Oligo securitya Tel Aviv-based startup focusing on runtime application security and observation to detect and prevent open-source vulnerabilities emerges from stealth today and announces it has raised a total of $28 million in seed and Series A funding has picked up.
The company’s investors include Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners, as well as angel investors such as Mallanox CEO and founder Eyal Waldman, Cnyk CTO Adi Sharabani, and former Google Cloud VP Eyal Manor. Cyber Club London (CCL), Kmehin Ventures and OperAngels also participated. The company also participated in Intel’s Ignite accelerator in 2022.
Oligo’s dashboard, which displays the security status of applications based on runtime context.
Oligo’s technology is based on eBPF, the increasingly popular technology to run sandbox code in the Linux kernel – and thereby access highly granular monitoring capabilities without major overhead. That’s a different approach from other security startups that focus on open-source libraries. Rather than alerting security teams to every potential vulnerability – even if a library isn’t actually used in an application – Oligo focuses on monitoring applications at runtime, both in pre-production and production environments. This ideally reduces unnecessary warnings. Indeed, Oligo claims that 85% of the open-source vulnerabilities that traditional scanners signal to developers are not even used in production.
Co-founded by Nadav Czerwinski (CEO), Gal Elbaz (CTO) and Avshalom Hilu (CPO), Oligo operates in the cloud and supports all major modern programming languages including Python, Go, Java and Node.
“We have our patent-pending technology, which is based on eBPF. It enables us to monitor the runtime environment safely and efficiently and then first identify which vulnerabilities are actually relevant. That saves developers, security teams and DevOps a huge amount of time and money,” explains Czerwinski.
As the team explained, by first observing how each library should work under normal use in different environments, Oligo can detect when something changes – likely due to an exploit. For example, a library like NumPy is usually only used for calculations, but if it suddenly wants to access the network, something is clearly wrong.
“Solving the open source security challenge begins with the ability to accurately assess the true risk of code vulnerabilities,” said Alex Nayshtut, head of security, Intel Strategy Office. “Oligo is set up to increase AppSec team productivity and mitigate the risk of using open source by contextually prioritizing vulnerabilities based on actual versus perceived risk.”
