Our Investment in Apiiro: Expanding Visibility in Application Security
Apiiro started for us like most investments start at GC: with incredible founders. We have known Idan for years and have been searching for the right time and opportunity to work with him after he created and sold Aorato. That’s why when we caught up with him this Summer around what he and Yonatan are building at Apiiro we jumped at the chance to lead their Series B. Outside of growing quickly and becoming a trusted partner for their growing list of customers, Apiiro sits at the intersection of multiple waves of change in the enterprise and security.
Some of these waves are well established, while we can barely see what the crest could be for others. Every company is a software company and even large enterprises are expanding their software development teams. - JP Morgan announced in 20211 it added 2,000 developers. As both digitally native and traditional companies respond to consumers demanding experiences mirroring what they get every day through consumer applications, the end state has been an explosion in applications (both internally & externally facing).
This application explosion has led to the DevSecOps movement: the innate tension built into building software these days between agility and security. On the one hand, it’s increasingly clear that securing our digital assets is a business imperative - protecting the information a business is entrusted with by its customers, ensuring availability of the services, and business continuity. On the other, the pace of business drives the pace of building and deploying software, and that in turn drives building on as much as one can - open source, commercialize frameworks, etc. So while the "most secure" thing to do is move slowly and control everything oneself, that isn't a reality for the business, any more than it is feasible to just move fast and not worry about it. The answer to this is a control plane.
Enter Apiiro. By understanding not only what software is in one's landscape, but also how that software is developed or deployed and how that deployed software is configured and accessed in production, it understands the risk level of any potential specific security issue. Being neither generic in its treatment of workflow (stop all code changes until x, y, z boxes are checked) nor specific issues (stop everything and make these changes across all instances where this library appears), it focuses teams on the right things - putting agility and safety back in balance. The result is more secure software, happier developers and companies delivering the quality and speed the market expects.
All of this is about visibility and context - Apiiro is differentiated in that it allows enterprises to see and manage their entire application security program through a single control plane. We believe that the place where security and risk management teams, developers and development managers turn to as the single control plane for application security will be uniquely valuable and we believe the team at Apiiro has a chance to build that company.
Today is just the start of that journey of visibility and context in application security. That’s why we could not be more excited to partner with Idan, Yonatan and the entire Apiiro team and lead their Series B.