Oligo Security, a Tel Aviv-based startup that focuses on runtime application security and observability to detect and prevent open source vulnerabilities, is coming out of stealth today and announcing that it has raised a total of $28 million in seed and Series A funding.
The company’s investors include Lightspeed Venture Partners, Ballistic Ventures and TLV Partners, as well as angel investors like Mallanox CEO and founder Eyal Waldman, Snyk CTO Adi Sharabani and former Google Cloud VP Eyal Manor. Cyber Club London (CCL), Kmehin Ventures and OperAngels also participated. The company also participated in Intel’s Ignite accelerator in 2022.
Oligo’s technology is based on eBPF, the increasingly popular technology to run sandboxed code in the Linux kernel — and gain access to very detailed monitoring capabilities because of that without any major overhead. That’s a different approach from other security startups that focus on open source libraries. Instead of alerting security teams to every potential vulnerability — even if a library isn’t actually used in an application — Oligo focuses on monitoring applications at runtime, both in pre-production and production environments. This, ideally, cuts down on unnecessary alerts. Indeed, Oligo argues that 85% of open source vulnerabilities that traditional scanners flag to developers aren’t even used in production.
Co-founded by Nadav Czerninski (CEO), Gal Elbaz (CTO) and Avshalom Hilu (CPO), Oligo works across clouds and supports all major modern programming languages, including Python, Go, Java and Node.
“We have our patent-pending technology, which is based on eBPF. It allows us to safely and efficiently monitor the runtime environment and then first identify which vulnerabilities are actually relevant. That saves tons of time and money for developers, for security teams, for DevOps,” explained Czerninski.
As the team explained, in first observing how every library should work in normal usage across different environments, Oligo can then detect when something changes — likely because of an exploit. A library like NumPy, for example, is typically only used for computations, but if it suddenly wants to access the network, something is clearly amiss.
“Solving the open source security challenge starts with the ability to accurately assess the actual risk of code vulnerabilities,” said Alex Nayshtut, head of Security at Intel Strategy Office. “Oligo is set to increase the productivity of AppSec teams and reduce the risk of using open source by contextually prioritizing vulnerabilities according to actual versus perceived risk.”