At a time when large rounds are a thing of the past, especially in the early stages, Apiiro, an applications security startup, announced a $100 million Series B today from several top-shelf Silicon Valley firms.
What is attracting this kind of investment in a time when investors otherwise are in a period of belt tightening?
The company is working to help developers and security operations find and solve issues that could result in vulnerabilities, and do so in a proactive manner, says company co-founder and CEO Idan Plotnik.
“Developers and application security engineers today are literally overwhelmed with siloed tools, manual risk assessment processes and too many alerts with false positives without any context. Apiiro helps developers and application security engineers to proactively fix the most critical risks to the business with actionable context using one solution,” he explained.
Unlike similar tools, Apiiro isn’t just checking the CI/CD pipeline or production for vulnerabilities, it starts at the design phase. “Before you start to code, at the design phase when you just create a user story with a new feature request, we analyze the text and raise a flag when a potential risky feature is requested,” he said.
Beyond that, the company is aiming to be a set of guard rails for the development team as the application moves through design, building and production. What’s more, Plotnik says, it is not simply about pointing out potential vulnerabilities like Log4j, it’s finding the ones that could matter most to the team. That can help cut down on the noise and limit the number of fixes.
“Let's say in my code base that I have 5,000 Log4j instances with a CVSS score (risk assessment score) of 10, but in your runtime you have only 100 of them and only 50 of them are actually exposed to the internet in a high business impact application. This is why we're looking at context… to make sure developers fix only the most critical risks, ones that attackers can actually exploit,” Plotnik said.
Quentin Clark, managing director at lead investor, General Catalyst, says that his firm invested this kind of money because security is a category that’s constantly changing and they saw a lot of potential here.
“Security is one of these areas where you have to sort of rebuild the tooling to keep up with the changes in the development and operating platforms. So as the environment in which applications are being built changes so too must security tools, and so there's an opportunity to go build a big important company here,” Clark told TechCrunch.
It probably doesn’t hurt that Plotnik reports that the company grew ARR 400% in the third quarter. The startup is up to 90 employees and it will be doubling in the coming year with the help of this substantial investment.
He says that building a diverse workforce is one of the company’s five core values, and as he scales the company up, he is trying to adhere to that. “We proactively hire women, and we are also trying to train people to get into the software engineering and cybersecurity space [to expand the available pool of underrepresented applicants],” he said.
Today’s $100 million round was led by General Catalyst with participation by Greylock and Kleiner Perkins. The company did not share the valuation. The total raised so far is $135 million, per Crunchbase.
It's worth noting that in September, Israeli business publication Globes was reporting rumors that Palo Alto Networks was interested in buying the company for around $550 million. Last month Jewish Business News reported that the talks had broken down and the company was looking for additional funding.