Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

10:45 AM
Dark Reading
Dark Reading
Products and Releases

Cycode Raises $4.6M in Funding to Deliver Source Code Control, Detection & Response Security Solution

Cycode utilizes patent-pending Source Path Intelligence engine to protect source code from theft, leakage, and manipulation while maintaining developer access and productivity.

TEL AVIV, SEPTEMBER 24, 2019 – Enterprise security startup Cycode, pioneering the first-ever solution for source code control, detection and response, today announced $4.6 million in seed funding. The round was led by YL Ventures with participation from security industry leaders including Mike Fey (CEO of D2iQ and former president & COO of Symantec), Andy Grolnick (former president & CEO, LogRhythm), Justin Somaini (former CSO, SAP) and Eyal Gruner (founder & CEO, Cynet).

Founded and led by former Symantec security architect Lior Levy (CEO) and security researcher and serial entrepreneur Ronen Slavin (CTO), Cycode’s mission is to protect source code, the building blocks of an organization’s software, and the highly valuable intellectual property (IP) contained in it, from the growing risk of theft, leakage and manipulation.

As organizations depend increasingly on software for competitive advantage, the IP contained in source code has become an attractive target for cybercriminals. Not only does source code expose trade secrets and closely held IP, such as business logic, proprietary algorithms and machine learning models, it also comprises information that can be used to discover, locate and attack an organization’s systems and data. High-profile incidents at technology leaders Apple, Tesla and Samsung, and at financial services firms Goldman Sachs, KCG and Susquehanna International, demonstrate just how damaging and far-reaching the consequences of such attacks can be.

Nonetheless, source code protection remains a gaping void in cybersecurity. “Organizations today depend on development teams composed of local and remote employees, contract developers and other third parties working across on-premise and cloud source control management systems. Easy access across these many fragmented repositories is crucial to keep developers productive and delivering,” says Cycode CEO and co-founder Lior Levy. “Unfortunately, security teams lack the visibility and control they need to protect these processes. Today, it’s impossible for security teams to answer the most basic questions about their organization’s source code – Where are all of the copies of my source code stored? Which pieces of it are stored where?  Who has access to it?”

Cycode, the first solution to address this security gap, intends to set the industry standard in source code protection. Cycode’s source code control, detection and response solution utilizes the startup’s patent-pending Source Path Intelligence Engine to deliver rapid, comprehensive and seamless visibility into an organization’s source code inventory. It quickly connects all of the organization’s source code management systems (SCM) and code repositories, cataloging source code inventory and the paths source code takes between users, devices and repositories during development and distribution across the extended enterprise.

Justin Somaini, former CSO of SAP, highlights the delicate balance the Cycode solution strikes: “Gaining visibility and control of your source code is a huge challenge. Being able to secure this important asset is critical, yet it can’t come at the cost of developers being able to do their jobs. The tools we use to manage source code today were built to help developers manage code, not secure it. Cycode gives IT Security teams comprehensive visibility into the inventory and movement of source code without integration headaches and without impacting developer productivity.”

Once implemented, the Cycode solution automatically detects and alerts organizations to anomalous access, movement and usage and allows responses through the execution of new security controls or by adjusting existing ones. With Cycode, users can:

  • Connect in minutes to all deployed on premise and cloud SCMs and repositories
  • See, control and manage source code across all SCMs
  • Automatically monitor the movement of source code for anomalous access, path and usage behaviors
  • Receive automated alerts and notifications
  • Rapidly respond to risk by adjusting existing SCM configurations and security controls and implementing new ones as needed
  • Detect and issue alerts for leaked source code found on the public and dark web

“When Lior and Ronen approached us about this significant security gap and outlined the way many security teams were running blind to this risk, we were immediately compelled to invest in their pioneering solution to resolve it,” said Yoav Leitersdorf, managing partner at YL Ventures, who led the Cycode funding round. “Cycode’s platform is the exact type of product needed to solve this unaddressed and growing problem.”

The Cycode source code control, detection and response platform is currently in limited availability to qualified customers. General availability will begin in early 2020. For more information, visit Cycode.com.

About Cycode

Cycode, the industry's first source code control, detection and response platform, utilizes its unique Source Path Intelligence engine to seamlessly deliver comprehensive visibility into all of an organization’s source code and automatically detect and respond to anomalies in access, movement and usage. With Cycode, organizations are “Secured to The Source”; their security teams can rapidly and dramatically reduce the risk of source code loss without impacting developer access or productivity. 

About YL Ventures

YL Ventures (ylventures.com) funds and supports brilliant Israeli tech entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures manages $260 million and specializes in cybersecurity. YL Ventures accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of Chief Information Security Officers and global industry leaders. The firm's track record includes successful, high-profile portfolio company acquisitions by major corporations including Palo Alto Networks, Microsoft, CA and Proofpoint.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...