Israeli startup Cycode secured $20 million in Series A funding. The investment was led by Insight Partners, with participation from YL Ventures. The company’s system secures the entire software development lifecycle (SDLC), the same attack vector that led to the SolarWinds mega-hack.
Preventing the DevOps attack
“Modernizing the SDLC has created new security gaps that attackers are readily exploiting,” said Ronen Slavin, CTO and co-founder of Cycode.
Automatic software development and distribution processes, or CI/CD Pipeline, are great for enabling companies to easily manipulate code from cloud to product. However, these processes suffer from partial visibility, leaving security teams blind to new potential attacks. Cycode’s system seamlessly integrates with various DevOps tools, addressing multiple layers of security, including access and authorization, security configurations, compliance and scanning engines. This enables customers to identify code tampering, code leakage, hardcoded secrets, Infrastructure as Code (IaC) misconfigurations, excess privileges and more, all from a single platform.
“Recent supply chain attacks like SolarWinds and Codecov, major source code leaks from Microsoft and Nissan, and attacks targeting developers like Sawfish and XcodeSpy demonstrate that the battlefield is already shifting,” added Slavin.
Cycode also announced the launch of its knowledge graph, which will derive security insights from the rapidly increasing volumes of data and alerts that are overwhelming security teams in today’s cyber landscape. Through an agentless architecture, the platform collects asset information and user activity from DevOps tools, infrastructure and security scanners, which is then mapped in its knowledge graph. By correlating events across the SDLC, Cycode’s knowledge graph creates contextual insights, helps prioritize remediation, reduces false positives and ensures the integrity of the pipeline to prevent code tampering incidents, such as the breaches at SolarWinds and Codecov.
Cycode was founded by CEO Lior Levy, a former data security architect, and CTO Ronen Slavin. The company has raised $25 million to date, with its Seed round coming back in 2019. “With these new funds, part of the focus will naturally be on expanding sales and marketing efforts,” said Lior Levy, CEO and co-founder of Cycode.