-ventures

0

YL Ventures sells its stake in cybersecurity unicorn Axonius for $270M

YL Ventures, the Israel-focused cybersecurity seed fund, today announced that it has sold its stake cybersecurity asset management startup Axonius, which only a week ago announced a $100 million Series D funding round that now values it at around $1.2 billion.

ICONIQ Growth, Alkeon Capital Management, DTCP and Harmony Partners acquired YL Venture’s stake for $270 million. This marks YL’s first return from its third $75 million fund, which it raised in 2017, and the largest return in the firm’s history.

With this sale, the company’s third fund still has six portfolio companies remaining. It closed its fourth fund with $120 million in committed capital in the middle of 2019.

Unlike YL, which focuses on early-stage companies — though it also tends to participate in some later-stage rounds — the investors that are buying its stake specialize in later-stage companies that are often on an IPO path. ICONIQ Growth has invested in the likes of Adyen, CrowdStrike, Datadog and Zoom, for example, and has also regularly partnered with YL Ventures on its later-stage investments.

“The transition from early-stage to late-stage investors just makes sense as we drive toward IPO, and it allows each investor to focus on what they do best,” said Dean Sysman, co-founder and CEO of Axonius. “We appreciate the guidance and support the YL Ventures team has provided during the early stages of our company and we congratulate them on this successful journey.”

To put this sale into perspective for the Silicon Valley- and Tel Aviv-based YL Ventures, it’s worth noting that it currently manages about $300 million. Its current portfolio includes the likes of Orca Security, Hunters and Cycode. This sale is a huge win for the firm.

Its most headline-grabbing exit so far was Twistlock, which was acquired by Palo Alto Networks for $410 million in 2019, but it has also seen exits of its portfolio companies to Microsoft, Proofpoint, CA Technologies and Walmart, among others. The fund participated in Axonius’ $4 million seed round in 2017 up to its $58 Million Series C round a year ago.

It seems like YL Ventures is taking a very pragmatic approach here. It doesn’t specialize in late-stage firms — and until recently, Israeli startups always tended to sell long before they got to a late-stage round anyway. And it can generate a nice — and guaranteed — return for its own investors, too.

“This exit netted $270 million in cash directly to our third fund, which had $75 million total in capital commitments, and this fund still has 6 outstanding portfolio companies remaining,” Yoav Leitersdorf, YL Ventures’ founder and managing partner, told me. “Returning multiple times that fund now with a single exit, with the rest of the portfolio companies still there for the upside is the most responsible — yet highly profitable path — we could have taken for our fund at this time. And all this while diverting our energies and means more towards our seed-stage companies (where our help is more impactful), and at the same time supporting Axonius by enabling it to bring aboard such excellent late-stage investors as ICONIQ and Alkeon – a true win-win-win situation for everyone involved!”

He also noted that this sale achieved a top-decile return for the firm’s limited partners and allows it to focus its resources and attention toward the younger companies in its portfolio.

#adyen, #axonius, #ca-technologies, #companies, #crowdstrike, #datadog, #enterprise, #iconiq, #iconiq-growth, #information-technology, #leader, #management, #managing-partner, #microsoft, #palo-alto-networks, #proofpoint, #tel-aviv, #twistlock, #venture-capital, #walmart, #yl-ventures, #yoav-leitersdorf

0

2020 was a record year for Israel’s security startup ecosystem

From COVID-19’s curve to election polls, public temperature checks to stimulus checks, 2020 was dominated by numbers — the guiding compass of any self-respecting venture capital investor.

As a VC exclusively focused on investments in Israeli cybersecurity, the numbers that guide us have become some of the most interesting to watch over the course of the past year.

The start of a new year presents the perfect opportunity to reflect on the annual performance of Israel’s cybersecurity ecosystem and prepare for what the next twelve months of innovation will bring. With the global cybersecurity market outperforming this year’s panic-stricken expectations, we carefully combed through the figures to see how Israel’s market, its strongest performer, compared — and predict what it has in store.

The cybersecurity market continues to draw the confidence of investors, who appear to recognize its heightened importance during times of crisis.

The “cyber nation” not only remained strong throughout the pandemic, but even saw a rise in fundraising, especially around application and cloud security, following the emergence of remote workflow security gaps brought on by social distancing. Encouraged by this, investors have demonstrated committed enthusiasm to its growth and M&A landscape.

Emboldened by the sector’s overall strength and new opportunities, today’s Israeli visionaries are developing stronger convictions to build larger companies; many of them, already successful entrepreneurs, are making their own bets in the industry as serial entrepreneurs and angel investors.

