Introducing Cycode, the First Source Code Visibility & Protection Platform
By Yoav Leitersdorf, Managing Partner at YL Ventures
For a venture capitalist, there are few experiences as thrilling as finding a true first-to-market opportunity. Throw in an all-star team of founders and advisors, a lightning-fast due diligence process and a term sheet signed over airplane Wi-Fi tens of thousands of feet in the air, and you’ve got the beginnings of our newest portfolio company.
Today, I’m excited to announce that Cycode, the world’s first source code control, detection, and response solution, has closed a $4.6M seed round led by YL Ventures. We had the privilege of investing alongside distinguished industry leaders Mike Fey (CEO of D2iQ and former president & COO of Symantec), Andy Grolnick (former president & CEO of LogRhythm), Justin Somaini (former CSO of SAP), and Eyal Gruner (founder & CEO of Cynet and 'Insider' at YL Ventures), among others. Founded by Lior Levy, formerly of Symantec, and Ronen Slavin, serial entrepreneur, Cycode’s exceptional team is on a path to set the industry standard for source code security.
A Problem You Can’t Unsee
We were tipped off to Cycode’s formation at Black Hat 2019, just as the team was setting out to tackle a growing cyber paradox: As software is eating the world and proprietary code grows in importance, it is developed by increasingly distributed and insecure means.
The fact that this security gap has gone unaddressed is, quite frankly, an extraordinary industry oversight. The theft or loss of any of the assets housed in source code—which include, but are not limited to an enterprise's unique algorithms, trade secrets, encryption methods, and fraud detection mechanisms—can very easily expose an organization to cyber-attacks.
Indeed, the headlines have reported an increasing number of such attacks since 2012, with high-profile incidents occurring at Apple, Tesla, Magic Leap, and Samsung in the last two years alone. Without proper redress, these attacks are destined to multiply in both scale and consequence, given that the workflow trends leading to these vulnerabilities are only becoming more distributed, leading to an ever-increasing attack surface.
High-level access to on-premise and cloud-based source code repositories are routinely granted to myriad internal and outsourced development teams of varying degrees of relevancy, and organizations are struggling to perform basic compliance and audits to protect company source code assets.
3, 2, 1, Takeoff
Lior and Ronen are pioneering the long-overdue solution to this critical problem. The two are very impressive former IDF security researchers, each with over a decade of top defensive and offensive cybersecurity experience. Their stellar experience, know-how, and focused determination are exactly the qualities we look for in our portfolio company founders.
The industry agrees: We received the most positive feedback throughout our due diligence process and enthusiastic market validation. Among our trusted Venture Advisors, we consulted Ryan Fritts (ADT), Jack Sullivan (Boston Scientific), Satish Gannu (ABB), Adam Ely (Walmart), Mike Zachman (Zebra Technologies), Sherry Ryan (Juniper Networks), Andreas Haugsnes (Unity Technologies), Tomasz Chowanski (Wells Fargo), Richard Rushing (Motorola Mobility), and Brooks Evans (Netflix).
See Everything, Seamlessly
For as long as I can remember, security teams and developers have found themselves at loggerheads over distributed software development workflows. Developers require flexibility and distributed access in order to complete their job, to the total chagrin of security teams who are often left in the dark over the types of access and activity occurring on one of their enterprise's most fundamental resources. Moreover, security executives, CISOs in particular, have little appetite for adding more to their overflowing security stack, or “security pile”, as some have begun to call it.
As developers and security experts themselves, Lior and Ronen are well-equipped with the perfect experience and toolsets to both understand and bridge this longstanding gap.
Cycode’s solution, elegantly addressing both security and DevOps requirements, is seamless. By simply connecting its platform to your enterprise’s Source Code Management (SCM) systems, Cycode’s patent-pending Source Path Intelligence engine delivers comprehensive security visibility into all of your organization’s source code. It also automatically detects and responds to anomalies in access, movement, and usage—without ever impacting access or productivity. Moreover, rather than requiring the installation of an additional dashboard, it notifies security teams about detected threats by issuing automated alerts to their existing security tools and processes.
And Away We Go
When your newest portfolio company is first-to-market, and has received such resounding support from some of your network’s strongest Venture Advisors, you can’t afford to lose a moment of time. Within just 11 days of our introduction to Cycode, while cruising at an altitude of 30,000 feet, I signed the term sheet to welcome yet another powerhouse to YL Ventures’ portfolio. I was en-route to see the founders in Tel Aviv to finalize the deal and get to work!
It’s been a whirlwind of progress ever since. As I hit the ground running, all of the dozen-or-so YL Ventures women and men were already hard at work helping Cycode with whatever they required to get off the ground—marketing strategies, business development, recruiting, budgeting—essentially the YL Ventures 'Seed-to-A' playbook!
This has been an exhilarating process, and our fascinating journey with Lior and Ronen has only just begun. Today, their company takes off, and Cycode embarks on its important mission to secure code to its source!