We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Cycode, an app security company, today announced that it raised $56 million in a series B round led by New York-based Insight Partners with participation from YL Ventures. The proceeds, which bring Cycode’s total raised to $81 million, will be put toward supporting sales and product development and launching new technology partnerships, CEO Lior Levy said, as well as expanding the company’s integrations to include third-party security tools.
The demand for app security solutions is on the rise as enterprises experience increasing cyberattacks. According to Contrast Security, as of January and February of this year, 11% of web apps contained 15 or more security vulnerabilities. Open source software is contributing to the problem, with a Synopsys report finding that 82% of commercial codebases have open source components in them that are more than four years out of date.
Cycode was launched in 2019 by Levy and Ronen Slavin, both of whom started their cybersecurity careers in the Israel Defense Forces. Slavin is the founder of data encryption startup FileLock, which was acquired by Reason Cybersecurity in 2018.
Levy had the idea for Cycode while working for Symantec as a solutions architect. “With so many new tools being adopted to support DevOps and continuous integration/continuous deployment initiatives, it was becoming impossible to assure that the governance and security policies of each tool met the corporate standard,” he told VentureBeat via email. “Plus, enterprises typically had multiple development teams that often used different tools, and with high levels of M&A activity in software, it was common for even more teams with even more tools to join the fray.”
Cycode’s platform applies security and governance policies across app development tools and infrastructure. By drawing on a knowledge graph of customers’ software lifecycles, Cycode attempts to detect anomalous behavior that should arouse suspicion in any development environment.
A knowledge graph represents a network of entities — i.e., objects, events, situations, or concepts — and illustrates the relationships between them. The data is usually stored in a database and visualized as a graph structure, hence the word “graph.”
“The key to modern app security is centralizing and mapping events and metadata … such that it becomes easy to determine when disparate activities add meaningful context to each other,” Levy said. “With each new integration, our knowledge graph becomes smarter. Hence, one of our goals is to integrate with every software delivery and app security tool to determine how each dot is connected and when it’s relevant.”
Leveraging analytics in security
Just one vulnerability scan turns up a security flaw in 83% of apps, according to Veracode. The more frequent the scans, the better. Edgescan reports that it takes an average of 50.5 days for organizations to remediate vulnerabilities in public apps.
Cycode’s tool aims to prioritize risk; prevent code tampering, leaks, and misconfigurations; and automate remediation in workflows while remaining non-intrusive. Security scanning tools, both from Cycode and third parties, can derive insights and context from the knowledge graph, which includes a mapping of security violations, user activity, and other events.
According to Levy, the pandemic has increased the need for — and complexity of — strong authentication, driving demand for solutions like Cycode.
“Embracing remote work has meant that organizations can no longer rely on ‘being on the network’ as a factor [of] authentication. Moreover, as more developers not only work from home but actually have taken advantage of the pandemic to work and travel, other security measures such as IP range restrictions have become more complicated,” he said. “Augmenting the current capabilities with AI is on the roadmap for 2022 so that Cycode’s knowledge graph will learn the intricacies of each unique software delivery pipeline in order to identify custom anomalies for each environment.”
According to the European Union’s Agency for Cybersecurity, supply chain attacks are expected to increase 400% between last year, 2020, and this year, 2021. Furthermore, Gartner predicts by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains — a threefold increase from 2021.
Against this backdrop, startups in cybersecurity are securing record amounts of venture capital. In July, Safe Security raised $33 million for its platform to manage and mitigate cyber risk. Just a few months earlier, app security platform provider Pathlock nabbed $20 million in venture backing. And in the spring, Aqua Security, which protects containerized apps and infrastructure, closed a $135 million financing round.
Cycode says that it has “dozens” of customers, including Fortune 500 companies. Annual recurring revenue at the 55 employee company grew seven times in Q1 2021, Levy claims.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.