BluBracket scores $6.5M seed to help secure code in distributed environments

BluBracket, a new security startup from the folks who brought you Vera, came out of stealth today and announced a $6.5 million seed investment. Unusual Ventures led the round with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

The company was launched by Ajay Arora and Prakash Linga, who until last year were CEO and CTO respectively at Vera, a security company that helps companies secure documents by having the security profile follow the document wherever it goes.

Arora says he and Linga are entrepreneurs at heart, and they were itching to start something new after more than five years at Vera. While Arora still sits on the Vera board, they decided to attack a new problem.

He says that the idea for BluBracket actually came out of conversations with Vera customers, who wanted something similar to Vera, except to protect code. “About 18-24 months ago, we started hearing from our customers, who were saying, ‘Hey you guys secure documents and files. What’s becoming really important for us is to be able to share code. Do you guys secure source code?'”

That was not a problem Vera was suited to solve, but it was a light bulb moment for Arora and Linga, who saw an opportunity and decided to seize it. Recognizing the way development teams operated has changed, they started BluBracket and developed a pair of products to handle the unique set of problems associated with a distributed set of developers working out of a Git repository — whether that’s GitHub, GitLab or BitBucket.

The first product is BluBracket CodeInsight, which is an auditing tool, available starting today. This tool gives companies full visibility into who has withdrawn the code from the Git repository. “Once they have a repo, and then developers clone it, we can help them understand what clones exist on what devices, what third parties have their code, and even be able to search open source projects for code that might have been pushed into open source. So we’re creating what we call a blueprint of where the enterprise code is,” Arora explained.

The second tool, BluBracket CodeSecure, which won’t be available until later in the year, is how you secure that code including the ability to classify code by level importance. Code tagged with the highest level of importance will have special status and companies can attach rules to it like that it can’t be distributed to an open source folder without explicit permission.

They believe the combination of these tools will enable companies to maintain control over the code, even in a distributed system. Arora says they have taken care to make sure that the system provides the needed security layer without affecting the operation of the continuous delivery pipeline.

“When you’re compiling or when you’re going from development to staging to production, in those cases because the code is sitting in Git, and the code itself has not been modified, BluBracket won’t break the chain,” he explained. If you tried to distribute special code outside the system, you might get a message that this requires authorization, depending on how the tags have been configured.

This is very early days for BluBracket, but the company takes its first steps as a startup this week and emerges from stealth next week at the RSA security conference in San Francisco. It will be participating in the RSA Sandbox competition for early security startups at the conference, as well.