Snyk:获融$22M 发力开源代码安全
【180925 Techcrunch】Open source software is now a $14 billion+ market and growing fast, in use in one way or another in 95 percent of all enterprises. But that expansion comes with a shadow: open source components can come with vulnerabilities, and so their widespread use in apps becomes a liability to a company’s cybersecurity.
Now, a startup out of the UK called Snyk, which has built a way to detect when those apps or components are compromised, is announcing a $22 million round of funding to meet the demand from enterprises wanting to tackle the issue head on.
Led by Accel, with participation from GV plus previous investors Boldstart Ventures and Heavybit, this Series B notably is the second round raised by Snyk within seven months — it raised a $7 million Series A in March. That’s a measure of how the company is growing (and how enthusiastic investors are about what it has built so far). The startup is not disclosing its valuation but a source close to the deal says it is around $100 million now (it’s raised about $33 million to date).
As another measure of Snyk’s growth, the company says it now has over 200 paying customers and 150,000 users, with revenues growing five-fold in the last nine months. In March, it had 130 paying customers.
Snyk plays squarely in the middle of how the landscape for enterprise services exists today. It provides options for organisations to use it on-premises, via the cloud, or in a hybrid version of the two, with a range of paid and free tiers to get users acquainted with the service.
Guy Podjarny, the company’s CEO who co-founded Snyk with Assaf Hefetz and Danny Grander, explained that Snyk works in two parts. First, the startup has built a threat intelligence system “that listens to open source activity.” Tapping into open-conversation platforms — for example, GitHub commits and forum chatter — Snyk uses machine learning to detect potential mentions of vulnerabilities. It then funnels these to a team of human analysts, “who verify and curate the real ones in our vulnerability DB.”
Second, the company analyses source code repositories — including, again, GitHub as well as BitBucket — “to understand which open source components each one uses, flag the ones that are vulnerable, and then auto-fix them by proposing the right dependency version to use and through patches our security team builds.”
Open source components don’t have more vulnerabilities than closed source ones, he added, “but their heavy reuse makes those vulnerabilities more impactful.” Components can be used in thousands of applications, and by Snyk’s estimation, some 77 percent of those applications will end up with components that have security vulnerabilities. “As a result, the chances of an organisation being breached through a vulnerable open source component are far greater than a security flaw purely in their code.”
Podjarny says the plan is not to tackle proprietary code longer term but to expand how it can monitor apps built on open source.
“Our focus is on two fronts – building security tools developers love, and fixing open source security,” he said. “We believe the risk from insecure use of open source code is far greater than that of your own code, and is poorly addressed in the industry. We do intend to expand our protection from fixing known vulnerabilities in open source components to monitoring and securing them in runtime, flagging and containing malicious and compromised components.”
While this is a relatively new area for security teams to monitor and address, he added that the Equifax breach highlighted what might happen in the worst-case scenario if such issues go undetected. Snyk is not the only company that has identified the gap in the market. Black Duck focuses on flagging non-compliant open source licences, and offers some security features as well.
However, it is Snyk — whose name derives from a play on the word “sneak”, combined with the acronym meaning “so now you know” — that seems to be catching the most attention at the moment.
“Some of the largest data breaches in recent years were the result of unfixed vulnerabilities in open source dependencies; as a result, we’ve seen the adoption of tools to monitor and remediate such vulnerabilities grow exponentially,” said Philippe Botteri, partner at Accel, who is joining the board with this round. “We’ve also seen the ownership of application security shifting towards developers. We feel that Snyk is uniquely positioned in the market given the team’s deep security domain knowledge and developer-centric mindset, and are thrilled to join them on this mission of bringing security tools to developers.”
