DevOps Pipeline Security Company Cycode Closes $20 Million In Series A

By Dan Anderson • May 26, 2021
  • Cycode, an innovator in securing DevOps pipelines, announced recently that it raised a $20 million Series A round led by Insight Partners. These are the details.

Cycode — an innovator in securing DevOps pipelines — announced recently that it raised a $20 million Series A round led by Insight Partners with participation from seed investor YL Ventures. The new funding round brings the total investment to $25 million and positions Cycode to accelerate growth into securing enterprise DevOps tools such as source control management systems, build systems and cloud infrastructure.

Along with a Series A funding round, Cycode also announced the signing of new customers including: Grubhub, Databricks, Flexport, Rapyd, Copart and Cobalt. Further, Cycode has hired Dor Atias as VP of R&D, Tom Kennedy as VP of Sales and Andrew Fife as VP of Marketing.

As the Software Development Lifecycle (SDLC) has become faster and more automated, slow application security processes have often been deprioritized in favor of new feature velocity. And many of the new tools that drive the automation and efficiency in application development have opened up new attack surfaces and created new security challenges. The adoption of Everything as Code also means attacks no longer have to start in production. In development, gaining access to source control management systems enables code tampering, finding passwords to critical systems, and modifying cloud configurations (through code) to allow unauthorized access.

Cycode protects DevOps tools like source control management systems, build systems, registries and cloud infrastructure. And the solution addresses multiple layers of security, including access and authorization, security configurations, compliance and scanning engines. This enables customers to identify code tampering, code leakage, hardcoded secrets, Infrastructure as Code (IaC) misconfigurations, excess privileges, and more, all from a single platform.

And to ensure customers never have to choose between security and speed, Cycode provides workflows to automate remediation. Plus customers can also seamlessly integrate remediation into their developers’ workflows via pre-built integrations with pull requests, alerting, and ticketing systems.

Cycode also launched its knowledge graph to derive security insights from the rapidly increasing volumes of data and alerts that are overwhelming security teams. And through an agentless architecture, Cycode collects asset information and user activity from DevOps tools, infrastructure, and security scanners – which is then mapped in its knowledge graph. By correlating events across the SDLC, Cycode’s knowledge graph can create contextual insights, help prioritize remediation, reduce false positives, and ensure the integrity of the pipeline to prevent code tampering incidents, such as the breaches at SolarWinds and Codecov.

KEY QUOTES:

“Modernizing the SDLC has created new security gaps that attackers are readily exploiting. Recent supply chain attacks like SolarWinds and Codecov, major source code leaks from Microsoft and Nissan, and attacks targeting developers like Sawfish and XcodeSpy demonstrate that the battlefield is already shifting.”

— Ronen Slavin, CTO and co-founder of Cycode

“As the leading Pentest as a Service company, our internal security has always been paramount. Cycode has saved us a massive number of hours hardening our source control management system, enforcing security configurations and preventing secrets from entering our code. Plus, by plugging seamlessly into our developers’ workflows, our team adopted Cycode right away.”

— Ray Espinoza, CISO at Cobalt

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise. Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

— Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors

“With these new funds, part of the focus will naturally be on expanding sales and marketing efforts. What I’m really excited about is expanding Cycode’s platform with even more integrations into CI/CD and security tools to increase the power of our knowledge graph. Furthermore, we’re releasing a low-code query engine and a knowledge-sharing community that will enable security teams without development expertise to leverage the full power of the graph.”

— Lior Levy, CEO and co-founder of Cycode