- Oligo Security has raised $28 million. These are the details.
Oligo Security announced it has exited stealth with $28 million in funding and industry-leading customers for its runtime application security and observability solution that allows enterprises to detect and prevent open-source code vulnerabilities in their applications without affecting performance. Founded by CEO Nadav Czerninski, CTO Gal Elbaz (previously with Check Point), and CPO Avshalom Hilu, all former officers in the Israel Defense Force’s elite cyber units, Oligo applies their expertise in application security to bring precision and accuracy to AppSec.
The Seed and Series A funding was raised in 9 months from Lightspeed Venture Partners, Ballistic Ventures, TLV Partners, venerated cybersecurity entrepreneur and investor Shlomo Kramer, and a roster of prominent angel investors including Eyal Waldman, CEO and founder at Mellanox Technologies, Adi Sharabani, CTO at Snyk, and Eyal Manor, former GM/VP at Google Cloud and now Chief Product and Engineering Officer at Twilio.
Oligo’s solution was already adopted by leading companies in computer technology, analytics software, global commercial real estate and investment services, as well as online financial services. The open source code comprises 80% to 90% of modern software, providing an attractive attack vector for nation-states and cybercriminals. While awareness of the need for open-source code security is rising, existing software composition analysis (SCA) solutions fall short leaving organizations exposed. And they are noisy, producing large volumes of false positives, and do not provide runtime application context for prioritization.
Last yeear started with the Log4Shell attack that compromised hundreds of millions of devices and left enterprises defenseless followed by additional exploits such as Text4Shell, Spring4Shell, OpenSSL, PyTorch and ‘colors’ and ‘faker.’ And these attacks illustrate the main gaps that still exist in the security of open-source libraries and the need to change the approach.
Oligo’s dynamic library-level analysis and behavior monitoring technology instantly identifies vulnerabilities in running packages and prioritizes fixes based on the application context, saving expensive development time by focusing on the actual attack surface. And the solution also alerts only when there is a deviation from a library’s permission policy, indicating suspicious activity. The solution is fast and efficient by design, using a proprietary eBPF-based engine to precisely detect vulnerabilities and prevent attacks while maintaining application stability.
Oligo’s patent-pending technology profiles the legitimate behavior of each library, which creates a knowledge base of libraries’ profiles and alerting or blocking whenever a library activity is not as expected. And working at the library level, the Oligo platform enables quick and effective performance while maintaining the high stability of the application.
An exceptional group of industry leaders and angels have shown their trust in the company’s vision, among them: Shlomo Kramer, co-founder and CEO of Cato Networks; Eyal Waldman, CEO and founder of Mellanox Technologies; Eyal Manor, former GM/VP of Google Cloud and the Chief Product and Engineering Officer of Twilio; Adi Sharabani, CTO of Snyk; Zohar Alon, founder of Dome9 Security; Guy Bejerano, CEO and co-founder of SafeBreach; Shai Morag, CEO and co-founder of Ermetic; Ofer Ben-Noon and Ohad Bobrov, co-founders of Talon Cyber Security; and Yair Amit, Snyk advisor and former CTO of Skycure. And the syndicates include Cyber Club London (CCL), Kmehin Ventures and OperAngels.
In a few weeks, Oligo will host a panel of application security experts to discuss the issues surrounding open-source security and the difficulty the market is facing.
KEY QUOTES:
“After Oligo’s co-founder, Gal Elbaz, discovered that a widely used app like Instagram could be easily compromised by misusing an open source library, we realized that there is a significant gap in the way the market currently addresses open source security. We zeroed in on a protection method that inspects each library in runtime or staging, allowing us to precisely identify attacks in cases of deviations and to fix the vulnerabilities that matter.”
— Nadav Czerninski, Oligo Security’s CEO and co-founder
“Solving the open source security challenge starts with the ability to accurately assess the actual risk of code vulnerabilities. Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual versus perceived risk.”
— Alex Nayshtut, Head of Security at Intel Strategy Office
“Ultimately, businesses live and die based on the resiliency of their production environments. But historically, security for these runtime environments created significant trade offs for engineering and security teams to consider. Oligo’s breakthrough approach is the first to offer true runtime security and observability for all production stakeholders without any compromises.”
— Jake Seid, co-founder and general partner at Ballistic Ventures
“Enterprises across all industries, including the major commercial software providers, have embraced open source development. This creates a significant market opportunity for a fast and effective open source security solution. We think Oligo’s unique approach, which combines precision and accuracy with minimal overhead, is what the market is looking for. We are impressed with the speed at which this team is moving to get this solution enterprise ready.”
— Yoni Cheifetz, partner at Lightspeed Venture Partners