- 点击【阅读原文】查看Snyk各轮融资详情 -
更多网安创投资讯
【整体并购】Bitdefender:并购SMS eTech 加速拓展澳洲市场
【反欺诈】Ravelin:获融$8M 用机器学习对抗电商欺诈
【IoT】HawkEye 360:获融$5.3M 专注射频数据分析
【代码安全】Sonatype:获融$80M 专注开源安全检测
【网络安全】AnchorFree:VPN创企 获融$2.95亿
【合规风控】SynapseFI:致力于银行与Fintech融合 获融$1700万
【数据安全】AirTrunk: 超大规模数据中心 获融$6.21亿
【数据安全】Cloudian:企业数据管理 获融$9400万
【业务安全】扼制假消息 New Knowledge获融$1100万
【云安全】基于AI的云安全平台 Lacework获融$2400万
【安全管理】第三方网络风险管理 RiskRecon获融$2500万
【安全检测】AI驱动网安测评 RiskSense获融$1200万
【公共安全】智能城市及关键基础设施网安 iS5Com获融$1700万
【网安并购】Cisco以$23.5亿并购云身份认证创企DUO
【网安并购】Mimecast以$8800万并购威胁防护创企Solebit
【数据安全】敏感数据自动化管控 Integris获融$1000万
【金融风控】基于AI的反洗钱创企 ThetaRay获融$3000万
【邮件安全】机器学习驱动企业邮件安全 Tessian获融$1300万
【安全管理】数字资产安全创企 Panaseer获融$1000万
【端点安全】终端安全创企 CrowdStrike宣布获融$2亿
【安全检测】基于osquery的安全分析平台 Uptycs获融$1000万
【端点安全】基于AI的威胁防护 Cylance获融$1.2亿
【邮件安全】防止邮箱被人盗用 Valimail获融$2500万
【IoT】工业网安创企 Claroty获$6000万B轮融资
【业务安全】合规与自动化数据分类 DocAuthority获融$1000万
【安全管理】以色列国防级SOC Cyberbit获融$3000万
【安全管理】企业网安合规与风控 CyberSaint 获融$300万
【安全管理】企业级移动安全管理 Corrata获融€130万
【二级市场】360拟私募¥108亿 发力大数据、AI等九大方向
【应用安全】去服务器应用安全 Protego Labs获融$200万
【应用安全】SAP系统安全 ERP-Maestro获融$1200万
【威胁情报】LookingGlass并购高盛系威胁情报平台Sentinel
【移动安全】生物识别创企 SecuredTouch获融$800万
【应用安全】企业级应用安全 Onapsis获$3100万C轮融资
【IoT】车联网及无人驾驶安全 Karamba获融$1000万
【端点安全】下一代端点安全 Carbon Black拟在纳斯达克上市融资$1亿
【网络安全】软件即服务WAF Threat X获$820万A轮融资
【IoT】无人机探测雷达 Fortem获$1500万A轮融资
【区块链】金融数据安全 Spring Labs获融$1475万
【IoT】嵌入式设备安全 Red Balloon获$2190万A轮融资
【智能安防】机器人保安 Cobalt Robotics获融$1650万
【端点安全】进程监控 实时防护 Virsec获$2400万B轮融资
【企业并购】Palo Alto将$3亿收购云安全创企Evident.io
【云安全】混合云应用访问权限管理 Luminate获$1400万
【IoT】无人机驾驶安全 Airspace Systems获融$2000万
【威胁防护】通过无代码区识别恶意代码 Solebit 获融$1100万
【云安全】以插件代位WAF Templarbit获融$300万
【反欺诈】Proofpoint$2.25亿并购反钓鱼创企Wombat
【数据安全】帮助企业应对GDPR BigID获$1400万融资
【端点安全】混合架构协调效率与安全 Hysolate获$800万融资
【智能安防】巡逻机器人Knightscope获$2500万融资
【IoT】以色列创企VDOO获83North $1300万投资
【威胁情报】SaaS平台Anomali获$4000万D轮融资
【安全管理】外包SOC服务 Arctic Wolf获$1600万融资
【IoT】韩企Security Platform获软银$278万投资
【IoT】云车联网安全 Upstream获$900万A轮融资
【云安全】软件定义安全 ShieldX获$2500万B轮融资
【IoT】防护80亿个IoT终端 Cog获$350万A轮融资
【云安全】反恶意威胁云平台 Menlo获$4000万C轮融资
【移动安全】实时APP防护 Prevoty获$1300万B轮融资
【物联网】Tortuga Logic获融$200万打造芯片级安全
【威胁情报】ThreatQuotient获$3000万C轮融资
【智能安防】AI视频监控平台 博思廷获融¥3000万A+轮融资
【邮件安全】Proofpoint以$1.10亿收购Cloudmark
【工控安全】Enview通过AI及3D技术监控老旧管线获$600万A轮融资
【暗网监控】Recorded Future获$2500万E轮融资
【NAC】网络访问控制创企ForeScout上市融资$1.16亿
【网安测评】SecurityScorecard获诺基亚$2750万C轮融资
【威胁防护】实时防护创企Capsule8获$600万A轮融资
【容器安全】Aqua Security获$2500万B轮融资
【暗网防护】Digital Shadows获$2600万C轮融资
【反病毒】在初始阶段阻止病毒,AppGuard获3000万美元B轮融资