The numbers also reveal how investors are increasingly concentrating their funds on larger seed rounds for serial entrepreneurs and the foremost industry trends. More than $2.75 billion was poured into the industry this year to back companies across all stages, a 97% increase from last year’s $1.39 billion. If its long-term slope is any indication, we can only expect it to continue to grow.

However, though they clearly indicate progress, the numbers still make the need for a demographic reset clear. Like the rest of the industry, Israel’s cybersecurity ecosystem must adapt to the pace of change set out by this year’s social movements, and the time has long passed for true diversity and gender representation in cybersecurity leadership.

Seed rounds reveal fascinating shifts

As the market’s biggest leaders garner experience and expertise, the bar for entry to Israel’s cybersecurity startup ecosystem has gradually risen over the years. However, this did not appear to impact this year’s entrepreneurial breakthroughs. 58% of Israel’s newly founded cybersecurity companies received seed rounds this year, totaling 64 seeded companies in 2020 compared with last year’s 61. The total number of newly founded companies increased by 5%, reversing last year’s downward trend.

The amount invested at seed hit an all-time high as average deal size in 2020 increased by 11%, amounting to an average of $5.2 million per deal. This continues an upward trend in average seed rounds, which have surged over the last four years due to sizable year-on-year increases. It also provides further support for a shift toward higher caliber seed rounds with a strategically focused and “all-in” approach. In other words, founders that meet the new bar for entry are raising bigger rounds for more ambitious visions.

YL ventures seed trends 2020

Image Credits: YL Ventures

Where is the money going?

2020 proved an exceptional year for application security and cloud security startups. Perhaps the runaway successes of Snyk and Checkmarx left strong impressions. This year saw an explosive 140% increase in application security company seed investments (such as Enso Security, build.security and CloudEssence), as well as a whopping 200% increase in cloud security seed investments (like Solvo and DoControl), from last year.

#column, #cybercrime, #enterprise, #entrepreneurship, #israel, #security, #yl-ventures

0

Hunters raises additional growth funding from Snowflake Ventures

Only a few months after announcing its $15 million Series A round, Tel Aviv-based cybersecurity firm Hunters today announced that it has received additional growth funding from Snowflake Ventures. With this, Snowflake’s venture arm joins existing investors M12 and U.S. Venture Partners, which led the Series A round, as well as YL Ventures, Blumberg Captial and Okta Ventures.

The fact that Snowflake Ventures is investing in the company is maybe no surprise, given that Snowflake was one of Hunters’ first customers and its design partner for its threat-hunting service. Hunters provides enterprises with the tools to automate the threat-hunting process, something that has traditionally been a manual task. With the data it gathers from an enterprises’ networking and security tools, Hunters can then detect stealth attacks against the company’s infrastructure and data estate.

“Snowflake and Hunters share the same vision of empowering organizations to fully mobilize their data in a secure way,” Snowflake’s Head of Corporate Development Stefan Williams said. “Snowflake’s Data Cloud coupled with Hunters’ breakthrough technology in security operations, empowers joint customers with best-in-class automated threat detection at cloud-scale.”

It’s worth noting that Snowflake Ventures only launched a month ago. The fund’s goal is to foster innovation “through investing in growth-stage companies that demonstrate a commitment to mobilizing data, provide value to our customers, and expand opportunities for the Data Cloud.” Its first investment was in machine-learning platform DataRobot.

#hunters-ai, #m12, #okta-ventures, #recent-funding, #snowflake-ventures, #startups, #tc, #tel-aviv, #u-s-venture-partners, #yl-ventures

0

Orca Security raises $55M for its cloud-native security platform

Israeli cloud security firm Orca Security today announced a $55 million Series B funding round led by ICONIQ Growth. Previous investors GGV Capital, YL Ventures and Silicon Valley CISO Investments also participated in the round, which brings the company’s total funding to date to $82 million. This includes Orca’s $20.5 million Series A round, which it announced in May.

What makes Orca stand out is not just its focus on cloud-native technologies but what it calls its SideScanning technology. This enables it to map a company’s cloud environment and reconstruct its file system by looking at how workloads interact with the block storage services they use. Based on this, in combination with the cloud metadata it collects, it can map and scan a company’s entire data estate and its cloud assets — and find potential security issues. Because of this system, Orca also immediately discovers new hosts in the cloud without anybody having to maintain this part of the system.

This means the system can work without any agents, too, and hence without introducing any additional overhead into the existing systems. That, Orca Security CEO Avi Shua argues, wouldn’t have been possible in an on-premises setting.

