Oligo raises $28M to secure open-source libraries at runtime • TechCrunch

Oligo Security, a Tel Aviv-based startup focused on runtime application security and observability to detect and prevent open source vulnerabilities, today emerged from stealth with seed and Series A funding. announced that it has raised a total of $28 million.

The company’s investors include Lightspeed Venture Partners, Ballistic Ventures, TLV Partners, and angel investors including Mallanox CEO and founder Eyal Waldman, Cnyk CTO Adi Sharabani, and former Google Cloud VP Eyal Manor. included. Cyber ​​Club London (CCL), Kmehin Ventures and OperAngels also attended. The company will also join Intel’s Ignite accelerator in 2022.

Oligo dashboard. Presents an application's security posture based on its runtime context.

Oligo dashboard. Presents an application’s security posture based on its runtime context.

Oligo’s technology is based on eBPF. eBPF is an increasingly popular technology for running sandboxed code in the Linux kernel. So you get access to very detailed monitoring capabilities without a lot of overhead. This is a different approach than other security startups that focus on open source libraries. Instead of alerting security teams to all potential vulnerabilities, even if the library is not actually used in the application, Oligo monitors the application at runtime, both in pre-production and production environments. is focused on. This ideally reduces unnecessary alerts. In fact, Oligo claims that 85% of the open source vulnerabilities that traditional scanners flag developers are not even used in production.

Co-founded by Nadav Czerwinski (CEO), Gal Elbaz (CTO) and Avshalom Hilu (CPO), Oligo works across clouds and supports all major modern programming languages ​​such as Python, Go, Java and Node. increase.

“We have a patent-pending technology based on eBPF that allows us to safely and efficiently monitor our runtime environment and identify real-world relevant vulnerabilities first. , security teams, and DevOps will save a lot of time and money,” explains Czerwinski.

As the team explained, Oligo first observed how all the libraries performed under normal usage in different environments, so that something was changed that was likely caused by an exploit. can detect that For example, libraries like NumPy are usually only used for computation, but if you suddenly want network access, something is clearly wrong.

Alex Nayshtut, Security Officer, Intel Strategy Office, said: “Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual and perceived risks. It has been.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *