Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

DeepFactor, a code observability startup based in San Jose, California, today announced that it raised $15 million in series A financing led by Insight Partners with participation from Emergent Ventures, Security Leadership Capital, and Tricentis. The funding brings the company’s total raised to $18.4 million to date, and it’ll be put toward supporting existing product development and the launch of a software-as-a-service offering, according to cofounder and CEO Kiran Kamity.

With the push for digital transformation and the subsequent adoption of cloud-native architectures, companies are releasing software apps faster with greater complexity — and correspondingly more areas to attack. The result is an increase in supply chain, security, and compliance risks. Security teams are struggling to keep pace, requiring help from engineers before shipping apps into production.

DeepFactor’s self-hosted platform aims to assist with this by observing telemetry events in threads, processes, and containers to detect code anomalies in apps. Using DeepFactor, companies can find and address risks in both in-house apps and third-party components throughout the development pipeline.


Above: DeepFactor’s app observability dashboard.

Image Credit: DeepFactor

Kamity, who previously worked at Cisco Systems, drew on the experience of Mike Larkin, creator of the OpenBSD Hypervisor, in founding DeepFactor in 2019. The two developed a business plan in a crowded Silicon Valley Starbucks prior to the onset of the pandemic.


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

“DevSecOps … introduced critical [security requirements] for developers and application security teams to secure applications at the source. However, existing tools were built for scanning static code and builds — thus lacking visibility into running applications — contributing to an overwhelming feeling of alert fatigue for engineering,” Kamity told VentureBeat via email. “DeepFactor was created by developers, for developers to extract meaningful and actionable insights from running applications.”

Under the hood

DeepFactor, which integrates with products from CircleCI, Slack, Jira, and others, analyzes app telemetry data using behavioral mapping to deliver insights based on trends, advancements in apps security, and guardrails established by app security teams.  Data is stored in a portal for a user-specified retention period, which allows companies to investigate past behaviors and identify trends over time.

Ninety-three percent of IT leaders say that observability is a foundational part of running a successful enterprise in 2021. Reflecting the demand, the software observability market is expected to grow in value to over $3.75 billion by 2027, according to one source. Vying for a slice of the market alongside DeepFactor are LightRun, Cribl, and Sosivio, as well as larger companies like Datadog and Sumo Logic.

But Kamity makes the case that tools competing with DeepFactor are generally invasive, time-intensive, and programming language-dependent. Moreover, he asserts, they lack visibility into app runtimes, resulting in complicated reports with high alert volumes and false positives.

“This ‘noise’ contributes to the overwhelming feeling of ‘alert fatigue’ preventing engineers from quickly and accurately prioritizing and triaging issues,” Kamity added. “The first generation of container security tools were originally designed for operators, with sidecars providing limited visibility into noisy, low-level system events and networking. Insights generated by these tools are often ‘semantically poor’ — without application context, understanding and addressing security risks in cloud-native workloads at the app layer becomes exponentially harder.”

DeepFactor claims to have over 20 enterprise clients across media, information technology, software-as-a-service, and public sector industries. In the coming months, the company plans to expand its workforce of 20 employees in the U.S. and India to around 30, focusing on engineering, sales, and marketing teams.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.