Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

5/11/2021
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cycode Raises $20 Million Series A Round From Insight Partners

SAN FRANCISCO, May 11, 2021-- Cycode, an innovator in securing DevOps pipelines, today announced a $20 million Series A round led by Insight Partners, with participation from seed investor, YL Ventures. The new funding brings total investment to $25 million and positions Cycode to accelerate growth into securing enterprise DevOps tools such as source control management systems, build systems and cloud infrastructure.

In addition to the Series A funding, Cycode also announced the signing of new customers including: Grubhub, Databricks, Flexport, Rapyd, Copart and Cobalt. Further, Cycode has hired Dor Atias as VP of R&D, Tom Kennedy as VP of Sales and Andrew Fife as VP of Marketing.

As the Software Development Lifecycle (SDLC) has become faster and more automated, slow application security processes have often been deprioritized in favor of new feature velocity. Additionally, many of the new tools that drive the automation and efficiency in application development have opened up new attack surfaces and created new security challenges. The adoption of Everything as Code means attacks no longer have to start in production. In development, gaining access to source control management systems enables code tampering, finding passwords to critical systems and modifying cloud configurations (through code) to allow unauthorized access.

“Modernizing the SDLC has created new security gaps that attackers are readily exploiting,” said Ronen Slavin, CTO and co-founder of Cycode. “Recent supply chain attacks like SolarWinds and Codecov, major source code leaks from Microsoft and Nissan, and attacks targeting developers like Sawfish and XcodeSpy demonstrate that the battlefield is already shifting.”

Cycode protects DevOps tools such as source control management systems, build systems, registries and cloud infrastructure. The solution addresses multiple layers of security, including access and authorization, security configurations, compliance and scanning engines. This enables customers to identify code tampering, code leakage, hardcoded secrets, Infrastructure as Code (IaC) misconfigurations, excess privileges and more, all from a single platform.

To ensure customers never have to choose between security and speed, Cycode provides workflows to automate remediation. Customers can also seamlessly integrate remediation into their developers’ workflows via pre-built integrations with pull requests, alerting and ticketing systems.

“As the leading Pentest as a Service company, our internal security has always been paramount,” said Ray Espinoza, CISO at Cobalt. “Cycode has saved us a massive number of hours hardening our source control management system, enforcing security configurations and preventing secrets from entering our code. Plus, by plugging seamlessly into our developers’ workflows, our team adopted Cycode right away.”

Today, Cycode launches its knowledge graph to derive security insights from the rapidly increasing volumes of data and alerts that are overwhelming security teams. Through an agentless architecture, Cycode collects asset information and user activity from DevOps tools, infrastructure and security scanners, which is then mapped in its knowledge graph. By correlating events across the SDLC, Cycode’s knowledge graph creates contextual insights, helps prioritize remediation, reduces false positives and ensures the integrity of the pipeline to prevent code tampering incidents, such as the breaches at SolarWinds and Codecov.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies -- those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

“With these new funds, part of the focus will naturally be on expanding sales and marketing efforts,” said Lior Levy, CEO and co-founder of Cycode. “What I’m really excited about is expanding Cycode’s platform with even more integrations into CI/CD and security tools to increase the power of our knowledge graph. Furthermore, we’re releasing a low-code query engine and a knowledge-sharing community that will enable security teams without development expertise to leverage the full power of the graph.”

About Cycode

Cycode secures DevOps pipelines and provides full visibility into enterprise development infrastructure. Powered by its knowledge graph, Cycode’s advanced detection capabilities correlate event data and user activity across the SDLC to create contextual insights and automate remediation. Cycode delivers security, governance and pipeline integrity without disrupting developers’ velocity. 

About Insight Partners

Insight Partners is a leading global venture capital and private equity firm investing in high-growth technology and software ScaleUp companies that are driving transformative change in their industries. Founded in 1995, Insight Partners has invested in more than 400 companies worldwide and has raised through a series of funds more than $30 billion in capital commitments. Insight’s mission is to find, fund and work successfully with visionary executives, providing them with practical, hands-on software expertise to foster long-term success. Across its people and its portfolio, Insight encourages a culture around a belief that ScaleUp companies and growth create opportunity for all. For more information on Insight and all its investments, visit insightpartners.com or follow us on Twitter @insightpartners.

About YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures manages over $300 million and specializes in cybersecurity. YL Ventures accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of Chief Information Security Officers and global industry leaders. The firm's track record includes successful, high-profile portfolio company acquisitions by major corporations including Palo Alto Networks, Microsoft, CA and Proofpoint.

Heading the fund is Silicon Valley-based Managing Partner Yoav Andrew Leitersdorf, a serial entrepreneur and early-stage investor for over 25 years. Yoav works alongside Partner John Brennan in the U.S., while Partner & Head of Israeli Office Ofer Schreiber leads the Tel Aviv office together with Chief Marketing Officer Sharon Seemann. With a multidisciplinary team of 15 spread across two offices, YL Ventures has engrained itself in both the U.S. and Israeli cybersecurity ecosystems. For more information, visit ylventures.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.