Lately, we’ve seen more and more cases of hackers focusing attacks during the software update and development stages. In more recent memory, SolarWinds’ system was cracked by hackers, who distributed malicious code throughout the company’s network of customers, including Microsoft, Cisco, and thousands of others.
Israeli startup Argon emerged from stealth mode claiming to provide a solution to prevent the ‘next SolarWinds’. To ensure software delivery security, Argon secured Seed funding from a few interesting names from Israel’s leading cyber sector.
“The first security solution for the entire software delivery pipeline”
Automated software delivery through a CI/CD pipeline process offers application developers a fast and efficient way to develop, build, test, and deploy new software. The CI/CD pipelines use a series of cloud and hosted services and open-source tools which open the organization's network to new environments where the source code is copied, moved and shared. This poses problems for DevOps teams looking for complete visibility over the process to help mitigate risks. “The birth of a new cyberattack surface that organizations are not equipped to defend," said Eilon Elhadad, CEO, Argon.
Elhadad noted that Argon is the only company to deploy a security solution for the entire software delivery pipeline. “Argon’s solution stands out for its Code Integrity technology, which continuously scans every stage of software delivery to ensure no code had been tampered, before releasing for production.”
Argon seamlessly connects to the existing CI/CD pipelines via an agentless implementation and instantly maps the development environment, assets, and user activities. The solution prioritizes and automates remediation of alerts according to security best practices and compliance rules, ensuring zero trust deployment.
Could you have prevented the SolarWind attack or the Dependency Confusion problem?
Co-founder and CTO Eylam Milner: “Yes. Argon’s system could have foiled the attack… As part of the SolarWinds breach, the hackers injected malicious code into one of the Orion application files in real-time during the build process. That’s the core of the CI/CD process, and currently there’s no feedback loop, and essentially no definitive way of knowing if the product’s code will be the only one released when downloaded… If you take the SolarWinds case, our system would have alerted and actively prevented the release of the malicious code.”
Additionally, Milner states that with the Dependency Confusion attack, which caught major players like Apple, Tesla, and Microsoft, with their pants down, the Argon system would connect with all active artifact servers to analyze and identify vulnerabilities and alien code.
Argon pulled in $4 million in Seed funding from Hyperwise Ventures. The round also saw participation from Shlomo Kramer, founder of cyber giant Check Point, Imperva, and recent Unicorn Cato Networks; Zohar Alon, CEO and founder of Dome9; Giora Yaron, chairman of Amdocs Technology Committee; Avery More, venture partner at Menlo Ventures; and Harel Kodesh, a former partner at Silver Lake.
Argon was founded in 2020 by CEO Eilon Elhadad and CTO Eylam Milner. The company currently employs a team of 15 from its Tel Aviv offices.