Application security

Argon emerges from stealth as concern over software supply chain integrity peaks

When Argon was first formed in October 2020, co-founder and chief technology officer Eylam Milner and others on the team did what most startups do, canvassing businesses about their pain points in the hopes of picking up insights that could be fed into the continued development of their product.

In this case, their product was a security platform designed to map out and validate the integrity of the software development pipeline. Because it is such a niche and technically complex security issue, they often spent a good chunk of their time explaining to executives the basic nature of the threat their tech was designed to snuff out.

“A lot of the time we would have to kind of explain the dangers of the way software is being released today and how they could potentially be manipulated,” said Milner.

Two months later, security company FireEye discovered a hacking group injected malicious code into an update for SolarWinds' Orion management software, compromising at least nine federal agencies, multiple state governments and dozens of companies downstream.

“So we didn’t have to explain anymore" after that, Milner said.

Argon emerges Tuesday from stealth, announcing it had secured $4 million in funding from Hyperwise Ventures as well as Shlomo Kramer, the former founder of Check Point and Imperva; Zohar Alon, founder of Dome9; Giora Yaron, chairman of Amdocs Technology Committee; Avery More, managing partner of ORR Partners; and Harel Kodesh, a former partner at Silver Lake.

The rationale the company makes for its security platform goes something like this: as more companies have shifted to a DevOps model of software development that prioritizes speedy delivery over everything else, the process has increasingly relied on a complex mix of cloud or hosted environments and open-source tools to copy, move and share code between different systems.

That confusion creates a lack of visibility into the application environment that can make said companies a target for hackers looking to inject malicious code into the software supply chain, particularly as businesses have moved to develop software in less familiar cloud environments.

Milner said Argon focuses on the gap between when software code is written and when it goes into production, where the potential for injecting corrupted or malicious code into the build process is highest. The automated platform is designed to map out a company’s development environment, keep track of different assets and user activities and automatically remediate security alerts according to pre-set rules.

It also utilizes what Milner calls its “crown jewel” capability: a patent-pending form of code-tampering detection technology that uses that mapping to confirm that any changes made to the code were done through legitimate systems and processes, operating as a sort of chain of custody for a company’s software integrity “after it left the developer’s laptop and before it meets your end user.”

“Right now there’s no visibility, there’s no feedback [in the CD/CI process], it’s almost like a black box, this delivery time,” said Milner. “So we immediately let you see what goes on there. You see all the assets…basically anything from source code to your lines of code and all the technology, all the processes it takes, compiles and bundles it up into its final artifact.”

Argon is using that initial $4 million to beef up their 15-person team and further develop their platform. Milner said one of the first improvements the team wants to tackle is build more capabilities and user controls into the platform’s code integrity process, allowing users to create their own custom based rules and configurations. Executives are also searching for office space in Tel Aviv, Israel for an eventual headquarters.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.