Myrror Security, a Tel Aviv, Israel-based company which specializes in application security for organizations using open-source packages, just announced the raise of $6M in Seed funding. In conjunction with the raise, Yoad Fekete, CEO, replied to our questions about the company, the product, the funding, and future plans.
FinSMEs: Hi Myrror Security, can you tell us a bit more about yourself? What’s your background?
I’m Yoad Fekete, and I’m the CEO and co-founder of Myrror Security. Back in September 2019 I was part of Microsoft’s incident response team for the SolarWinds attack and witnessed firsthand the effects of the hack on Microsoft and its customers. I started to look for a solution to address future attacks of this kind. However, I came up empty-handed, spending a lot of time chasing ghosts and fixing security holes that weren’t exploitable.
My friend and colleague Roman Kublin and I founded Myrror Security to protect organizations from these rising threats and stop such attacks before they reach products and their customers, without changing any of the engineering processes or engineering behavior. We wanted to build a company that flags only relevant and important problems, helping security teams be better equipped to deal with security threats.
FinSMEs: Let’s speak about cybersecurity. What is the market problem you want to solve? What is the real opportunity?
Four years after the first high-magnitude SolarWinds attack, the rate of software supply chain attacks is rapidly growing, with a 740% increase in OSS (Open Source Software) supply chain attacks in 2022 alone. While these attacks on the SDLC (Software Development Life Cycle) occur via several vectors, the most accessible one is through incorporated open-source components, which is particularly concerning considering that OSS constitutes 70-90% of modern software. Traditional solutions mainly focus on known vulnerabilities without addressing unknown risks. Additionally, they flood overburdened security teams with alerts for vulnerabilities that aren’t even prevalent in the final code, leading to unnecessary alerts and a false sense of urgency. These teams are in dire need of a solution that can detect actual threats, while helping prioritize and remediate only reachable vulnerabilities so they can focus on the most important software supply chain risks.
The opportunity here is to finally bring a solution that prioritizes exploitable vulnerabilities and detects sophisticated modern software supply chain attacks by addressing unknown risks, without requiring any engineering behavioral change.
FinSMEs: What are the features differentiating the product from competitors?
Our competitors are focused on known vulnerabilities, flooding already overburdened security teams with alerts for vulnerabilities that aren’t even prevalent in the final code, leading to unnecessary alerts and a false sense of urgency. The software supply chain ecosystem consists of both known vulnerabilities and unknown attacks and security teams need the tools to defend themselves against both of these.
The Myrror Security platform seamlessly unites the two essential pillars required to effectively address real threats in the modern software supply chain – the detection of malicious packages and CI/CD attacks, and the prioritization of known vulnerabilities. By employing proprietary binary-to-source code analysis capabilities with advanced AI matching techniques, our platform detects known and unknown threats, such as malicious packages, malicious code, and CI/CD breaches, in real-time — before they even reach production. In addition, by using an advanced reachability model, our Code-Aware SCA (Software Composition Analysis) solution determines whether a vulnerable function is used in the code, reducing the noise generated by traditional SCA tools. We also provide comprehensive mitigation plans to ensure companies can quickly and effectively remediate the risk.
FinSMEs: You just raised a new funding round. Please tell us more about it.
We have raised $6M in seed funding from Blumberg Capital and Entrée Capital as well as a select group of angel investors. We will be investing in further developing our core capabilities such as our binary-to-source analysis solution and expanding the coverage area of our product. Our intention is to cover and secure each and every gap in the SDLC from code to production. We will also use the funding to take our product to market and expand our business activity in the US.
FinSMEs: Can you share some numbers and achievements of the business?
In less than two months since releasing our first version, and even before kicking-off our go-to-market (GTM) work, we’ve already secured dozens of installations. The feedback has been overwhelmingly positive, highlighting the significant protection and daily value our customers are experiencing.
FinSMEs: What are your medium-term plans?
In terms of our product, we are going to cover more coding languages and add more integrations to support our customers. In terms of GTM, we plan to expand the sales and marketing teams to the US and partner with other security providers (such as cloud providers and Endpoint Detection and Response providers) to expand their offerings to their customers, allowing them to protect themselves from future software supply chain attacks.