Oligo Security Exits Stealth with $28M to Catalyze Runtime Application Security and Observability
Backed by leading VC firms, prominent cyber entrepreneurs and security investment syndicates to secure open source libraries with precision and accuracy
TEL AVIV, Israel, February 15, 2023--(BUSINESS WIRE)--Oligo Security today announced it has exited stealth with $28 million in funding and industry-leading customers for its runtime application security and observability solution that allows enterprises to detect and prevent open source code vulnerabilities in their applications without affecting performance. Founded by CEO Nadav Czerninski, CTO Gal Elbaz (previously with Check Point) and CPO Avshalom Hilu, all former officers in the Israel Defense Force's elite cyber units, Oligo applies their expertise in application security to bring precision and accuracy to AppSec.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230215005192/en/
Oligo Security Exits Stealth with $28M to Catalyze Runtime Application Security and Observability (Photo: Business Wire)
The Seed and Series A funding was raised in nine months from Lightspeed Venture Partners, Ballistic Ventures, TLV Partners, venerated cybersecurity entrepreneur and investor Shlomo Kramer, and a roster of prominent angel investors including Eyal Waldman, CEO and founder at Mellanox Technologies, Adi Sharabani, CTO at Snyk, and Eyal Manor, former GM/VP at Google Cloud and now Chief Product and Engineering Officer at Twilio.
Oligo’s solution has already been adopted by leading companies in computer technology, analytics software, global commercial real estate and investment services, as well as online financial services.
2022 - Record year in attacks through open source
Open source code comprises 80 to 90 percent of modern software, providing an attractive attack vector for nation states and cybercriminals. While awareness of the need for open source code security is rising, existing software composition analysis (SCA) solutions fall short leaving organizations exposed. They are noisy, producing large volumes of false positives and do not provide runtime application context for prioritization.
2022 which began with the Log4Shell attack that compromised hundreds of millions of devices and left enterprises defenseless, was followed by additional exploits such as Text4Shell, Spring4Shell, OpenSSL, PyTorch and ‘colors’ and ‘faker.’ These attacks illustrate the main gaps that still exist in the security of open source libraries and the need to change the approach.
How Oligo is different
Oligo’s dynamic library-level analysis and behavior monitoring technology instantly identifies vulnerabilities in running packages and prioritizes fixes based on application context, saving expensive development time by focusing on the actual attack surface. The solution also alerts only when there is a deviation from a library’s permission policy, indicating suspicious activity. The solution is fast and efficient by design, using a proprietary eBPF*-based engine to precisely detect vulnerabilities and prevent attacks while maintaining application stability.
"After Oligo’s co-founder, Gal Elbaz, discovered that a widely used app like Instagram could be easily compromised by misusing an open source library, we realized that there is a significant gap in the way the market currently addresses open source security," said Nadav Czerninski, Oligo Security’s CEO and co-founder. "We zeroed in on a protection method that inspects each library in runtime or staging, allowing us to precisely identify attacks in cases of deviations and to fix the vulnerabilities that matter."
Oligo’s patent-pending technology profiles the legitimate behavior of each library, creating a knowledge base of libraries’ profiles and alerting or blocking whenever a library activity is not as expected. Working at the library level, the Oligo platform enables quick and effective performance while maintaining high stability of the application.
"Solving the open source security challenge starts with the ability to accurately assess the actual risk of code vulnerabilities," said Alex Nayshtut, Head of Security at Intel Strategy Office. "Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual versus perceived risk."
Roster of Angel Investors
An exceptional group of industry leaders and angels have shown their trust in the company's vision, among them: Shlomo Kramer, co-founder and CEO of Cato Networks; Eyal Waldman, CEO and founder of Mellanox Technologies; Eyal Manor, former GM/VP of Google Cloud and the Chief Product and Engineering Officer of Twilio; Adi Sharabani, CTO of Snyk; Zohar Alon, founder of Dome9 Security; Guy Bejerano, CEO and co-founder of SafeBreach; Shai Morag, CEO and co-founder of Ermetic; Ofer Ben-Noon and Ohad Bobrov, co-founders of Talon Cyber Security; and Yair Amit, Snyk advisor and former CTO of Skycure. Syndicates include Cyber Club London (CCL), Kmehin Ventures and OperAngels.
"Ultimately, businesses live and die based on the resiliency of their production environments. But historically, security for these runtime environments created significant trade offs for engineering and security teams to consider. Oligo's breakthrough approach is the first to offer true runtime security and observability for all production stakeholders without any compromises," said Jake Seid, co-founder and general partner at Ballistic Ventures.
"Enterprises across all industries, including the major commercial software providers, have embraced open source development. This creates a significant market opportunity for a fast and effective open source security solution. We think Oligo’s unique approach, which combines precision and accuracy with minimal overhead, is what the market is looking for. We are impressed with the speed at which this team is moving to get this solution enterprise ready," said Yoni Cheifetz, partner at Lightspeed Venture Partners.
In a few weeks, Oligo will host a panel of application security experts to discuss the issues surrounding open source security and the difficulty the market is facing. For more information and to register visit 2022—the year of endless attacks—are we doomed to be breached?
About Oligo Security
Oligo offers the most precise open source security solution, leveraging runtime application context while maintaining performance and stability. Using Oligo, customers are able to save time and focus on the relevant vulnerabilities that are being used in runtime, thus reducing the workload of responding to security alerts by about 85%. Oligo’s high-resolution detection of malicious activity is based on open source libraries profiling, which alerts in cases of deviation from the library’s permissions. Learn more at https://oligo.security/.
About Lightspeed Venture Partners
Lightspeed Venture Partners is a multi-stage venture capital firm focused on accelerating disruptive innovations and trends in the Enterprise, Consumer, Health, and Fintech sectors. Over the past two decades, the Lightspeed team has backed hundreds of entrepreneurs and helped build more than 500 companies globally including Affirm, Carta, Cato Networks, Epic Games, Faire, Forty Seven, Guardant Health, MuleSoft, Netskope, Nutanix, Rubrik, ShareChat, Snap, TripActions, Udaan, Ultima Genomics and more. Lightspeed and its global team currently manage $18B across the Lightspeed platform, with investment professionals and advisors in the U.S., China, Europe, India, Israel and Southeast Asia.
About Ballistic Ventures
Ballistic Ventures is solely dedicated to early-stage cybersecurity and cyber-related companies. Founding partners Kevin Mandia, Barmak Meftah, Ted Schlein, Jake Seid and Roger Thornton have spent their entire careers defending against every cyber threat conceivable. Members of the firm have founded, operated or funded over 90 successful cybersecurity firms – including Abnormal Security, AlienVault, Arbitrum (Offchain Labs), ArcSight, Arkose Labs, Fortify, Interos, ISS, Mandiant and Shape Security – led over 10,000 security professionals globally and have 40+ years of experience in venture capital. Our experience provides entrepreneurs impactful support from people focused on the same mission. Our networks and relationships open doors for our founders.
About TLV Partners
TLV Partners is a Tel-Aviv based venture capital firm investing and supporting entrepreneurs from early-stage and beyond. We manage $820M across four early-stage funds and are passionate about turning great dreams into successful category-defining companies. Since 2015, TLV Partners has backed some of the most promising companies in Israel, including Next Insurance, Aqua Security, Unit, Firebolt, Granulate (acquired by Intel), Oribi (acquired by LinkedIn) and more.
*NOTE: eBPF (extended Berkeley Packet Filter) is a revolutionary technology with origins in the Linux kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring change of kernel source code or load kernel modules.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230215005192/en/
Montner Tech PR