Myrror Security, a pioneer in application security for organizations using open-source packages, launched today with $6M in seed funding from Blumberg Capital and Entrée Capital to secure enterprises’ SDLC process amid a growing wave of software supply chain attacks exploiting open-source dependencies and CI/CD pipelines. The funds will enable the company to expand its product capabilities and scale its go-to-market distribution channels.
Four years after the first high-magnitude SolarWinds attack, the rate of software supply chain attacks is rapidly growing, with a 740% increase in OSS (Open Source Software) supply chain attacks in 2022 alone. While these attacks on the SDLC occur via several vectors, the most accessible one is through incorporated open-source components, which is particularly concerning considering that OSS constitutes 70-90% of modern software. Traditional solutions mainly focus on known vulnerabilities without addressing unknown risks. Additionally, they flood overburdened security teams with alerts for vulnerabilities that aren’t even prevalent in the final code, leading to unnecessary alerts and a false sense of urgency. These teams are in dire need of a solution that can detect actual threats, while helping prioritize and remediate only reachable vulnerabilities so they can focus on the most important software supply chain risks.
The Myrror Security platform seamlessly unites the two essential pillars required to effectively address real threats in the modern software supply chain – the detection of malicious packages and CI/CD attacks, and the prioritization of known vulnerabilities. By employing proprietary binary-to-source code analysis capabilities with advanced AI matching techniques, the company detects known and unknown threats, such as malicious packages, malicious code, and CI/CD breaches, in real-time — before they even reach production. In addition, by using an advanced reachability model, the company’s Code Aware SCA (Software Composition Analysis) solution determines whether a vulnerable function is used in the code, reducing the noise generated by traditional SCA tools. Myrror Security also provides comprehensive mitigation plans to ensure companies can quickly and effectively remediate the risk.
“The integration of unverified open-source components into the software development process creates a massive attack risk on one hand, and a large amount of false positives for security teams on the other hand. Until now, there hasn’t been a solution on the market capable of tackling both of these problems effectively,” said Yoad Fekete Co-Founder and CEO at Myrror Security. “We founded Myrror Security to help security teams protect their organizations from attacks and sort through their mess of alerts before code gets to production, without requiring any engineering behavioral change. As this threat vector becomes more popular with attackers, we’re grateful for our investors’ trust to provide a unique security solution to keep companies and their customers safe, getting them to an SLSA Build L3 (Previously SLSA4) level.”
Myrror Security’s Breach Detection solution harnesses a unique, AI-enhanced binary-to-source analysis process that reverse-engineers binary artifacts, which can then be compared to the original source code. When a discrepancy is found between the two versions, users receive alerts in real-time, preventing the compromised package from ever reaching the software.
“Malicious actors continue to shift their attention to the software development process – using open-source packages and CI/CD pipelines to infiltrate companies that otherwise have tight security in place,” said Ilia Shnaidman, Vice President at Blumberg Capital. “There is a clear market demand for a solution that detects attacks and prioritizes vulnerabilities and helps defenders address this risk. Myrror Security has the team and technology to lead the industry toward end-to-end software integrity by enabling risk prioritization, attack detection, and mitigation plans in a single platform. We look forward to the exciting journey ahead and welcome the team to our portfolio of companies transforming cybersecurity.”
“The use of open-source components like third-party dependencies, tools, and systems in application development has been an asset for developers who share and build upon each other’s progress, but it comes with significant risks – especially in the form of supply chain attacks whose ramifications spread well beyond the targeted organization,” said Zohar Alon, Chairman at Myrror Security. “Myrror Security addresses this pain by looking to the root of the SDLC security challenge with a pioneering binary-to-source analysis solution that is way ahead of the market.”
About Myrror Security
Myrror Security is a pioneering DevSecOps company seamlessly uniting the two essential pillars required to effectively address real threats in the modern software supply chain – detecting malicious packages and CI/CD attacks and prioritizing known vulnerabilities. By employing proprietary binary-to-source code analysis capabilities with advanced AI matching techniques, the company detects unknown threats, such as malicious packages, malicious code, and CI/CD breaches, in real-time — before they even reach production. In addition, by using an advanced reachability model, the platform determines whether a vulnerable function is used in the code, reducing the noise generated by traditional SCA tools. Myrror Security also provides comprehensive mitigation plans to ensure companies can quickly and effectively secure their applications. Myrror Security is headquartered in Tel Aviv and backed by Blumberg Capital and Entrée Capital as well as prominent cybersecurity entrepreneur Zohar Alon. For more information, please visit: https://myrror.security/