“The way it works is that — without installing any agents or running anything on the environment — it reads the block storage of your flow from the side to deduce the risk and it builds maps of your environment so you can see it in context,” Shua, who spent 11 years working at Check Point before launching Orca, explained. “Both of these things simply were not possible in the on-premise environment because you need to install agents to see. And when you install an agent, it sees the tree, it doesn’t see the forest. It isn’t able to understand where traffic comes from, it doesn’t understand that if it sees a key, what that key opens.”

Orca Security Team

Orca Security Team

He also noted that Orca wants to be as comprehensive as possible so that companies don’t have to use different tools for detecting misconfigurations, malware, vulnerabilities, etc. The company also aims to make the process of getting started with its technology frictionless. Indeed, Shua argues that the Achilles heel of the whole industry is that companies get to maybe 50 percent of coverage if they work hard, but then hit a brick wall because deploying a lot of security tools can be quite hard. “Usually people are not getting breached because the walls are not high enough but because they are not covering the thing that they’re trying to protect,” Shua said.

Orca also aims to provide security practitioners with relevant alerts based on the context of the exposure and business impact. A company may be running a lot of software that is vulnerable to remote code execution in the NTP service, for example. But the environment doesn’t expose NTP and it’s blocked by default in all of the company’s security groups, so while this may look like a major vulnerability in the overall stack, it doesn’t actually represent a real risk. Shua told me of a customer who, after installing Orca, found more than a million critical issues. The company’s tools helped the security team reduce those to 33 that it should focus on.

“The common denominator amongst just about every company we see is that the solutions are very complex — the problems they’re trying to solve are complex and the solutions tend to be complex,” GGV Capital managing partner Glenn Solomon told me. “One of the amazing things about Orca is — and I think that this is a result of Avi and Gil [Geron] and the rest of the co-founders having a lot of experience at Check Point — they understood from day one like that a big part of the value here is being able to install and just provide value really quickly and seamlessly.”

The service currently supports AWS, Google Cloud Platform and Microsoft Azure and their various container services.

Image Credits: Orca Security

Clearly, Orca has hit on a winning formula here. Shua tells me that the company grew more than 10x this year already and instead of growing the team to about 50 employees, it’s already at 70 now. At one point this summer, simply scheduling a call with a salesperson at Orca could take three weeks. Given this, it’s maybe no surprise that Orca wanted to raise to continue to accelerate this growth (and that VCs would want to put more money into the company).

“This massive $55 million round will really help propel Orca to cloud security dominance,” YL Ventures managing partner Yoav Leitersdorf told me. “Already year-over-year growth is stunning — higher than anything I’ve ever seen — literally hundreds of percent. They are incredibly unique in the market with their SideScanning technology.”

The company plans to use the new funding to increase continue building out its product and increase its sales and marketing efforts. In addition, Orca plans to increase its R&D efforts and open a number of new sales offices around the world.

#business, #cloud, #finance, #ggv-capital, #investment, #orca-security, #security, #silicon-valley-ciso-investments, #yl-ventures

0

Build.security raises $6M for its authorization policy management platform

Build.security, a Tel Aviv and Sunnyvale-based startup that aims to make it easier for developers to bake authorization policy management right into their applications, today announced a $6 million seed funding round led by cybersecurity-centric firm YL Ventures.

CrowdStrike CEO and co-founder George Kurtz also participated in this round, in addition to former Zscaler CISO Michael Sutton, former Bank of America Chief Security Scientist Sounil Yu, Fireglass co-founder Dan Amiga, Cynet CEO and co-founder Eyal Gruner and Hexadite co-founder Eran Barak. That’s an impressive group of angels who clearly believe that build.security is solving an important problem in the industry.

Founded by Amit Kanfer (CEO) and Dekel Braunstein (CTO), who have previous experience at Intel, Fireglass, Symantec, Cymmetria and other companies, the company wants to build the “first true platform for authorization” for developers — it’s basically policy-as-code, somewhat similar to how the likes of Pulumi and others are delivering on the promise of “infrastructure-as-code.” In addition to using code to declare policies, though, build.security also offers a drag-and-drop user experience.

At the core of build.security is an open-source project: Open Policy Agent, first developed by Styra.

Image Credits: build.security

At first glance, “authorization policy management” may not sound like the most exciting problem to solve. Authorization — unlike authentication — remains a problem that is mostly unsolved, though, and there are few enterprise-ready services available. That means developers — who are increasingly tasked with managing the security of their applications — are using a mix of policy engines and other tools which inevitably leads to errors and potential vulnerabilities.

