Israeli cybersecurity startup Oligo Security today launched out of stealth mode and announced that it has raised $28 million for its runtime application security and observability solution.

The funding was raised from investors including Lightspeed Venture Partners L.P, Ballistic Ventures LLC, TLV Partners Management Ltd. and a several well-known cybersecurity professionals. Other investors include Eyal Waldman, founder and chief executive of Nvidia Corp. subsidiary Mellanox Technologies, Snyk Inc. Chief Technology Officer Adi Sharabani, and former Google Cloud Vice President Eyal Manor, now chief product and engineering officer at Twilio Inc.

Founded by CEO Nadav Czerninski, CTO Gal Elbaz (previously with Check Point Software Technologies Inc.) and Chief Product Officer Avshalom Hilu, all former officers in the Israel Defense Force’s cyber units, Oligo offers a runtime application security and observability solution that allows enterprises to detect and prevent open-source code vulnerabilities in their applications without affecting performance.

With open source code comprising of 80% to 90% of modern software, providing an attractive attack vector for nation-states and cybercriminals, Oligo argues that existing software composition analysis solutions fall short and organizations are exposed. It’s claimed that existing solutions are noisy, producing large volumes of false positives, and don’t provide runtime application context for prioritization.

That’s where Oligo steps in. It claims to be different from existing solutions by using dynamic library-level analysis and behavior-monitoring technology to identify vulnerabilities in running packages instantly. The company’s platform prioritizes fixes based on the application context, saving expensive development time by focusing on the actual attack surface.

The solution alerts users only when there’s a deviation from a library’s permission policy, indicating suspicious activity. Oligo claims that its solution is fast and efficient by design through the use of a proprietary eBPF-based engine to detect vulnerabilities precisely and prevent attacks while maintaining application stability.

“After Oligo’s co-founder, Gal Elbaz, discovered that a widely used app like Instagram could be easily compromised by misusing an open-source library, we realized that there is a significant gap in the way the market currently addresses open source security,” Czerninski explained. “We zeroed in on a protection method that inspects each library in runtime or staging, allowing us to precisely identify attacks in cases of deviations and to fix the vulnerabilities that matter.”

Oligo’s technology profiles the legitimate behavior of each library, creating a knowledge base of libraries’ profiles and alerting or blocking whenever a library activity is not as expected. At the library level, Oligo says, its platform enables quick and effective performance while maintaining the high stability of the application.

Image: Oligo