Cycode Raises $56M to Secure Software Supply Chains

Cycode, a provider of software supply chain security solutions, today announced a $56M Series B round led by New York-based global private equity and venture capital firm, Insight Partners. YL Ventures, a global VC firm specializing in Israeli cybersecurity investments, who led Cycode’s seed investment, also participated in the round. The funding, one of the largest Series B rounds ever in Application Security (AppSec), comes on the heels of Cycode’s $20 million Series A funding in May of 2021. This round brings the total investment to $81 million.

As software engineering and DevOps teams have adopted new tools, the tools themselves have become attack surfaces. While, in previous eras AppSec teams secured development tools, today, they are rarely responsible for doing so. In a survey of 176 technology executives, fewer than 22% of organizations have AppSec teams responsible for securing these key development tools and processes. 

While DevOps automation drives efficiency in the software development life cycle (SDLC), the interconnectedness also facilitates lateral movement between tools, systems, and resources across the software supply chain. 

Source control management systems (SCM) are becoming the hub of many organizations’ SDLC. “In order to truly shift left, security teams need to put as much emphasis on securing the development environment as they do production,” said Kevin Paige, CISO at Flexport. “From the SCM, attackers have access to source code, they can modify CI/CD settings, tamper with code, steal credentials, provision vulnerable cloud infrastructure, and more.”

The frequency and severity of software supply chain attacks are increasing significantly. According to the European Union Agency for Cybersecurity, supply chain attacks are expected to increase 400% from 2020 to 2021. Furthermore, Gartner predicts by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.

Cycode addresses software supply chain security with a platform that provides visibility, security, and integrity across all phases of the SDLC. Through integrations with DevOps tools and infrastructure, Cycode hardens security postures and implements consistent governance policies. Risk of software supply chain breach is further reduced by scanning for hardcoded secrets, infrastructure as code misconfigurations, code leaks, improper access, and more. Cycode’s knowledge graph then creates a comprehensive mapping of the software supply chain—including security violations, user activity, and other events across the SDLC—to prioritize risk, find anomalies, and prevent code tampering.

Cycode intends to use the funds to fuel sales growth and accelerate development of its product roadmap. Cycode is expanding its go-to-market capabilities by building a partner-friendly ecosystem of both channel and technology alliances. Engineering will focus on expanding Cycode’s pre-built integration network to include 3rd party security tools, deepening user behavior analytics and anomaly detection capabilities and continuing to enhance its knowledge graph to enable deep investigation of breach paths through an interactive link analysis-based interface.   

 “The key to modern AppSec is centralizing and mapping events and metadata across the SDLC such that it becomes easy to determine when disparate activities add meaningful context to each other,” said Lior Levy, co-founder & CEO of Cycode. “With each new integration, our knowledge graph becomes smarter. Hence, one of our goals is to integrate with every software delivery and AppSec tool to determine how each dot is connected and when it’s relevant.” 

“What’s so exciting about this company is the comprehensiveness of its vision for SDLC security,” said John Brennan, Partner at YL Ventures. “From day one, Cycode’s approach has supported a vision that surpasses anything that currently exists in the space, making it one of the fastest growing AppSec companies in the industry. This is the kind of platform solution that CISOs envision when aiming to solve big problems with robust solutions.”