Today, we are excited to share our investment in apiiro, which is coming out of stealth and announcing the launch of their Code Risk Platform. apiiro’s platform enables enterprises to accelerate application and infrastructure delivery by automatically remediating risk with every change.
Satya Nadella famously quipped, “Every company is now a software company”. As enterprises undergo this digital transformation, the velocity of software development and time-to-market for new software innovation is of paramount importance. DevSecOps has emerged as a movement to embed security earlier in the software development process to enable development teams to ship software more rapidly, while ensuring strong security.
Despite the growing focus on DevSecOps, enterprise development teams find existing security and risk controls to be a bottleneck and limiter of digital transformation and the transition from waterfall to agile development. Current approaches rely on point-solutions and controls that are siloed, periodic and manual — significantly slowing down the speed at which newly developed code can be shipped to production.There is a significant opportunity to build a new platform that understands and remediates risk early in the software development lifecycle, by understanding the application and infrastructure code and ensuring that it is secure by design.
Innovative, Category-Defining Approach
The apiiro Code Risk Platform takes an innovative, end-to-end approach to solving the DevSecOps challenge for enterprises. apiiro leverages an API-based architecture and data science techniques to integrate into source control management, ticketing systems and 3rd party security tools to analyze developer behavior and application and infrastructure code, and then prioritize and automatically remediate product risks at the design phase, before new changes are securely deployed to production. apiiro unifies risk, governance and remediation workflows across product security architects, developers, legal, and security champions into a single platform.
Today, apiiro’s platform is live and in use in production at a growing number of customers including Fortune 500 enterprises across technology, financial services, healthcare and gaming verticals.
apiiro is founded by Idan Plotnik (CEO) and Yonatan Eldar (VP R&D), two exceptional technology executives who previously founded and built Aorato. Aorato was an early pioneer in the User and Entity Behavior Analytics (UEBA) space and was acquired by Microsoft. Following Aorato’s acquisition, Idan and Yonatan led and were responsible for several product and engineering teams at Microsoft. While at Microsoft, the two felt a constant tension between the demands of delivery times, and product security and compliance requirements. The team spun out to start apiiro in 2019 and create a unified platform that eliminates this friction and accelerates speed of software delivery.
Greylock led apiiro’s Series Seed in Summer 2019 as a founding investor. We subsequently co-led the Series A in Summer 2020 with Ted Schlein at Kleiner Perkins. I’m privileged to have joined the board.
apiiro is building a very strong team across New York City and Tel Aviv, Israel including individuals and executives from companies like Microsoft, Google, Palo Alto Networks, Facebook and others. The apiiro board of directors includes Rakesh Loonkar (President, Transmit Security). Rakesh and Mickey Boodaei (CEO, Transmit Security) are friends of ours at Greylock and apiiro is privileged to have both of their support.
Greylock has a special history of partnering with entrepreneurs at company formation to help build and scale leading software companies. apiiro is the latest in a distinguished list of innovative security companies that Greylock has partnered with over the years, including Palo Alto Networks, Okta, Skyhigh Networks, and Awake Security; and more recently Abnormal Security, Cato Networks, Obsidian Security and Sqreen.
We’re thrilled to partner with apiiro and are excited to work closely together as they transform the DevSecOps market with their code risk platform.