“Authorization remains a big challenge for engineering teams,” Kanfer told me. “It’s a big challenge, because, taking into account attributes on identities, resources and context — and then combining all of them together into a concise policy that’s easily managed and scaled — that’s a pretty mind-blowing task. Just to model the hierarchies and the roles and permissions and relationships between them. It’s not an easy task.”

And as Kanfer also noted, as enterprises move to a microservices model for their application development, the complexity here only increases. Today’s solutions, however, aren’t flexible enough to solve this problem. “The list of permissions can change according to multiple factors,” he explained. “It could be identity, the time of the day, working from home or from the office. Is it a trusted device? Is it a workday or weekend? What is the relationship between you and the resource?”

Image Credits: build.security

The company offers its service both as a cloud service and on-premises solution. Currently, the company’s focus is on containers and the company uses a Kubernetes sidecar container that fetches the configurations and policies from the build.security control plane. The company offers SDKs and plugins for many popular programming languages and frameworks (think Python, Node.js and .NET). The service integrates with all of your standard identity providers and other API-based services.

“Build.security’s innovation is an incredible win for the developer community — they’ve made authorization easy,” said John Brennan, partner at YL Ventures and build.security board member. “We’re excited by Amit and Dekel’s unique plug-and-play approach to API and function-level authorization, as well as the breadth of visibility their control plane offers. Their approach will enable developers and enterprises to build secure software at scale.”

#build-security, #computer-security, #computing, #cyberwarfare, #data-security, #recent-funding, #security, #startups, #tc, #tel-aviv, #yl-ventures

0

Ride Vision raises $7M for its AI-based motorcycle safety system

Ride Vision, an Israeli startup that is building an AI-driven safety system to prevent motorcycle collisions, today announced that it has raised a $7 million Series A round led by crowdsourcing platform OurCrowd. YL Ventures, which typically specializes in cybersecurity startups but also led the company’s $2.5 million seed round in 2018, Mobilion VC and motorcycle mirror manufacturer Metagal also participated in this round. The company has now raised a total of $10 million.

In addition to this new funding round, Ride Vision also today announced a new partnership with automotive parts manufacturer Continental .

“As motorcycle enthusiasts, we at Ride Vision are excited at the prospect of our international launch and our partnership with Continental,” Uri Lavi, CEO and co-founder of Ride Vision, said in today’s announcement. “This moment is a major milestone, as we stride toward our dream of empowering bikers to feel truly safe while they enjoy the ride.”

The general idea here is pretty straightforward and comparable with the blind-spot monitoring system in your car. Using computer vision, Ride Vision’s system, the Ride Vision 1, analyzes the traffic around a rider in real time. It provides forward collision alerts and monitors your blind spot, but it can also tell you when you’re following another rider or car too closely. It can also simply record your ride and, coming soon, it’ll be able to make emergency calls on your behalf when things go awry.

As the company argues, the number of motorcycles (and other motorized two-wheeled vehicles) has only increased during the pandemic, as people started avoiding public transport and looked for relatively affordable alternatives. In Europe, sales of two-wheeled vehicles increased by 30% during the pandemic.

The hardware on the motorcycle itself is pretty straightforward. It includes two wide-angle cameras (one each at the front and rear), as well as alert indicators on the mirrors, as well as the main computing unit. Ride Vision has patents on its human-machine warning interface and vision algorithms.

It’s worth noting that there are some blind-spot monitoring solutions for motorcycles on the market already, including those from Innovv and Senzar. Honda also has patents on similar technologies. These do not provide the kind of 360-degree view that Ride Vision is aiming for.

Ride Vision says its products will be available in Italy, Germany, Austria, Spain, France, Greece, Israel and the U.K. in early 2021, with the U.S., Brazil, Canada, Australia, Japan, India, China and others following later.

#artificial-intelligence, #australia, #austria, #brazil, #canada, #china, #continental, #europe, #france, #germany, #greece, #honda, #india, #israel, #italy, #japan, #motorcycle, #ourcrowd, #recent-funding, #ride-vision, #spain, #startups, #tc, #transportation, #united-kingdom, #united-states, #yl-ventures

0

Enso Security raises $6M for its application security management platform

Enso Security, a Tel Aviv-based startup that is building a new application security platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder and CTO Alex Rice; Sounil Yu, the former chief security scientist at Bank of America; Omkhar Arasaratnam, the former head of Data Protection Technology at JPMorgan Chase and toDay Ventures.

