Oxeye on Tuesday announced $5.3 million in seed funding to build up its application security testing business focused on cloud environments.
The Israeli-based company aims to fill the need for the anticipated explosion in cloud-native apps over the next few years. IDC FutureScape reports that by 2023, the industry will develop more than 500 million digital apps and services using cloud-native approaches — the same number of apps developed in the last 40 years.
“Cloud-native is the de-facto standard for building new applications,” said Dean Agron, co-founder and CEO of Oxeye. “This tectonic shift has a major effect on code vulnerabilities. These are no longer only flawed lines of code, but rather vulnerable flows stretching over multiple microservices and multiple infrastructure layers. With Oxeye, developers and AppSec professionals are promised the most prominent, automated, security testing platform across all important stages of software development to ensure apps are both operationally efficient and highly secure.”
As businesses leverage cloud services and modern software development processes for faster product releases, it’s important to ensure they can scale security with rapid development, said Melinda Marks, a senior analyst at the Enterprise Strategy Group.
“By empowering developers to test their own code for security issues, companies like Oxeye are helping businesses reduce the chance for security issues in production, while streamlining workflows for both development and security teams,” Marks said.
Frank Dickson, program vice president for security and trust at IDC, added that as workloads evolve to infrastructure-as-a-service, the industry has looked to protect them similar to the manner that it did on-premises. Dickson said first the industry focused on access, leveraging typical access-centric protections such as firewalls, IPS, and other network-centric approaches. Then it focused on the VM or cluster, protecting them as a virtual endpoint.
“These measures are great and recommended, but the approach is based on a flawed assumption,” Dickson said. “In reality, we should not focus on the ‘workloads’ moving to the cloud, but the entire application. The implication is huge, as an application that lives and is accessed 100% from the internet requires a fundamentally different approach to security — an application-centric approach. Thus, the need for cloud-native application security testing is booming, it’s a need that has required addressing for some time.”