Code Risk Platform apiiro Raises $35 Million

By Amit Chowdhry • Oct 14, 2020
  • apiiro — a Code Risk platform that enables organizations to accelerate application and infrastructure delivery — announced it has raised $35 million in funding

apiiro — a Code Risk platform that enables organizations to accelerate application and infrastructure delivery by automatically remediating risk with every change — announced the company’s official launch and the raising of $35 million in funding from Ted Schlein, General Partner at Kleiner Parkins, and Saam Motamedi and Asheem Chandna, General Partners at Greylock.

The apiiro platform is deployed and it is used across industries, including two large banks in the U.S. and large enterprises in gaming, healthcare, and software development verticals.

The company was founded by multi-exit entrepreneur Idan Plotnik and Yonatan Eldar, alumni of elite Israeli Defense Force (IDF) cybersecurity unit ‘Matzov.’ Before the launch of apiiro, Plotnik was the founder/CEO and Eldar was an engineering manager at Aorato, a pioneer in the User and Entity Behavior Analytics (UEBA) space — which was acquired by Microsoft for $200 million. Plotnik and Eldar both worked at Microsoft as engineering executives leading product strategy, engineering, data science, and DevOps.

While moving from waterfall to agile at Microsoft, Plotnik and Eldar felt a constant struggle between the demands of delivery times, and product security and compliance. And this delay was caused by existing security and compliance tools and processes — which are manual and periodic with a ‘developers-last’ approach. The duo founded apiiro and built a unified platform that eliminates this friction and bridges the gap between developers, security, and compliance teams.

apiiro is the industry’s first Code Risk Platform to enable product security architects, security champions, and developers to accelerate delivery and time-to-market by automatically remediating product risk in every material change before it is shipped to production. And the platform leverages patent-pending technology to learn the historical behavior of application code, Infra-as-Code, open-source code and developers, and automatically remediate product risks at the design phase, before the code change is then deployed to production.

apiiro’s approach reduces the time and money enterprises invest today on controls and risk management including – risk assessment questionnaires, threat models, contextless penetration testing, SAST false-positives, code-based cloud misconfigurations and periodic security and assurance reviews. And the apiiro platform enriches its unified risk profiles with data from third-party security tools. This platform enables enterprises to define adaptive governance and establish continuous security and compliance assurance at scale, without needing to write any code.

In order to help apiiro scale and meet today’s market needs, the following world-class security and risk management leaders have joined apiiro’s advisory board: Charles Blauner, former Global CISO at Citi Group; Samir Shrif CISO at Imperva; David Frieman former CISO at NAB, RBC, and JP Morgan.

KEY QUOTES:

“With a prime focus on the DevSecOps market, apiiro’s unique approach to understanding code and business risk is transformative and can significantly accelerate product delivery for enterprises. Idan and Yonatan are exceptional entrepreneurs and the type we love to work with: customer-oriented technologists and high velocity product and business leaders. We look forward to partnering with them as they scale.”

— Saam Motamedi, General Partner at Greylock and Board Member at apiiro

“apiiro was created to address enterprises board level discussions around the DevSecOps and risk management, and enable key application and infrastructure stakeholders to accelerate time-to-market  by prioritizing and remediating only material risky changes — all in one platform.”

— Idan Plotnik

“Having overseen cybersecurity at one of the biggest financial services institutions in the world, the DevSecOps problem is still very real. There is a call for DevOps, security and risk management teams to collaborate, but without a technology like apiiro this type of learned risk is impossible. Industries, like financial services, are prime for this type of technology as the application delivery pressure is palpable as various stakeholders are constantly pushing out new features.”

— Charles Blauner, apiiro Advisor and former Global CISO of Citi Group