Application Security , Next-Generation Technologies & Secure Development

Startup Apiiro Raises $100M to Secure Software Supply Chain

AppSec Startup Forgoes Reported Palo Alto Deal In Favor of $100M Series B Funding
Startup Apiiro Raises $100M to Secure Software Supply Chain
Idan Plotnik, co-founder and CEO, Apiiro (Image: Apiiro)

A startup that was reportedly almost acquired by Palo Alto Networks for $600 million has instead raised $100 million to forge ahead on its own.

See Also: Episode 3: Detect and Defeat Modern Cyber Attacks

Israeli application security vendor Apiiro plans to use the Series B proceeds to strengthen its ability to analyze code and developer activities across the software supply chain by enhancing its developer Risk Graph and remediation workflow engine, says Idan Plotnik, co-founder and CEO. The funding round was led by General Catalyst, which Plotnik says will provide perspective from the CTO and CIO communities (see: Human to Merge with PerimeterX to Thwart Bot Attacks, Fraud).

"We developed a very unique technology, and we're solving a very, very tough problem for CISOs and CIOs," Plotnik tells Information Security Media Group. "And we said, 'Hey, this is the right time to explode.'"

The funding announcement comes less than seven weeks after Israeli business publication Calcalist reported that platform security giant Palo Alto Networks was closing in on a deal to buy Apiiro. But Calcalist reported two weeks ago that Palo Alto and Apiiro abandoned their negotiations after the two sides remained far apart on an appropriate valuation for Apiiro.

"Most of the cybersecurity giants out there think that with money they can solve their culture and product cacophony," says Plotnik, who sold user and entity behavior analytics pioneer Aorato to Microsoft in 2014. "And from my experience at Microsoft, this is not the case. We want to build a multi-billion dollar company in the next two years. This is our goal, and we are laser-focused on this mission."

How Apiiro Plans to Spend the Money

Apiiro's Risk Graph connects the code from the design phase to build and runtime to pinpoint the most critical risks and wrap much-needed context around small pieces of information, he says. For instance, the software can piece together which instances of Log4j within an organization are exposed to the internet, live within high business-impact apps and could lead to the theft of personal identifiable information, says Plotnik.

Plotnik plans to use the $100 million to enrich Risk Graph with more code components and data points so that it's more comprehensive across small, midsized and large organizations, Plotnik says. The Series C proceeds will also be used to expand to more developer and programming languages, he says.

Meanwhile, the company's remediation workflow engine can help developers and security engineers proactively fix risk before applications are delivered to the cloud, Plotnik says. The tool allows defense leaders to define security requirements in their governance or workflow engine and block developers from delivering code that's in violation of the company's governance procedures, according to Plotnik.

Apiiro's engine today connects to CI/CD tools such as Slack, Microsoft Teams, Jira and GitHub, and Plotnik would like to expand the engine's ability to handle complex information as well as its integration into systems that are of interest to customers.

"We want to finally solve the agility versus security problem that happens between the CISO and the CIO," Plotnik says. "This is the big mission that we are targeting."

What Success Looks Like for Apiiro

From a metrics standpoint, Apiiro is tracking annual recurring revenue growth as well as the efficiency of its teams to ensure the company is on track turn a profit in a short period of time, Plotnik says. The company will define and measure efficiency everywhere from engineering to sales to ensure Apiiro doesn't fall into the trap of growing at all costs like so many other cybersecurity startups have done.

"Every company in Israel is now firing 100, 150 or 200 people," Plotnik says. "I don't want to be there in the next two years."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.