Today, AppSec Operating System provider, Cider Security, emerged from stealth following a $38 million series A funding round. Cider Security’s platform aims to provide users with the capability to orchestrate and manage application security measures and controls through a single pane of glass.
Through a single solution, Cider Security aims to help users gain transparency over the software development life cycle (SDLC) from code development to deployment, while identifying risks in the environment and receiving recommendations on how to improve its overall security posture.
This approach gives enterprises and technical decision makers a tool they can use to help in-house teams increase visibility over application security and protect against malicious threat actors.
The security challenges of an app-driven enterprises
The announcement comes as enterprises have struggled to mitigate the security of applications throughout their environments, with research finding that 50% of apps have security vulnerabilities, and “an entirely unique attack surface.”
Many of these applications are insecure because organizations are rushing code development to bring products to market faster, with 48% of organizations admitting to pushing out vulnerable code and 54% saying they did so to meet a critical deadline with a plan to remediate in a later release.
Similarly, 45% admitted that the vulnerabilities were discovered too late in the release cycle to resolve them in time. In other words, rapid releases have made it more difficult for developers to secure applications before deployment.
“The engineering ecosystem has witnessed a massive evolution since the introduction of the devops discipline. Releases are more frequent, the technical stack is more diverse, third-party usage has grown, and manual processes are replaced in favor of automation,” said Cider Security’s co-founder and CEO, Guy Flechter.
“These changes have had a significant impact on security. They have introduced multiple new categories of risk and opportunities that are consistently being leveraged by adversaries,” Flechter said.
In 2021, Fletcher argues that a range of sophisticated hacks and threats targeting engineering environments from the SolarWinds hack to the recently discovered Log4j vulnerability have mean that “an AppSec OS has become a must for allowing organizations to adapt to this new reality, and allowing engineering to continue to move fast, without making any compromises on security.”
The application security race
Cider Security is the latest entrant to The application security market, which was valued at $6.38 billion in 2020, and is expected to reach $15.76 billion by 2026, as more organizations look to develop and secure their own apps.
The provider is competing against a number of other established vendors, one of these is Argon, a solution for securing the software supply chain, which automatically discovers pipeline assets and provides automated alerts on events.
It’s worth noting that Argon was recently acquired by cloud-native application protection firm Aqua Security, which raised $135 in series E Funding last March.
Another competitor is Legit Security, a software-as-a-service (SaaS) -based solution designed to secure software supply chains, with automatic discovery of pipelines of infrastructure code and SDLC assets, which recently raised $30 million as part of a Series A funding round.
While Argon and Legit Security are addressing the same challenge as Cider Security, Flechter claims his team’s expertise in the application security domain, is what differentiates its product from other providers.
“Our solution is essentially the first application security operating system that allows orchestrating and harmonizing CI/CD security-related activities across all three disciplines of CI/CD security — SIP (Security in the Pipeline), SOP (Security Of the Pipeline), and SAP (Security Around the Pipeline).
The funding round was led by Tiger Global Management.