Cycode announces that they have raised $4.6 Million in funding for their solution which specifically protects source code, and is scheduled for GA early next year, when it will become a channel play.
Tel Aviv-based startup Cycode has announced $4.6 million in seed funding for what they consider to be a first of its kind, an engine specifically designed to protect source code from theft, leakage and manipulation, without imposing constraints on developers.
Cycode’s cofounders are Lior Levy, a former Symantec security architect with an Israeli security intelligence background, who is the CEO, and Ronen Slavin, the CTO, who previously was a co-founder and CTO at file system provider Filelock. Filelock was acquired by Reason Cybersecurity in 2018.
Source code security is particularly problematic to protect, both because its high IP value makes it a target for cybercriminals, and because its very nature means that it circulates among developers, and can’t simply be locked away for protection in a vault that has secure access rules.
“There are different methods to try and protect source code,” Levy said. “Some are access based, and allow developers to connect only to an isolated environment.” That’s too restrictive he said, and is a poor fit in today’s distributed developer work culture, where most developers work remotely on multiple devices, and where source code repositories are now spread over the cloud instead of being securely on-prem.
“Source code is difficult to keep secure because to work with it, the developer needs a copy of it on their machine, so it is widely circulated in environments that are hard to protect,” Levy noted.
Existing tools like DLP [Data Loss Prevention] and CASB [Cloud Access and Security Brokers] don’t protect source code well because they are designed and configured to look for other things.
“We have discussed the DLP problem with large enterprise customers,” Levy said. “DLP is seldom configured to detect source code leakage, since it looks for generic code patterns, and as a result, the false positive rate is very high.” CASBs are of limited use because source codes typically reside on diverse hosts and are accessed outside of the repositories that CASBs monitor.
Cycode’s technology is based on the premise that to protect source code without constraining developer productivity, you need to begin by analyzing its entire development and deployment ecosystem to see the paths that it takes.
“Our software first integrates with the source code control system, and analyzes that, to generate a large road map with enforcement tools and policies,” Levy said. “It can then detect behavior that deviates from that, and alert users. This accomplishes the goal of protecting the source code, without interfering with the developer workload.”
Levy said that Cycode is unique in the market.
“Other types of solutions are used to try to deal with this, but we haven’t seen anyone else try to tackle this specific problem,” he said. “The context in which we do it is unique. We are the first product of this kind.”
Cycode is being positioned as something that has value across all verticals, and across companies of all sizes that have valuable software IP.
“We have talked with customers in many different verticals, and they all have the same problem,” Levy indicated. “It’s also not just relevant to larger organizations. We are focusing there at this point, because they understand the value of what we do, and they have the budget to address it, but the market is much broader than that.”
Today, Cycode is selling direct, as an early-stage startup in proof-of-concept stage, but the channel is in their plans.
“Right now, we are direct selling, but once we go to GA, partners will be able to sign up,” Levy said. “I worked at Symantec with many different partners.”
The seed funding round was led by YL Ventures. Security leaders who are participating include Andy Grolnick, LogRhythm’s former president and CEO, Justin Somaini, SAP’s former CSO, and Eyal Gruner, who is Cynet’s co-founder and President.
“We have great investors backing us, and a great advisory board,” Levy said.