The company was founded by Roy Erlich (CEO), Chen Gour Arie (CPO) and Barak Tawily (CTO). As is so often the case with Israeli security startups, the founding team includes former members of the Israeli Intelligence Corps, but also a lot of hands-on commercial experience. Erlich, for example, was previously the head of application security at Wix, while Gour Arie worked as an application security consultant for numerous companies across Europe and Tawily has a background in pentesting and led a security team at Wix, too.

Image Credits: Enso Security / Getty Images

“It’s no secret that, today, the diversity of R&D allows [companies] to rapidly introduce new applications and push changes to existing ones,” Erlich explained. “But this great complexity for application security teams results in significant AppSec management challenges. These challenges include the difficulty of tracking applications across environments, measuring risks, prioritizing tasks and enforcing uniform Application Security strategies across all applications.”

But as companies push out code faster than ever, the application security teams aren’t able to keep up — and may not even know about every application being developed internally. The team argues that application security today is often a manual effort to identify owners and measure risk, for example — and the resources for application security teams are often limited, especially when compared the size of the overall development team in most companies. Indeed, the Enso team argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security.

Image Credits: Enso Security / Getty Images

“It’s a losing fight from the application security side because you have no chance to cover everything,” Erlich noted. “Having said that, […] it’s all about managing the risk. You need to make sure that you take data-driven decisions and that you have all the data that you need in one place.”

Enso Security then wants to give these teams a platform that gives them a single pane of glass to discover applications, identify owners, detect changes and capture their security posture. From there, teams can then prioritize and track their tasks and get real-time feedback on what is happening across their tools. The company’s tools currently pull in data from a wide variety of tools, including the likes of JIRA, Jenkins, GitLab, GitHub, Splunk, ServiceNow and the Envoy edge and service proxy. But as the team argues, even getting data from just a few sources already provides benefits for Enso’s users.

Looking ahead, the team plans to continue improving its product and staff up from its small group of seven employees to about 20 in the next year.

“Roy, Chen and Barak have come up with a very elegant solution to a notoriously complex problem space,” said Ofer Schreiber, partner at YL Ventures . “Because they cut straight to visibility — the true heart of this issue — cybersecurity professionals can finally see and manage all of the applications in their environments. This will have an extraordinary impact on the rate of application rollout and enterprise productivity.”

#application-security, #computer-security, #computing, #data-security, #enso-security, #enterprise, #envoy, #europe, #github, #hackerone, #jenkins, #jump-capital, #recent-funding, #security, #servicenow, #splunk, #startups, #tel-aviv, #yl-ventures

0

Orca Security raises $20M Series A for its multi-cloud security platform

Orca Security, an Israeli cloud security firm that focuses on giving enterprises better visibility into their multi-cloud deployments on AWS, Azure and GCP, today announced that it has raised a $20 million Series A round led by GGV Capital. YL Ventures and Silicon Valley CISO Investments also participated in this round. Together with its seed investment led by YL Ventures, this brings Orca’s total funding to $27 million.

One feature that makes Orca stand out is its ability to quickly provide workload-level visibility with the need for an agent or network scanner. Instead, Orca uses low-level APIs that allow it to gain visibility into what exactly is running in your cloud.

The founders of Orca all have a background as architects and CTOs at other companies, including the likes of Check Point Technologies, as well as the Israeli army’s Unit 8200. As Orca CPO and co-founder Gil Geron told me in a meeting in Tel Aviv earlier this year, the founders were looking for a big enough problem to solve and it quickly became clear that at the core of most security breaches were misconfigurations or the lack of security tools in the right places. “What we deduced is that in too many cases, we have the security tools that can protect us, but we don’t have them in the right place at the right time,” Geron, who previously led a security team at Check Point, said. “And this is because there is this friction between the business’ need to grow and the need to have it secure.”

Orca delivers its solution as a SaaS platform and on top of providing work level visibility into these public clouds, it also offers security tools that can scan for vulnerabilities, malware, misconfigurations, password issues, secret keys in personally identifiable information.

“In a software-driven world that is moving faster than ever before, it’s extremely difficult for security teams to properly discover and protect every cloud asset,” said GGV managing partner Glenn Solomon . “Orca Security’s novel approach provides unparalleled visibility into these assets and brings this power back to the CISO without slowing down engineering.”

Orca Security is barely a year and a half old, but it also counts companies like Flexport, Fiverr, Sisene and Qubole among its customers.

#cloud-computing, #co-founder, #computer-security, #enterprise, #fiverr, #flexport, #funding, #fundings-exits, #ggv, #glenn-solomon, #managing-partner, #orca-security, #qubole, #recent-funding, #security-tools, #startups, #tc, #tel-aviv, #yl-ventures

0