Security operations teams face a daunting task today: fending off malicious hackers and their increasingly sophisticated approaches to cracking into networks. That also represents a gap in the market: building tools to help those security teams do their jobs. Today, an Israeli startup called Rezilion is doing just that — building automation tools for DevSecOps, the area of IT that addresses the needs of security teams and the technical work they need to do in their jobs — it is announcing $30 million in funding. Guggenheim Investments is leading the round, with JVP and Kindred Capital also contributing. Rezilion said unnamed executives from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA, and Tenable are also in the round. Previously, the company had raised $8 million.
Rezilion’s funding is returning from initial solid growth for the startup in its first two years of operations. Its customer base comprises some of the world’s biggest companies, including two “Fortune 10” (the top 10 Fortune 500). (For the record, the top 10 include Amazon, Apple, Alphabet/Google, Walmart, and CVS.) CEO Liran Tancman co-founded Rezilion with CTO Shlomi Boutnaru and said that one of those two is one of the world’s biggest software companies. The other is a major connected device vendor, but he declined to say which. Tankman and Boutnaru had previously co-founded another security startup, Active, acquired by PayPal in 2015; the pair worked there together until leaving to start Rezilion.
Religion focuses on a specific part of DevSecOps: Over the years, large businesses have implemented many processes they need to follow to try to triage and make the most thorough efforts possible to detect security threats. Today, that might involve inspecting every single suspicious piece of activity to determine what the implications might be. There are a lot of tools out in the market now to help automate different aspects of developer and security operations.
The problem is that with the volume of information coming in, taking the time to inspect and understand each piece of suspicious activity can put enormous strain on an organization: It’s time-consuming and, as it turns out, not the best use of that time because of the signal to noise ratio involved. Typically, Tankman said each vulnerability could take 6-9 hours to investigate properly. “But usually about 70-80% of them are not exploitable,” meaning they may be bad for some but not for this particular organization and its code today. That represents an inefficient use of the security team’s time and energy.
“Eight out of ten patches tend to be a waste of time,” Tankman said of today’s approach. He believes that as its AI grows and its knowledge and solution become more sophisticated, “it might soon be nine out of 10.” Religion has built a taxonomy, and an AI-based system that essentially does that inspection work as a human would do: It spots any new or suspicious code, figures out what it is trying to do, and runs it against a company’s existing code and systems to see how and if it might be a threat to it or create further problems down the line. If it’s all good, it essentially allows the code. If not, it flags it to the team.
The product’s stickiness has come out of how Tancman and Boutnaru understand large enterprises, mainly those heavy with technology stocks, operate these days in a very challenging environment for cybersecurity teams. “They are using us to accelerate their delivery processes while staying safe,” Tankman said. “They have strict compliance departments and have to adhere to certain standards,” he added regarding the protocols they take around security work. “They want to leverage DevOps to release that.”
He said Rezilion has largely won over customers for simply understanding that culture and process and helping them work better: “Companies become users of our product because we showed them that, at a fraction of the effort, they can be more secure.” This has particular resonance in the world of tech. However, financial services and other verticals that leverage technology as a significant foundation for operating are also among the startup’s user base. Down the line, Rezilion plans to add remediation and mitigation into the mix to extend further what it can do with its automation tools, which is part of where the funding will be going, too, Boutnaru said. But he doesn’t believe it will ever replace the human in the equation altogether.
“It will just focus them on the places where you need more human thinking,” he said. “We’re just removing the need for tedious work.” In that grand tradition of enterprise automation, it will be interesting to watch which other automation-centric platforms might move into security alongside the other automation they are building. For now, Rezilion is forging an attractive enough area to get investors interested. “Rezilion’s product suite is a game-changer for security teams,” said Rusty Parks, senior MD of Guggenheim Investments, in a statement. “It creates a win-win, allowing companies to speed innovative products and features to market while enhancing their security posture. We believe Rezilion has created a compelling value proposition for security teams that greatly increases return on time while thoroughly protecting one’s core infrastructure.”
Pingback: Automobile Sector: How to Invest in Automobile Brands - My Pro Blog