Startup Apiiro raises $100M to secure software supply chain

Application Security
Next-generation technologies and secure development

Startup AppSec walks away from reported Palo Alto deal in favor of $100M Series B funding

Idan Plotnik, Co-Founder and CEO, Apiiro (Image: Apiiro)

A startup that was reportedly almost acquired by Palo Alto Networks for $600 million has instead raised $100 million to go ahead on its own.

See also: On demand | API Protection – Your API Protection Strategy

Israeli application security vendor Apiiro plans to use the B-series product to strengthen its ability to analyze code and developer activities across the software supply chain by improving its workflow engine. development and risk remediation,” said Idan Plotnik, co-founder and CEO. The funding round was led by General Catalyst, which Plotnik says will provide input from the CTO and CIO communities (see: Human will merge with PerimeterX to thwart bot attacks and fraud).

“We’ve developed a very unique technology, and we’re solving a very, very difficult problem for CISOs and CIOs,” Plotnik told Information Security Media Group. “And we said, ‘Hey, this is a good time to explode. “”

The funding announcement comes less than seven weeks after Israeli trade publication Calcalist reported that platform security giant Palo Alto Networks had reached an agreement to buy Apiiro. But Calcalist reported two weeks ago that Palo Alto and Apiiro abandoned their negotiations after the two sides stayed apart on a proper assessment for Apiiro.

“Most cybersecurity giants believe that with money they can solve their culture and the cacophony of their products,” says Plotnik, who sold user and entity behavior analytics pioneer Aorato. at Microsoft in 2014. “And in my experience at Microsoft, it’s not We want to build a multi-billion dollar company in the next two years. That’s our goal, and we’re focused on that mission .

How Apiiro plans to spend the money

Apiiro’s Risk Graph connects code from the design phase through build and runtime to identify the most critical risks and wrap much-needed context around small pieces of information, he says. For example, the software can piece together instances of Log4j within an organization that are exposed to the Internet, live in high-business-impact applications, and could lead to the theft of personally identifiable information, Plotnik says.

Plotnik plans to use the $100 million to enrich Risk Graph with more code components and data points so it’s more comprehensive in small, medium, and large organizations, Plotnik says. The C-Series product will also be used to expand to more development and programming languages, he said.

Meanwhile, the company’s remediation workflow engine can help developers and security engineers proactively resolve risks before applications are delivered to the cloud, Plotnik says. The tool allows defense managers to define security requirements in their governance or workflow engine and prevent developers from delivering code that violates corporate governance procedures, according to Plotnik.

Apiiro’s engine today connects to CI/CD tools such as Slack, Microsoft Teams, Jira, and GitHub, and Plotnik wants to expand the engine’s ability to handle complex information as well as its integration into systems that interest users. clients.

“We want to finally solve the agility versus security issue that occurs between the CISO and the CIO,” says Plotnik. “That’s the big mission we’re aiming for.”

What success looks like for Apiiro

From a metrics perspective, Apiiro tracks annual recurring revenue growth as well as the effectiveness of its teams to ensure that the company is on track to generate profits in a short period of time, Plotnik explains. The company will define and measure efficiency everywhere, from engineering to sales, to ensure that Apiiro doesn’t fall into the growth-at-all-costs trap like so many other cybersecurity startups have.

“Every company in Israel now lays off 100, 150 or 200 people,” Plotnik says. “I don’t want to be there for the next two years.”