Security operations teams face a daunting task these days, fending off malicious hackers and their increasingly sophisticated approaches to hack networks. It also represents a gap in the market: creating tools to help these security teams do their jobs. Today, an Israeli startup called Rezilion that is doing just that – building automation tools for DevSecOps, the area of IT that caters to the needs of security teams and the technical work they need to do in their jobs – announces funding of $ 30 million.
Guggenheim Investments leads the round with JVP and Kindred Capital also contributing. Rezilion said anonymous executives from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA and Tenable are also in the running. Previously, the company had raised $ 8 million.
Rezilion’s funding follows strong initial growth by the startup during its first two years in business.
Its client base is made up of some of the world’s largest companies, including two from the “Fortune 10” (the top 10 of the Fortune 500). CEO Liran Tancman, who co-founded Rezilion with CTO Shlomi Boutnaru, said one of these two is one of the largest software companies in the world, and the other is a major supplier of connected devices, but he refused to say which one. (For the record, the top 10 includes Amazon, Apple, Alphabet / Google, Walmart, and CVS.)
Tancman and Boutnaru had previously co-founded another security startup, CyActive, which was acquired by PayPal in 2015; the couple worked there together until they left to launch Rezilion.
There are currently many tools on the market to help automate different aspects of development and security operations. Rezilion is focused on a specific part of DevSecOps: Over the years, large companies have put in place many processes that they must go through to try to sort out and make the most in-depth efforts possible to detect security threats. Today, that may involve inspecting every item of suspicious activity to determine what the implications might be.
The problem is, with the volume of information coming in, taking the time to inspect and understand every element of suspicious activity can put enormous pressure on an organization: It takes time, and it turns out that it doesn’t. isn’t the best use of this time. due to the signal to noise ratio involved. Typically, each vulnerability can take 6 to 9 hours to properly investigate, Tancman said. “But typically about 70-80% of them are not exploitable,” which means they may be bad for some, but not for this particular organization and the code it uses today. This represents a very inefficient use of the security team’s time and energy.
“Eight out of ten fixes tend to be a waste of time,” Tancman said of the approach generally taken today. He believes that as his AI continues to grow and his knowledge and solution become more and more sophisticated, “he could soon be 9 out of 10”.
Rezilion has built a taxonomy and an AI-based system that essentially does this inspection work like a human would: it detects any new or suspicious code, determines what it is trying to do, and executes it against the existing code of a company. and systems to see how and if this could actually be a threat or create other problems down the line. If all goes well, the code is essentially whitelisted. Otherwise, he reports it to the team.
The rigidity of the product is due to the way Tancman and Boutnaru understand that large companies, especially those heavy with technology stacks, are operating in what has become a very difficult environment for cybersecurity teams these days.
“They use us to speed up their delivery processes while staying safe,” Tancman said. “They have strict compliance departments and have to adhere to certain standards,” in terms of the protocols they take around security work, he added. “They want to leverage DevOps to publish this. “
He said that Rezilion has generally won over its customers largely just to understand this culture and this process and help them work better within it: “Companies are becoming users of our product because we have shown them that, for a fraction of the effort, they secure. ”This has a particular resonance in the world of technology, although financial services and other verticals that primarily exploit technology as an important foundation of their operations are also part of the process. user base of the startup.
Ultimately, Rezilion plans to add remediation and mitigation measures to the mix to further expand what it can do with its automation tools, which is also part of the funding destination, Boutnaru said. . But he doesn’t think it will ever completely replace the human in the equation.
“It will just focus them on the places where you need more human thinking,” he said. “We just eliminate the need for tedious work. “
In this great tradition of enterprise automation, it will therefore be interesting to observe what other automation-centric platforms might evolve into security alongside the other automation they are building. For now, Rezilion is carving out an area interesting enough to interest investors.
“Rezilion’s suite of products is a game-changer for security teams,” said Rusty Parks, senior managing director of Guggenheim Investments, in a statement. “This creates a win-win situation, allowing companies to accelerate the time to market of innovative products and features while improving their security. We believe Rezilion has created a truly compelling value proposition for security teams, one that dramatically increases return on time while completely protecting its core infrastructure.