A new company is exiting stealth mode today with a mission to help organizations protect their cloud and microservices applications. ShiftLeft is an application-specific cloud security provider designed to secure cloud apps as part of the continuous integration pipeline rather than tackling threats as they are discovered in production.
According to the company, while the cloud and microservice architecture have offered many advantages such as the ability to add new functionality at any given time, it becomes difficult to protect software if it is changing multiple times a day.
“With software moving to the cloud, the disconnect between where the software is developed and where it runs goes away. First Principles Thinking dictates that we should protect the software by understanding the security needs of the software. That’s what we do at ShiftLeft. For every version of every application we extract its Security DNA, or all security-relevant elements in source code, and create a custom security agent to protect the specific version of the application,” said Manish Gupta, co founder and CEO of ShiftLeft.
The company is launching an automated Security as a Service (SECaaS) platform that brings together source code analysis and runtime behavior to understand the security of an application and create a custom threat solution for it. The solution features real-time protection from unknown threats, protection from key OWASP top-10 risks, data leakage prevention, detection of open source software usage risks, and data flow visibility.
“As the pace of software development increases and the use of open source software increases, more and more of the applications are being assembled as opposed to being developed. The pace of change doesn’t give developers enough time to either read through the documentation or review the code of the open source software (OSS) libraries. We need to bring the same level of automation to the consumption of OSS as we have brought to CI/CD,” Gupta said.
The company also announced a $9.3 million Series A round of funding from Bain Capital and Mayfield; and from individual investors such as Sanjay Poonen, COO of VMware and Tobias Knaup, CTO of Mesosphere.
“Lack of security expertise, coupled with alert fatigue caused by traditional security solutions, is fundamentally at odds with today’s rapid pace of software development,” said Enrique Salem, Bain Capital Ventures managing director. “Recognizing the need for a more accurate and an equally-agile security methodology, ShiftLeft has built a solution purpose-built to operationalize security for the new, highly-agile cloud applications. We are thrilled to have ShiftLeft join our security portfolio and help the company revolutionize the software security industry.”