Backed by leading VC firms, prominent cyber entrepreneurs and security investment syndicates to secure open source libraries with precision and accuracy
Oligo Security today announced it has exited stealth with $28 million in funding and industry-leading customers for its runtime application security and observability solution that allows enterprises to detect and prevent open source code vulnerabilities in their applications without affecting performance. Founded by CEO Nadav Czerninski, CTO Gal Elbaz (previously with Check Point) and CPO Avshalom Hilu, all former officers in the Israel Defense Force’s elite cyber units, Oligo applies their expertise in application security to bring precision and accuracy to AppSec.
The Seed and Series A funding was raised in nine months from Lightspeed Venture Partners, Ballistic Ventures, TLV Partners, venerated cybersecurity entrepreneur and investor Shlomo Kramer, and a roster of prominent angel investors including Eyal Waldman, CEO and founder at Mellanox Technologies, Adi Sharabani, CTO at Snyk, and Eyal Manor, former GM/VP at Google Cloud and now Chief Product and Engineering Officer at Twilio.
Oligo’s solution has already been adopted by leading companies in computer technology, analytics software, global commercial real estate and investment services, as well as online financial services.
2022 – Record year in attacks through open source
Open source code comprises 80 to 90 percent of modern software, providing an attractive attack vector for nation states and cybercriminals. While awareness of the need for open source code security is rising, existing software composition analysis (SCA) solutions fall short leaving organizations exposed. They are noisy, producing large volumes of false positives and do not provide runtime application context for prioritization.
2022 which began with the Log4Shell attack that compromised hundreds of millions of devices and left enterprises defenseless, was followed by additional exploits such as Text4Shell, Spring4Shell, OpenSSL, PyTorch and ‘colors’ and ‘faker.’ These attacks illustrate the main gaps that still exist in the security of open source libraries and the need to change the approach.
How Oligo is different
Oligo’s dynamic library-level analysis and behavior monitoring technology instantly identifies vulnerabilities in running packages and prioritizes fixes based on application context, saving expensive development time by focusing on the actual attack surface. The solution also alerts only when there is a deviation from a library’s permission policy, indicating suspicious activity. The solution is fast and efficient by design, using a proprietary eBPF*-based engine to precisely detect vulnerabilities and prevent attacks while maintaining application stability.
“After Oligo’s co-founder, Gal Elbaz, discovered that a widely used app like Instagram could be easily compromised by misusing an open source library, we realized that there is a significant gap in the way the market currently addresses open source security,” said Nadav Czerninski, Oligo Security’s CEO and co-founder. “We zeroed in on a protection method that inspects each library in runtime or staging, allowing us to precisely identify attacks in cases of deviations and to fix the vulnerabilities that matter.”
Oligo’s patent-pending technology profiles the legitimate behavior of each library, creating a knowledge base of libraries’ profiles and alerting or blocking whenever a library activity is not as expected. Working at the library level, the Oligo platform enables quick and effective performance while maintaining high stability of the application.
“Solving the open source security challenge starts with the ability to accurately assess the actual risk of code vulnerabilities,” said Alex Nayshtut, Head of Security at Intel Strategy Office. “Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual versus perceived risk.”
Roster of Angel Investors
An exceptional group of industry leaders and angels have shown their trust in the company’s vision, among them: Shlomo Kramer, co-founder and CEO of Cato Networks; Eyal Waldman, CEO and founder of Mellanox Technologies; Eyal Manor, former GM/VP of Google Cloud and the Chief Product and Engineering Officer of Twilio; Adi Sharabani, CTO of Snyk; Zohar Alon, founder of Dome9 Security; Guy Bejerano, CEO and co-founder of SafeBreach; Shai Morag, CEO and co-founder of Ermetic; Ofer Ben-Noon and Ohad Bobrov, co-founders of Talon Cyber Security; and Yair Amit, Snyk advisor and former CTO of Skycure. Syndicates include Cyber Club London (CCL), Kmehin Ventures and OperAngels.
“Ultimately, businesses live and die based on the resiliency of their production environments. But historically, security for these runtime environments created significant trade offs for engineering and security teams to consider. Oligo’s breakthrough approach is the first to offer true runtime security and observability for all production stakeholders without any compromises,” said Jake Seid, co-founder and general partner at Ballistic Ventures.
“Enterprises across all industries, including the major commercial software providers, have embraced open source development. This creates a significant market opportunity for a fast and effective open source security solution. We think Oligo’s unique approach, which combines precision and accuracy with minimal overhead, is what the market is looking for. We are impressed with the speed at which this team is moving to get this solution enterprise ready,” said Yoni Cheifetz, partner at Lightspeed Venture Partners.
In a few weeks, Oligo will host a panel of application security experts to discuss the issues surrounding open source security and the difficulty the market is facing. For more information and to register visit 2022—the year of endless attacks—are we doomed to be breached?