Check out all the on-demand sessions from the Intelligent Security Summit here.
Verica, a so-called “continuous verification” company that leans on chaos engineering techniques to make software and systems more resilient, has raised $12 million in a series A round of funding.
Companies can plow all their resources into building and testing apps fit for millions of users, but they can never truly know how their software will behave until it’s pushed out into the wild. Agile software development techniques have emerged in recent years to ensure software performs as it’s supposed to in a production environment — continuous integration and deployment/delivery (CI/CD), for example, enables multiple developers to push out frequent updates and test for “product-readiness,” while releasing quality-checked code into production in smaller batches that can be easily reversed if problems occur.
Continuous verification essentially extends the CI/CD concept deeper into the SRE (site reliability engineering), DevOps (developer operations), and DevSecOps (developer security operations) spheres, with the ultimate goal of proactively preventing security and availability incidents which may cause companies millions in lost revenue or reputational damage. Continuous verification is closely aligned with chaos engineering, a discipline concerned with testing how a system performs under stress to identify potential failures before they become fully-fledged outages.
“Outages and incidents have become news headlines due to how integral software has become in our day-to-day lives,” Verica cofounder and CEO Casey Rosenthal told VentureBeat. “Given the nature of large-scale complex systems, the operators of these systems don’t know if or when things will fail. Verica Continuous Verification Platform improves the availability and security of our customers’ systems through verifications that help engineering teams better understand the unknown properties of their systems.”
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Kafka to Kubernetes
So how does Verica work, exactly? Well, Verica is designed to be integrated with companies existing infrastructure including Kubernetes and Kafka, typically running on one of the major public clouds such as Amazon Web Services (AWS) — but it works anywhere, be it public or private infrastructure. Verica can then run verifications directly inside this infrastructure to stress-test the conditions of the system, shipping with several out-of-the-box verifications so that customers are good to go from the outset.
These pre-built verifications span most of the areas that a typical enterprise might be concerned with, including security, availability, maintainability, performance, and cost control. So this might involve providing visibility into how a sudden increase in concurrent connections impacts tail latency in Kafka, or whether existing security measures sufficiently protect a Kubernetes cluster.
“Customers using Kubernetes and Kafka often get Verica up and running and are surprised by what they find in their system,” Rosenthal said. “The data we generate elucidates the safety margin of their systems. The verifications provide a new level of feedback for customers — most of whom are engineers — that they aren’t able to get anywhere else. Once you provide that data and context for an engineer, they find ways to make the system more reliable and are better equipped to be a part of a resilient solution.”
For example, one of Verica’s customers runs Kubernetes through its SRE unit. It was able to use one of Verica’s bundled security-based verifications to add a vulnerable container image to its container registry to test whether its existing security system was working as it should have been — if it was, the vulnerable image should have been removed immediately. But that’s not what happened — the vulnerable image wasn’t removed, because their security product didn’t identify it, leading their engineering team to investigate why.
“This example encapsulates our goal as a company — we want to help engineers that care for these systems find faults and gaps before they encounter them with their own customers,” Rosenthal said. “The team that ran this verification was able to identify an important gap in their security tooling, and discovered it was not uniformly applied across their Kubernetes clusters.”
Contrary to just about every modern day cloud company, Verica’s business model isn’t built upon SaaS — instead, it’s priced based on the scale of the Kubernetes or Kafka cluster that Verica is deployed on. So in other words, the bigger the company and/or application, the more they will likely have to pay.
The story so far
Rosenthal literally wrote a book on chaos engineering, prior to which he had led the chaos engineering team at Netflix, where the concept first emerged as the video giant was transitioning to cloud infrastructure as part of its burgeoning video-streaming aspirations. Suffice it to say, Rosenthal knows a thing or two about building resilient systems.
“Complexity of software systems is increasing — systems at scale are now beyond the point where a single human can mentally model how all of the pieces fit together,” Rosenthal explained. “Prior to this, we had easily-identifiable testing of individual components, because we understood what those components are and how they fit together. Unit tests, functional tests, integration tests, end-to-end tests – these are all great methodologies for asserting that a component does what we think it should do, but they are insufficient for understanding the systemic properties that only bubble up in production at scale.”
It’s also worth noting that Netflix has spawned at least one other notable chaos engineering company — Gremlin launched back in 2017 to help companies stress-test their apps, raising some $28 million in VC backing.
Verica, for its part, had previously raised around $4.7 million since its inception back in 2018, and for its series A round of funding the company has secured Intel’s venture capital arm — Intel Capital — as a lead investor, with support from True Ventures and Mango Capital.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.