SAN FRANCISCO–(BUSINESS WIRE)–Cycode, the leader in software supply chain security, today announced a $56M Series B round led by New York-based global private equity and venture capital firm, Insight Partners. YL Ventures, a global VC firm specializing in Israeli cybersecurity investments, who led Cycode’s seed investment, also participated in the round. The funding, one of the largest Series B rounds ever in Application Security (AppSec), comes on the heels of Cycode’s $20 million Series A funding in May of 2021. This round brings the total investment to $81 million.
Cycode has capitalized on the convergence of several technology trends to achieve explosive growth. Since it first began selling in 2020, the company has acquired dozens of customers, ranging from large Fortune 500 enterprises to rapidly growing startups. Moreover, in just the first three quarters of 2021 Cycode increased ARR 7x.
As software engineering and DevOps teams have adopted new tools, the tools themselves have become attack surfaces. While, in previous eras AppSec teams secured development tools, today, they are rarely responsible for doing so. In a survey of 176 technology executives, fewer than 22% of organizations have AppSec teams responsible for securing these key development tools and processes.
Which team is responsible for securing the following development tools?:
- Source Control Management (e.g. GitHub) = 21% AppSec
- Build Tools (e.g. Jenkins) = 16% AppSec
- Infrastructure-as-Code (e.g. Kubernetes) = 13% AppSec
- Containers (e.g. Docker) = 12% AppSec
- Cloud providers (e.g. AWS) = 21% AppSec
While DevOps automation drives efficiency in the software development life cycle (SDLC), the interconnectedness also facilitates lateral movement between tools, systems, and resources across the software supply chain.
Source control management systems (SCM) are becoming the hub of many organizations’ SDLC. “In order to truly shift left, security teams need to put as much emphasis on securing the development environment as they do production,” said Kevin Paige, CISO at Flexport. “From the SCM, attackers have access to source code, they can modify CI/CD settings, tamper with code, steal credentials, provision vulnerable cloud infrastructure, and more.”
The frequency and severity of software supply chain attacks are increasing significantly. According to the European Union Agency for Cybersecurity, supply chain attacks are expected to increase 400% from 2020 to 2021. Furthermore, Gartner predicts by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.
Cycode addresses software supply chain security with a platform that provides visibility, security, and integrity across all phases of the SDLC. Through integrations with DevOps tools and infrastructure, Cycode hardens security postures and implements consistent governance policies. Risk of software supply chain breach is further reduced by scanning for hardcoded secrets, infrastructure as code misconfigurations, code leaks, improper access, and more. Cycode’s knowledge graph then creates a comprehensive mapping of the software supply chain—including security violations, user activity, and other events across the SDLC—to prioritize risk, find anomalies, and prevent code tampering.
“While development tools have never been more integrated, prior to Cycode, relevant DevOps security data remained siloed and inaccessible to most AppSec teams. The increasing complexity and interconnectedness of the modern SDLC means that we can no longer ignore seemingly innocuous data as harmless,” said James Robinson, Deputy CISO at Netskope. “Security teams need tools that plug in to their processes and understand how events and user behaviors relate to each other across each phase of the SDLC. Cycode’s knowledge graph delivers contextual insight to prioritize risk and gets more powerful with each new tool we plug into it.”
Equally important to solving real customer pain points has been Cycode’s ease-of-deployment and rapid time-to-value. Fewer and fewer organizations have tolerance for long deployments with heavy professional services build-outs. In sharp contrast, Cycode typically installs in minutes and delivers immediate visibility across customers’ entire SDLC.
“Cycode’s pre-built network of integrations made onboarding a snap,” said Joshua Danielson, CISO of Copart. “It’s rare for an enterprise of our size to onboard new vendors quickly and seamlessly. However, Cycode flawlessly connected to all of our key tools and delivered immediate value.”
“Simply put, software supply chains are highly vulnerable, absent, thoughtful security measures,” said Jon Rosenbaum, principal at Insight Partners. “Cycode’s leadership in securing DevOps pipelines meets developers where they are while giving CISOs peace of mind. There has been a continually increasing demand for Cycode’s solutions, and we’re excited to continue to support the business as it doubles down on R&D and go-to-market efforts into the ScaleUp phase of growth.”
Cycode intends to use the funds to fuel sales growth and accelerate development of its product roadmap. Cycode is expanding its go-to-market capabilities by building a partner-friendly ecosystem of both channel and technology alliances. Engineering will focus on expanding Cycode’s pre-built integration network to include 3rd party security tools, deepening user behavior analytics and anomaly detection capabilities and continuing to enhance its knowledge graph to enable deep investigation of breach paths through an interactive link analysis-based interface.
“The key to modern AppSec is centralizing and mapping events and metadata across the SDLC such that it becomes easy to determine when disparate activities add meaningful context to each other,” said Lior Levy, co-founder & CEO of Cycode. “With each new integration, our knowledge graph becomes smarter. Hence, one of our goals is to integrate with every software delivery and AppSec tool to determine how each dot is connected and when it’s relevant.”
“What’s so exciting about this company is the comprehensiveness of its vision for SDLC security,” said John Brennan, Partner at YL Ventures. “From day one, Cycode’s approach has supported a vision that surpasses anything that currently exists in the space, making it one of the fastest growing AppSec companies in the industry. This is the kind of platform solution that CISOs envision when aiming to solve big problems with robust solutions.”
Cycode is a complete software supply chain security solution that provides visibility, security, and integrity across all phases of the SDLC. Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks and more. Cycode’s knowledge graph tracks code integrity, user activity, and events across the SDLC to prioritize risk, find anomalies, and prevent code tampering.
About Insight Partners
Insight Partners is a leading global venture capital and private equity firm investing in high-growth technology and software ScaleUp companies that are driving transformative change in their industries. Founded in 1995, Insight Partners has invested in more than 400 companies worldwide and has raised through a series of funds more than $30 billion in capital commitments. Insight’s mission is to find, fund, and work successfully with visionary executives, providing them with practical, hands-on software expertise to foster long-term success. Across its people and its portfolio, Insight encourages a culture around a belief that ScaleUp companies and growth create opportunity for all. For more information on Insight and all its investments, visit insightpartners.com or follow us on Twitter @insightpartners.
About YL Ventures
YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures manages over $300 million and specializes in cybersecurity. YL Ventures accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of Chief Information Security Officers and global industry leaders. The firm’s track record includes investment in Israeli cybersecurity unicorns Axonius and Orca Security, as well as successful, high-profile portfolio company acquisitions by major corporations including Palo Alto Networks, Microsoft, CA and Proofpoint. For more information, visit ylventures.com.