Oligo Security, a Tel Aviv-based startup that focuses on runtime application security and observability to detect and prevent open source vulnerabilities, is coming out of secrecy today and announcing that it has raised a total of $28 million in Series A seed and funding.
The company’s investors include Lightspeed Venture Partners, Ballistic Ventures and TLV Partners, as well as angel investors such as Mallanox CEO and Founder Eyal Waldman, Cnyk CTO Adi Sharabani and former Google Cloud Vice President Eyal Manor. Cyber Club London (CCL), Kmehin Ventures and OperAngels also participated. The company also participated in Intel’s Ignite accelerator in 2022.
Oligo’s technology is based on eBPF, the increasingly popular technology for running sandboxed code in the Linux kernel — and getting access to very detailed monitoring features because of it, without huge overhead. This is a different approach than other security startups that focus on open source libraries. Rather than alerting security teams to every potential vulnerabilities — even if a library isn’t actually used in an application — Oligo focuses on monitoring applications at runtime, in both pre-production and production environments. . This ideally reduces unnecessary alerts. In fact, Oligo argues that 85% of open source vulnerabilities that traditional scanners flag to developers aren’t even used in production.
Co-founded by Nadav Czerwinski (CEO), Gal Elbaz (CTO) and Avshalom Hilu (CPO), Oligo runs on clouds and supports all major modern programming languages including Python, Go, Java and Node.
“We have our patent-pending technology based on eBPF. It allows us to safely and efficiently monitor the runtime environment and then first identify which vulnerabilities are really relevant. This saves a lot of time and money for developers, security teams and DevOps,” explained Czerwinski.
As the team explained, by first looking at how each library should work in normal use in different environments, Oligo can detect when something changes – likely due to an exploit. A library like NumPy, for example, is normally only used for calculations, but if it suddenly wants to access the network, something is clearly wrong.
“Solving the open source security challenge starts with being able to accurately assess the true risk of code vulnerabilities,” said Alex Nayshtut, head of security at Intel Strategy Office. “Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual versus perceived risk.”