With $7M in funding, Arnica is using behavioral analytics to spot hackers posing as developers
Startup Arnica Inc. said today it has raised $7 million in a seed funding round to apply its behavioral-based machine learning algorithms to software supply chain security.
Today’s round was led by Joule Ventures and First Rays Venture Partners, and included participation from a number of prominent personalities in the cybersecurity space, including Orca Security Ltd. co-founder and Chief Executive Avi Shua, Aqua Security Inc. co-founder and CEO Dror Davidoff, and Jfrog Ltd.’s Head of Developer Relations Baruch Sadogursky.
Arnica is the creator of a software supply chain security platform that uses machine learning algorithms to learn about the behavior of developers as they go about their daily business of coding and communicating with colleagues. By doing this, the company says, it’s uniquely able to expose impersonators — people who steal someone’s credentials and use them to make malicious changes to software.
Arnica says such a solution is needed, because software supply chain attacks are rising rapidly. It cites data from a recent IBM Corp. report that shows the number of such incidents rose by 650% in the last year, with the high-profile attacks on Uber Technologies Inc. and Rockstar Games Inc. among them.
In both cases, those companies’ systems were compromised by a single Slack message sent from an attacker impersonating a developer that requested, and was granted, access to the software codebase. However, despite the obvious threat from supply chain attacks, Arnica says companies are hesitant to take action to prevent them because they’re wary of hurting their developer’s agility.
That’s where Arnica says its machine learning algorithms can help, by identifying the nuances of how each developer works in order to validate the authenticity of every change they make to code. In this way, Arnica can prevent attacks that involve impersonating software developers by stopping them from pushing malicious code.
Arnica co-founder and CEO Nir Valtman (pictured, left, alongside Chief Operations Officer Moshe Dahan and Chief Technology Officer Eran Medan) said the golden rule when hardening developer environments is that any solution must not harm developer velocity.
“A developer’s ability to rapidly and seamlessly make code changes and ship products to users has a direct impact on revenue, so getting in the way of that is a nonstarter for organizations,” Valtman said. “We created a solution that not only protects but empowers developers, allowing them to continue working in their preferred manner — but within a safe environment.
Arnica’s platform can do this with its ability to manage excessive permissions and achieve “least-privileged status” in order to minimize the damage done by potential breaches, without impacting a developer’s workflow. The way it works is that Arnica automatically revokes developer privileges that aren’t being used.
Then, through its deep integration with Slack, developers can regain the permissions they require whenever they need, with Arnica’s algorithms ensuring they won’t be granted to an impersonator. This self-service access management allows Arnica to circumvent the usual friction around gaining access to source code repositories, the company said.
Arnica said it will use the money from today’s round to accelerate product development and scale up its go-to-market teams, so developers could soon be hearing a lot more about the company.
“In a market full of security solutions adding only incremental value, Arnica’s instant resolution-oriented approach is a game changer for enterprise dev teams,” said Brian Rosenzweig, a partner at Joule Ventures. “Arnica goes beyond just flagging security problems — every issue that is identified can be immediately addressed with a provided one-click fix.”
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.