LOGO

Rezilion Raises $30M to Automate Security Operations

September 13, 2021
Topics:agile software developmentAlphabetAmazonAppleArtificial Intelligence (AI)AutomationCiscocomputer securityCrowdStrikeCyActivedevopseBayenergyentrepreneurshipfinancial servicesGoogleGuggenheim InvestmentsIBMJP Morgan ChaseKindred CapitalmarylandMicrosoftPayPalrezilionSecuritySoftwaresoftware developmentStartup companyStartupsSymantectechnology
Rezilion Raises $30M to Automate Security Operations

Strengthening Cybersecurity Through Automation: Rezilion Secures $30 Million in Funding

Modern security operations teams are confronted with the increasingly complex challenge of defending against sophisticated cyberattacks. This situation has simultaneously created a market opportunity: the development of tools designed to empower these security teams. Rezilion, an Israeli startup focused on building automation solutions for DevSecOps – the integration of security practices within the IT development lifecycle – has recently announced a $30 million funding round.

Investment Details and Backers

Guggenheim Investments spearheaded the investment, with contributions also coming from JVP and Kindred Capital. Notably, the round includes participation from executives representing prominent technology and financial institutions, including Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA, and Tenable. Rezilion had previously secured $8 million in funding.

The current funding arrives following a period of substantial growth for the startup during its initial two years of operation.

Customer Base and Company Origins

Rezilion’s clientele includes some of the world’s largest corporations, with two companies ranking within the “Fortune 10” utilizing their services. CEO Liran Tancman, who co-founded Rezilion alongside CTO Shlomi Boutnaru, revealed that one client is a leading software company and the other a major manufacturer of connected devices, though specific names were not disclosed. (The Fortune 10 includes companies like Amazon, Apple, Alphabet/Google, Walmart, and CVS.)

Prior to Rezilion, Tancman and Boutnaru co-founded CyActive, a security startup acquired by PayPal in 2015. They continued their collaboration at PayPal before ultimately establishing Rezilion.

Addressing a Critical Need in DevSecOps

Numerous tools currently exist to automate various aspects of developer and security workflows. Rezilion concentrates on a specific area within DevSecOps: streamlining the process of security threat triage for large organizations. These organizations often have established procedures for identifying and evaluating potential security vulnerabilities.

However, the sheer volume of alerts generated can overwhelm security teams. Manually inspecting each vulnerability to determine its potential impact is a resource-intensive process, and often yields a low signal-to-noise ratio. According to Tancman, a thorough investigation of a single vulnerability typically requires 6-9 hours, yet 70-80% of these vulnerabilities prove to be non-exploitable within the organization’s specific context.

Improving Efficiency and Reducing Waste

Tancman estimates that approximately eight out of ten security patches are ultimately unnecessary. He anticipates that, as Rezilion’s platform matures and its understanding of threats deepens, this figure could rise to nine out of ten.

Rezilion’s solution employs a proprietary taxonomy and an AI-based system to automate the inspection process. It identifies new or suspicious code, analyzes its functionality, and assesses its potential impact on the company’s existing code and systems. Safe code is automatically whitelisted, while potentially problematic code is flagged for further review by the security team.

Understanding Enterprise Needs

The product’s success stems from Tancman and Boutnaru’s deep understanding of the operational realities of large enterprises, particularly those with complex technology stacks, operating in today’s challenging cybersecurity landscape.

“They are utilizing our platform to accelerate their delivery processes while maintaining a strong security posture,” Tancman explained. “They operate within strict compliance frameworks and must adhere to specific security standards.” He added that Rezilion enables them to leverage DevOps practices for faster release cycles.

Rezilion has gained traction with customers by demonstrating its ability to improve security without disrupting existing workflows. “Companies adopt our product because we demonstrate that they can achieve greater security with a fraction of the effort.” This resonates particularly strongly within the technology sector, but also with financial services and other industries heavily reliant on technology.

Future Development and the Role of Human Expertise

Rezilion intends to expand its capabilities to include automated remediation and mitigation, leveraging the new funding. However, Boutnaru emphasizes that the platform is not intended to replace human security professionals entirely.

“It will simply refocus their efforts on areas requiring more nuanced judgment,” he stated. “We are removing the burden of repetitive, tedious tasks.”

As enterprise automation continues to evolve, it will be interesting to observe whether other platforms will integrate security features. For now, Rezilion has established a distinct position in the market, attracting investor interest.

Industry Recognition

“Rezilion’s product suite represents a significant advancement for security teams,” commented Rusty Parks, Senior MD of Guggenheim Investments. “It fosters a mutually beneficial outcome, enabling companies to accelerate the delivery of innovative products and features while simultaneously strengthening their security defenses. We are confident that Rezilion offers a compelling value proposition to security teams, delivering a substantial return on investment in terms of time and robust infrastructure protection.”

Note: This article has been updated to reflect that Rezilion utilizes code reverse engineering rather than AI, as the company prioritizes minimizing false positives.