Authorization Policy Management Company build.security Raises $6 Million

By Noah Long ● Nov 22, 2020
  • build.security — a company that is focused on authorization policy management — announced it has raised $6 million in a seed round of funding led by YL Ventures

build.security — a company that is focused on authorization policy management — announced it has raised $6 million in a seed round of funding led by YL Ventures with participation from cybersecurity luminary George Kurtz (CEO and Co-founder of CrowdStrike). Launched by industry veterans Amit Kanfer (CEO) and Dekel Braunstein (CTO), build.security is offering a new approach to authorization, thus providing developers with the building blocks they need to quickly generate and manage best-practice authorization controls across enterprise applications at scale.

Other investors who joined the seed round include Michael Sutton, former CISO of Zscaler; Sounil Yu, former Chief Security Scientist at Bank of America; Dan Amiga, former CTO and Co-founder of Fireglass (acquired by Symantec); Eyal Gruner, CEO and Co-founder of Cynet; and Eran Barak, former CEO and Co-founder of Hexadite (acquired by Microsoft). And CrowdStrike CPO Amol Kulkarni has joined build.security’s board of directors.

Developers are key players in today’s cybersecurity landscape as gatekeepers of the operations and sensitive data involved in enterprise applications. And as responsibility for secure code shifts left, developers are tasked with overseeing key security measures in application development, chief among them authorization and authentication. But unlike authentication, authorization remains an elusive challenge for many engineering teams, largely due to an absence of enterprise grade solutions. So developers are forced to build an array of highly complex authorization models, policy engines, and enforcement points themselves to account for an ever-growing list of identities, resources, and context attributes. And the time consuming, confusing and error-prone nature of these processes heightens the risk of insufficient software protection, leaving enterprises vulnerable to exploitation.

build.security is known for offering the first “true platform for authorization,” thus providing developers with a simple way to eliminate the kind of product vulnerabilities that have the potential to capsize entire organizations when exploited. 

By utilizing the Open Policy Agent (OPA), the solution decouples authorization policy from code — which allows changes and updates to be made as required to help developers keep their authorization implementation attuned to their specific environment and changing needs. And users can choose to implement access policies with declarative policy language, or by using the platform’s unique drag-and-drop policy builder.

KEY QUOTES:

“build.security’s innovative approach allows developers to focus on developing apps at unprecedented speed without the burden of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) implementation weighing them down.”

— George Kurtz, CEO and Co-founder of CrowdStrike

“build.security’s innovation is an incredible win for the developer community—they’ve made authorization easy. We’re excited by Amit and Dekel’s unique plug-and-play approach to API and function-level authorization, as well as the breadth of visibility their control plane offers. Their approach will enable developers and enterprises to build secure software at scale.”

— John Brennan, Partner at YL Ventures and build.security board member

“We’ve solved the inherent complexity of authorization resulting from how radically its implementation varies from one application to the next. We’re helping developers easily express RBAC and ABAC with a flexible, managed and off-the-shelf platform, as well as open-source projects, that provide all the tools developers need to author and immediately enforce policies at scale. build.security is building authorization so that developers don’t have to.”

— Amit Kanfer, CEO and Co-founder of build.security